MPLS VPN Configurations Khalid Raza CQFE rev 17

Скачать презентацию MPLS VPN Configurations Khalid Raza CQFE rev 17

26859ec4bce973c1a902cc6d6f1ecf2e.ppt

Количество слайдов: 101

Agenda • Introduction to VPNs concepts • VPN definitions • Types of VPNs (Overlay/Peer) • Comparison between Overlay and Peer model • Benefits for MPLS VPNs CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 2

VPN/MPLS Concepts • VPN Concept is to use the service providers shared resources connecting multiple customer sites Technologies such as X. 25, Frame-relay which use virtual circuits to establish end-to-end connection using shared service of the provider infrastructure This statistical sharing of resources enables the service provider to offer low cost services to the end user CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 6

VPN Terminology • Provider Network (P-Network) The backbone under control of a Service Provider • Customer Network (C-Network) Network under customer control • CE router Customer Edge router. Part of the Cnetwork and interfaces to a PE router CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 7

VPN Terminology • Site Set of (sub)networks part of the C-network and co-located A site is connected to the VPN backbone through one or more PE/CE links • PE router Provider Edge router. Part of the PNetwork and interfaces to CE routers • P router CQFE rev 14 Russ Davis Provider (core) router, without knowledge of VPN www. Cisco. com © 1999, Cisco Systems, Inc. 8

VPN Terminology Provider core (P) device CPE (CE) Device Provider Edge (PE) device VPN Site CPE (CE) Device VPN Site Service Provider Network CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 9

Types of VPNs • VPN services are offered in two major ways Overlay Model where the service provider provides the virtual connections between sites Peer model where the service provider participates in the layer routing of the customer CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 10

VPN Overlay Model • Service provider network is a connection of point-to-point links • Routing within the customer network is transparent to the service provider network • Service provider is responsible purely for data transport between customer sites CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 11

VPN Overlay Model • Layer 1 implementation (IP, HDLC, PPP (customer) - provider gives bit pipes only • Layer 2 implementation - service provider responsible for L 2 VC via ATM, Frame-relay CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 12

VPN Overlay Model Virtual Circuit Layer-3 Routing Adjacency CPE (CE) Device VPN Site CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. Provider Edge (PE) device Service Provider Network www. Cisco. com CPE (CE) Device VPN Site 13

VPN Peer Model • Both provider and customer network use same network protocol • CE and PE routers have a routing adjacency at each site • All provider routers hold the full routing information about all customer networks • Private addresses are not allowed • May use the virtual router capability Multiple routing and forwarding tables based on Customer Networks CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 14

VPN Peer-to-Peer Model Layer-3 Routing Adjacency CPE (CE) Router VPN Site CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. Provider Edge (PE) Router Layer-3 Routing Adjacency Provider Edge (PE) Router Service Provider Network www. Cisco. com CPE (CE) Router VPN Site 15

VPN Peer Model • Shared router Where a common router was used, extensive packet filtering is used on the PE router to isolate customer Service provider allocated addresses out of its space to the customer and managed the packet filter to ensure same customer reachability, and isolation between customers. High maintenance cost associated with packet filters Performance impact due to packet filtering CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 17

Peer-to-Peer Model Shared Router Approach PE Routing Table VPN-A routes VPN-B routes VPN-C routes CE PE Paris VPN-B CE London VPN-C CE Munich interface Serial 0/1 description ** interface to VPN-A customer ip address 192. 168. 61. 6 255. 252 ip access-group VPN-A in ip access-group VPN-A out ! interface Serial 0/2 description ** interface to VPN-B customer ip address 192. 168. 61. 9 255. 252 ip access-group VPN-B in ip access-group VPN-B out ! interface Serial 0/3 description ** interface to VPN-C customer ip address 192. 168. 62. 6 255. 252 ip access-group VPN-C in ip access-group VPN-C out Shared router approach with complex filters CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 18

VPN Peer Model • Dedicated router Customer isolation is achieved via dedicated routers connected to customer POP edge router filter routing updates between different provider edge routers Route filtering is achieved via BGP Communities Not cost effective CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 19

Peer-to-Peer Model Dedicated Router Approach VPN-A router bgp 111 neighbor 10. 13. 1. 2 remote-as 111 neighbor 10. 13. 1. 2 route-reflector-client neighbor 10. 13. 1. 2 route-map VPN-A out ! route-map VPN-A permit 10 match community-list 75 ! ip community-list 75 permit 111: 1 CE Paris VPN-B P Router CE VPN-A PE Brussels VPN-B VPN-A routes ONLY CE VPN-B PE London P Routing Table VPN-A routes (community 111: 1) VPN-B routes (community 111: 2) Dedicated router approach expensive to deploy CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 20

Comparison Between the Two Models • Peer Model • Overlay Model Easy to implement Optimal routing No knowledge of customer routing Easy to provision additional VPNs through site provisioning - no need for link provisioning Isolation between the two network CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 21

Comparison Between the Two Models • Peer Model • Overlay Model Optimal routing between sites requires full mesh Bandwidth provisioning Virtual circuits have to be manually configured CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com Customer convergence is depended on SP routing convergence Lot of routes with the provider networks causes scalability problems 22

Benefits of MPLS VPNs • Best of both worlds • PE participates in routing so you can achieve optimal routing between sites • PE isolates customer routing information like dedicated router solution • Overlapping addresses are permitted between customers CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 23

Benefits of MPLS VPNs • PE router is subdivided into virtual routers • Similar to the dedicated router approach • Each customer is assigned independent routing tables • IOS does this isolation through the concept of VRF (Virtual Routing and Forwarding) CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 24

Benefits of MPLS VPNs VPN Routing Table VPN-A CE Paris PE VPN-A CE VRF for VPN-A IGP &/or BGP London VPN-B CE VRF for VPN-B Munich Global Routing Table Multiple routing & forwarding instances (VRFs) provide the separation CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 25

Problem • How to propagate routing across the network between the PE devices? • We need a routing protocol that will transport the customer routes across the provider network • Need to maintain the independency of customers routing and address space CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 26

Easy and Lazy Answer • Run multiple routing protocols, one each for customer • But PE routers will have to run large number of routing instances • Poor P router will have to carry all the VPN routes • P routers still will run into overlapping address problem unless you configure all the vrfs on the PE router • Does not scale CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 27

Better Solution • Run a routing protocol that can exchange the routing updates only between PE routers • P router is protected from customer routes CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 28

But how to do it ? • Use BGP to pass the routing information between PE devices • Use MPLS labels to exchange packets between next-hops (PE routers) • Extend BGP to be able to handle overlapping addresses CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 29

VPN Routing & Forwarding Instance (VRF) • PE routers maintain separate routing tables Global routing table contains all PE and P routes (perhaps BGP) populated by the VPN backbone IGP VRF (VPN routing & forwarding) routing & forwarding table associated with one or more directly connected sites (CE routers) VRF is associated with any type of interface, whether logical or physical (e. g. sub/virtual/tunnel) interfaces may share the same VRF if the connected sites share the same routing information CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 30

VPN Routing & Forwarding Instance (VRF) VPN Routing Table VPN-A CE Paris PE VPN-A CE VRF for VPN-A IGP &/or BGP London VPN-B CE VRF for VPN-B Munich Global Routing Table Multiple routing & forwarding instances (VRFs) provide the separation CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 31

MPLS/VPN Connectivity Model • Private addressing in multiple VPNs no longer an issue provided that members of a VPN do not use the same address range VPN A London 10. 2. 1. 0/24 Address space for VPN A and B must be unique 10. 3. 3. 0/24 Munich 10. 2. 12. 0/24 10. 4. 12. 0/24 Milan VPN B CQFE rev 14 Russ Davis Paris © 1999, Cisco Systems, Inc. Brussels 10. 2. 1. 0/24 www. Cisco. com Vienna 10. 22. 12. 0/24 VPN C 32

VPN Routing & Forwarding Instance (VRF) • VRF can be thought of as a virtual router with the following structures: forwarding table based on CEF a set of interfaces that use the derived forwarding table rules to control import/export of routes from/into the VPN routing table set of routing protocols/peers which inject information into the VPN routing table (including static routing) router variables associated with the routing protocol used to populate the VPN routing table CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 33

VRF Route Population • VRF is populated locally through PE and CE routing protocol exchange RIP Version 2, OSPF, BGP-4 & Static routing • Separate routing context for each VRF routing protocol context (BGP-4 & RIP V 2) separate process (OSPF) CE Site-1 PE EBGP, OSPF, RIPv 2, Static CE Site-2 CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 34

Local VRF Route Population VPN-A CE Paris VRF for VPN-A PE VPN-A Which routing protocol context or process ? CE Global London VPN-B VRF for VPN-B CE Munich Local VRF population driven by routing protocol context or process (OSPF) CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 35

VRF Route Distribution • PE routers distribute local VPN information across the MPLS/VPN backbone through the use of MP-BGP & redistribution from VRF receiving PE imports routes into attached VRFs P Router CE Router VPN Site PE PE MP-BGP CE Router VPN Site MPLS/VPN Backbone CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 36

Concept of RD • If customers have overlapping address, BGP will treat them is single prefix • Extend the prefix with a 64 -bit prefix (route -distinguisher) • Now, with 32 bit IP address and 64 bit RD, the two overlapping IP address are unique CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 37

Concept of RD • 32 bit IP prefix is the IPv 4 address • With 64 bit RD, it is now extended to 96 bit and is now VPNv 4 address • This address is exchanged only between the PE routers via BGP • This is carried in Multi-Protocol BGP CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 38

Concept of RD VPN-A CE PE router converts it into a 96 bit VPNv 4 prefix PE 1 MPLS/VPN Backbone PE 2 VPN-B MP-BGP CE VPN-B Munich CE CQFE rev 14 Russ Davis router sends 32 bit IPv 4 prefix © 1999, Cisco Systems, Inc. www. Cisco. com BGP Table Routes from VPN-A Routes from VPN-B 39

Processing of RD • RD is propagated between the PE routers • RD is removed by the receiving PE routers • CE router receives just the IPv 4 prefixes CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 40

Usage of RD • RD is only used to extend the IP prefix such that overlapping address are unique • Simple VPN topologies require single RD per customer • In some cases multiple RDs may be required CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 41

Can RD be the VPN Identifier? • Yes - it could be a VPN identifier • Complex topologies require another component for VPN topologies other than RD, just like communities are more flexible. CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 42

Concept of RT • Sites that have to participate in more than one VPN- RD is not sufficient • You need another way of deciding the membership • RT was introduced to support complex topologies such that separation and grouping is easier CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 43

Concept of RT • RT is extended BGP communities, attached to VPNv 4 address • Give more flexibility to the VPN membership • Any number of RT can be attached to a route • Extended communities are 64 bit values CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 44

Concept of RT • RTs are either exported or imported • Export route target are attached to the route the moment it is converted from IPv 4 to VPNv 4 • Import RT is used to decide the routes that would be imported into the VPN CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 45

Routing Within MPLS VPN • Pass IPv 4 to the customer routers • No VPN routes within the MPLS core (P routers) • P routers run IGP and global BGP (if needed) • Provider Edge router carries connected VPN routes and Internet routes CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 46

Routing P-router Perspective • Runs IGP with all the P and PE routers in the network • No MPLS VPN routing information • Very simple view of the network CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 47

Routing PE-router Perspective • Exchanges IPv 4 routes with CE router • Exchange VPNv 4 routes with other PE routers • Run common IGP with P router and also internet BGP with P routers (if needed) CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 48

Routing Table on PE Router • PE router has to maintain number of routing tables • Global routing table (IGP, Internet routes) • VRF routing information for VPNs connected • VRF routing is populated via CE and other PE routes CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 49

PE to PE Route Information Flow • PE router creates VPNv 4 update • Adds extended community attribute (RT, SOO) • All other BGP attributes • Received route is imported into appropriate VRF according to RT values • Routes installed into VRF are propagated to CE routers CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 50

MP-BGP Update • Any other standard BGP attribute Local Preference MED Next-hop AS_PATH Standard Community • A Label identifying: The outgoing interface or VRF where a lookup has to be performed (aggregate/connected) The BGP label will be the second label in the label stack of packets travelling in the core CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 51

VRF Population of MP-BGP ip vrf VPN-A route-target import VPN-A VPN-v 4 update is translated into IPv 4 address and put into VRF VPN-A as RT=VPNA and optionally advertised to CE-2 PE-1 CE-1 Paris VPN-v 4 update: RD: 1: 27: 149. 27. 2. 0/24, Next-hop=PE-1 SOO=Paris, RT=VPN-A, Label=(28) PE-2 CE-2 London • Receiving PE routers translate to IPv 4 Insert the route into the VRF identified by the RT attribute (based on PE configuration) • The label associated to the VPN-V 4 address will be set on packets forwarded toward the destination CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 52

Routing Between PE-CE • CE does not need any understanding of MPLS • CE needs standard IP software • Currently EBGP, OSPF, RIP, and static routing is supported • PE router looks like a standard corporate backbone to the CE router CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 53

MPLS/VPN Packet Forwarding In Label - FEC Out Label 197. 26. 15. 1/32 - In Label FEC Out Label 41 197. 26. 15. 1/32 POP In Label - FEC 197. 26. 15. 1/32 197. 26. 15. 1 PE-1 41 PE-2 Use label implicit-null for destination 197. 26. 15. 1/32 Paris 149. 27. 2. 0/24 Out Label Use label 41 for destination 197. 26. 15. 1/32 VPN-v 4 update: RD: 1: 27: 149. 27. 2. 0/24, NH=197. 26. 15. 1 SOO=Paris, RT=VPN-A, Label=(28) London • PE and P routers have BGP next-hop reachability through the backbone IGP • Labels are distributed through LDP corresponding to BGP Next-Hops or RSVP with Traffic Engineering CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 54

MPLS/VPN Packet Forwarding • Label Stack is used for packet forwarding Top label indicates BGP Next-Hop (interior label) Second level label indicates outgoing interface or VRF (exterior VPN label) • MPLS nodes forward packets based on top label any subsequent labels are ignored • Penultimate Hop Popping procedures used one hop prior to egress PE router CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 55

Penultimate Hop Popping In Label - FEC Out Label 197. 26. 15. 1/32 In Label 41 FEC Out Label 197. 26. 15. 1/32 In Label POP - FEC 197. 26. 15. 1/32 Out Label 41 197. 26. 15. 1 London Brussels Use label implicit-null for destination 197. 26. 15. 1/32 Paris Use label 41 for destination 197. 26. 15. 1/32 London# show tag-switching tdp binding 197. 26. 15. 1 tib entry: 197. 26. 15. 1/32, rev 10 local binding: tag: imp-null(1) remote binding: tsr: 172. 16. 3. 1: 0, tag: 41 Brussels# show tag-switching tdp binding 197. 26. 15. 1 tib entry: 197. 26. 15. 1/32, rev 10 local binding: tag: 41 remote binding: tsr: 172. 16. 3. 2: 0, tag: imp-null(1) Brussels# show tag-switching forwarding Local tag 41 CQFE rev 14 Russ Davis Outgoing tag or VC Pop tag © 1999, Cisco Systems, Inc. Prefix or Tunnel Id 197. 26. 15. 1/32 Bytes tag switched 0 www. Cisco. com Outgoing interface Se 0/0/2 Next Hop point 2 point 56

MPLS/VPN Packet Forwarding In Label FEC Out Label - 197. 26. 15. 1/32 41 VPN-A VRF 149. 27. 2. 0/24, NH=197. 26. 15. 1 Label=(28) PE-1 41 Paris 149. 27. 2. 0/24 28 149. 27. 2. 27 London • Ingress PE receives normal IP packets • PE router performs IP Longest Match from VPN FIB, finds i. BGP next-hop and imposes a stack of labels CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 57

MPLS/VPN Packet Forwarding In Label 28(V) VPN-A VRF 149. 27. 2. 0/24, NH=Paris FEC Out Label In Label FEC Out Label 149. 27. 2. 0/24 - 41 197. 26. 15. 1/32 POP VPN-A VRF 149. 27. 2. 0/24, NH=197. 26. 15. 1 Label=(28) PE-1 149. 27. 2. 27 28 149. 27. 2. 27 41 Paris 149. 27. 2. 0/24 28 149. 27. 2. 27 London • Penultimate PE router removes the IGP label Penultimate Hop Popping procedures (implicit-null label) • Egress PE router uses the VPN label to select which VPN/CE to forward the packet to • VPN label is removed and the packet is routed toward the VPN site CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 58

MPLS Configuration • VRF: Sites requiring same routing policies share same VRF IP routing table CEF forwarding Route distinguisher Route Target (export, import) CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 60

MPLS Configuration • VRF configuration Step 1. Create VRF Step 2. Assign an RD Step 3. RT export Step 4. RT import Step 5. Define an interface to a VRF CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 61

MPLS Configuration • VRF configuration Step 1. Creating a VRF ip vrf name Example ip vrf bootcamp Where bootcamp is just a name like routemap name CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 62

MPLS Configuration • VRF configurations Step 2. Every VRF needs an associated RD rd route-distinguisher Could be AS: X or IP address : X Example: rd 109: 12345 CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 63

MPLS Configuration • VRF configuration Step 3. Defining a route target that will be exported with every route that is send from the VRF Multiple route-target can be attached to a vrf route-target export RT Example: route-target export 109: 1234 CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 64

MPLS Configuration • VRF configuration Step 4. Define a route-target that will be accepted by the router to be imported into the VRF route-target import Example: route-target import 109: 1345 CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 65

MPLS Configuration • VRF configuration Step 5. Associate an interface to the VRF; this will remove the interface from the global routing process Existing IP address is removed once the interface is defined to a VRF; you will have to re -configure the IP address CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 66

MPLS Configuration • VRF configuration Ip vrf GREEN rd 109: 145 route-target export 109: 145 route-target import 109: 145 interface serial 1/0/1 ip forwarding vrf GREEN ip address 10. 1. 1. 5 255. 252 CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 67

MPLS Configuration • MP-BGP configuration BGP process is extended to perform three functions Tasks are configured in same BGP process through address families 1. Maintain and exchange global routing information (IPv 4 routing) 2. VPNv 4 routing 3. VRF routing exchange with CE CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 68

MPLS Configuration • MP-BGP configurations Global neighbor are configured under the global BGP process (All P and PE neighbors) These neighbors need to be activated under the appropriate address family according to requirements VRF specific neighbors are defined under the corresponding VRFs CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 69

MPLS Configuration • MP-BGP configurations Step 1. Configure neighbors and their parameters under the global process Step 2. Configure address family VPNv 4 Step 3. Activate neighbors to carry VPNv 4 routes Step 4. Activate the VPNv 4 specific parameters under the address family (filter, etc. ) CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 70

MPLS Configuration • MP-BGP configurations Step 1. Configure BGP process router bgp 110 neighbor 131. 108. 1. 1 remote-as 110 neighbor 131. 108. 1. 1 update-source loopback 0 CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 71

MPLS Configuration • MP-BGP Configurations Step 2. Configure the address family, activate the neighbor under the address family for VNPv 4 routes. Neighbor that was defined earlier under main BGP process address-family vpnv 4 neighbor 131. 108. 1. 1 activate neighbor 131. 108. 1. 1 next-hop-self CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 72

MPLS Configuration • Let’s talk a little about the IPv 4 address family Address-family IPv 4 is same is your regular BGP process Configurations done under this family will be added to the global BGP configurations CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 73

MPLS Configuration no bgp default ipv 4 unicast • Disables the default behavior of IPv 4 route propagation • Activate the neighbors that need to get IPv 4 routes • Isolation of VPNv 4 and IPv 4 routes such that few neighbors get both and few receive VPnv 4 only CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 74

MPLS Configuration • Example: 3 neighbors: two of them need IPv 4 routes, one does not • Requirements Neighbor 131. 108. 1. 1 (IPv 4, VPNv 4) Neighbor 131. 108. 1. 2 (IPv 4 only) Neighbor 131. 108. 1. 3 (VPNv 4 only) CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 75

MPLS Configuration Router bgp 110 No bgp default ipv 4 unicast Neighbor 131. 108. 1. 1 remote-as 110 Neighbor 131. 108. 1. 2 remote-as 110 Neighbor 131. 108. 1. 3 remote-as 110 Neighbor 131. 108. 1. 1 activate Neighbor 131. 108. 1. 2 activate Address-family vpnv 4 Neighbor 131. 108. 1. 1 activate Neighbor 131. 108. 1. 3 activate CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 76

MPLS Configuration • BGP/RIP require single routing process • Distance/path vector no database separation needed; done through addressfamilies • OSPF requires a separate routing process for each VRF to maintain a separate database CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 78

MPLS Configuration • BGP Define the neighbor under the address-family vrf and not under the global BGP router bgp 110 ! address-family ipv 4 vrf Green neighbor 10. 1. 1. 1 remote-as 115 neighbor 10. 1. 1. 1 activate CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 80

MPLS Configuration • RIP Single routing process RIP parameters in each VRF router rip version 2 address-family ipv 4 vrf BLUE network 10. 0 redistribute bgp 110 metric transparent CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 81

MPLS OSPF • IGP-BGP redistribution is done by MPLS • Not a very good thing for OSPF • Routes redistributed in OSPF are external • Single LSA for every external route CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 82

MPLS OSPF • If all the routes are carried as external • Route summarization would be a problem • Stub areas would be hard to implement CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 83

MPLS OSPF • MPLS VPNs needed to be extended to carry OSPF information • Per se create a concept of super backbone • Super backbone is created with MP-BGP between the PE-routers • This super backbone is between the PE routers; it is transparent to OSPF CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 84

MPLS OSPF • OSPF between sites does not use normal OSPF-BGP redistribution • Internal OSPF routes are kept internal to OSPF • External routes are kept external • OSPF metrics are preserved • MPLS OSPF backbone is transparent to CE OSPF that runs standard software CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 86

MPLS OSPF • PE routers act as ABRs • In the case of no stub area, PE routers also act as ASBRs • For CE routers’ perspective, send an inter-area route into the connected area CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 87

MPLS OSPF • Intra-area OSPF routes are redistributed into BGP by the PE router • Route Summarization can be done at the redistribution point by the PE router CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 88

MPLS OSPF • Super backbone acts just like area 0 in regular OSPF • Redistributed routes at the PE routers appear as inter-area routes • Routes from one area 0 site into another area 0 sites appear as inter-area routes • Redistributed intra- and inter-area routes appear as inter-area routes; external still appear as external CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 89

MPLS OSPF • For MP-BGP, extended community of 0 x 8000 is used • OSPF cost is copied as MED for BGP • LSA type and metric are carried across CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 90

MPLS OSPF • OSPF-BGP loop avoidance MPLS BGP backbone OSPF route Redistributed into BGP PE 1 VPN-A Area 0 Paris CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. CE PE 3 VPN-A VPN-B PE 2 VPN-A VPN-B Area 0 www. Cisco. com 91

MPLS OSPF • PE 1 learns the route via OSPF intra-area • PE 1 advertises the route to PE 2 and PE 3 via MP-BGP • One of the PE router redistributes it first (sort of race condition) • PE 2 sends the route to PE 3 via OSPF summary LSA CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 92

MPLS OSPF • PE 3 removes the i. BGP route for the destination and installs the OSPF summary route, due to lower admin distance • You can solve the problem by lowering the administrative distance of i. BGP to be less… not a clean solution CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 93

MPLS OSPF • To solve this problem a (Down bit) has been added to option field of the header like ISIS TLV 135 • PE router sets the down bit when redistributing routes from MP-BGP to OSPF • PE router will never redistribute OSPF route back into BGP with down bit set CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 94

MPLS OSPF • Double redistribution loop is still possible • When the CE does redistribution between domains and the down bit is lost • For this purpose, tag field is used as done by standard BGP-OSPF redistribution • PE routers never redistributes OSPF routes with Tag field equal to their own AS number into MP-BGP CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 95

MPLS Configuration • OSPF Configuration is still simple router ospf 110 vrf RED network 10. 1. 0. 0. 255 area 0 redistribute bgp 110 CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 96

MPLS IS-IS • VPN backbone is treated as a level above L 2 • All L 1/L 2 routes will be redistributed into BGP at the PE router • New extended community in BGP 0 x 0006 CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 97

MPLS IS-IS • Same as route leaking concept: don’t send out IS-IS back into BGP if UP/Down bit is set • Don’t send route if the route in the table is not learned via IS-IS CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 98

MPLS IS-IS • At the receiving site redistribute the route into IS-IS with UP/Down bit set • Same concept as separation of LSDB: one DB can belong to one VPN CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 99

MPLS IS-IS • Configuration is similar to OSPF router isis tag 1 vrf vpn-blue net 49. 0001. 1201. 0003. 0001. 00 redistribute bgp 65000 metric transparent level-1 -2 CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 100

MPLS Configuration • Static Used to configure VRF specific routes Always need to specify the interface even though you have the next-hop ip route vrf YELLOW 10. 1. 0. 0 255. 0. 0 10. 1. 1. 5 serial 2/0 CQFE rev 14 Russ Davis © 1999, Cisco Systems, Inc. www. Cisco. com 101