Option 4: Non-VPN Transit Provider
In this approach, multiple VPN providers use another MPLS-enabled service provider as a transit backbone to exchange MPLS VPN routes. Figure 7-31 shows a multiprovider MPLS VPN network using AS100 as a transit provider to transport VPN routes.
In this option, a multi-hop MP-eBGP session is formed between the two RRs belonging to the two different providers. To implement this option, BGP next hops need to be propagated and an end-to-end LSP path needs to be maintained.
P1-AS1-RR and P1-AS2-RR are RRs that are local in each of the provider’s network. An MP-eBGP session is formed between the RRs to transport VPNv4 information across the multiprovider network. An eBGP session is formed between the ASBR1-AS1 and ASBR1-AS100. Another eBGP session is formed between ASBRs in AS2 and AS100.
Control Plane Forwarding in Option 4
Figure 7-32 shows the control plane forwarding action that takes place for prefix 172.16.10.0/24 advertised by CE1-A to CE2-A that belongs to the same VPN, CUST_A.
Data Forwarding in Option 4
The source and destination networks are located on two different MPLS VPN provider networks. The data forwarding path originates from the source address of the flow, which is 172.16.20.1 destined to 172.16.10.1. Figure 7-33 traces the path of the data packet from the source to the destination.
Configuration Flowchart in Option 4
Figure 7-34 shows the configuration steps that are involved in accomplishing a functional Inter-AS network using option 4.
Configuration and Verification of Option 4
Figure 7-31 illustrated a multiprovider MPLS VPN network in which sites in VPN-A are geographically dispersed. Site 1 in VPN-A is connected to PE1-AS1 in AS1, and Site 2 in VPN-A is connected to PE1-AS2 in AS2. EBGP peering is configured between ASBRs:
ASBR1-AS1 and ASBR1-AS100
ASBR1-AS2 and ASBR2-AS100
The steps to configure are
Step 1. | Configure transit VPN network, AS100—Configure the ASBR Routers ASBR1-AS100 and ASBR2-AS100 for IGP, as shown in Example 7-23. In this case, OSPF is used. Configure iBGP peering between the two ASBRs for eBGP. Use neighbor send-label to enable exchange of IPv4 label exchange between the two peers. Example 7-23. Configure Transit VPN Network, AS100
| |
Step 2. | Configure ASBR routers in AS1 and AS2—In this step, the ASBR routers are configured to perform eBGP peering with transit VPN providers ASBR routers, ASBR1-AS100 and ASBR2-AS100. The loopbacks on PE and RR routers are advertised in BGP on the ASBR routers, and the BGP routes are redistributed in OSPF to ensure reachability. Example 7-24 demonstrates the step. Note that mpls bgp forwarding is added by default when MP-eBGP is established between ASBR1-AS1 and ASBR1-AS100. You will see this command under the serial interface in the final configurations. Example 7-24. Configure ASBR Routers in AS1 and AS2
| |
Step 3. | Configure MP-eBGP session between the RRs—In this step, you configure an MP-eBGP session between the RR as shown in Example 7-25. Before performing this step, ensure that the loopback addresses on the RRs are reachable. Ensure that P1-AS1-RR and P1-AS2-RR serve both as an IPv4 and VPNv4 RR. Example 7-25. Configure MP-eBGP Session Between the RRs
|
ASBR and RR Configurations in Option 4
Example 7-26 shows the ASBR1, ASBR2, and RR configurations when using option 4.
Example 7-26. ASBR and RR Configurations
hostname ASBR1-AS1 ! ip cef ! mpls ldp router-id Loopback0 ! interface Loopback0 ip address 10.10.10.102 255.255.255.255 ! interface Serial0/0 ip address 10.10.10.5 255.255.255.252 mpls ip ! interface Serial1/0 ip address 172.16.3.1 255.255.255.252 mpls bgp forwarding ! router ospf 1 router-id 10.10.10.102 redistribute bgp 1 metric 1 subnets route-map from_AS100 network 10.0.0.0 0.255.255.255 area 0 ! router bgp 1 no synchronization network 10.10.10.101 mask 255.255.255.255 network 10.10.10.102 mask 255.255.255.255 network 10.10.10.200 mask 255.255.255.255 network 100.100.100.100 mask 255.255.255.255 neighbor 172.16.3.2 remote-as 100 neighbor 172.16.3.2 send-label no auto-summary ! ip access-list standard from_AS100 permit 10.20.20.102 permit 10.20.20.101 permit 172.16.100.101 permit 172.16.100.102 permit 10.20.20.200 ! route-map from_AS100 permit 10 match ip address from_AS100 _________________________________________________________________________ hostname ASBR2-AS2 ! ip cef ! mpls ldp router-id Loopback0 ! interface Loopback0 ip address 10.20.20.102 255.255.255.255 ! interface Serial0/0 ip address 10.20.20.5 255.255.255.252 mpls ip ! interface Serial1/0 ip address 172.16.4.1 255.255.255.252 mpls bgp forwarding ! router ospf 2 router-id 10.20.20.102 redistribute bgp 2 metric 1 subnets route-map from_AS100 network 10.0.0.0 0.255.255.255 area 0 ! router bgp 2 no synchronization network 10.20.20.101 mask 255.255.255.255 network 10.20.20.102 mask 255.255.255.255 network 10.20.20.200 mask 255.255.255.255 network 100.100.100.101 mask 255.255.255.255 neighbor 172.16.4.2 remote-as 100 neighbor 172.16.4.2 send-label no auto-summary ! ip access-list standard from_AS100 permit 10.10.10.102 permit 10.10.10.101 permit 172.16.100.101 permit 172.16.100.102 permit 10.10.10.200 ! route-map from_AS100 permit 10 match ip address from_AS100 _________________________________________________________________________ hostname ASBR1-AS100 ! ip cef ! interface Loopback0 ip address 172.16.100.101 255.255.255.255 ! interface Serial0/0 ip address 172.16.100.1 255.255.255.252 mpls ip ! interface Serial1/0 ip address 172.16.3.2 255.255.255.252 mpls bgp forwarding ! router ospf 100 network 172.16.100.0 0.0.0.255 area 0 ! router bgp 100 no synchronization network 172.16.100.101 mask 255.255.255.255 neighbor 172.16.3.1 remote-as 1 neighbor 172.16.3.1 send-label neighbor 172.16.100.102 remote-as 100 neighbor 172.16.100.102 next-hop-self neighbor 172.16.100.102 update-source Loopback0 neighbor 172.16.100.102 send-label no auto-summary _________________________________________________________________________ hostname ASBR2-AS100 ! ip cef ! interface Loopback0 ip address 172.16.100.102 255.255.255.255 ! interface Serial0/0 ip address 172.16.100.2 255.255.255.252 mpls ip ! interface Serial1/0 ip address 172.16.4.2 255.255.255.252 mpls bgp forwarding ! router ospf 100 network 172.16.100.0 0.0.0.255 area 0 ! router bgp 100 no synchronization network 172.16.100.102 mask 255.255.255.255 neighbor 172.16.4.1 remote-as 2 neighbor 172.16.4.1 send-label neighbor 172.16.100.101 remote-as 100 neighbor 172.16.100.101 update-source Loopback0 neighbor 172.16.100.101 next-hop-self neighbor 172.16.100.101 send-label no auto-summary _________________________________________________________________________ hostname P1-AS1-RR ! ip cef ! mpls ldp router-id Loopback0 ! interface Loopback0 ip address 10.10.10.200 255.255.255.255 ! interface Serial0/0 ip address 10.10.10.2 255.255.255.252 mpls ip ! interface Serial1/0 ip address 10.10.10.6 255.255.255.252 mpls ip ! router ospf 1 router-id 10.10.10.200 network 10.0.0.0 0.255.255.255 area 0 ! router bgp 1 no bgp default ipv4-unicast neighbor 10.10.10.101 remote-as 1 neighbor 10.10.10.101 update-source Loopback0 neighbor 10.20.20.200 remote-as 2 neighbor 10.20.20.200 ebgp-multihop 255 neighbor 10.20.20.200 update-source Loopback0 ! address-family vpnv4 neighbor 10.10.10.101 activate neighbor 10.10.10.101 route-reflector-client neighbor 10.10.10.101 send-community extended neighbor 10.20.20.200 activate neighbor 10.20.20.200 next-hop-unchanged neighbor 10.20.20.200 send-community extended exit-address-family hostname P1-AS2-RR ! ip cef ! mpls ldp router-id Loopback0 ! interface Loopback0 ip address 10.20.20.200 255.255.255.255 ! interface Serial0/0 ip address 10.20.20.6 255.255.255.252 mpls ip ! interface Serial1/0 ip address 10.20.20.2 255.255.255.252 mpls ip ! router ospf 2 router-id 10.20.20.200 network 10.0.0.0 0.255.255.255 area 0 ! router bgp 2 no bgp default ipv4-unicast neighbor 10.10.10.200 remote-as 1 neighbor 10.10.10.200 ebgp-multihop 255 neighbor 10.10.10.200 update-source Loopback0 neighbor 10.20.20.101 remote-as 2 neighbor 10.20.20.101 update-source Loopback0 ! address-family vpnv4 neighbor 10.10.10.200 activate neighbor 10.10.10.200 next-hop-unchanged neighbor 10.10.10.200 send-community extended neighbor 10.20.20.101 activate neighbor 10.20.20.101 route-reflector-client neighbor 10.20.20.101 send-community extended exit-address-family |
Verifying Inter-Provider VPN Operation Using Option 4
The steps to verify inter-provider VPN operation using option 4 are
Step 1. | Verify control plane forwarding with option 4—Figure 7-35 shows the control plane forwarding operation when the 172.16.10.0/24 prefix is propagated across the multiprovider networks AS1 and AS2 to CE2-A. | |
Step 2. | Verify data forwarding in option 4—Figure 7-36 shows the data plane forwarding operation when a packet is sent from 172.16.20.1 to 172.16.10.1. | |
Step 3. | Verify end-to-end connectivity via ping—Verify end-to-end connectivity between Customer A networks (172.16.10.0/24 and 172.16.20.0/24) and Customer B networks (192.168.10.0/24 and 192.168.20.0/24). Example 7-27 shows the result of the ping operation. Example 7-27. Verify End-to-End Connectivity
|
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.