Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 INTER-AUTONOMOUS SYSTEM MPLS VPN December 2003.

Similar presentations


Presentation on theme: "1 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 INTER-AUTONOMOUS SYSTEM MPLS VPN December 2003."— Presentation transcript:

1 1 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 INTER-AUTONOMOUS SYSTEM MPLS VPN December 2003

2 2 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Inter-Autonomous System (Inter-AS) Multiprotocol Label Switching (MPLS) VPN Overview Inter-AS Control Plane Inter-AS Forwarding Plane Inter-AS Connectivity Models Inter-AS Summary Agenda

3 3 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Inter-AS MPLS VPN is a scalable mechanism for exchanging prefix and label information between two Service Provider networks. It is an extension of the basic MPLS VPN architecture (RFC 2547bis).

4 4 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Enables communication between networks under separate autonomous systems Provides traffic separation and maintain end-to-end privacy while traffic traverses multiple MPLS VPN backbones in a scalable manner Allows VPN information to pass between MPLS VPN Service Providers so that they can successfully route traffic for a particular VPN Extends MPLS VPN services across geographical boundaries, so Service Providers can support their customer base in geographical locations that do not have POPs Allows a single Service Provider to partition its network into multiple domains for scalability and inter-departmental privacy Uses MPLS to forward the traffic end-to-end and across the systems Why Inter-AS?

5 5 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 More than ten Service Providers globally Hardware Cisco 7200 and 7500 Series Routers Cisco 10000 and 12000 Series Internet Routers Popular Inter-AS connectivity models Back-to-Back VRF MP-eBGP between ASBRs eBGP between ASBRs and MP-eBGP between RRs Inter-AS Deployment

6 6 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 VPN-B-1 PE-1 VPN-B-2 PE-2 CE-4 VPN-G-1 CE-B2 CE-B1 CE-3 VPN-G-2 PE-ASBR-1 PE-ASBR-2 AS #100 AS #200 VPN-R-1 HUBv CE-R1 VPN-R-2 Spoke VPN-R-3 Spoke Internet Interne-GW Shared Services for VPNs Inter-AS Topology Overview

7 7 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Inter-AS Functionality MPLS VPN providers exchange routes across VRF interfaces Each PE-ASBR router treats the other as a CE Provider edge routers are gateways used for VPNv4 route exchange PE-ASBR to PE-ASBR link may use any supported PE-CE routing protocol

8 8 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Each AS operates under different administrative control and runs different IGP No IGP routing information exchange between the domains All routing information exchange between the domains is via Exterior Routing Protocol Routing policies may differ between the exchange points Customer VPN routes are distributed into VRFs at the ingress PE of the ISP Each PE assigns labels for the routes to establish connections Routing For Each Service Provider Domain

9 9 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 INTER-AS CONTROL PLANE

10 10 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Establishes EBGP session between the PE-ASBRs Distribute IPv4 routes for the VPNs in the form of VPNv4 addresses PE-ASBRs re-write Next-hop and labels when a route is distributed to a neighbor PE-ASBRs store ALL VPN routes that need to be exchanged Routes are in the MP-BGP table but not in any other routing tables PE-ASBRs do not have any VRF MP-eBGP labels are used in LFIB Inter-AS Control Plane

11 11 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 CE-B-1 IBGP Route=Site2 Next hop=ASBR-SP2 Label=L’ CE-B-2 SP1 MPLS Core SP2 MPLS Core PE1-SP1 ASBR-SP2 ASBR-SP1 EBGP Route=Site2 Next hop=ASBR-SP2 Label=L’ IBGP Route=Site2 Next hop=PE1-SP2 Label=L’ PE1-SP2 Route=VPN Blue Site1 Via: Static EBGP OSPF EIGRP RIPv2 Route=VPN Blue Site1 Via: Static EBGP OSPF EIGRP RIPv2 Inter-AS Control Plane Route Exchange

12 12 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 PE-1 PE-ASBR1 CE-2 PE-ASBR2 PE-3 CE-1 PE-2 CE-5 CE-4 CE-3 RR-1 Core of P LSRs RR-2 Core of P LSRs Network=RD1:N Next-hop=PE1 Label=L1 Network=RD1:N Next-hop=PE-ASBR1 Label=L2 Network=RD1:N Next-hop=PE1 Label=L1 Network=RD1:N Next-hop=PE-ASBR2 Label=L3 Network=N Next-hop=CE2 Network=N Next-hop=PE3 SP1 SP2 Inter-AS Control Plane

13 13 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 INTER-AS FORWARDING PLANE

14 14 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 PE-1 PE-2 VPN-B-1 CE-2 CE-3 VPN-B-2 PE-ASBR-1 PE-ASBR-2 152.12.4.0/24 152.12.4.1 LDP PE-ASBR-2 Label L3 152.12.4.1 152.12.4.1L3 L2152.12.4.1 LDP PE-1 Label L1 152.12.4.1 152.12.4.1 L1 152.12.4.1 External MP-BGP for VPNv4 Forwarding Plane

15 15 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 PE-1 PE-ASBR1 CE-2 PE-ASBR2 PE-3 CE-1 PE-2 CE-5 CE-4 CE-3 RR-1 Core of P LSRs RR-2 Core of P LSRs SP1 SP2 152.12.4.1 L3 L2152.12.4.1 L1 152.12.4.1 Inter-As Forwarding Plane

16 16 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 A VPNv4 TFIB entry corresponds to VPNv4RD+Prefix Inter-AS VPNv4 TFIB Entries

17 17 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Create a loopback address on participating ASBRs Setup ASBRs for VPNv4 route distribution Setup ASBRs for IPV4 route distribution Disable automatic route filtering feature Set ASBR as Next-Hop-Self Inter-AS Basic Configuration

18 18 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Inter-AS Memory and Performance Impact Similar to that of basic VPNv4 for the same number of VRFs and router per VRF

19 19 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 VPN Client Connectivity VPN-A-1 VPN-A-2 PE-1 PE2 CE2 Edge Router1 Edge Router2 CE-1 VPN Sites attached to different MPLS VPN Service Providers AS #100 AS #200 149.27.2.0/24 VPN-v4 update: RD:1:27:149.27.2.0/24, NH=PE-1 RT=1:231, Label=(28) BGP, OSPF, RIPv2 149.27.2.0/24,NH=CE-1 VPN-A VRF Import routes with route-target 1:231 How to distribute routes between SPs ?

20 20 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 VPNv4 Distribution Options in Inter-AS VPN-A-1 PE-1 VPN-A-2 PE-2 CE-2 Back-to-back VRFs MP-eBGP for VPNv4 Multihop MP-eBGP between RRs Non-VPN Transit Provider Several options available for distribution of VPNv4 prefix information AS #100 AS #200 PE-ASBR-1 PE-ASBR-2 CE-1 Multihop MP-eBGP

21 21 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 INTER-AS CONNECTIVITY MODELS

22 22 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Back-to-back VRFs External MP-eBGP for VPNv4 Multihop MP-eBGP Multihop MP-eBGP between RRs Non-VPN Transit Provider Inter-AS Connectivity Models

23 23 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Option 1: Back-to-Back VRF Connectivity Recommended for fewer VRFs requiring simpler connectivity when ASBRs are directly connected over a physical interface ASBRs are directly connected over a physical interface Sub-interface per VRF is created and mapped Packet is forwarded as an IP packet between the ASBRs Each PE-ASBR router treats the other as a CE PE-ASBR to PE-ASBR link may use any supported PE-CE routing protocol Scalability issues if need to support large numbers of VRFs

24 24 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Back-to-Back VRF Connectivity VPN-A-1 PE-1 VPN-A-2 PE-2 CE-4 VPN-B-1 CE-2 CE-1 CE-3 VPN-B-2 VRF to VRF Connectivity between PE-ASBRs One logical interface & VRF per VPN client PE-ASBR-1 PE-ASBR-2 AS #100 AS #200

25 25 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Back-to-Back VRF Connectivity Control Plane PE-1 PE-2 VPN-B-1 CE-2 CE-3 VPN-B-2 VRF to VRF Connectivity between PE-ASBRs PE-ASBR-1 PE-ASBR-2 152.12.4.0/24 BGP, OSPF, RIPv2 152.12.4.0/24,NH=CE-2 VPN-v4 update: RD:1:27:152.12.4.0/24, NH=PE-1 RT=1:222, Label=(29) VPN-B VRF Import routes with route-target 1:222 BGP, OSPF, RIPv2 152.12.4.0/24 NH=PE-ASBR1 VPN-v4 update: RD:1:27:152.12.4.0/24, NH=PE-ASBR-2 RT=1:222, Label=(92) VPN-B VRF Import routes with route-target 1:222 BGP, OSPF, RIPv2 152.12.4.0/24,NH=PE-2

26 26 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Back-to-Back VRF Connectivity Forwarding Plane PE-1 PE-2 VPN-B-1 CE-2 CE-3 VPN-B-2 VRF to VRF Connectivity between PE- ASBRs PE-ASBR-1 PE-ASBR-2 152.12.4.0/24 152.12.4.1 LDP PE-ASBR-2 Label 92 152.12.4.1 152.12.4.1 LDP PE-1 Label 29 152.12.4.1 152.12.4.1

27 27 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Option 2: External MP-BGP for VPNv4 Prefix Exchange Recommended when a larger number of VRFs need to be supported ASBRs are directly connected and belong to only couple service providers Traffic will be crossing only single hop network

28 28 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 External MP-BGP for VPNv4 Prefix Exchange (Cont.) Gateway PE-ASBRs exchange routes directly using BGP External MP-BGP for VPNv4 prefix exchange No LDP or IGP MP-BGP session with next-hop set to advertising PE-ASBR Next-hop and labels are rewritten when advertised across the Inter-Provider MP-BGP session PE-ASBR stores all VPN routes that need to be exchanged Only within the BGP table (no VRFs) Labels are populated into the LFIB of the PE-ASBR

29 29 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Receiving Gateway PE-ASBRs may allocate new label if desired Controlled by configuration of next-hop-self (default is off) Receiving PE-ASBR will automatically create a /32 host route for its PE-ASBR neighbor Which must be advertised into receiving IGP if next-hop-self is NOT in operation to maintain the LSP; PE-ASBRs need to hold all Inter-AS VPN routes External MP-BGP for VPNv4

30 30 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 External MP-BGP for VPNv4 VPN-A-1 PE-1 VPN-A-2 PE-2 CE-4 VPN-B-1 CE-2 CE-1 CE-3 VPN-B-2 MP-BGP VPNv4 prefix exchange between Gateway PE-ASBRs PE-ASBR-1 PE-ASBR-2 AS #100 AS #200 MP-eBGP for VPNv4 Label exchange between Gateway PE- ASBR routers using MP-eBGP

31 31 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 External MP-BGP for VPNv4 Control Plane PE-1 PE-2 VPN-B-1 CE-2 CE-3 VPN-B-2 PE-ASBR-1 PE-ASBR-2 152.12.4.0/24 BGP, OSPF, RIPv2 152.12.4.0/24,NH=CE-2 VPN-v4 update: RD:1:27:152.12.4.0/24, NH=PE-1 RT=1:222, Label=(L1) VPN-v4 update: RD:1:27:152.12.4.0/24, NH=PE-ASBR-2 RT=1:222, Label=(L3) BGP, OSPF, RIPv2 152.12.4.0/24,NH=PE-2 VPN-v4 update: RD:1:27:152.12.4.0/24, NH=PE-ASBR-1 RT=1:222, Label=(L2)

32 32 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 External MP-BGP for VPNv4 Forwarding Plane PE-1 PE-2 VPN-B-1 CE-2 CE-3 VPN-B-2 PE-ASBR-1 PE-ASBR-2 152.12.4.0/24 152.12.4.1 LDP PE-ASBR-2 Label L3 152.12.4.1 152.12.4.1L3 L2152.12.4.1 LDP PE-1 Label L1 152.12.4.1 152.12.4.1 L1 152.12.4.1

33 33 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Useful for exchanging a large number of routes with the same or multiple service providers; traffic crosses more than one hop External MP-BGP between PE-ASBR routers (Option 2) PE-ASBR routers exchange routes across a Multi-hop BGP session External MP-BGP for VPNv4 prefix exchange IGP and LDP required between PE-ASBR routers to maintain the end-to-end internal LSP Can use static routing to interface addresses No /32 host route created for adjacent PE-ASBR routers Option 3: Multi-Hop External MP-BGP for VPNv4

34 34 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 VPN-A-1 PE-1 VPN-A-2 PE-2 CE-4 CE-1 Multi-Hop session between Gateway PE-ASBRs PE-ASBR-1 PE-ASBR-2 AS #1 AS #2 Multi-Hop MP-eBGP for VPNv4 IGP & LDP Multi-Hop External MP-BGP for VPNv4

35 35 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 PE-1 PE-2 VPN-B-1 CE-2 CE-3 VPN-B-2 PE-ASBR-1 PE-ASBR-2 152.12.4.0/24 BGP, OSPF, RIPv2 152.12.4.0/24,NH=CE-2 VPN-v4 update: RD:1:27:152.12.4.0/24, NH=PE-1 RT=1:222, Label=(L1) VPN-v4 update: RD:1:27:152.12.4.0/24, NH=PE-ASBR-2 RT=1:222, Label=(L3) BGP, OSPF, RIPv2 152.12.4.0/24,NH=PE-2 VPN-v4 update: RD:1:27:152.12.4.0/24, NH=PE-ASBR-1 RT=1:222, Label=(L2) IGP & LDP exchange of PE-ASBR-1 Multi-Hop External MP-BGP for VPNv4 Control Plane

36 36 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 PE-1 PE-2 VPN-B-1 CE-2 CE-3 VPN-B-2 PE-ASBR-1 PE-ASBR-2 152.12.4.0/24 152.12.4.1 LDP PE-ASBR-2 Label L3 152.12.4.1 152.12.4.1L3 LDP PE-1 Label L1 152.12.4.1 152.12.4.1L1 152.12.4.1 LDP PE-ASBR-1 Label L2 152.12.4.1 Multi-Hop External MP-BGP for VPNv4 Forwarding Plane

37 37 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Multi-Hop MP-eBGP with RR is useful for off-loading VPNv4 routes to RR for scalability purpose. ASBRs will not need to maintain VPNv4 routes. MPLS VPN providers exchange VPNv4 prefixes via their Route Reflectors Requires Multihop MP-eBGP (VPNv4 routes) Next-hop-self MUST be disabled on Route Reflector Preserves next-hop and label as allocated by the originating PE router Providers exchange IPv4 routes with labels between directly connected ASBRs using eBGP Only PE loopback addresses exchanged as these are BGP next-hop addresses Option 4: Multihop MP-eBGP for VPNv4 between RRs: Application Note

38 38 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Multihop MP-eBGP for VPNv4 between RRs VPN-A-1 PE-1 VPN-A-2 PE-2 CE-4 VPN-B-1 CE-2 CE-1 CE-3 VPN-B-2 Multihop MP-eBGP VPNv4 prefix exchange between Route Reflectors ASBR-1 RR-2 AS #100 AS #200 Multihop MP-eBGP for VPNv4 with no next-hop-self ASBRs exchange BGP next-hop addresses with labels ASBR-2 RR-1 eBGP IPv4 + Labels

39 39 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Multihop MP-eBGP for VPNv4 between RRs: Control Plane PE-1 PE-2 VPN-B-1 CE-2 CE-3 VPN-B-2 ASBR-1 RR-2 SP #2 ASBR-2 RR-1 Network=PE-1 NH=ASBR-1 Label=(L2) BGP, OSPF, RIPv2 152.12.4.0/24,NH=CE-2 152.12.4.0/24 VPN-v4 update: RD:1:27:152.12.4.0/24, NH=PE-1 RT=1:222, Label=(L1) BGP, OSPF, RIPv2 152.12.4.0/24,NH=PE-2 Network=PE-1 NH=ASBR-2 Label=(L3)

40 40 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Multihop MP-eBGP for VPNv4 between RRs: Forwarding Plane PE-1 PE-2 VPN-B-1 CE-2 CE-3 VPN-B-2 ASBR-1 RR-2 ASBR-2 RR-1 152.12.4.0/24 152.12.4.1 L1 LDP PE-ASBR-2 Label L3 L1 152.12.4.1 152.12.4.1 L3 L2 L1 152.12.4.1 LDP PE-1 Label L1 152.12.4.1 152.12.4.1L1 152.12.4.1

41 41 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Option 5: Non-VPN Transit Provider Two MPLS VPN providers may exchange routes via third parties (non-VPN transit backbones running MPLS) Multihop MP-eBGP deployed between edge providers With the exchange of BGP next-hops via the transit provider Providers may change the AS# within each region Transit network is not part of the AS path Requirement to propagate BGP next-hops and also build end-to-end LSPs Options for end-to-end LSP creation Merge IGPs of all AS’s including the transit network Redistribute PE host routes between AS’s Use static routes across boundaries; redistribute to IGP Use IPv4 + labels

42 42 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Non-VPN Transit Provider PE-1 PE-2 VPN-B-1 CE-2 CE-3 VPN-B-2 ASBR-1 RR-2 Non-VPN MPLS Transit Backbone Multihop MP-eBGP or MP-iBGP for VPNv4 ASBR-2 RR-1 ASBR-3 ASBR-4 NO next-hop-self eBGP IPv4 + Labels MPLS VPN Provider #100 MPLS VPN Provider #200 eBGP IPv4 + Labels

43 43 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Non-VPN Transit Provider Control Plane PE1 PE2 VPN-B-1 CE-2 CE-3 VPN-B-2 ASBR-1 RR-2 Non-VPN MPLS Transit Backbone ASBR-2 RR-1 ASBR-3 ASBR-4 MPLS VPN Provider #2 152.12.4.0/24 BGP, OSPF, RIPv2 152.12.4.0/24,NH=CE-2 152.12.4.0/24, NH=PE-1 RT=1:222, Label=(L1) Network=PE-1 NH=ASBR-1 Label=(L2) 152.12.4.0/24, NH=PE-1 RT=1:222, Label=(L1) Network=PE-1 NH=ASBR-2 Label=(L3) Network=PE-1 NH=ASBR-3 Label=(L4) Network=PE-1 NH=ASBR-4 Label=(L5) End-to-End LSP (Forwarding Path) Inner Label Exchange

44 44 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Non-VPN Transit Provider Forwarding Plane PE1 VPN-B-1 CE-2 CE-3 VPN-B-2 ASBR-1 RR-2 Non-VPN MPLS Transit Backbone ASBR-2 RR-1 ASBR-3 ASBR-4 152.12.4.0/24 BGP, OSPF, RIPv2 152.12.4.0/24,NH=CE-2 152.12.4.1 LDP PE-ASBR-4 Label L5 L1 152.12.4.1 152.12.4.1 L1 L4 LDP PE-ASBR-2 Label L3 L1 152.12.4.1 L1 L2152.12.4.1 LDP PE-1 Label L1 152.12.4.1 L1 152.12.4.1 PE2

45 45 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Why IPV4 BGP Label Distribution? Allows a VPN service provider network to exchange IPv4 routes with MPLS labels Use BGP to distribute labels associated with the routes at the same time it distributes the routes ASBR-1 AS #100 AS #200 ASBR-2 eBGP IPv4 + Labels AS2_PE1 AS1_PE1 Benefits: Eliminate the need for any other Label distribution protocol between the two ASBRs Allow a non-VPN core network to act as a transit network for VPN traffic

46 46 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 IPV4 BGP Label Distribution Architecture Subsequent Address Family Identifier (value 4) field is used to indicate that the NLRI contains a label If a BGP peer indicates, through BGP Capability Advertisement, that it can process Update messages with the specified SAFI field, a BGP speaker can use BGP to send labels No specific procedures are enforced in RFC when the BGP peers are non-adjacent Accept labels from only trusted source to assure proper security

47 47 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 IPV4 BGP Label Distribution Configuration ASBRs (and RR if in use) address-family ipv4 ! Redistributing IGP into BGP neighbor send-label AS1_PE1 neighbor send-label RR neighbor send-label

48 48 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Summary: Back-to-back VRF Connectivity Scalability is an issue with many VPNs One VRF & logical interface required per VPN client; Gateway PE-ASBR must hold ALL routing information PE-ASBR must filter & store VPNv4 prefixes Plus import into VRFs thus increasing MPLS, CEF & routing table memory No MPLS label switching required between providers Standard IP between gateway PE-ASBRs; No exchange of routes using MP-eBGP; Simple solution, works today but limited in deployment scope

49 49 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Summary: MP-eBGP for VPNv4 Prefix Exchange Scalability less of an issue when compared to back-to-back VRF connectivity Only one interface required between PE-ASBR routers; No VRF requirement on any PE-ASBR router interfaces Automatic Route Filtering must be disabled Hence filtering on RT values essential, and good filtering policy must be applied on EVERY PE-ASBR; Import of routes into VRFs is not required which reduces the memory impact on PE-ASBR routers MPLS label switching required between providers Routes exchanged using MP-eBGP; Still simple, more scalable & works today

50 50 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Summary: Multi-hop MP-eBGP for VPNv4 More scalable than back-to-back VRF or MP-eBGP for VPNv4 As ALL VPNv4 routes held on route reflectors and NOT PE-ASBR routers Route Reflectors hold VPNv4 information Each provider utilizes route reflectors locally for VPNv4 prefix distribution; eBGP connection added for exchange with external peer BGP next-hop addresses exchanged between providers across PE-ASBR links using IPv4 + labels Separation of forwarding & control planes; IPv4 + labels

51 51 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 INTER-AS SAMPLE CONFIGURATIONS 51 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID

52 52 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Multihop and Label Distribution with RR: Network Topology PE-1 PE-2 ASBR-1 RR-2 AS #100 AS #200 Multihop MP-eBGP for VPNv4 with no next-hop-self ASBRs exchange BGP next-hop addresses with labels ASBR-2 RR-1 eBGP IPv4 + Labels aa.aa bb.bb ee.ee ff.ff ww.wwxx.xx Goal: distribute the VPNv4 and IPv4 routes, and the MPLS labels of remote PEs/RRs to local PEs and RRs

53 53 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Network Specifications and Requirements AS 100 uses the route reflectors to distribute the IPv4/VPNv4 routes and MPLS labels from the ASBR to the PE In AS 200, the IPv4 routes that ASBR2 learned are redistributed into IGP IP Addressing: RR1: aa.aa RR2: bb.bb ASBR-1: ww.ww ASBR-2: xx.xx PE1: ee.ee PE2: ff.ff

54 54 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Network Specifications and Requirements RR1 exchanges VPNv4 routes with RR2, using multiprotocol, multihop EBGP VPNv4 next hop information and VPN label are preserved across the autonomous systems RR1 reflects to PE1 the VPNv4 routes learned from RR2 and the IPv4 routes and MPLS labels learned from ASBR1

55 55 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 ip subnet-zero ip cef ! interface Loopback0 ip address aa.aa.aa.aa 255.255.255.255 no ip directed-broadcast router bgp 100 bgp cluster-id 1 bgp log-neighbor-changes timers bgp 10 30 neighbor ee.ee.ee.ee remote-as 100 neighbor ee.ee.ee.ee update-source Loopback0 neighbor ww.ww.ww.ww remote-as 100 neighbor ww.ww.ww.ww update-source Loopback0 neighbor bb.bb.bb.bb remote-as 200 neighbor bb.bb.bb.bb ebgp-multihop 255 neighbor bb.bb.bb.bb update-source Loopback0 no auto-summary ! address-family ipv4 neighbor ee.ee.ee.ee activate neighbor ee.ee.ee.ee route-reflector-client !IPv4+labels session to PE1 neighbor ee.ee.ee.ee send-label neighbor ww.ww.ww.ww activate neighbor ww.ww.ww.ww route-reflector-client !IPv4+labels session to ASBR1 neighbor ww.ww.ww.ww send-label no neighbor bb.bb.bb.bb activate no auto-summary no synchronization exit-address-family ! address-family vpnv4 neighbor ee.ee.ee.ee activate neighbor ee.ee.ee.ee route-reflector-client !VPNv4 session with PE1 neighbor ee.ee.ee.ee send-community extended neighbor bb.bb.bb.bb activate neighbor bb.bb.bb.bb next-hop-unchanged !MH-VPNv4 session with RR2 neighbor bb.bb.bb.bb send-community extended next-hop-unchanged exit-address-family ! Route Reflector 1 Configuration (Cont.)

56 56 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 ip subnet-zero ip cef ! interface Loopback0 ip address bb.bb.bb.bb 255.255.255.255 no ip directed-broadcast ! router bgp 200 bgp cluster-id 1 bgp log-neighbor-changes timers bgp 10 30 neighbor aa.aa.aa.aa remote-as 100 neighbor aa.aa.aa.aa ebgp-multihop 255 neighbor aa.aa.aa.aa update-source Loopback0 neighbor ff.ff.ff.ff remote-as 200 neighbor ff.ff.ff.ff update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor aa.aa.aa.aa activate neighbor aa.aa.aa.aa next-hop-unchanged !Multihop VPNv4 session with RR1 neighbor aa.aa.aa.aa send-community extended next-hop-unchanged neighbor ff.ff.ff.ff activate neighbor ff.ff.ff.ff route-reflector-client !VPNv4 session with PE2 neighbor ff.ff.ff.ff send-community extended exit-address-family ! RR2 exchanges VPNv4 routes with RR1 through multihop, multiprotocol EBGP Next-hop and the VPN label are preserved across the autonomous systems Route Reflector 2 Configuration (Cont.)

57 57 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 ip subnet-zero mpls label protocol tdp ! interface Loopback0 ip address ww.ww.ww.ww 255.255.255.255 no ip directed-broadcast no ip route-cache no ip mroute-cache address-family ipv4 ! Redistributing IGP into BGP redistribute ospf 10 ! so that PE1 & RR1 loopbacks neighbor aa.aa.aa.aa activate ! get into the BGP table neighbor aa.aa.aa.aa send-label neighbor hh.0.0.1 activate neighbor hh.0.0.1 advertisement-interval 5 neighbor hh.0.0.1 send-label neighbor hh.0.0.1 route-map IN in !accepting routes from route-map IN. neighbor hh.0.0.1 route-map OUT out !distributing routes from route-map OUT. no auto-summary no synchronization exit-address-family ! address-family vpnv4 neighbor aa.aa.aa.aa activate neighbor aa.aa.aa.aa send-community extended exit-address-family ASBR1 exchanges IPv4 routes and MPLS labels with ASBR2 ! access-list 1 permit ee.ee.ee.ee log !Set up the access lists. access-list 2 permit ff.ff.ff.ff log access-list 3 permit aa.aa.aa.aa log access-list 4 permit bb.bb.bb.bb log route-map IN permit 10 !Setting up the route maps. match ip address 2 match mpls-label !ASBR1 should accept PE2's route (ff.ff) with labels and !RR2's route (bb.bb) without labels. route-map IN permit 11 match ip address 4 !ASBR1 should distribute PE1's route (ee.ee) with labels and !RR1's route (aa.aa) without labels. route-map OUT permit 12 match ip address 3 ! route-map OUT permit 13 match ip address 1 set mpls-label ASBR-1 Configuration

58 58 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 ASBR2 and ASBR1 exchange IPv4 routes and MPLS labels ASBR2 does not use the RR to reflect IPv4 routes and MPLS labels to PE2 ASBR2 redistributes the IPv4 routes and MPLS labels learned from ASBR1 into IGP PE2 can now reach the prefixes ASBR-2 Configuration

59 59 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 ip subnet-zero ip cef ! interface Loopback0 ip address xx.xx.xx.xx 255.255.255.255 no ip directed-broadcast ! router bgp 200 bgp log-neighbor-changes timers bgp 10 30 neighbor bb.bb.bb.bb remote-as 200 neighbor bb.bb.bb.bb update-source Loopback0 neighbor hh.0.0.2 remote-as 100 no auto-summary ! address-family ipv4 redistribute ospf 20 !Redistributing IGP into BGP neighbor hh.0.0.2 activate !so that PE2 & RR2 loopbacks neighbor hh.0.0.2 advertisement-interval 5 !will get into the BGP-4 table. neighbor hh.0.0.2 route-map IN in neighbor hh.0.0.2 route-map OUT out neighbor hh.0.0.2 send-label no auto-summary no synchronization exit-address-family ! address-family vpnv4 neighbor bb.bb.bb.bb activate neighbor bb.bb.bb.bb send-community extended exit-address-family ! access-list 1 permit ff.ff.ff.ff log !Setting up the access lists. access-list 2 permit ee.ee.ee.ee log access-list 3 permit bb.bb.bb.bb log access-list 4 permit aa.aa.aa.aa log route-map IN permit 11 !Setting up the route maps. match ip address 2 match mpls-label ! route-map IN permit 12 match ip address 4 ! route-map OUT permit 10 match ip address 1 set mpls-label ! route-map OUT permit 13 match ip address 3 ! ASBR-2 Configuration (Cont.)

60 60 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 INTER-AS SUMMARY

61 61 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Service Providers have deployed Inter-AS for: Scalability purposes Partitioning the network based on services or management boundaries Some contract work is in progress amongst Service Providers to establish partnership and offer end-end VPN services to the common customer base Service Provider networks are completely separate Do not need to exchange internal prefix or label information Each Service Provider establishes a direct MP-eBGP session with the others to exchange VPN-IPv4 addresses with labels /32 route to reach the ASBR is created by default so ASBRs can communicate without a need for IGP Must be redistributed in the receiving Service Provider’s IGP Inter-AS Summary

62 62 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 IGP or LDP across ASBR links is not required Labels are already assigned to the routes when exchanged via MP-eBGP Interface used to establish MP-eBGP session does not need to be associated with a VRF Direct eBGP routes and labels can be exchanged. Next-Hop self can be turned on on ASBRs, enabling the ASBR to use its own address for next-hop Using the next-hop self requires an additional entry in the TFIB for each VPNv4 route (about 180) bytes If the Service Provider wishes to hide the Inter-AS link then use the next-hop-self method otherwise use the redistribute connected subnets method Inter-AS Summary (Cont.)

63 63 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Multi-hop MP-eBGP sessions can be passed between Service Providers without conversions to VPNv4 routes Configuration of VRFs is not required on the ASBRs because bgp default route-target filter (automatic route filtering feature) has been disabled To conserve memory on both sides of the boundary and implement a simple form of security, always configure inbound route-maps to filter only routes that need to be passed to the other AS Inter-AS Summary (Cont.)

64 64 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 References Inter-AS for MPLS VPNs CCO Documentation: www.cisco.com/univercd/cc/td/doc/product/software/ios121/ 121newft/121t/121t5/interas.htm MPLS and VPN architectures Jim Guichard/Ivan Pepelnjak ISBN 1-58705-002-1: www.ciscopress.com/book.cfm?book=168 Support for Inter-provider MPLS VPN ENG-48803 Dan Tappan, (internal only)

65 65 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03


Download ppt "1 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 INTER-AUTONOMOUS SYSTEM MPLS VPN December 2003."

Similar presentations


Ads by Google