MBGP and Customer Routes Advanced Communications 2007 Week 11 Lecture 1 by Donald Neal

To Make This Happen We Need IP routing for internal use PE's holding large numbers of distinct routing tables – VPN Routing and Forwarding Instances A way of passing label information around LDP – Label Distribution Protocol RSVP – Resource Reservation Protocol Or both A way of passing customer routes tied to labels MBGP – Multiprotocol BGP

BGP

Route Distinguishers “4.1. The VPN-IPv4 Address Family The BGP Multiprotocol Extensions [BGP-MP] allow BGP to carry routes from multiple "address families". We introduce the notion of the "VPN-IPv4 address family". A VPN-IPv4 address is a 12-byte quantity, beginning with an 8-byte Route Distinguisher (RD) and ending with a 4-byte IPv4 address. If several VPNs use the same IPv4 address prefix, the PEs translate these into unique VPN-IPv4 address prefixes. This ensures that if the same address is used in several different VPNs, it is possible for BGP to carry several completely different routes to that address, one for each VPN.” - RFC4364

Route Distinguisher (64 bits) VPN-IPv4 Encoding Route Distinguisher (64 bits) IPv4 Address(32 bits) Type 0 AS Number Assigned Number Type 1 IP Address Assigned Number Type 1 Type 2 AS Number IP Address Assigned Number Assigned Number e.g. 681:514:192.168.1.20

Route Targets “4.3.1. The Route Target Attribute Every VRF is associated with one or more Route Target (RT) attributes. When a VPN-IPv4 route is created (from an IPv4 route that the PE has learned from a CE) by a PE router, it is associated with one or more Route Target attributes. These are carried in BGP as attributes of the route. Any route associated with Route Target T must be distributed to every PE router that has a VRF associated with Route Target T. When such a route is received by a PE router, it is eligible to be installed in those of the PE's VRFs that are associated with Route Target T.” “There is a set of Route Targets that a PE router attaches to a route received from site S; these may be called the "Export Targets". And there is a set of Route Targets that a PE router uses to determine whether a route received from another PE router could be placed in the VRF associated with site S; these may be called the "Import Targets". The two sets are distinct, and need not be the same.” “The Route Targets discussed herein are encoded as BGP Extended Community Route Targets [BGP-EXTCOMM]. They are structured similarly to the RDs.” “Note that a route can only have one RD, but it can have multiple Route Targets.” -RFC4364

VRF's One VRF per address space (e.g. per customer) One RD to one VRF Must have a route import policy Must have a route export policy Interfaces to customer routers assigned to a VRF Each PE needs peer with each other PE only once for all VRF's

VRF's ip vrf voice rd 65300:101 route-target import 65300:101 route-target export 65300:101 - Broadband Network Architectures p.72

PE Peering AKL-PE2 TAU-PE1 AKL-PE1 AKL-P1 MAN-P1 TAU-P1 HAM-PE2 HAM-P1 . TAU-PE1 AKL-PE1 AKL-P1 MAN-P1 TAU-P1 HAM-PE2 HAM-P1 HAM-PE1 ROT-P1

Multiprotocol Reachable NLRI AFI 1 = IPv4 SAFI 1 = Unicast SAFI 128 = Labelled VPN Unicast NLRI When a PE router distributes a VPN-IPv4 route via BGP, it uses its own address as the "BGP next hop". This address is encoded as a VPN-IPv4 address with an RD of 0. ([BGP-MP] requires that the next hop address be in the same address family as the Network Layer Reachability Information (NLRI).) It also assigns and distributes an MPLS label. (Essentially, PE routers distribute not VPN-IPv4 routes, but Labeled VPN-IPv4 routes. Cf. [MPLS-BGP].) - RFC4364 (Reference is to RFC3107)

The Way of the MPLS VPN Packet(1) CE IP Packet forwarded from customer router to PE router HAM-PE1 HAM-PE1 pushes (prepends) two labels to packet Labelled packet forwarded TAU-PE1 AKL-P1 TAU-P1 To TAU-PE1 To Customer on TAU-PE1 100301 101539 IP Packet HAM-P1 ROT-P1 CE HAM-PE1

Which VRF's? AKL-PE2 TAU-PE1 AKL-PE1 AKL-P1 MAN-P1 TAU-P1 HAM-PE2 . TAU-PE1 AKL-PE1 AKL-P1 MAN-P1 TAU-P1 HAM-PE2 HAM-P1 HAM-PE1 ROT-P1

In My VRF Definition Route Distinguisher Import Route Target Export Route Target Interface (to CE) RIP routing instance (to CE)

In My VRF Definition Route Distinguisher Import Route Target Another Import Route Target Export Route Target Interface (to CE) RIP routing instance (to CE)

Route Targets ”suppose one desired, for whatever reason, to create a "hub and spoke" kind of VPN. This could be done by the use of two Route Target values, one meaning "Hub" and one meaning "Spoke". At the VRFs attached to the hub sites, "Hub" is the Export Target and "Spoke" is the Import Target. At the VRFs attached to the spoke site, "Hub" is the Import Target and "Spoke" is the Export Target.” -RFC4364

Internet Access (1) Internet CE TAU-PE1 AKL-P1 TAU-P1 HAM-P1 ROT-P1 CE HAM-PE1

Internet Access (2) Internet CE TAU-PE1 AKL-P1 TAU-P1 HAM-PE2 HAM-P1 ROT-P1 CE HAM-PE1

Internet Access (2) Internet CE AKL-PE2 TAU-PE1 AKL-P1 TAU-P1 HAM-PE2 ROT-P1 CE HAM-PE1 Customer VRF

Further Reading Broadband Network Architectures pp.67-79 RFC4364 – BGP/MPLS IP VPNs Broadband Network Architectures pp.67-79

Reading for Next Lecture http://en.wikipedia.org/wiki/VPLS Kompella & Rekhter, RFC4761 -Virtual Private LAN Service (VPLS) Using BGP for Auto-Discovery and Signaling