INTER-AUTONOMOUS SYSTEM MPLS VPN: CONFIGURATION AND TROUBLESHOOTING

Slides:



Advertisements
Similar presentations
INTER-AUTONOMOUS SYSTEM MPLS VPN: ADVANCED CONCEPTS
Advertisements

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v MPLS VPN Technology Introducing the MPLS VPN Routing Model.
BGP Overview Processing BGP Routes.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 MPLS VPN Implementation Configuring BGP as the Routing Protocol Between PE and CE Routers.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 4: Routing Concepts Routing Protocols.
IPv6 Static Routes Overview.
CCNP Network Route BGP Part -II. BGP ROUTE REDISTRIBUTION Scenario: R1 R2, R3 in AS 1000 with IP addresses of and loopback ,
Chapter 7 RIP version 2.
Chapter 6: Static Routing
 WAN uses Serial ports  Ethernet Ports:  Straight through  Cross over.
RIP V1 W.lilakiatsakun.
RIP V2 W.lilakiatsakun.  RFC 2453 (obsoletes –RFC 1723 /1388)  Extension of RIP v1 (Classful routing protocol)  Classless routing protocol –VLSM is.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 Module Summary The VRF table is a virtual routing and forwarding instance separating sites.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Introduction to IPv4 Introduction to Networks.
Interfacing Interior and Exterior Gateway Protocols.
Border Gateway Protocol Ankit Agarwal Dashang Trivedi Kirti Tiwari.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—2-1 BGP Transit Autonomous Systems Monitoring and Troubleshooting IBGP in a Transit AS.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 MPLS VPN Implementation Troubleshooting MPLS VPNs.
CS Summer 2003 Lecture 14. CS Summer 2003 MPLS VPN Architecture MPLS VPN is a collection of sites interconnected over MPLS core network. MPLS.
1 © 2003, Cisco Systems, Inc. All rights reserved. Computer Networks 6 Layer 3 troubleshooting Halmstad University Olga Torstensson
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 4: Frame Mode MPLS Implementation.
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—4-1 Implement an IPv4-Based Redistribution Solution Assessing Network Routing Performance and.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 RIP version 1&2 Revised by Chakchai So-In, Ph.D.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 MPLS VPN Implementation Configuring Small-Scale Routing Protocols Between PE and CE Routers.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 MPLS VPN Implementation Using MPLS VPN Mechanisms of Cisco IOS Platforms.
1 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 INTER-AUTONOMOUS SYSTEM MPLS VPN December 2003.
Introduction to BGP 1. Border Gateway Protocol A Routing Protocol used to exchange routing information between different networks – Exterior gateway protocol.
1 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 INTER-AUTONOMOUS SYSTEM MPLS VPN: CONFIGURATION AND TROUBLESHOOTING DECEMBER.
Lecture Week 7 RIPv2 Routing Protocols and Concepts.
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network BGP Attributes and Path Selection Process.
LAN Switching and WAN Networks Topic 6 - OSPF. What we have done so far! 18/09/2015Richard Hancock2  Looked at the basic switching concepts and configuration.
The Hebe-jebes (or He-B-GPs): Understanding the Roles of EBGP, IBGP and an IGP Using Lab 7-4, IBGP, Next Hop and Synchronization Rick Graziani Cabrillo.
Chapter 9. Implementing Scalability Features in Your Internetwork.
© 2001, Cisco Systems, Inc. A_BGP_Confed BGP Confederations.
Border Gateway Protocol (BGP) W.lilakiatsakun. BGP Basics (1) BGP is the protocol which is used to make core routing decisions on the Internet It involves.
© 2002, Cisco Systems, Inc. All rights reserved. 1 Routing Overview.
Routing and Routing Protocols
 RIP — A distance vector interior routing protocol  IGRP — The Cisco distance vector interior routing protocol (not used nowadays)  OSPF — A link-state.
+ Routing Concepts 1 st semester Objectives  Describe the primary functions and features of a router.  Explain how routers use information.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—5-1 Customer-to-Provider Connectivity with BGP Connecting a Multihomed Customer to a Single Service.
1 Border Gateway Protocol (BGP) and BGP Security Jeff Gribschaw Sai Thwin ECE 4112 Final Project April 28, 2005.
BGP Transit Autonomous System
Text BGP Basics. Document Name CONFIDENTIAL Border Gateway Protocol (BGP) Introduction to BGP BGP Neighbor Establishment Process BGP Message Types BGP.
Chapter 4: Routing Concepts
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Single-Area OSPF Routing & Switching.
Instructor Materials Chapter 7: EIGRP Tuning and Troubleshooting
BGP 1. BGP Overview 2. Multihoming 3. Configuring BGP.
MPLS VPN Implementation
BGP (cont) 1. BGP Peering 2. BGP Attributes
Routing and Routing Protocols: Routing Static
Explaining BGP Concepts and Terminology
Chapter 4: Routing Concepts
MPLS Layer 3 VPNs 1.
Chapter 2: Static Routing
CCNA 2 v3.1 Module 6 Routing and Routing Protocols
Using MPLS/VPN for Policy Routing
Chapter 3: Dynamic Routing
Chapter 2: Static Routing
Cours BGP-MPLS-IPV6-QOS
Routing and Switching Essentials v6.0
Routing and Routing Protocols: Routing Static
Chapter 3: Dynamic Routing
Chapter 2: Static Routing
Static Routing 1st semester
MPLS VPNs by Richard Bannister.
EVPN Interworking with IPVPN
Chapter 8: Single-Area OSPF
Chapter 7: EIGRP Tuning and Troubleshooting
Static Routing 2nd semester
Presentation transcript:

INTER-AUTONOMOUS SYSTEM MPLS VPN: CONFIGURATION AND TROUBLESHOOTING DECEMBER 2003

Agenda Troubleshooting Commands Inter-AS Case Study Inter-AS Summary

BASIC TROUBLESHOOTING COMMANDS MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 3

Troubleshooting Commands Check VRF routing table show ip route vrf <vrf name> Check the imported route and associated NH address Check BGP VPNv4 table show ip bgp vpnv4 all Check routes associated with an RD Check CEF table CEF show ip CEF VRF <vrf name> Entries for the imported prefixes from a neighbor Check TFIB table show tag forwarding

CASE STUDY MPLS VPN Inter-AS, 12/03 5 © 2003 Cisco Systems, Inc. All rights reserved. 5

Inter-AS Case Study Agenda Introduction Configuration Analysis Backup path check Load Balancing VPNv4 prefixes across the Inter-AS paths Inter-AS Design Considerations Inter-AS Configurations

Introduction Case study scenario Setup Inter-AS VPN Distribution Methods Next-Hop-Self Method Redistribute Connected Subnet Method Label Switch Path – Next-Hop-Self Label Switch Path – Redistribute Connected Subnets

Case Study Scenario Two separate MPLS VPN networks: (AS200 and AS300) that distribute VPN routes between each other. Two Inter-AS (eBGP) connections: primary and backup paths VPN traffic will normally travel over the primary Inter-AS path and switch over to the backup path in the event of a failure Four VRFs used in this example: AS300: VRF green and emerald sites AS200: VRF red and pink

Topology

IP Addressing for the Topology

Inter-AS Distribution Methods Next-hop-self Method Changing next-hop to that of the local ASBR for all VPNv4 routes learned from the other ASBR BGP label and NH are changed by the receiving ASBR, which that has next-hop-self enabled Redistribute-Connected-Subnets Redistributing the next hop address of the remote ASBR into the local IGP using redistribute connected subnets command Example: BGP label and next hop is not changed when the VPNv4 routes are redistributed into the local AS Both methods will be used in this case study. ASBR in AS200 will change NH to themselves. ASBRs in AS300 will use host route to NH address of ASBR in AS200.

Inter-AS Case Study Specifications AS 200 has three routers Primary ASBR: ASBR-A200 Using Next-Hop-Self Method on ASBR-200 Backup ASBR / P router: ASBR-B200 PE: PE-200; two VRF’s red and pink AS 300 has three routers: Primary ASBR: ASBR-A300 Using Redistribute Connected subnets on ASBR-300 Backup ASBR / P router: ASBR-B300 PE: PE-300; two VRF’s green and emerald

Inter-AS Distribution: Next-Hop-Self Method on Primary path   1.       The VPNv4 route 300:1:30.1.1.0 is allocated the BGP label of {161} by PE-300. The BGP next hop is set to the PE-300 loopback 156.50.10.3 2.       ASBR-A300 receives the VPNv4 update via an MP-iBGP session from PE-300 3.       ASBR-A300 then allocates a new BGP local label {164} for the VPNv4 route and sets the BGP next hop to its interface 1.1.1.2. The BGP VPNv4 table for the route will show 164/161 as the tags being used for the route (refer to Figure 21 TFIB on ASBR-A300). 4.       ASBR-A200 receives the VPNv4 update via the MP-eBGP session from ASBR-A300. Since next-hop-self is set to the PE neighbour PE-200, a new BGP local label {23} will be allocated and the next hop will be set to the loopback 166.50.10.1. The BGP VPNv4 table for the route will show 23/164 as the tags being used for the route (refer to Figure 14 TFIB on ASBR-A200) PE-200 receives the VPNv4 routes and inserts it into VRF red. PE-200 will then use the BGP label {23} and the appropriate IGP label for next-hop 166.50.10.1 to get to 30.1.1.0

Inter-AS Distribution: Next-Hop-Self Method Changing next-hop to that of the local ASBR for all VPNv4 routes learnt from the other ASBR. Sample config for ASBR-A200: address-family vpnv4 neighbor 1.1.1.2 activate neighbor 1.1.1.2 send-community extended neighbor 1.1.1.2 route-map SETMETRIC out neighbor 166.50.10.3 activate neighbor 166.50.10.3 next-hop-self (! PE-200 peer) neighbor 166.50.10.3 send-community extended neighbor 166.50.10.3 route-map INTER-AS in exit-address-family ! ip extcommunity-list 10 permit rt 200:777 access-list 1 permit any route-map SETMETRIC permit 10 match ip address 1 set metric 50 route-map INTER-AS permit 10 match extcommunity 10

Inter-AS Distribution: Redistribute Connected Subnet Method ASBRs in AS300 uses the redistribute connected subnets method to distribute VPNv4 routes BGP next-hop is not changed for remote VPNv4 routes and will remain that of ASBR-A200 which is 1.1.1.1 (the interface address)

Inter-AS Distribution: Label Switch Path – Next-Hop-Self

Inter-AS Distribution: Label Switch Path – Redistribute Connected Subnets

Backup path check Under normal circumstances, all traffic between the Autonomous Systems will travel along the primary eBGP path, circuit addresses 1.1.1.1 – 1.1.1.2. This section verifies that the backup path works correctly if the primary path fails Simple test was executed with traffic originating from PE300 traveling to PE200 Shutdown primary interface on AS200 Backup path is selected on PE-300 The primary interface was shut down on ASBR-A200 to simulate a simple failure. The test was done several times and it took between 16 and 24 seconds for theVPNv4 routes to be redistributed so that the backup path was selected. The BGP scan-timers were modified to provide the faster convergence. Refer to section 0 for configuration details and also [3], page 255 for a detailed discussion of VPN convergence .

Backup path check: Traceroute on the primary path PE-300#trace vrf green 20.1.1.1   Type escape sequence to abort. Tracing the route to 20.1.1.1 1 3.3.3.5 4 msec 4 msec 0 msec 2 3.3.3.1 4 msec 4 msec 0 msec 3 1.1.1.1 4 msec 4 msec 0 msec  ASBR-A200 primary 4 2.2.2.2 4 msec 0 msec 4 msec 5 20.1.1.1 0 msec * 0 msec

Backup path check: Traceroute on the primary path (Cont.) PE-300#trace vrf green 20.1.1.1   Type escape sequence to abort. Tracing the route to 20.1.1.1 1 3.3.3.5 0 msec 4 msec 0 msec 2 1.1.1.5 0 msec 0 msec 4 msec  ASBR-B200 backup 3 20.1.1.1 0 msec * 0 msec

Load Balancing VPNv4 Prefixes Across the Inter-AS Paths Overview ASBR 200 configurations PE-200 configuration PE-300 VPNv4 BGP Table

Load Balancing VPNv4 Prefixes Across the Inter-AS Paths: Topology

Load Balancing VPNv4 Prefixes Across the Inter-AS Paths: Goals and Specs Goal: load balance VPNv4 prefixes across both Inter-AS links from AS300 to AS200. Note that there are two paths: Gateway 1 (path between ASBR-A200 and ASBR-A300): only VRF green traffic Gateway 2 (path between ASBR-B200 & ASBR-B300): only VRF emerald traffic ASBR-A200: accept routes only from VRF green ASBR-B200: accept routes only from VRF emerald If load balancing is required in both directions, mirror ASBR-A200 configuration on ASBR-A300 and ASBR-B200 configuration on ASBR-B300 The INTER-AS route-map will cause the AS200 ASBR’s to accept VPNv4 routes that hold the extcommunity attribute of 777:1 or 777:2. The VPNv4 routes will hold one or the other value, not both. Depending on which ASBR it is, the MED will be set appropriately, either 50 if it has been chosen to be the primary, or 100 if it is not chosen to be the primary.

Load-balancing: VPNv4 Related Specifications MED is set at each gateway, depending upon the route-target/extcommunity value on the VPNv4 route Route-target = 777:1 Primary: Gateway 1; prefix: MED=50 Backup: Gateway 2; MED=100 Route-target = 777:2 Primary: Gateway 2; prefix: MED=50 Backup: Gateway 1; MED=100 Gateways have both been configured to accept only VPNv4 routes that have the extcommunity attribute 777:1 or 777:2

Load Balancing Across the Inter-AS Paths: PE 200 Configuration The primary path for VRF pink is via ASBR-B200 All routes in VRF pink have the route-target 777:2; ASBR-A200 will be the backup path (from perspective of the PE-300) The primary path for VRF red is via ASBR-A200; backup path is via ASBR-B200 VRF Prefix RT Primary Backup Red 20.1.1.0 20.2.1.0 200:1 777:1 200:1 ASBR-A200 (1.1.1.1) Denied ASBR-B200 (1.1.1.5) Pink 21.1.1.0 21.2.1.0 200:2 777:2 *should see the red routes via 1.1.1.1 and the pink routes via 1.1.1.5

Load Balancing Across the Inter-AS Paths: PE 200 Configuration (Cont.) ip vrf pink rd 200:2 route-target export 200:2 route-target export 777:2  use ASBR-B200 as the primary path route-target import 200:2 route-target import 300:2 ! ip vrf red rd 200:1 export map OUT-INTER-AS route-target export 200:1 route-target import 200:1 route-target import 300:1   access-list 10 permit 20.1.1.0 0.0.0.55 route-map OUT-INTER-AS permit 10 match ip address 10 set extcommunity rt 777:1 additive  use ASBR-A200 as the primary path The PE-200 configuration has been modified slightly so that all routes in VRF pink have the route-target 777:2, and hence will use ASBR-B200 as the primary path and ASBR-A200 as the backup path (from PE-300’s perspective). The selected route via the route-map in VRF red will use ASBR-A200 as the primary path and ASBR-B200 as the backup path

Load Balancing Across the Inter-AS Paths: ASBR-A200 Configuration router bgp 200 … address-family vpnv4 neighbor 1.1.1.2 activate neighbor 1.1.1.2 send-community extended neighbor 1.1.1.2 route-map SETMETRIC out neighbor 166.50.10.3 activate neighbor 166.50.10.3 next-hop-self neighbor 166.50.10.3 send-community extended neighbor 166.50.10.3 route-map INTER-AS in exit-address-family ! ip extcommunity-list 10 permit rt 777:1 ip extcommunity-list 11 permit rt 777:2 route-map SETMETRIC permit 10 match extcommunity 10 set metric 50  Metric is 100 on ASBR-B200 route-map SETMETRIC permit 11 match extcommunity 11 set metric 100  Metric is 50 on ASBR-B200 route-map INTER-AS permit 10 match extcommunity 10 11  AS200 ASBR’s to accept VPNv4 routes that hold the extcommunity attribute of 777:1 or 777:2

Load Balancing Across the Inter-AS Paths: PE-300 VPNv4 BGP Table PE-300#show ip bgp vpnv4 all BGP table version is 99, local router ID is 156.50.10.3 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete   Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 200:1 *>i20.1.1.0/24 1.1.1.1 50 100 0 200 ? * i 1.1.1.5 100 100 0 200 ? Route Distinguisher: 200:2 * i21.1.1.0/24 1.1.1.1 100 100 0 200 ? *>i 1.1.1.5 50 100 0 200 ? * i21.2.1.0/24 1.1.1.1 100 100 0 200 ? Route Distinguisher: 300:1 (default for vrf green) *>i20.1.1.0/24 1.1.1.1 50 100 0 200 ?  Via ASBR-A200 *> 30.1.1.0/24 0.0.0.0 0 32768 ? Route Distinguisher: 300:2 (default for vrf emerald) *>i21.1.1.0/24 1.1.1.5 50 100 0 200 ?  Via ASBR-B200 *>i21.2.1.0/24 1.1.1.5 50 100 0 200 ?  Via ASBR-B200 *> 31.1.1.0/24 0.0.0.0 0 32768 ? Note: BGP VPNv4 table on PE-300 after the VPNv4 routes from AS 200 have been redistributed using the new route-targets and MED values. As can be seen, the best routes have been chosen and imported into the green and emerald VRF’s using the lowest metric (MED) the next hop being either 1.1.1.1 or 1.1.1.5.

Configurations ASBR-A200 ASBR-A300 ASBR-B200 ASBR-B300 PE-200 PE-300

Configurations: ASBR-A200 hostname ABSR-A200 ! logging rate-limit console 10 except errors ip subnet-zero no ip finger no ip domain-lookup ip cef distributed call rsvp-sync cns event-service server interface Loopback0 ip address 166.50.10.1 255.255.255.255 interface ATM1/0/0 ip address 2.2.2.1 255.255.255.252 ip route-cache distributed ip ospf network point-to-point no atm ilmi-keepalive pvc 1/102 broadcast encapsulation aal5snap tag-switching ip interface POS1/1/0 ip address 1.1.1.1 255.255.255.252 clock source internal pos ais-shut pos report lais pos report lrdi router ospf 200 log-adjacency-changes network 2.2.2.0 0.0.0.255 area 0 network 166.50.10.0 0.0.0.255 area 0 ! router bgp 200 no synchronization no bgp default ipv4-unicast no bgp default route-target filter bgp log-neighbor-changes neighbor 1.1.1.2 remote-as 300 neighbor 166.50.10.3 remote-as 200 neighbor 166.50.10.3 update-source Loopback0 address-family vpnv4 neighbor 1.1.1.2 activate neighbor 1.1.1.2 send-community extended neighbor 1.1.1.2 route-map SETMETRIC out neighbor 166.50.10.3 activate neighbor 166.50.10.3 next-hop-self neighbor 166.50.10.3 send-community extended neighbor 166.50.10.3 route-map INTER-AS in exit-address-family ip kerberos source-interface any ip classless no ip http server ip extcommunity-list 10 permit rt 200:777 access-list 1 permit any route-map SETMETRIC permit 10 match ip address 1 set metric 50 route-map INTER-AS permit 10 match extcommunity 10 end

Configurations: ASBR-A300 hostname ABSR-A300 ! logging rate-limit console 10 except errors ip subnet-zero no ip finger no ip domain-lookup ip cef distributed tag-switching tag-range downstream 160 1000 0 call rsvp-sync cns event-service server interface Loopback0 ip address 156.50.10.1 255.255.255.255 interface ATM8/0/0 ip address 3.3.3.1 255.255.255.252 ip route-cache distributed ip ospf network point-to-point no atm ilmi-keepalive pvc 1/102 broadcast encapsulation aal5snap tag-switching ip interface POS8/1/0 ip address 1.1.1.2 255.255.255.252 pos ais-shut pos report lais pos report lrdi ! router ospf 300 log-adjacency-changes redistribute connected subnets network 3.3.3.0 0.0.0.3 area 0 network 156.50.10.0 0.0.0.255 area 0 router bgp 300 no synchronization no bgp default ipv4-unicast no bgp default route-target filter bgp log-neighbor-changes neighbor 1.1.1.1 remote-as 200 neighbor 156.50.10.3 remote-as 300 neighbor 156.50.10.3 update-source Loopback0 address-family vpnv4 neighbor 1.1.1.1 activate neighbor 1.1.1.1 send-community extended neighbor 1.1.1.1 route-map SETMETRIC out neighbor 156.50.10.3 activate neighbor 156.50.10.3 send-community extended bgp scan-time 10 bgp scan-time import 10 exit-address-family ip kerberos source-interface any ip classless no ip http server access-list 1 permit any route-map SETMETRIC permit 10 match ip address 1 set metric 50

Configurations: ASBR-B200 hostname ABSR-B200 ! boot system disk0:c7200-js-mz.121-5.T8.bin logging rate-limit console 10 except errors enable password cisco ip subnet-zero no ip finger no ip domain-lookup ip cef call rsvp-sync cns event-service server interface Loopback0 ip address 166.50.10.2 255.255.255.255 interface FastEthernet0/0 ip address 2.2.2.5 255.255.255.252 duplex full tag-switching ip interface ATM3/0 ip address 2.2.2.2 255.255.255.252 ip ospf network point-to-point no atm ilmi-keepalive pvc 1/102 broadcast encapsulation aal5snap interface POS4/0 ip address 1.1.1.5 255.255.255.252 no ip route-cache cef clock source internal ! interface FastEthernet6/0 ip address 10.64.37.50 255.255.255.0 duplex full router ospf 200 log-adjacency-changes network 2.2.2.0 0.0.0.255 area 0 network 166.50.10.0 0.0.0.255 area 0 router bgp 200 no synchronization no bgp default ipv4-unicast no bgp default route-target filter bgp log-neighbor-changes neighbor 1.1.1.6 remote-as 300 neighbor 166.50.10.3 remote-as 200 neighbor 166.50.10.3 update-source Loopback0 address-family vpnv4 neighbor 1.1.1.6 activate neighbor 1.1.1.6 send-community extended neighbor 1.1.1.6 route-map SETMETRIC out neighbor 166.50.10.3 activate neighbor 166.50.10.3 next-hop-self neighbor 166.50.10.3 send-community extended neighbor 166.50.10.3 route-map INTER-AS in exit-address-family ip kerberos source-interface any ip classless no ip http server ip extcommunity-list 10 permit rt 200:777 access-list 1 permit any route-map SETMETRIC permit 10 match ip address 1 set metric 100 route-map INTER-AS permit 10 match extcommunity 10 end

Configurations: ASBR-B300 hostname ABSR-B300 ! boot system disk0:c7200-js-mz.121-5.T8.bin logging rate-limit console 10 except errors enable password cisco ip subnet-zero no ip finger no ip domain-lookup ip cef tag-switching tag-range downstream 160 1000 0 call rsvp-sync cns event-service server interface Loopback0 ip address 156.50.10.2 255.255.255.255 interface FastEthernet0/0 ip address 3.3.3.5 255.255.255.252 duplex full tag-switching ip interface ATM3/0 ip address 3.3.3.2 255.255.255.252 ip ospf network point-to-point no atm ilmi-keepalive pvc 1/102 broadcast encapsulation aal5snap interface POS4/0 ip address 1.1.1.6 255.255.255.252 no ip route-cache cef ! router ospf 300 log-adjacency-changes redistribute connected subnets network 3.3.3.0 0.0.0.3 area 0 network 3.3.3.4 0.0.0.3 area 0 network 156.50.10.0 0.0.0.255 area 0 router bgp 300 no synchronization no bgp default ipv4-unicast no bgp default route-target filter bgp log-neighbor-changes neighbor 1.1.1.5 remote-as 200 neighbor 156.50.10.3 remote-as 300 neighbor 156.50.10.3 update-source Loopback0 address-family vpnv4 neighbor 1.1.1.5 activate neighbor 1.1.1.5 send-community extended neighbor 1.1.1.5 route-map SETMETRIC out neighbor 156.50.10.3 activate neighbor 156.50.10.3 send-community extended bgp scan-time 10 bgp scan-time import 10 exit-address-family ip kerberos source-interface any ip classless no ip http server access-list 1 permit any route-map SETMETRIC permit 10 match ip address 1 set metric 100 end

Configurations: PE-200 hostname PE-200 ! boot system disk0:c7200-js-mz.121-5c.E8.bin ip subnet-zero ip vrf pink rd 200:2 route-target export 200:2 route-target export 200:777 route-target import 200:2 route-target import 300:2 ip vrf red rd 200:1 export map OUT-INTER-AS route-target export 200:1 route-target import 200:1 route-target import 300:1 ip cef tag-switching tdp router-id Loopback0 cns event-service server interface Loopback0 ip address 166.50.10.3 255.255.255.255 interface Loopback10 ip vrf forwarding red ip address 20.1.1.1 255.255.255.0 interface Loopback11 ip vrf forwarding pink ip address 21.1.1.1 255.255.255.0 interface FastEthernet4/0 ip address 2.2.2.6 255.255.255.252 no ip route-cache cef duplex full tag-switching ip router ospf 200 log-adjacency-changes network 2.2.2.0 0.0.0.255 area 0 network 166.50.10.0 0.0.0.255 area 0 router bgp 200 no synchronization no bgp default ipv4-unicast bgp log-neighbor-changes neighbor 166.50.10.1 remote-as 200 neighbor 166.50.10.1 update-source Loopback0 neighbor 166.50.10.2 remote-as 200 neighbor 166.50.10.2 update-source Loopback0 default-information originate ! address-family ipv4 vrf red redistribute connected redistribute static no auto-summary exit-address-family address-family ipv4 vrf pink address-family vpnv4 neighbor 166.50.10.1 activate neighbor 166.50.10.1 send-community extended neighbor 166.50.10.2 activate neighbor 166.50.10.2 send-community extended ip classless ip route vrf red 20.2.1.0 255.255.255.0 Loopback10 20.1.1.2 ip route vrf pink 21.2.1.0 255.255.255.0 Loopback11 21.1.1.2 no ip http server access-list 10 permit 20.1.1.0 0.0.0.55 route-map OUT-INTER-AS permit 10 match ip address 10 set extcommunity rt 200:777 additive end

Configurations: PE-300 hostname PE-300 ! ip subnet-zero no ip finger no ip domain-lookup ip vrf emerald rd 300:2 route-target export 300:2 route-target import 300:2 route-target import 200:2 ip vrf green rd 300:1 route-target export 300:1 route-target import 300:1 route-target import 200:1 ip cef tag-switching tag-range downstream 160 1000 0 cns event-service server interface Loopback0 ip address 156.50.10.3 255.255.255.255 interface Loopback10 ip vrf forwarding green ip address 30.1.1.1 255.255.255.0 interface Loopback11 ip vrf forwarding emerald ip address 31.1.1.1 255.255.255.0 interface ATM1/0 no ip address no ip route-cache cef no atm ilmi-keepalive interface FastEthernet4/0 ip address 3.3.3.6 255.255.255.252 duplex full tag-switching ip router ospf 300 log-adjacency-changes network 3.3.3.4 0.0.0.3 area 0 network 156.50.10.0 0.0.0.255 area 0 ! router bgp 300 no synchronization no bgp default ipv4-unicast bgp log-neighbor-changes neighbor 156.50.10.1 remote-as 300 neighbor 156.50.10.1 update-source Loopback0 neighbor 156.50.10.2 remote-as 300 neighbor 156.50.10.2 update-source Loopback0 address-family ipv4 vrf green redistribute connected no auto-summary exit-address-family address-family ipv4 vrf emerald address-family vpnv4 neighbor 156.50.10.1 activate neighbor 156.50.10.1 send-community extended neighbor 156.50.10.2 activate neighbor 156.50.10.2 send-community extended bgp scan-time 15 bgp scan-time import 10 ip classless no ip http server tftp-server disk0:c7200-js-mz.121-5c.E8.bin end

INTER-AS SUMMARY

Inter-AS Summary Service Providers have deployed Inter-AS for: Scalability purposes Partitioning the network based on services or management boundaries Some contract work is in progress amongst Service Providers to establish partnership and offer end-end VPN services to the common customer base Service Provider networks are completely separate Do not need to exchange internal prefix or label information Each Service Provider establishes a direct MP-eBGP session with the others to exchange VPN-IPv4 addresses with labels /32 route to reach the ASBR is created by default so ASBRs can communicate without a need for IGP Must be redistributed in the receiving Service Provider’s IGP

Inter-AS Summary (Cont.) IGP or LDP across ASBR links is not required Labels are already assigned to the routes when exchanged via MP-eBGP Interface used to establish MP-eBGP session does not need to be associated with a VRF Direct eBGP routes and labels can be exchanged. Next-Hop self can be turned on on ASBRs, enabling the ASBR to use its own address for next-hop Using the next-hop self requires an additional entry in the TFIB for each VPNv4 route (about 180) bytes If the Service Provider wishes to hide the Inter-AS link then use the next-hop-self method otherwise use the redistribute connected subnets method

Inter-AS Summary (Cont.) Multi-hop MP-eBGP sessions can be passed between Service Providers without conversions to VPNv4 routes Configuration of VRFs is not required on the ASBRs because bgp default route-target filter (automatic route filtering feature) has been disabled To conserve memory on both sides of the boundary and implement a simple form of security, always configure inbound route-maps to filter only routes that need to be passed to the other AS

References Inter-AS for MPLS VPNs CCO Documentation: www.cisco.com/univercd/cc/td/doc/product/software/ios121/ 121newft/121t/121t5/interas.htm MPLS and VPN architectures Jim Guichard/Ivan Pepelnjak ISBN 1-58705-002-1: www.ciscopress.com/book.cfm?book=168 Support for Inter-provider MPLS VPN ENG-48803 Dan Tappan, (internal only)

MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 41