Static PE-CE Routing Overview, Configuration, and Verification

Static PE to CE routing is one of the most common routing techniques used in MPLS VPN deployments. Static PE-CE routing is an optimal solution for sites either having a single PE-CE connection or limited number of subnets in the customer edge (CE) network or both. Static PE to CE routing also prevents the customer or the service provider from intentionally or accidentally flooding each other with false routing information. The service provider therefore retains control over customer routing. Static PE-CE routing might increase the provider's operational and administrative overheads to maintain static routes. This is because static PE-CE routing does not provide dynamic rerouting and therefore requires additional configuration for every new prefix on the PE routers and possibly on the CE router in the absence of a default route.

Static PE-CE routing involves the following:

On a CE router:

On a PE router:

The following are the advantages of using static PE-CE routing:

The following are the disadvantages of using static PE-CE routing:

Configuration Flowchart to Implement Static PE-CE Routing

Figure 4-1 shows the configuration flowchart to implement static PE-CE routing on PE routers.

Figure 4-1. Configuration Flowchart to Configure Static PE-CE Routing

Note

Refer to Chapter 3, "Basic MPLS Overview and Configuration," for a configuration flowchart to define VRF and its attribute.

 

Configuring Static PE-CE Routing

The network topology in Figure 4-2 depicts an ATM-based MPLS VPN provider network providing MPLS VPN services to Customer A sites, Site 1 and Site 2. The MPLS provider network comprises PE1-AS1 and PE2-AS1 as PE routers. P1-AS1 and P2-AS1 are LS1010 switches and function as provider routers. The MPLS VPN provider network is running OSPF as the IGP routing protocol on PE1-AS1, P1-AS1, P2-AS1, and PE2-AS1. PE routers PE1-AS1 and PE2-AS1 are configured for MP-iBGP connectivity.

Figure 4-2. Provider Network Implementing Static PE-CE Routing

Customer A wants to have connectivity between the Site 1 network (172.16.10.0/24) and Site 2 network (172.16.20.0/24). Site 1 and Site 2 belong to the same VPN, VPN-A. Site 1 and Site 2 comprise CE routers CE1-A and CE2-A, which are connected to PE1-AS1 and PE2-AS1, respectively. A static default route is configured on CE1-A and CE2-A routers. The MPLS VPN provider network plans to deploy static PE-CE routing on PE routers PE1-AS1 and PE2-AS1.

Prior to configuring static PE-CE routing, ensure that IP addresses are preconfigured and VRFs defined on PE router. Example 4-1 provides the configuration related to defining VRF and its attributes on PE routers for static PE-CE routing.

Example 4-1. Define VRF VRF-STATIC on PE Routers PE1-AS1 and PE2-AS1

PE1-AS1(config)#ip vrf VRF-STATIC PE1-AS1(config-vrf)# rd 1:100 PE1-AS1(config-vrf)#route-target both 1:100 PE1-AS1(config-vrf)#interface FastEthernet0/0 PE1-AS1(config-if)# ip vrf forwarding VRF-STATIC PE1-AS1(config-if)# ip address 172.16.1.1 255.255.255.252 __________________________________________________________________________ PE2-AS1(config)#ip vrf VRF-STATIC PE2-AS1(config-vrf)# rd 1:100 PE2-AS1(config-vrf)# route-target both 1:100 PE2-AS1(config-vrf)#interface Ethernet1/0 PE2-AS1(config-if)# ip vrf forwarding VRF-STATIC PE2-AS1(config-if)# ip address 172.16.2.1 255.255.255.252

The steps to configure static PE-CE routing are as follows:

Step 1.

Configure per VRF static route on PE routers – Configure per VRF static route for VRF VRF-STATIC on the PE1-AS1 and PE2-AS1 router. This is shown in Example 4-2.

 

Example 4-2. Configure per VRF Static Route on the PE Routers

PE1-AS1(config)#ip route vrf VRF-Static 172.16.10.0 255.255.255.0 172.16.1.2 _____________________________________________________________________________ PE2-AS1(config)#ip route vrf VRF-Static 172.16.20.0 255.255.255.0 172.16.2.2  

Step 2.

Configure IPv4 address-family and redistribute in BGP – Create an IPv4 address family for VRF VRF-STATIC on the PE1-AS1 and PE2-AS1 router. Redistribute the per VRF static route configured in Step 1 into BGP on the PE1-AS1 and PE2-AS1 router. Also redistribute the connected interface in BGP on PE1-AS1 to ensure that the connected interface network is known to PE2-AS1 in order to reach the CE1-A network, 172.16.10.0. Instead of using the redistribute connected command, you can also use the BGP network command to advertise the connected interface. Example 4-3 demonstrates using the redistribute connected on PE1-AS1 and using BGP network command to advertise the connected interface on PE2-AS1.

 

Example 4-3. Configure IPv4 Address Family and Redistribution in BGP

PE1-AS1(config)#router bgp 1 PE1-AS1(config-router)#address-family ipv4 vrf VRF-STATIC PE1-AS1(config-router-af)#redistribute static PE1-AS1(config-router-af)#redistribute connected ____________________________________________________________________ PE2-AS1(config)#router bgp 1 PE2-AS1(config-router)#address-family ipv4 vrf VRF-STATIC PE2-AS1(config-router-af)#redistribute static PE2-AS1(config-router-af)#network 172.16.2.0 mask 255.255.255.252  

Static PE-CE Routing – Final Device Configurations for CE Routers (CE1-A and CE2-A)

Example 4-4 shows CE router configurations for CE1-A and CE2-A.

Example 4-4. CE1-A and CE2-A Router Configuration

hostname CE1-A ! interface Loopback0 ip address 172.16.10.1 255.255.255.0 ! interface FastEthernet0/0 description connected to PE1-AS1 ip address 172.16.1.2 255.255.255.252 ! ip route 0.0.0.0 0.0.0.0 172.16.1.1 __________________________________________________________________________ hostname CE2-A ! interface Loopback0 ip address 172.16.20.1 255.255.255.0 ! interface Ethernet0/0 description connected to PE2-AS1 ip address 172.16.2.2 255.255.255.255.252 ! ip route 0.0.0.0 0.0.0.0 172.16.2.1

 

Static PE-CE Routing – Final Device Configuration for Provider Routers (P1-AS1 and P2-AS1)

Example 4-5 shows the configuration for LS1010 ATM switches performing the function of provider routers P1-AS1 and P2-AS1 in the MPLS VPN provider network.

Example 4-5. P1-AS1 and P2-AS1 Router Configuration

hostname P1-AS1 ! mpls label protocol ldp mpls ldp router-id Loopback0 ! interface Loopback0 ip address 10.10.10.200 255.255.255.255 ! interface ATM4/0/0 description connected to P2-AS1 ip address 10.10.10.5 255.255.255.252 mpls ip ! interface ATM4/0/2 description connected to PE1-AS1 ip address 10.10.10.2 255.255.255.252 mpls ip ! router ospf 1 network 10.0.0.0 0.255.255.255 area 0 __________________________________________________________________________ hostname P2-AS1 ! mpls label protocol ldp mpls ldp router-id Loopback0 ! interface Loopback0 ip address 10.10.10.201 255.255.255.255 ! interface ATM4/0/0 description connected to P1-AS1 ip address 10.10.10.6 255.255.255.252 mpls ip ! interface ATM4/0/1 description connected to PE2-AS1 ip address 10.10.10.9 255.255.255.252 mpls ip ! router ospf 1 network 10.0.0.0 0.255.255.255 area 0

 

Static PE-CE Routing – Final Device Configurations for PE Routers (PE1-AS1 and PE2-AS1)

Example 4-6 shows final configurations for PE1-AS1 and PE2-AS1 routers for static PE-CE routing.

Example 4-6. PE1-AS1 and PE2-AS1 Router Configurations

hostname PE1-AS1 ! ip cef ! ip vrf VRF-STATIC rd 1:100 route-target export 1:100 route-target import 1:100 ! mpls label protocol ldp mpls ldp router-id Loopback0 ! interface Loopback0 ip address 10.10.10.101 255.255.255.255 ! interface FastEthernet0/0 ip vrf forwarding VRF-STATIC ip address 172.16.1.1 255.255.255.252 ! interface ATM2/0 no ip address no atm ilmi-keepalive ! interface ATM2/0.1 mpls description Connection to P1-AS1 ip address 10.10.10.1 255.255.255.252 mpls ip ! router ospf 1 network 10.0.0.0 0.255.255.255 area 0 ! router bgp 1 no synchronization neighbor 10.10.10.102 remote-as 1 neighbor 10.10.10.102 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 10.10.10.102 activate neighbor 10.10.10.102 send-community extended no auto-summary exit-address-family ! address-family ipv4 vrf VRF-STATIC redistribute static redistribute connected no auto-summary no synchronization exit-address-family ! ip classless ip route vrf VRF-STATIC 172.16.10.0 255.255.255.0 172.16.1.2 __________________________________________________________________________ hostname PE2-AS1 ! ip cef ! ip vrf VRF-STATIC rd 1:100 route-target export 1:100 route-target import 1:100 ! mpls label protocol ldp mpls ldp router-id Loopback0 ! interface Loopback0 ip address 10.10.10.102 255.255.255.255 ! interface Ethernet1/0 description connected to CE2-A ip vrf forwarding VRF-STATIC ip address 172.16.2.1 255.255.255.252 ! interface ATM2/0 no ip address ! interface ATM2/0.1 mpls description connected to P2-AS1 ip address 10.10.10.10 255.255.255.252 mpls ip ! router ospf 100 network 10.10.0.0 0.0.255.255 area 0 ! router bgp 1 no synchronization neighbor 10.10.10.101 remote-as 1 neighbor 10.10.10.101 update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor 10.10.10.101 activate neighbor 10.10.10.101 send-community extended no auto-summary exit-address-family ! address-family ipv4 vrf VRF-STATIC no auto-summary no synchronization redistribute static network 172.16.2.0 mask 255.255.255.252 exit-address-family ! ip classless ip route vrf VRF-STATIC 172.16.20.0 255.255.255.0 172.16.2.2

 

Verification of Static PE-CE Routing

The steps to verify static PE-CE routing are as follows:

Step 1.

Verify BGP VPNv4 routing tables on PE1-AS1 and PE2-AS1 – Check the BGP VPNv4 routing tables by issuing a show ip bgp vpnv4 vrf VRF-STATIC on the PE routers. Example 4-7 shows that PE1-AS1 and PE2-AS1 routers see routes for 172.16.20.0/24 (CE2-A) and 172.16.10.0/24 (CE1-A) networks in their BGP table. Note that 172.16.2.0 is advertised with IGP as the origin because it was advertised via network statement in BGP as compared to the 172.16.1.0/24 for which the origin code is incomplete because it was redistributed in BGP.

 

Example 4-7. BGP VPNv4 Routing Table

PE1-AS1#show ip bgp vpnv4 vrf VRF-STATIC BGP table version is 67, local router ID is 10.10.10.101 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 1:100 (default for vrf VRF-STATIC) *> 172.16.1.0/30 0.0.0.0 0 32768 ? *>i172.16.2.0/30 10.10.10.102 0 100 0 i *> 172.16.10.0/24 172.16.1.2 0 32768 ? *>i172.16.20.0/24 10.10.10.102 0 100 0 ? ________________________________________________________________________________ PE2-AS1#show ip bgp vpnv4 vrf VRF-STATIC BGP table version is 61, local router ID is 10.10.10.102 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 1:100 (default for vrf VRF-STATIC) *>i172.16.1.0/30 10.10.10.101 0 100 0 ? *> 172.16.2.0/30 0.0.0.0 0 32768 i *>i172.16.10.0/24 10.10.10.101 0 100 0 ? *> 172.16.20.0/24 172.16.2.2 0 32768 ?  

Step 2.

Verify VRF routing table on PE1-AS1 and PE2-AS1 – Check the VRF routing table to determine if routes are received from connected CE and remote CE routers belonging to the same VPN. Example 4-8 shows that PE1-AS1 has received 172.16.20.0/24 (CE2-A) and 172.16.2.0/24 routes from the PE2-AS1 router.

 

Example 4-8. VRF-STATIC Routing Table on PE1-AS1 and PE2-AS1

PE1-AS1#show ip route vrf VRF-STATIC 172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks B 172.16.20.0/24 [200/0] via 10.10.10.102, 00:02:12 S 172.16.10.0/24 [1/0] via 172.16.1.2 C 172.16.1.0/30 is directly connected, FastEthernet0/0 B 172.16.2.0/30 [200/0] via 10.10.10.102, 19:28:26 _____________________________________________________________________ PE2-AS1#show ip route vrf VRF-STATIC 172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks S 172.16.20.0/24 [1/0] via 172.16.2.2 B 172.16.10.0/24 [200/0] via 10.10.10.101, 19:26:21 B 172.16.1.0/30 [200/0] via 10.10.10.101, 00:05:05 C 172.16.2.0/30 is directly connected, Ethernet1/0  

Step 3.

Verify end-to-end connectivity using ping – Verify end-to-end connectivity between the CE1-A and CE2-A networks by issuing a ping from CE1-A to network 172.16.20.0/24 on CE2-A and vice versa. Example 4-9 shows that the ping has been successful.

 

Example 4-9. Verify Reachability via Ping

CE1-A#ping 172.16.20.1 source 172.16.10.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.20.1, timeout is 2 seconds: Packet sent with a source address of 172.16.10.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms __________________________________________________________________________ CE2-A#ping 172.16.10.1 source 172.16.20.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.10.1, timeout is 2 seconds: Packet sent with a source address of 172.16.20.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms  

Категории