MPLS L3VPN Inter-AS Option B aka MPLS VPN Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses, is similar to the previous Option A example with the exception that the Inter-AS link runs a single VPNv4 EBGP peering instead of multiple VRF aware IGP or BGP instances.
In this procedure, the PE routers use IBGP to redistribute labeled VPN-IPv4 routes either to an Autonomous System Border Router (ASBR), or to a route reflector of which an ASBR is a client. The ASBR then uses EBGP to redistribute those labeled VPN-IPv4 routes to an ASBR in another AS, which in turn distributes them to the PE routers in that AS, or perhaps to another ASBR which in turn distributes them, and so on.
We will use following network topology to discuss this feature.
PE-CE Configuration with ISP-1
R7 (CE Router) - Customer A Site 1 ## EIGRP is the PE-CE routing protocol used for this customer ## interface FastEthernet0/0 ip address 192.168.47.7 255.255.255.0 ! interface FastEthernet0/1 ip address 192.168.7.7 255.255.255.0 ! router eigrp 100 network 192.168.0.0 0.0.255.255 R8 (CE Router) - Customer B Site 1 ## OSPF is the PE-CE routing protocol used for this customer ## interface FastEthernet0/0 ip address 172.16.48.8 255.255.255.0 ip ospf network point-to-point ip ospf 1 area 0 ! interface FastEthernet0/1 ip address 172.16.8.8 255.255.255.0 ip ospf network point-to-point ip ospf 1 area 0 ! router ospf 1 router-id 172.16.8.8 R4 (PE Router) - ISP 1 vrf definition Cust-A rd 101:201 ! address-family ipv4 route-target export 101:201 route-target import 101:201 exit-address-family ! vrf definition Cust-B rd 102:202 ! address-family ipv4 route-target export 102:202 route-target import 102:202 exit-address-family ! interface Loopback0 ip address 1.1.0.4 255.255.255.255 ip ospf 1 area 0 ! interface FastEthernet0/1 ip address 1.1.34.4 255.255.255.0 ip ospf network point-to-point ip ospf 1 area 0 mpls ip ! interface FastEthernet1/0 vrf forwarding Cust-A ip address 192.168.47.4 255.255.255.0 ! interface FastEthernet1/1 vrf forwarding Cust-B ip address 172.16.48.4 255.255.255.0 ip ospf network point-to-point ip ospf 100 area 0 ! router eigrp 1 ! address-family ipv4 vrf Cust-A autonomous-system 100 default-metric 10000 100 255 1 1500 redistribute bgp 100 network 192.168.47.0 exit-address-family ! router ospf 100 vrf Cust-B router-id 172.16.48.4 redistribute bgp 100 subnets ! router ospf 1 router-id 1.1.0.4 ! router bgp 100 bgp router-id 1.1.0.4 bgp log-neighbor-changes no bgp default ipv4-unicast neighbor 1.1.0.1 remote-as 100 neighbor 1.1.0.1 update-source Loopback0 ! address-family ipv4 exit-address-family ! address-family vpnv4 neighbor 1.1.0.1 activate neighbor 1.1.0.1 send-community extended exit-address-family ! address-family ipv4 vrf Cust-A redistribute connected redistribute eigrp 100 exit-address-family ! address-family ipv4 vrf Cust-B redistribute connected redistribute ospf 100 match internal external 1 external 2 exit-address-family ! R3 (P Router) - ISP 1 interface Loopback0 ip address 1.1.0.3 255.255.255.255 ip ospf 1 area 0 ! interface FastEthernet0/0 ip address 1.1.13.3 255.255.255.0 ip ospf network point-to-point ip ospf 1 area 0 mpls ip ! interface FastEthernet0/1 ip address 1.1.34.3 255.255.255.0 ip ospf network point-to-point ip ospf 1 area 0 mpls ip ! router ospf 1 router-id 1.1.0.3 ! R1 (PE Router) - ISP 1 - ASBR connected to ISP 2 interface Loopback0 ip address 1.1.0.1 255.255.255.255 ip ospf 1 area 0 ! interface FastEthernet0/0 ip address 1.1.13.1 255.255.255.0 ip ospf network point-to-point ip ospf 1 area 0 mpls ip ! interface FastEthernet0/1 ip address 12.12.12.1 255.255.255.0 mpls bgp forwarding ! router ospf 1 router-id 1.1.0.1 ! router bgp 100 bgp router-id 1.1.0.1 bgp log-neighbor-changes no bgp default ipv4-unicast no bgp default route-target filter neighbor 1.1.0.4 remote-as 100 neighbor 1.1.0.4 update-source Loopback0 neighbor 12.12.12.2 remote-as 200 ! address-family ipv4 exit-address-family ! address-family vpnv4 neighbor 1.1.0.4 activate neighbor 1.1.0.4 send-community extended neighbor 1.1.0.4 next-hop-self neighbor 12.12.12.2 activate neighbor 12.12.12.2 send-community extended exit-address-family !
PE-CE Configuration with ISP-2
Option B’s VPNv4 EBGP peering between the providers means that the VPNv4 Route Distinguisher and Route Target fields have global significance between the MPLS Service Providers.
R1(config-if)#router bgp 100
R1(config-router)#neighbor 12.12.12.2 remote-as 200
R1(config-router)#address-family vpnv4
R1(config-router-af)#neighbor 12.12.12.2 activate
R1(config-router-af)#
*Sep 1 21:48:01.247: %BGP-5-ADJCHANGE: neighbor 12.12.12.2 Up
*Sep 1 21:48:01.251: RT: updating connected 12.12.12.2/32 (0x0):
via 0.0.0.0 Fa0/1 1048578
*Sep 1 21:48:01.259: RT: add 12.12.12.2/32 via 0.0.0.0, connected metric [0/0]
R1(config-router-af)#
*Sep 1 21:48:01.459: %BGP_LMM-6-AUTOGEN1: The mpls bgp forwarding command has been configured on interface: FastEthernet0/1
R1(config-router-af)#
PE Routers R4 and R6 in both ISP-1 and ISP-2 respectively are configured with same Route Distinguisher and Route Target for Customer A & Customer B as agreed between both MPLS providers. vrf definition Cust-A rd 101:201 ! address-family ipv4 route-target export 101:201 route-target import 101:201 exit-address-family ! vrf definition Cust-B rd 102:202 ! address-family ipv4 route-target export 102:202 route-target import 102:202 exit-address-family
R2 (PE Router) - ISP 2 - ASBR connected to ISP 1 interface Loopback0 ip address 2.2.0.2 255.255.255.255 ip ospf 1 area 0 ! interface FastEthernet0/0 ip address 2.2.25.2 255.255.255.0 ip ospf network point-to-point ip ospf 1 area 0 mpls ip ! interface FastEthernet0/1 ip address 12.12.12.2 255.255.255.0 mpls bgp forwarding ! router ospf 1 router-id 2.2.0.2 ! router bgp 200 bgp router-id 2.2.0.2 bgp log-neighbor-changes no bgp default ipv4-unicast no bgp default route-target filter neighbor 2.2.0.6 remote-as 200 neighbor 2.2.0.6 update-source Loopback0 neighbor 12.12.12.1 remote-as 100 ! address-family ipv4 exit-address-family ! address-family vpnv4 neighbor 2.2.0.6 activate neighbor 2.2.0.6 send-community extended neighbor 2.2.0.6 next-hop-self neighbor 12.12.12.1 activate neighbor 12.12.12.1 send-community extended exit-address-family ! R5 (P Router) - ISP 2 interface Loopback0 ip address 2.2.0.5 255.255.255.255 ip ospf 1 area 0 ! interface FastEthernet0/0 ip address 2.2.25.5 255.255.255.0 ip ospf network point-to-point ip ospf 1 area 0 mpls ip ! interface FastEthernet0/1 ip address 2.2.56.5 255.255.255.0 ip ospf network point-to-point ip ospf 1 area 0 mpls ip ! router ospf 1 router-id 2.2.0.5 R6 (PE Router) - ISP 2 vrf definition Cust-A rd 101:201 ! address-family ipv4 route-target export 101:201 route-target import 101:201 exit-address-family ! vrf definition Cust-B rd 102:202 ! address-family ipv4 route-target export 102:202 route-target import 102:202 exit-address-family ! interface Loopback0 ip address 2.2.0.6 255.255.255.255 ip ospf 1 area 0 ! interface FastEthernet0/1 ip address 2.2.56.6 255.255.255.0 ip ospf network point-to-point ip ospf 1 area 0 mpls ip ! interface FastEthernet1/0 vrf forwarding Cust-A ip address 192.168.69.6 255.255.255.0 ! interface FastEthernet1/1 vrf forwarding Cust-B ip address 172.16.106.6 255.255.255.0 ip ospf network point-to-point ip ospf 200 area 0 ! ! router eigrp 1 ! address-family ipv4 vrf Cust-A autonomous-system 100 default-metric 10000 100 255 1 1500 redistribute bgp 200 network 192.168.69.0 exit-address-family ! router ospf 200 vrf Cust-B router-id 172.16.106.6 redistribute bgp 200 subnets ! router ospf 1 ! router bgp 200 bgp router-id 2.2.0.6 bgp log-neighbor-changes no bgp default ipv4-unicast neighbor 2.2.0.2 remote-as 200 neighbor 2.2.0.2 update-source Loopback0 ! address-family ipv4 exit-address-family ! address-family vpnv4 neighbor 2.2.0.2 activate neighbor 2.2.0.2 send-community extended exit-address-family ! address-family ipv4 vrf Cust-A redistribute connected redistribute eigrp 100 exit-address-family ! address-family ipv4 vrf Cust-B redistribute connected redistribute ospf 200 match internal external 1 external 2 exit-address-family ! R9 (CE Router) - Customer A Site 2 ## EIGRP is the PE-CE routing protocol used for this customer ## interface FastEthernet0/0 ip address 192.168.69.9 255.255.255.0 ! interface FastEthernet0/1 ip address 192.168.9.9 255.255.255.0 ! router eigrp 100 network 192.168.0.0 0.0.255.255 R10 (CE Router) - Customer B Site 2 ## OSPF is the PE-CE routing protocol used for this customer ## interface FastEthernet0/0 ip address 172.16.106.10 255.255.255.0 ip ospf network point-to-point ip ospf 1 area 0 ! interface FastEthernet0/1 ip address 172.16.10.10 255.255.255.0 ip ospf network point-to-point ip ospf 1 area 0 ! router ospf 1 router-id 172.16.10.10
Verification & Testing
R7#sh ip route | beg Gateway Gateway of last resort is not set 192.168.7.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.7.0/24 is directly connected, FastEthernet0/1 L 192.168.7.7/32 is directly connected, FastEthernet0/1 D 192.168.9.0/24 [90/33280] via 192.168.47.4, 00:46:10, FastEthernet0/0 192.168.47.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.47.0/24 is directly connected, FastEthernet0/0 L 192.168.47.7/32 is directly connected, FastEthernet0/0 D 192.168.69.0/24 [90/30720] via 192.168.47.4, 00:46:10, FastEthernet0/0 Ping Customer-A Site 2 network R7#ping 192.168.9.9 source 192.168.7.7 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.9.9, timeout is 2 seconds: Packet sent with a source address of 192.168.7.7 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 232/240/248 ms Traceroute Customer-A Site 2 network R7#traceroute 192.168.9.9 source 192.168.7.7 Type escape sequence to abort. Tracing the route to 192.168.9.9 VRF info: (vrf in name/id, vrf out name/id) 1 192.168.47.4 28 msec 60 msec 56 msec 2 1.1.34.3 [MPLS: Labels 302/109 Exp 0] 220 msec 208 msec 260 msec 3 1.1.13.1 [MPLS: Label 109 Exp 0] 232 msec 240 msec 208 msec 4 12.12.12.2 [MPLS: Label 206 Exp 0] 200 msec 256 msec 200 msec 5 2.2.25.5 [MPLS: Labels 502/604 Exp 0] 196 msec 260 msec 244 msec 6 192.168.69.6 [MPLS: Label 604 Exp 0] 208 msec 184 msec 228 msec 7 192.168.69.9 256 msec * 204 msec We can see from the above output there are three different LSP (Label Switch Path) are being used to provide end-to-end reachability. LSP-1: From R4 to R1 using VPN Label 109 R4#sh bgp vpnv4 unicast vrf Cust-A 192.168.9.0 BGP routing table entry for 101:201:192.168.9.0/24, version 10 Paths: (1 available, best #1, table Cust-A) Not advertised to any peer Refresh Epoch 1 200 1.1.0.1 (metric 3) from 1.1.0.1 (1.1.0.1) Origin incomplete, metric 0, localpref 100, valid, internal, best Extended Community: RT:101:201 0x8800:32768:0 0x8801:100:5120 0x8802:65281:25600 0x8803:65281:1500 0x8806:0:3232253193 mpls labels in/out nolabel/109 rx pathid: 0, tx pathid: 0x0 LSP-2: From R1 to R2 using VPN Label 206 R1#sh bgp vpnv4 unicast all 192.168.9.0 BGP routing table entry for 101:201:192.168.9.0/24, version 6 Paths: (1 available, best #1, no table) Advertised to update-groups: 2 Refresh Epoch 1 200 12.12.12.2 from 12.12.12.2 (2.2.0.2) Origin incomplete, localpref 100, valid, external, best Extended Community: RT:101:201 0x8800:32768:0 0x8801:100:5120 0x8802:65281:25600 0x8803:65281:1500 0x8806:0:3232253193 mpls labels in/out 109/206 rx pathid: 0, tx pathid: 0x0 LSP-3: From R2 to R6 using VPN label 604 R2#sh bgp vpnv4 unicast all 192.168.9.0 BGP routing table entry for 101:201:192.168.9.0/24, version 3 Paths: (1 available, best #1, no table) Advertised to update-groups: 1 Refresh Epoch 1 Local 2.2.0.6 (metric 3) from 2.2.0.6 (2.2.0.6) Origin incomplete, metric 30720, localpref 100, valid, internal, best Extended Community: RT:101:201 Cost:pre-bestpath:128:30720 0x8800:32768:0 0x8801:100:5120 0x8802:65281:25600 0x8803:65281:1500 0x8806:0:3232253193 mpls labels in/out 206/604 rx pathid: 0, tx pathid: 0x0 Finally unlabelled traffic from ISP 2 PE Router (R6) to CE Router (R9) R6#sh bgp vpnv4 unicast vrf Cust-A 192.168.9.0 BGP routing table entry for 101:201:192.168.9.0/24, version 2 Paths: (1 available, best #1, table Cust-A) Advertised to update-groups: 1 Refresh Epoch 1 Local 192.168.69.9 from 0.0.0.0 (2.2.0.6) Origin incomplete, metric 30720, localpref 100, weight 32768, valid, sourced, best Extended Community: RT:101:201 Cost:pre-bestpath:128:30720 0x8800:32768:0 0x8801:100:5120 0x8802:65281:25600 0x8803:65281:1500 0x8806:0:3232253193 mpls labels in/out 604/nolabel rx pathid: 0, tx pathid: 0x0
Similarly, end-to-end reachability can be verified for Customer B sites. R8#sh ip route | beg Gateway Gateway of last resort is not set 172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks C 172.16.8.0/24 is directly connected, FastEthernet0/1 L 172.16.8.8/32 is directly connected, FastEthernet0/1 O E2 172.16.10.0/24 [110/1] via 172.16.48.4, 01:29:16, FastEthernet0/0 C 172.16.48.0/24 is directly connected, FastEthernet0/0 L 172.16.48.8/32 is directly connected, FastEthernet0/0 O E2 172.16.106.0/24 [110/1] via 172.16.48.4, 01:29:16, FastEthernet0/0 R8#ping 172.16.10.10 source 172.16.8.8 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.10.10, timeout is 2 seconds: Packet sent with a source address of 172.16.8.8 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 184/227/260 ms R8#traceroute 172.16.10.10 source 172.16.8.8 Type escape sequence to abort. Tracing the route to 172.16.10.10 VRF info: (vrf in name/id, vrf out name/id) 1 172.16.48.4 40 msec 40 msec 36 msec 2 1.1.34.3 [MPLS: Labels 302/111 Exp 0] 204 msec 252 msec 252 msec 3 1.1.13.1 [MPLS: Label 111 Exp 0] 240 msec 220 msec 220 msec 4 12.12.12.2 [MPLS: Label 211 Exp 0] 248 msec 200 msec 232 msec 5 2.2.25.5 [MPLS: Labels 502/606 Exp 0] 208 msec 256 msec 236 msec 6 172.16.106.6 [MPLS: Label 606 Exp 0] 184 msec 232 msec 188 msec 7 172.16.106.10 256 msec * 240 msec R4#sh bgp vpnv4 unicast vrf Cust-B 172.16.10.0 BGP routing table entry for 102:202:172.16.10.0/24, version 12 Paths: (1 available, best #1, table Cust-B) Not advertised to any peer Refresh Epoch 1 200 1.1.0.1 (metric 3) from 1.1.0.1 (1.1.0.1) Origin incomplete, metric 0, localpref 100, valid, internal, best Extended Community: RT:102:202 OSPF DOMAIN ID:0x0005:0x000000C80200 OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:172.16.106.6:0 mpls labels in/out nolabel/111 rx pathid: 0, tx pathid: 0x0 R1#sh bgp vpnv4 unicast all 172.16.10.0 BGP routing table entry for 102:202:172.16.10.0/24, version 8 Paths: (1 available, best #1, no table) Advertised to update-groups: 2 Refresh Epoch 1 200 12.12.12.2 from 12.12.12.2 (2.2.0.2) Origin incomplete, localpref 100, valid, external, best Extended Community: RT:102:202 OSPF DOMAIN ID:0x0005:0x000000C80200 OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:172.16.106.6:0 mpls labels in/out 111/211 rx pathid: 0, tx pathid: 0x0 R2#sh bgp vpnv4 unicast all 172.16.10.0 BGP routing table entry for 102:202:172.16.10.0/24, version 7 Paths: (1 available, best #1, no table) Advertised to update-groups: 1 Refresh Epoch 1 Local 2.2.0.6 (metric 3) from 2.2.0.6 (2.2.0.6) Origin incomplete, metric 2, localpref 100, valid, internal, best Extended Community: RT:102:202 OSPF DOMAIN ID:0x0005:0x000000C80200 OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:172.16.106.6:0 mpls labels in/out 211/606 rx pathid: 0, tx pathid: 0x0 R6#sh bgp vpnv4 unicast vrf Cust-B 172.16.10.0 BGP routing table entry for 102:202:172.16.10.0/24, version 4 Paths: (1 available, best #1, table Cust-B) Advertised to update-groups: 1 Refresh Epoch 1 Local 172.16.106.10 from 0.0.0.0 (2.2.0.6) Origin incomplete, metric 2, localpref 100, weight 32768, valid, sourced, best Extended Community: RT:102:202 OSPF DOMAIN ID:0x0005:0x000000C80200 OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:172.16.106.6:0 mpls labels in/out 606/nolabel rx pathid: 0, tx pathid: 0x0