Introduction Inter-AS L3VPN



Similar documents
MPLS Inter-AS VPNs. Configuration on Cisco Devices

MPLS VPN Implementation

MPLS-based Layer 3 VPNs

Implementing MPLS VPNs over IP Tunnels on Cisco IOS XR Software

Why Is MPLS VPN Security Important?

Notice the router names, as these are often used in MPLS terminology. The Customer Edge router a router that directly connects to a customer network.

Implementing MPLS VPNs over IP Tunnels

Configuring MPLS Hub-and-Spoke Layer 3 VPNs

MPLS VPN Route Target Rewrite

For internal circulation of BSNLonly

AMPLS - Advanced Implementing and Troubleshooting MPLS VPN Networks v4.0

I-AS MPLS Solutions BRKMPL-2105

MPLS VPN Security BRKSEC-2145

IPv6 over MPLS VPN. Contents. Prerequisites. Document ID: Requirements

Implementing Cisco Service Provider Next-Generation Edge Network Services **Part of the CCNP Service Provider track**

MPLS VPN over mgre. Finding Feature Information. Prerequisites for MPLS VPN over mgre

Introducing Basic MPLS Concepts

MPLS VPN. Agenda. MP-BGP VPN Overview MPLS VPN Architecture MPLS VPN Basic VPNs MPLS VPN Complex VPNs MPLS VPN Configuration (Cisco) L86 - MPLS VPN

MPLS VPN Security in Service Provider Networks. Peter Tomsu Michael Behringer Monique Morrow

Inter-Autonomous Systems for MPLS VPNs

Implementing Cisco MPLS

Table of Contents. Cisco Configuring a Basic MPLS VPN

Configuring a Basic MPLS VPN

Introduction to MPLS-based VPNs

Cisco Exam Implementing Cisco Service Provider Next-Generation Egde Network Services Version: 7.0 [ Total Questions: 126 ]

Analyzing Capabilities of Commercial and Open-Source Routers to Implement Atomic BGP

Cisco Exam CCIE Service Provider Written Exam Version: 7.0 [ Total Questions: 107 ]

IMPLEMENTING CISCO MPLS V2.3 (MPLS)

PRASAD ATHUKURI Sreekavitha engineering info technology,kammam

MPLS VPN Security in Service Provider Networks

How Routers Forward Packets

Implementing MPLS VPN in Provider's IP Backbone Luyuan Fang AT&T

IPv6 over IPv4/MPLS Networks: The 6PE approach

MPLS multi-domain services MD-VPN service

Expert Reference Series of White Papers. Cisco Service Provider Next Generation Networks

MPLS Implementation MPLS VPN

l.cittadini, m.cola, g.di battista

MPLS-based Virtual Private Network (MPLS VPN) The VPN usually belongs to one company and has several sites interconnected across the common service

MPLS. Cisco MPLS. Cisco Router Challenge 227. MPLS Introduction. The most up-to-date version of this test is at:

IMPLEMENTING CISCO MPLS V3.0 (MPLS)

Lab 4.2 Challenge Lab: Implementing MPLS VPNs

SEC , Cisco Systems, Inc. All rights reserved.

DD2491 p MPLS/BGP VPNs. Olof Hagsand KTH CSC

UNDERSTANDING JUNOS OS NEXT-GENERATION MULTICAST VPNS

Expert Reference Series of White Papers. Cisco Service Provider Next Generation Networks

MPLS Security Considerations

DEPLOYING MPLS-VPN. Rajiv Asati

DD2491 p BGP-MPLS VPNs. Olof Hagsand KTH/CSC

Cisco Implementing Cisco Service Provider Next-Generation Egde Network Services. Version: 4.1

RFC 2547bis: BGP/MPLS VPN Fundamentals

Kingston University London

S ITGuru Exercise (3: Building the MPLS BGP VPN) Spring 2006

Frame Mode MPLS Implementation

Fundamentals Multiprotocol Label Switching MPLS III

MPLS VPN - Route Target Rewrite

How To Import Ipv4 From Global To Global On Cisco Vrf.Net (Vf) On A Vf-Net (Virtual Private Network) On Ipv2 (Vfs) On An Ipv3 (Vv

Methods of interconnecting MPLS Networks

ANALYSIS OF THREE PUBLICALLY AVAILABLE INTER-AS MPLS L3 VPN IMPLEMENTATIONS. A Thesis by. Abdulhakim Abubaker Abushaala

How To Make A Network Secure

MPLS L3 VPN Supporting VoIP, Multicast, and Inter-Provider Solutions

BGP Link Bandwidth. Finding Feature Information. Contents

Building VPNs. Nam-Kee Tan. With IPSec and MPLS. McGraw-Hill CCIE #4307 S&

Practical Deployment Guidelines for MPLS-VPN Networks

BGP Link Bandwidth. Finding Feature Information. Prerequisites for BGP Link Bandwidth

Enterprise Network Simulation Using MPLS- BGP

How To Understand Bg

BGP Advanced Features and Enhancements

- Multiprotocol Label Switching -

Implementing Cisco MPLS

WHITE PAPER. Addressing Inter Provider Connections with MPLS-ICI CONTENTS: Introduction. IP/MPLS Forum White Paper. January Introduction...

BGP Multipath Load Sharing for Both ebgp and ibgp in an MPLS-VPN

Multiprotocol Label Switching Load Balancing

Department of Communications and Networking. S /3133 Networking Technology, Laboratory course A/B

APNIC elearning: BGP Attributes

To Add Paths or not to Add Paths

MP PLS VPN MPLS VPN. Prepared by Eng. Hussein M. Harb

Exam Name: BGP + MPLS Exam Exam Type Cisco Case Studies: 3 Exam Code: Total Questions: 401

Using OSPF in an MPLS VPN Environment

Deploying MPLS-based IP VPNs Rajiv Asati Distinguished Engineer BRKMPL-2102

WHITEPAPER. Bringing MPLS to Data Center Fabrics with Labeled BGP

Implementing VPN over MPLS

Deploying and Configuring MPLS Virtual Private Networks In IP Tunnel Environments

Customized BGP Route Selection Using BGP/MPLS VPNs

Understanding Route Redistribution & Filtering

Tackling the Challenges of MPLS VPN Testing. Todd Law Product Manager Advanced Networks Division

BGP Best Path Selection Algorithm

Deploying BGP Fast Convergence / BGP PIC

Design of Virtual Private Networks with MPLS

MPLS Virtual Private Networks

BGP-MPLS IP VPN Network Security

MPLS Configration 事 例

IPv4/IPv6 Transition Mechanisms. Luka Koršič, Matjaž Straus Istenič

Network Virtualization with the Cisco Catalyst 6500/6800 Supervisor Engine 2T

Cisco Configuring Basic MPLS Using OSPF

MPLS Concepts. MPLS Concepts

Expert Reference Series of White Papers. An Overview of MPLS VPNs: Overlay; Layer 3; and PseudoWire

Transcription:

Introduction Inter-AS L3VPN 1

Extending VPN services over Inter-AS networks VPN Sites attached to different MPLS VPN Service Providers How do you distribute and share VPN routes between ASs Back- to- Back VRFs (Op5on A) 1 CE1 MP- ebgp for VPNv4 (Op5on B) Mul5hop MP- ebgp between RRs (Op5on C) MP- ebgp+labels AS #2 CE2 2 VPN- R1 VPN- R2

Intra-AS MPLS VPNs Review Route Distinguisher (RD) convert IPv4 routes to VPNv4 Routes Route Target allows VPN routes to be imported/ exported to/from a VPN Peer PE loopbacks are known via IGP MP-BGP protocol carries VPNv4 routes and communities using BGP address-families VPN/VRF Endpoints MP- ibgp Update BGP VPN- IPv4 Net=RD:16.1/16 NH= Route Target 100:1 VPN Label=40 18.1/16 16.1/16 IP P1 MPLS Core MP- ibgp Update: BGP VPN- IPv4 Net=RD:18.1/16 NH= Route Target 100:1 VPN Label=41 IP 40 P1 @ P2 IP 40 @ VPN/VRF Endpoints IP 3

Inter-AS VPN Option A Connecting ASBRs using Back-to-Back VRFs BGP VPN- IPv4 Net=RD:16.1/16 NH= Route Target 100:1 VPN Label=40 P1 P1 AS1 Each ASBR Thinks the Other Is a CE PE- Unlabeled IP Packets VRF- Lite ConfiguraUon PE- BGP VPN- IPv4 Net=RD:17.1/16 NH= Route Target 200:1 VPN Label=80 P2 AS2 IP IP 40 P1 IP 40 IP IP 80 P2 IP 80 IP Two providers prefer not to share MPLS link One logical interface per VPN/VRF on directly connected ASBRs; Packet is forwarded as an IP packet between the ASBRs Link may use any supported PE-CE routing protocol IP QoS policies negotiated and configured manually on the ASBRs Option A is the most secure and easiest to provision May not be easy to manage as #s of VPNs grow 4

Inter-AS VPN Option B Connecting two ASBRs Two Methods 1. Redistribute ebgp link into the IGP of both AS AS #2 IGP1 IGP2 2. Receiving PE-ASBRs be the next hop I m the Next Hop to AS2 I m the Next Hop to AS1 AS #2 5

Inter-AS VPN Option B Establishing reachability between geographically dispersed VPNs using Next Hop Self on ASBRs ebgp for VPNv4 VPN- v4 update: RD:1:27:152.12.4.0/24, NH= RT=1:222, Label=(L1) BGP, OSPF, RIPv2 152.12.4.0/24,NH=CE2 CE1 Customer- A 152.12.4.0/24 Label Exchange between Gateway PE- ASBR Routers Using ebgp VPN- v4 update: RD:1:27:152.12.4.0/24, NH= RT=1:222, Label=(L2) AS #2 CE2 Customer- A VPN- v4 update: RD:1:27:152.12.4.0/24, NH= RT=1:222, Label=(L3) BGP, OSPF, RIPv2 152.12.4.0/24,NH= All VPNv4 Prefixes/Labels from PEs Distributed to ASBRs Next Hop and labels are rewriyen on ASBRs when routes are adver5sed across domains. ASBRs store all VPNv4 routes in BGP 2015 Cisco table. and/or its affiliates. All rights reserved. BRKMPL- 2105 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 6

Inter-AS VPN Option B Establishing reachability between geographically dispersed VPNs using Next Hop Self on ASBRs No Virtual Routing Forwarding tables on ASBRs unless ASBR also supports PE functionality (has VRF interfaces) In IOS, Receiving PE-ASBR automatically creates a /32 host route to a peer ASBR Which must be advertised into receiving IGP if next-hop-self is not in operation to maintain the LSP In XR, must define a static route to the Next Hop of peer ASBR for Option B and C as well as all address families (IPv4, IPv6, VPNv4, VPNv6). The CLI is only shown in Option B configuration example. In XR, must define route-policy to pass or filter selected VPNv4 routes for for Option B and Option C as well as all address families (IPv4, IPv6, VPNv4, VPNv6). The CLI is only shown in Option B configuration example. ASBR-ASBR link must be directly connected Could use GRE tunnel-considered directly connected. 7

Inter-AS VPN Option B End-to-end VPN packet forwarding - Next Hop Self on ASBRs L3 152.12.4.1 152.12.4.1 L1 L2 152.12.4.1 AS #2 152.12.4.1 CE1 CE2 152.12.4.1 VPN- R1 152.12.4.0/24 VPN- R2 L1, L2, L3 are BGP VPN label. The Outer Most Core (IGP Labels in an AS) Label Is not displayed in on this slide.

Inter-AS VPN Option B Cisco IOS ASBR ebgp configuration ebgp for VPNv4 CE1 VPN- R1 router bgp 1 neighbor <> remote- as 2 neighbor <> remote- as 1 neighbor <> update- source loopback0 no bgp default route- target filter address- family vpnv4 neighbor <> remote- as 1 ac5vate neighbor <> remote- as 1 next- hop- self neighbor <> remote- as 2 ac5vate neighbor <> remote- as 2 send- community extended AS #2 CE2 VPN- R2 ASBRs require no bgp default route-target filter command to store VPNv4 routes as it does not have any VRF interfaces.

Inter-AS VPN Option B Cisco IOS XR Configuration ebgp for VPNv4 Int gig0/0/1 Int gig0/0/1 50.0.0.1 50.0.0.2 AS #2 router bgp 1 mpls ac5vate (Enables MPLS forwarding onasbr) interface <type & #> (Specify ASBR- ASBR link) address- family vpnv4 unicast neighbor <> remote- as 2 address- family vpnv4 unicast (Ini5alize VPNv4 address family for ASBR) route- policy pass- all in route- policy pass- all out (Allow forwarding of VPNv4 routes to other AS) route- policy pass- all pass end- policy Apricot 2015 neighbor <> remote- as 1 update- source loopback0 address- family vpnv4 unicast next- hop- self (Set as next- hop- self) router sta5c 50.0.0.2/32 interface gig0/0/1 (Sta5c Route for ASBR- ASBR link must be configured. It is not installed automa5cally like in IOS) Note: StaUc route and route- policy required for all address- families & OpUon B and C

Inter-AS VPN Option C Multihop ebgp VPNv4 Between RRs for better scale Route Reflectors exchange VPNv4 routes ASBRs Exchange PE loopbacks (IPv4) with labels as these are BGP NH addresses Eliminates LFIB duplication at ASBRs. ASBRs don t hold VPNv4 prefix/label info. RR1 Exchange VPNv4 Routes RR2 Two Options for Label Distribution for BGP NH Addresses for PEs in each domain: 1. BGP IPv4 + Labels (RFC3107) most preferred & recommended 2. IGP + LDP ebgp IPv4 + Labels AS #2 BGP exchange Label Advertisement Capability - Enables end-end LSP Paths IGP + LDP Subsequent Address Family Identifier (SAFI value 4) field is used to indicate that the NLRI contains a label Disable Next-hop-self on ebgp RRs (peers) 11

Inter-AS VPN Option C Establishing reachability between VPNs BGP update: RD:1:27:152.12.4.0/24, NH= RT=1:222, Label=(L1) RR1 BGP VPNv4 update: RD:1:27:152.12.4.0/24, NH= RT=1:222, Label=(L1) RR2 BGP VPN- v4 update: RD:1:27:152.12.4.0/24, NH= RT=1:222, Label=(L1) BGP, OSPF, RIPv2 152.12.4.0/24,NH=CE2 CE1 VPN- R1 152.12.4.0/24 To : Network= NH=ASBR- 1 Label=(L2) From : Network= NH=ASBR- 2 Label=(L3) BGP, OSPF, RIPv2 152.12.4.0/24,NH= CE2 VPN- R2 ASBRs store PE loopbacks & exchange labels for PE Loopback addresses RRs store and exchage VPNv4 routes & labels

Inter-AS VPN Option C VPN packet forwarding RR1 RR2 L1 152.12.4.1 L3 L1 152.12.4.1 L2 L1 152.12.4.1 152.12.4.1 CE1 CE2 152.12.4.1 VPN- R1 152.12.4.0/24 VPN- R2 L1 is a VPN label. L2 and L3 are IPv4 labels. The Outer Most Core (IGP Labels in an AS) Label Is not displayed in on this slide.

Inter-AS VPN Option C IPv4+Label, Cisco IOS Configuration address- family ipv4 neighbor <RR1> ac5vate neighbor <RR1> send- label RR1 address- family ipv4 neighbor <> ac5vate neighbor <> send- label neighbor <RR1> ac5vate neighbor <RR1> next- hop- self neighbor <RR1> send- label router bgp 1 neighbor <RR2> ebgp- muluhop 255 address- family ipv4 RR2 neighbor <RR2> ac5vate neighbor <> ac5vate neighbor <> send- label neighbor <> ac5vate neighbor <> send- label address- family vpnv4 neighbor <RR2> next- hop- unchanged exit- address- family

Inter-AS VPN Option C IPv4+Label, Cisco IOS XR Configuration Command towards all peers address- family ipv4 labeled- unicast RR1 Command towards all peers address- family ipv4 labeled- unicast RR2 router bgp 1 address- family vpnv4 unicast neighbor <RR2> remote- as 2 address- family vpnv4 unicast ebgp- muluhop 255 next- hop- unchanged

Inter-AS L3VPN Summary Three models: Option A, B, and C Option A is the most secured, least invasive. Support granular QoS. Option B, more scalable than Option-A for high numbers of VRFs. more adoptable by different provider corporations Less invasive than Option C, More invasive than Option A More scalable than Option-A if have high numbers of VRFs Use ebgp for ASBR peering ASBRs store VPNv4 routes and allocate labels for VPN prefixes Option C, most scalable, most invasive, mostly deployed in a single service provider s multi-as network Use ASBRs to handle IPv4 PE loopbacks Route Reflectors exchange VPNv4 routes 16

Apricot 2013 2013 Cisco and/or its affiliates. All rights reserved.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information