Aut inveniam viam aut faciam

MPLS Layer 3 VPN (L3VPN) Notes

MPLS Layer 3 VPN (L3VPN)

MP-BGP

– Multiprotocol Border Gateway Protocol

PE

– Provider Edge router

P

– Provider router

CE

– Customer Edge router

Control Plane

– PE – CE

     -> IGP or eBGP

– PE – PE

     -> MP-BGP

Data Plane

– When traffic will be sent, MPLS will be used

PE routers create one VRF (Virtual Routing and Forwarding) instance per customer

– VRF has a separate FIB table per customer

– VRF parameters

     -> Name of VRF table

     -> Route Distinguisher (RD)

          -> 64 bit value represented as <32 bit>:<32 bit>

          -> 50:60

          -> Used to make customer routes unique

RD + IPv4 address = VPNv4 router

     -> 64 bit + 32 bits = 96 bits

     -> Route Target (RT)

          -> 64 bit value represented as <32 bit>:<32 bit>

          -> To control the distination of routes, the concept of import and export is used

Configuration on PE routers

Phase 1

1. Create the VRF

2. Adding RD value

     -> Only one RD value per VRF

3. One or more RTs

     -> Import

     -> Export

4. Interface association with the VRF

5. PE – CE protocol association

R1 (config)# ip vrf c1b1

rd 100:100

route-target import 100:100

route-target export 100:100

int s0/0

  ip vrf forwarding c1b1

  ip add 14.0.0.1 255.0.0.0

sh ip route

  C     12.0.0.0

  C     1.0.0.0

sh ip route vrf c1b1

  C     14.0.0.0

R1(config)# router rip

address-family ipv4 vrf c1b1

  version 2

  no auto-summary

  network 14.0.0.0

sh ip route vrf c1b1

  C     14.0.0.0

  R     4.4.4.4

Configure RIP on the CE routers

After Phase 1, the PE routers will have the local client routes

Phase 2

1. Configure MP-BGP on PE routers

2. Form VPNv4 neighbor relationship between PE routers using /32 loopback interfaces

3. Do mutual redistribution between the PE – CE IGP and the MP-BGP VRF-to-VRF

RD + IPv4 Address = VPNv4 route

100:100:4.4.4.4

R1(config)# router bgp 100

neighbor 3.3.3.3 remote-as 100

neighbor 3.3.3.3 update-source lo0

address-family vpnv4 unicast

  neighbor 3.3.3.3 activate

  neighbor 3.3.3.3 send-community extended

     -> This is automatically added to the configuration when the neighbor is activated

  address-family ipv4 vrf c1b1


   redistribute rip

Extended community is used to send and receive IGP parameters from one customer site to another customer site

R1(config)# router rip

address-family ipv4 vrf c1b1

  redistribute bgp 100 metric { transparent | <value> }

Transparent

  RIP -> BGP’s MED -> BGP’s MED -> RIP metric

BGP adds a VPN label when routes are redistributed into BGP

BGP VPN Label = 100 for 4.4.4.4

sh mpls forwarding-table

     -> To check the LFIB

BGP

– IPv4

– IPv6

XR Routers

router bgp <asn>


 address-family <afi> <safi>

     -> Address-family Identifier

          -> ipv4

               -> 32 bit

          -> ipv6

               -> 128 bit

          -> vpnv4

               -> RD + ipv4

               -> 64 bits + 32 bits = 96 bits

               -> Client IPv4 addresses

          -> vpnv6

               -> RD + ipv6

               -> 64 bits + 128 bits = 192 bits

               -> Client IPv6 addresses

     -> Subsequent Address-family Identifier

          -> unicast

          -> multicast

          -> mdt

               -> Multicast Distribution Tree

router bgp <asn>


address-family <afi> <safi>


  network <ip add>/<nm>


  redistribute <protocol>


  exit


neighbor <ip add>


  remote-as <asn>


  update-source <int>


  ebgp-multihop <ttl>


address-family <afi> <safi>


  route-reflector-client


  next-hop-self


  route-policy <name> in | out


  as-override


  default-originate

Configure BGP between R1 and R2 for IPv4 and IPv6

 – Advertise loopbacks

 – Disable the default address-familty

     -> This is commonly seen in the lab

R1(config)# router bgp 100

 no bgp default ipv4-unicast

 neighbor 12.0.0.2 remote-as 100

 neighbor 2002:12::2 remote-as 100

 address-family ipv4 unicast

  neighbor 12.0.0.2 activate

  network 12.0.0.0 mask 255.0.0.0

  network 1.1.1.1 mask 255.255.255.255

 address-family ipv6 unicast

  neighbor 2002:12::2 activate

  network 2002:12::/64

  network 2002:1:1:1::1/128

R2(config)# router bgp 100

      -> On the XR router, the is no default address-family

 address-family ipv4 unicast

  network 2.2.2.2/32

  network 12.0.0.0/8

 address-family ipv6 unicast

  network 2002:12::/8

  network 2002:2:2:2::2/128

 neighbor 12.0.0.1

  remote-as 100

  address-family ipv4 unicast

 neighbor 2002:12::1

  remote-as 100

  address-family ipv6 unicast

sh bgp <afi> <safi>

sh bgp ipv4 unicast

sh bgp ipv6 unicast

eBGP

 – By default, no IPv4 or IPv6 updates can be exchanged

     -> A route-policy has to be applied to the incoming and outgoing directions inside the address-family

 – Create the route-policy in global config

route-policy PASS

 pass

 exit

 – Apply the route-policy to the address-family

router bgp 100

 neighbor <ip add>

  address-family <afi> <safi>

   route-policy PASS in

   route-policy PASS out

L3VPN

 1. VRF creation

 2. PE – CE interface association

 3. IGP association ( PE – CE )

 4. MP-BGP ( PE – PE )

 5. Mutual redistribution between VRF IGP and MP-BGP

 – ISP Core

     -> IGP + LDP

XR Routers

R1(config)# vrf ABC

 address-family ipv4 unicast

  import route-target 1:1

  export route-target 1:1

RD value is configured inside BGP on XR routers

 – This is easy to forget

VRF interface association

 – On XR routers, the IPv4 and IPv6 addresses must be removed before associating the interface to the VRF

R1(config)# int g0/0/0/0

 no ipv4 add

 no ipv6 add

 vrf ABC

 ipv4 <ip add>/<nm>

 ipv6 <ip add>/<nm>

router rip

 vrf ABC

  int g0/0/0/0

router eigrp 100

 vrf ABC

  address-family ipv4 unicast

   autonomous-system 100

   int g0/0/0/0

  address-family ipv6 unicast

   autonomous-system 100

   int g0/0/0/0

router ospf 1

 vrf ABC

  area 0

   int g0/0/0/0

root

show config

commit

MP-BGP

 – VPNv4 address-family

     -> PE – PE

 – Mutual redistribution with VRF IGP

R1(config)# router bgp 100

 address-family ipv4 unicast

 address-family vpn4 unicast

 neighbor 2.2.2.2

  remote-as 100

  update-source lo0

  address-family vpn4 unicast

 vrf ABC

  rd 1:1

     -> This is easy to forget

  address-family ipv4 unicast

   redistribute ospf 1

router ospf 1

 vrf ABC

  redistribute bgp 100

  area 0

  int g0/0/0/0

During the SP lab, there will be 6 PE routers and 6 CE routers

If PE – CE protocol is BGP

R1(config)# router bgp 100

 address-family ipv4 unicast

 address-family vpnv4 unicast

 neighbor 2.2.2.2

  remote-as 100

  update-source lo0

  address-family vpnv4 unicast

 vrf ABC

  rd 1:1

  address-family ipv4 unicast

   redistribute connected

  neighbor 13.0.0.3

   remote-as 50

   address-family ipv4 unicast

    route-policy PASS in

    route-policy PASS out

    as-override

! R1

router eigrp 1


 address-family ipv4


  int lo0


  int gi0/0/0/1

! R2

router ospf 1

 router-id 2.2.2.2

 area 0

  int lo0

  int gi0/0/0/1

!


mpls ldp


router ospf 1


 mpls ldp auto-config

!


router bgp 100


 bgp router-id 2.2.2.2


 address-family vpnv4 unicast


 neighbor 5.5.5.5


  remote-as 100


  update-source lo0


  address-family vpnv4 unicast

!


vrf ABC


 address-family ipv4 unicast


  import route-target 1:1


  export route-target 1:1


router bgp 100


 vrf ABC


  rd 1:1


  address-family ipv4 unicast

!

int g0/0/0/0

 no ipv4 address 12.0.0.2 255.255.255.0

 vrf ABC

 ipv4 address 12.0.0.2 255.255.255.0

!


router eigrp 1


 vrf ABC


  address-family ipv4

   autonomous-system 1

   int gi0/0/0/0

!


router bgp 100


 vrf ABC


 address-family ipv4 unicast


  redistribute eigrp 1


router eigrp 1


 vrf ABC


 address-family ipv4

  redistribute bgp 100

! R3

int lo0


 ip ospf 1 area 0


int e1/0


 ip ospf 1 area 0


int e1/1


 ip ospf 1 area 0


router ospf 1


 router-id 3.3.3.3

!


mpls label protocol ldp


mpls ldp router-id lo0 force


int e1/0


 mpls ip


int e1/1

 mpls ip

 


! R4

router ospf 1


 router-id 4.4.4.4


 area 0

  int lo0

  int gi0/0/0/0

  int gi0/0/0/1

!


mpls ldp


router ospf 1

 mpls ldp auto-config

! R5

router ospf 1


 router-id 5.5.5.5


 area 0

  int lo0

  int gi0/0/0/1

!


mpls ldp


router ospf 1


 mpls ldp auto-config

!


router bgp 100


 bgp router-id 5.5.5.5

 address-family vpnv4 unicast

 neighbor 2.2.2.2

  remote-as 100


  update-source lo0


  address-family vpnv4 unicast

!


vrf ABC


 address-family ipv4 unicast


  import route-target 1:1


  export route-target 1:1


router bgp 100


 vrf ABC


  rd 1:1


  address-family ipv4 unicast

!

int gi0/0/0/0

 no ipv4 address 35.0.0.3 255.255.255.0

 vrf ABC

 ipv4 address 35.0.0.3 255.255.255.0

!


router eigrp 1


 vrf ABC


  address-family ipv4

   autonomous-system 1

   int gi0/0/0/0

!


router bgp 100


 vrf ABC


 address-family ipv4 unicast


  redistribute eigrp 1


router eigrp 1


 vrf ABC


 address-family ipv4


  redistribute bgp 100

! R6 

router eigrp 1

 network 6.6.6.6 0.0.0.0

 network 56.0.0.6 0.0.0.0

Verification

! R1

sh eigrp int

sh eigrp nei

sh ip route

ping 6.6.6.6

! R2 and R5

sh ospf nei

sh route ospf

sh mpls int

sh mpls ldp nei bri

sh bgp vpnv4 u sum

sh bgp vpnv4 u

sh vrf ABC

sh eigrp vrf ABC nei

sh route vrf ABC eigrp

ping vrf ABC 1.1.1.1

ping vrf ABC 6.6.6.6

sh bgp vrf ABC

sh route vrf ABC bgp

sh eigrp vrf ABC topology

! R6

sh ip eigrp int

sh ip eigrp nei

sh ip route

ping 1.1.1.1

Comments are closed.

This entry was posted on Saturday, October 27th, 2018 at 7:39 pm and is filed under CCIE. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.