INTERAUTONOMOUS SYSTEM MPLS VPN CONFIGURATION AND TROUBLESHOOTING DECEMBER
INTER-AUTONOMOUS SYSTEM MPLS VPN: CONFIGURATION AND TROUBLESHOOTING DECEMBER 2003 MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 1
Agenda • Troubleshooting Commands • Inter-AS Case Study • Inter-AS Summary MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 2
BASIC TROUBLESHOOTING COMMANDS MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 3
Troubleshooting Commands • Check VRF routing table show ip route vrf <vrf name> Check the imported route and associated NH address • Check BGP VPNv 4 table show ip bgp vpnv 4 all Check routes associated with an RD • Check CEF table CEF show ip CEF VRF <vrf name> Entries for the imported prefixes from a neighbor • Check TFIB table show tag forwarding MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 4
CASE STUDY MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 5
Inter-AS Case Study Agenda • Introduction • Configuration Analysis • Backup path check • Load Balancing VPNv 4 prefixes across the Inter-AS paths • Inter-AS Design Considerations • Inter-AS Configurations MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 6
Introduction • Case study scenario • Setup • Inter-AS VPN Distribution Methods Next-Hop-Self Method Redistribute Connected Subnet Method Label Switch Path – Next-Hop-Self Label Switch Path – Redistribute Connected Subnets MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 7
Case Study Scenario • Two separate MPLS VPN networks: (AS 200 and AS 300) that distribute VPN routes between each other. • Two Inter-AS (e. BGP) connections: primary and backup paths VPN traffic will normally travel over the primary Inter-AS path and switch over to the backup path in the event of a failure • Four VRFs used in this example: AS 300: VRF green and emerald sites AS 200: VRF red and pink MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 8
Topology MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 9
IP Addressing for the Topology MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 10
Inter-AS Distribution Methods • Next-hop-self Method Changing next-hop to that of the local ASBR for all VPNv 4 routes learned from the other ASBR BGP label and NH are changed by the receiving ASBR, which that has next-hop-self enabled • Redistribute-Connected-Subnets Redistributing the next hop address of the remote ASBR into the local IGP using redistribute connected subnets command Example: BGP label and next hop is not changed when the VPNv 4 routes are redistributed into the local AS • Both methods will be used in this case study. ASBR in AS 200 will change NH to themselves. ASBRs in AS 300 will use host route to NH address of ASBR in AS 200. MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 11
Inter-AS Case Study Specifications • AS 200 has three routers Primary ASBR: ASBR-A 200 Using Next-Hop-Self Method on ASBR-200 Backup ASBR / P router: ASBR-B 200 PE: PE-200; two VRF’s red and pink • AS 300 has three routers: Primary ASBR: ASBR-A 300 Using Redistribute Connected subnets on ASBR-300 Backup ASBR / P router: ASBR-B 300 PE: PE-300; two VRF’s green and emerald MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 12
Inter-AS Distribution: Next-Hop-Self Method on Primary path MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 13
Inter-AS Distribution: Next-Hop-Self Method Changing next-hop to that of the local ASBR for all VPNv 4 routes learnt from the other ASBR. Sample config for ASBR-A 200: address-family vpnv 4 neighbor 1. 1. 1. 2 activate neighbor 1. 1. 1. 2 send-community extended neighbor 1. 1. 1. 2 route-map SETMETRIC out neighbor 166. 50. 10. 3 activate neighbor 166. 50. 10. 3 next-hop-self (! neighbor 166. 50. 10. 3 send-community extended neighbor 166. 50. 10. 3 route-map INTER-AS in exit-address-family PE-200 peer) ! ip extcommunity-list 10 permit rt 200: 777 ! access-list 1 permit any route-map SETMETRIC permit 10 match ip address 1 set metric 50 ! route-map INTER-AS permit 10 match extcommunity 10 MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 14
Inter-AS Distribution: Redistribute Connected Subnet Method • ASBRs in AS 300 uses the redistribute connected subnets method to distribute VPNv 4 routes • BGP next-hop is not changed for remote VPNv 4 routes and will remain that of ASBR-A 200 which is 1. 1 (the interface address) MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 15
Inter-AS Distribution: Label Switch Path – Next-Hop-Self MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 16
Inter-AS Distribution: Label Switch Path – Redistribute Connected Subnets MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 17
Backup path check • Under normal circumstances, all traffic between the Autonomous Systems will travel along the primary e. BGP path, circuit addresses 1. 1 – 1. 1. 1. 2. • This section verifies that the backup path works correctly if the primary path fails Simple test was executed with traffic originating from PE 300 traveling to PE 200 • Shutdown primary interface on AS 200 Backup path is selected on PE-300 MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 18
Backup path check: Traceroute on the primary path PE-300#trace vrf green 20. 1. 1. 1 Type escape sequence to abort. Tracing the route to 20. 1. 1. 1 1 2 3 4 3. 3. 3. 5 4 msec 0 msec 3. 3. 3. 1 4 msec 0 msec 1. 1 4 msec 0 msec ASBR-A 200 primary 2. 2 4 msec 0 msec 4 msec 5 20. 1. 1. 1 0 msec * 0 msec MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 19
Backup path check: Traceroute on the primary path (Cont. ) PE-300#trace vrf green 20. 1. 1. 1 Type escape sequence to abort. Tracing the route to 20. 1. 1. 1 1 3. 3. 3. 5 0 msec 4 msec 0 msec 2 1. 1. 1. 5 0 msec 4 msec ASBR-B 200 backup 3 20. 1. 1. 1 0 msec * 0 msec MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 20
Load Balancing VPNv 4 Prefixes Across the Inter-AS Paths • Overview • ASBR 200 configurations • PE-200 configuration • PE-300 VPNv 4 BGP Table MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 21
Load Balancing VPNv 4 Prefixes Across the Inter-AS Paths: Topology MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 22
Load Balancing VPNv 4 Prefixes Across the Inter-AS Paths: Goals and Specs • Goal: load balance VPNv 4 prefixes across both Inter-AS links from AS 300 to AS 200. • Note that there are two paths: Gateway 1 (path between ASBR-A 200 and ASBR-A 300): only VRF green traffic Gateway 2 (path between ASBR-B 200 & ASBR-B 300): only VRF emerald traffic ASBR-A 200: accept routes only from VRF green ASBR-B 200: accept routes only from VRF emerald • If load balancing is required in both directions, mirror ASBR-A 200 configuration on ASBR-A 300 and ASBRB 200 configuration on ASBR-B 300 MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 23
Load-balancing: VPNv 4 Related Specifications • MED is set at each gateway, depending upon the route-target/extcommunity value on the VPNv 4 route • Route-target = 777: 1 Primary: Gateway 1; prefix: MED=50 Backup: Gateway 2; MED=100 • Route-target = 777: 2 Primary: Gateway 2; prefix: MED=50 Backup: Gateway 1; MED=100 • Gateways have both been configured to accept only VPNv 4 routes that have the extcommunity attribute 777: 1 or 777: 2 MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 24
Load Balancing Across the Inter-AS Paths: PE 200 Configuration • The primary path for VRF pink is via ASBR-B 200 • All routes in VRF pink have the route-target 777: 2; ASBR-A 200 will be the backup path (from perspective of the PE-300) • The primary path for VRF red is via ASBR-A 200; backup path is via ASBR-B 200 VR F Prefix RT Primary Backup Re d 20. 1. 1. 0 20. 2. 1. 0 21. 1. 1. 0 21. 2. 1. 0 200: 1 777: 1 200: 1 ASBR-A 200 (1. 1) Denied ASBR-B 200 (1. 1. 1. 5) Denied 200: 2 777: 2 ASBR-B 200 (1. 1. 1. 5) ASBR-A 200 (1. 1) Pin k *should see the red routes via 1. 1 and the pink routes via 1. 1. 1. 5 MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 25
Load Balancing Across the Inter-AS Paths: PE 200 Configuration (Cont. ) ip vrf pink rd 200: 2 route-target export 777: 2 route-target import 200: 2 route-target import 300: 2 ! ip vrf red rd 200: 1 export map OUT-INTER-AS route-target export 200: 1 route-target import 300: 1 use ASBR-B 200 as the primary path access-list 10 permit 20. 1. 1. 0 0. 0. 0. 55 route-map OUT-INTER-AS permit 10 match ip address 10 set extcommunity rt 777: 1 additive ! MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. use ASBR-A 200 as the primary path 26
Load Balancing Across the Inter-AS Paths: ASBR-A 200 Configuration router bgp 200 … address-family vpnv 4 neighbor 1. 1. 1. 2 activate neighbor 1. 1. 1. 2 send-community extended neighbor 1. 1. 1. 2 route-map SETMETRIC out neighbor 166. 50. 10. 3 activate neighbor 166. 50. 10. 3 next-hop-self neighbor 166. 50. 10. 3 send-community extended neighbor 166. 50. 10. 3 route-map INTER-AS in exit-address-family ! … ip extcommunity-list 10 permit rt 777: 1 ip extcommunity-list 11 permit rt 777: 2 ! route-map SETMETRIC permit 10 match extcommunity 10 set metric 50 Metric is 100 on ASBR-B 200 ! route-map SETMETRIC permit 11 match extcommunity 11 set metric 100 Metric is 50 on ASBR-B 200 ! route-map INTER-AS permit 10 match extcommunity 10 11 AS 200 ASBR’s to accept VPNv 4 routes that hold the extcommunity attribute of MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 777: 1 or 777: 2 27
Load Balancing Across the Inter-AS Paths: PE-300 VPNv 4 BGP Table PE-300#show ip bgp vpnv 4 all BGP table version is 99, local router ID is 156. 50. 10. 3 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric Loc. Prf Weight Path Route Distinguisher: 200: 1 *>i 20. 1. 1. 0/24 1. 1 50 100 0 200 ? * i 1. 1. 1. 5 100 0 200 ? Route Distinguisher: 200: 2 * i 21. 1. 1. 0/24 1. 1 100 0 200 ? *>i 1. 1. 1. 5 50 100 0 200 ? * i 21. 2. 1. 0/24 1. 1 100 0 200 ? *>i 1. 1. 1. 5 50 100 0 200 ? Route Distinguisher: 300: 1 (default for vrf green) *>i 20. 1. 1. 0/24 1. 1 50 100 0 200 ? Via ASBR-A 200 *> 30. 1. 1. 0/24 0. 0 0 32768 ? Route Distinguisher: 300: 2 (default for vrf emerald) *>i 21. 1. 1. 0/24 1. 1. 1. 5 50 100 0 200 ? Via ASBR-B 200 *>i 21. 2. 1. 0/24 1. 1. 1. 5 50 100 0 200 ? Via ASBR-B 200 *> 31. 1. 1. 0/24 0. 0 0 32768 ? Note: BGP VPNv 4 table on PE-300 after the VPNv 4 routes from AS 200 have been redistributed using the new route-targets and MED values. As can be seen, the best routes have been chosen and imported into the green and emerald VRF’s using the lowest metric (MED) the next hop being either 1. 1 or 1. 1. 1. 5. MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 28
Configurations • ASBR-A 200 • ASBR-A 300 • ASBR-B 200 • ASBR-B 300 • PE-200 • PE-300 MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 29
Configurations: ASBR-A 200 hostname ABSR-A 200 ! logging rate-limit console 10 except errors ! ip subnet-zero no ip finger no ip domain-lookup ! ip cef distributed call rsvp-sync cns event-service server ! interface Loopback 0 ip address 166. 50. 1 255 ! interface ATM 1/0/0 ip address 2. 2. 2. 1 255. 252 ip route-cache distributed ip ospf network point-to-point no atm ilmi-keepalive pvc 1/102 broadcast encapsulation aal 5 snap ! tag-switching ip ! interface POS 1/1/0 ip address 1. 1 255. 252 ip route-cache distributed clock source internal pos ais-shut pos report lais pos report lrdi ! router ospf 200 log-adjacency-changes network 2. 2. 2. 0 0. 0. 0. 255 area 0 network 166. 50. 10. 0. 0. 255 area 0 MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. ! router bgp 200 no synchronization no bgp default ipv 4 -unicast no bgp default route-target filter bgp log-neighbor-changes neighbor 1. 1. 1. 2 remote-as 300 neighbor 166. 50. 10. 3 remote-as 200 neighbor 166. 50. 10. 3 update-source Loopback 0 ! address-family vpnv 4 neighbor 1. 1. 1. 2 activate ! neighbor 1. 1. 1. 2 send-community extended neighbor 1. 1. 1. 2 route-map SETMETRIC out neighbor 166. 50. 10. 3 activate neighbor 166. 50. 10. 3 next-hop-self neighbor 166. 50. 10. 3 send-community extended neighbor 166. 50. 10. 3 route-map INTER-AS in exit-address-family ! ip kerberos source-interface any ip classless no ip http server ip extcommunity-list 10 permit rt 200: 777 ! access-list 1 permit any route-map SETMETRIC permit 10 match ip address 1 set metric 50 ! route-map INTER-AS permit 10 match extcommunity 10 ! end 30
Configurations: ASBR-A 300 hostname ABSR-A 300 ! logging rate-limit console 10 except errors ! ip subnet-zero no ip finger no ip domain-lookup ! ip cef distributed tag-switching tag-range downstream 160 1000 0 call rsvp-sync cns event-service server ! interface Loopback 0 ip address 156. 50. 1 255 ! interface ATM 8/0/0 ip address 3. 3. 3. 1 255. 252 ip route-cache distributed ip ospf network point-to-point no atm ilmi-keepalive pvc 1/102 broadcast encapsulation aal 5 snap ! tag-switching ip ! interface POS 8/1/0 ip address 1. 1. 1. 2 255. 252 ip route-cache distributed pos ais-shut pos report lais pos report lrdi ! MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. ! router ospf 300 log-adjacency-changes redistribute connected subnets network 3. 3. 3. 0 0. 0. 0. 3 area 0 network 156. 50. 10. 0. 0. 255 area 0 ! router bgp 300 no synchronization no bgp default ipv 4 -unicast no bgp default route-target filter bgp log-neighbor-changes neighbor 1. 1 remote-as 200 neighbor 156. 50. 10. 3 remote-as 300 neighbor 156. 50. 10. 3 update-source Loopback 0 ! address-family vpnv 4 neighbor 1. 1 activate neighbor 1. 1 send-community extended neighbor 1. 1 route-map SETMETRIC out neighbor 156. 50. 10. 3 activate neighbor 156. 50. 10. 3 send-community extended bgp scan-time 10 bgp scan-time import 10 exit-address-family ! ip kerberos source-interface any ip classless no ip http server ! access-list 1 permit any route-map SETMETRIC permit 10 match ip address 1 set metric 50 31
Configurations: ASBR-B 200 hostname ABSR-B 200 ! boot system disk 0: c 7200 -js-mz. 121 -5. T 8. bin logging rate-limit console 10 except errors enable password cisco ! ip subnet-zero ! no ip finger no ip domain-lookup ! ip cef call rsvp-sync cns event-service server ! interface Loopback 0 ip address 166. 50. 10. 2 255 ! interface Fast. Ethernet 0/0 ip address 2. 2. 2. 5 255. 252 duplex full tag-switching ip ! interface ATM 3/0 ip address 2. 2 255. 252 ip ospf network point-to-point no atm ilmi-keepalive pvc 1/102 broadcast encapsulation aal 5 snap ! tag-switching ip ! interface POS 4/0 ip address 1. 1. 1. 5 255. 252 no ip route-cache cef clock source internal ! MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. ! interface Fast. Ethernet 6/0 ip address 10. 64. 37. 50 255. 0 duplex full ! router ospf 200 log-adjacency-changes network 2. 2. 2. 0 0. 0. 0. 255 area 0 network 166. 50. 10. 0. 0. 255 area 0 ! router bgp 200 no synchronization no bgp default ipv 4 -unicast no bgp default route-target filter bgp log-neighbor-changes neighbor 1. 1. 1. 6 remote-as 300 neighbor 166. 50. 10. 3 remote-as 200 neighbor 166. 50. 10. 3 update-source Loopback 0 ! address-family vpnv 4 neighbor 1. 1. 1. 6 activate neighbor 1. 1. 1. 6 send-community extended neighbor 1. 1. 1. 6 route-map SETMETRIC out neighbor 166. 50. 10. 3 activate neighbor 166. 50. 10. 3 next-hop-self neighbor 166. 50. 10. 3 send-community extended neighbor 166. 50. 10. 3 route-map INTER-AS in exit-address-family ! ip kerberos source-interface any ip classless no ip http server ip extcommunity-list 10 permit rt 200: 777 ! access-list 1 permit any route-map SETMETRIC permit 10 match ip address 1 set metric 100 ! route-map INTER-AS permit 10 match extcommunity 10 ! end 32
Configurations: ASBR-B 300 hostname ABSR-B 300 ! boot system disk 0: c 7200 -js-mz. 121 -5. T 8. bin logging rate-limit console 10 except errors enable password cisco ! ip subnet-zero ! ! no ip finger no ip domain-lookup ! ip cef tag-switching tag-range downstream 160 1000 0 call rsvp-sync cns event-service server ! interface Loopback 0 ip address 156. 50. 10. 2 255 ! interface Fast. Ethernet 0/0 ip address 3. 3. 3. 5 255. 252 duplex full tag-switching ip ! interface ATM 3/0 ip address 3. 3. 3. 2 255. 252 ip ospf network point-to-point no atm ilmi-keepalive pvc 1/102 broadcast encapsulation aal 5 snap ! tag-switching ip ! interface POS 4/0 ip address 1. 1. 1. 6 255. 252 no ip route-cache cef MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. ! router ospf 300 log-adjacency-changes redistribute connected subnets network 3. 3. 3. 0 0. 0. 0. 3 area 0 network 3. 3. 3. 4 0. 0. 0. 3 area 0 network 156. 50. 10. 0. 0. 255 area 0 ! router bgp 300 no synchronization no bgp default ipv 4 -unicast no bgp default route-target filter bgp log-neighbor-changes neighbor 1. 1. 1. 5 remote-as 200 neighbor 156. 50. 10. 3 remote-as 300 neighbor 156. 50. 10. 3 update-source Loopback 0 ! address-family vpnv 4 neighbor 1. 1. 1. 5 activate neighbor 1. 1. 1. 5 send-community extended neighbor 1. 1. 1. 5 route-map SETMETRIC out neighbor 156. 50. 10. 3 activate neighbor 156. 50. 10. 3 send-community extended bgp scan-time 10 bgp scan-time import 10 exit-address-family ! ip kerberos source-interface any ip classless no ip http server ! access-list 1 permit any route-map SETMETRIC permit 10 match ip address 1 set metric 100 ! end 33
Configurations: PE-200 hostname PE-200 ! boot system disk 0: c 7200 -js-mz. 121 -5 c. E 8. bin ! ip subnet-zero ! ip vrf pink rd 200: 2 route-target export 200: 777 route-target import 200: 2 route-target import 300: 2 ! ip vrf red rd 200: 1 export map OUT-INTER-AS route-target export 200: 1 route-target import 300: 1 ip cef tag-switching tdp router-id Loopback 0 cns event-service server ! interface Loopback 0 ip address 166. 50. 10. 3 255 ! interface Loopback 10 ip vrf forwarding red ip address 20. 1. 1. 1 255. 0 ! interface Loopback 11 ip vrf forwarding pink ip address 21. 1 255. 0 ! interface Fast. Ethernet 4/0 ip address 2. 2. 2. 6 255. 252 no ip route-cache cef duplex full tag-switching ip ! router ospf 200 log-adjacency-changes network 2. 2. 2. 0 0. 0. 0. 255 area 0 network 166. 50. 10. 0. 0. 255 area 0 MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. router bgp 200 no synchronization no bgp default ipv 4 -unicast bgp log-neighbor-changes neighbor 166. 50. 1 remote-as 200 neighbor 166. 50. 1 update-source Loopback 0 neighbor 166. 50. 10. 2 remote-as 200 neighbor 166. 50. 10. 2 update-source Loopback 0 default-information originate ! address-family ipv 4 vrf redistribute connected redistribute static no auto-summary no synchronization exit-address-family ! address-family ipv 4 vrf pink redistribute connected redistribute static default-information originate no auto-summary no synchronization exit-address-family ! address-family vpnv 4 neighbor 166. 50. 1 activate neighbor 166. 50. 1 send-community extended neighbor 166. 50. 10. 2 activate neighbor 166. 50. 10. 2 send-community extended default-information originate exit-address-family ! ip classless ip route vrf red 20. 2. 1. 0 255. 0 Loopback 10 20. 1. 1. 2 ip route vrf pink 21. 2. 1. 0 255. 0 Loopback 11 21. 1. 1. 2 no ip http server ! access-list 10 permit 20. 1. 1. 0 0. 0. 0. 55 route-map OUT-INTER-AS permit 10 match ip address 10 set extcommunity rt 200: 777 additive ! end 34
Configurations: PE-300 hostname PE-300 ! ip subnet-zero ! no ip finger no ip domain-lookup ! ip vrf emerald rd 300: 2 route-target export 300: 2 route-target import 200: 2 ! ip vrf green rd 300: 1 route-target export 300: 1 route-target import 200: 1 ip cef tag-switching tag-range downstream 160 1000 0 cns event-service server ! interface Loopback 0 ip address 156. 50. 10. 3 255 ! interface Loopback 10 ip vrf forwarding green ip address 30. 1. 1. 1 255. 0 ! interface Loopback 11 ip vrf forwarding emerald ip address 31. 1 255. 0 ! interface ATM 1/0 no ip address no ip route-cache cef no atm ilmi-keepalive ! interface Fast. Ethernet 4/0 ip address 3. 3. 3. 6 255. 252 duplex full tag-switching ip ! MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. router ospf 300 log-adjacency-changes network 3. 3. 3. 4 0. 0. 0. 3 area 0 network 156. 50. 10. 0. 0. 255 area 0 ! router bgp 300 no synchronization no bgp default ipv 4 -unicast bgp log-neighbor-changes neighbor 156. 50. 1 remote-as 300 neighbor 156. 50. 1 update-source Loopback 0 neighbor 156. 50. 10. 2 remote-as 300 neighbor 156. 50. 10. 2 update-source Loopback 0 ! address-family ipv 4 vrf green redistribute connected no auto-summary no synchronization exit-address-family ! address-family ipv 4 vrf emerald redistribute connected no auto-summary no synchronization exit-address-family ! address-family vpnv 4 neighbor 156. 50. 1 activate neighbor 156. 50. 1 send-community extended neighbor 156. 50. 10. 2 activate neighbor 156. 50. 10. 2 send-community extended bgp scan-time 15 bgp scan-time import 10 exit-address-family ! ip classless no ip http server ! tftp-server disk 0: c 7200 -js-mz. 121 -5 c. E 8. bin ! end 35
INTER-AS SUMMARY MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 36
Inter-AS Summary • Service Providers have deployed Inter-AS for: Scalability purposes Partitioning the network based on services or management boundaries • Some contract work is in progress amongst Service Providers to establish partnership and offer end-end VPN services to the common customer base • Service Provider networks are completely separate Do not need to exchange internal prefix or label information • Each Service Provider establishes a direct MP-e. BGP session with the others to exchange VPN-IPv 4 addresses with labels • /32 route to reach the ASBR is created by default so ASBRs can communicate without a need for IGP Must be redistributed in the receiving Service Provider’s IGP MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 37
Inter-AS Summary (Cont. ) • IGP or LDP across ASBR links is not required Labels are already assigned to the routes when exchanged via MPe. BGP Interface used to establish MP-e. BGP session does not need to be associated with a VRF • Direct e. BGP routes and labels can be exchanged. • Next-Hop self can be turned on on ASBRs, enabling the ASBR to use its own address for next-hop • Using the next-hop self requires an additional entry in the TFIB for each VPNv 4 route (about 180) bytes • If the Service Provider wishes to hide the Inter-AS link then use the next-hop-self method otherwise use the redistribute connected subnets method MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 38
Inter-AS Summary (Cont. ) • Multi-hop MP-e. BGP sessions can be passed between Service Providers without conversions to VPNv 4 routes • Configuration of VRFs is not required on the ASBRs because bgp default route-target filter (automatic route filtering feature) has been disabled • To conserve memory on both sides of the boundary and implement a simple form of security, always configure inbound route-maps to filter only routes that need to be passed to the other AS MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 39
References • Inter-AS for MPLS VPNs CCO Documentation: www. cisco. com/univercd/cc/td/doc/product/software/ios 121/%0 B 12 1 newft/121 t 5/interas. htm • MPLS and VPN architectures Jim Guichard/Ivan Pepelnjak ISBN 1 -58705 -002 -1: www. ciscopress. com/book. cfm? book=168 • Support for Inter-provider MPLS VPN ENG-48803 Dan Tappan, (internal only) MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 40
MPLS VPN Inter-AS, 12/03 © 2003 Cisco Systems, Inc. All rights reserved. 41
- Slides: 41