MPLS Inter-AS VPNs. Configuration on Cisco Devices



Similar documents
Introduction Inter-AS L3VPN

DEPLOYING MPLS-VPN. Rajiv Asati

MPLS VPN Implementation

MPLS VPN Route Target Rewrite

MPLS-based Layer 3 VPNs

I-AS MPLS Solutions BRKMPL-2105

Why Is MPLS VPN Security Important?

Notice the router names, as these are often used in MPLS terminology. The Customer Edge router a router that directly connects to a customer network.

MPLS VPN - Route Target Rewrite

MPLS VPN. Agenda. MP-BGP VPN Overview MPLS VPN Architecture MPLS VPN Basic VPNs MPLS VPN Complex VPNs MPLS VPN Configuration (Cisco) L86 - MPLS VPN

Transitioning to BGP. ISP Workshops. Last updated 24 April 2013

For internal circulation of BSNLonly

Introducing Basic MPLS Concepts

Analyzing Capabilities of Commercial and Open-Source Routers to Implement Atomic BGP

Configuring a Basic MPLS VPN

Inter-Autonomous Systems for MPLS VPNs

Exam Name: BGP + MPLS Exam Exam Type Cisco Case Studies: 3 Exam Code: Total Questions: 401

MPLS. Cisco MPLS. Cisco Router Challenge 227. MPLS Introduction. The most up-to-date version of this test is at:

AMPLS - Advanced Implementing and Troubleshooting MPLS VPN Networks v4.0

Implementing Cisco Service Provider Next-Generation Edge Network Services **Part of the CCNP Service Provider track**

MPLS Configration 事 例

Routing Issues in deploying MPLS VPNs. Mukhtiar Shaikh Moiz Moizuddin

MPLS VPN over mgre. Finding Feature Information. Prerequisites for MPLS VPN over mgre

BGP Link Bandwidth. Finding Feature Information. Prerequisites for BGP Link Bandwidth

Implementing Cisco MPLS

Frame Mode MPLS Implementation

Implementing Cisco MPLS

BGP Link Bandwidth. Finding Feature Information. Contents

IPv6 over MPLS VPN. Contents. Prerequisites. Document ID: Requirements

MPLS/VPN Overview Cisco Systems, Inc. All rights reserved. 1

Cisco Exam CCIE Service Provider Written Exam Version: 7.0 [ Total Questions: 107 ]

Implementing MPLS VPNs over IP Tunnels on Cisco IOS XR Software

Cisco Implementing Cisco Service Provider Next-Generation Egde Network Services. Version: 4.1

IPv6 over IPv4/MPLS Networks: The 6PE approach

IMPLEMENTING CISCO MPLS V2.3 (MPLS)

Deploying MPLS-based IP VPNs Rajiv Asati Distinguished Engineer BRKMPL-2102

Presentation_ID. 2001, Cisco Systems, Inc. All rights reserved.

Practical Deployment Guidelines for MPLS-VPN Networks

Copyright 2008 Internetwork Expert i

Configuring MPLS Hub-and-Spoke Layer 3 VPNs

l.cittadini, m.cola, g.di battista

MPLS VPN Security BRKSEC-2145

MPLS VPN Security in Service Provider Networks. Peter Tomsu Michael Behringer Monique Morrow

Expert Reference Series of White Papers. Cisco Service Provider Next Generation Networks

Lab 4.2 Challenge Lab: Implementing MPLS VPNs

Implementing MPLS VPNs over IP Tunnels

How Routers Forward Packets

Fundamentals Multiprotocol Label Switching MPLS III

Cisco Exam Implementing Cisco Service Provider Next-Generation Egde Network Services Version: 7.0 [ Total Questions: 126 ]

Using the Border Gateway Protocol for Interdomain Routing

MP PLS VPN MPLS VPN. Prepared by Eng. Hussein M. Harb

APNIC elearning: BGP Attributes

How To Set Up Bgg On A Network With A Network On A Pb Or Pb On A Pc Or Ipa On A Bg On Pc Or Pv On A Ipa (Netb) On A Router On A 2

BGP4 Case Studies/Tutorial

Using OSPF in an MPLS VPN Environment

IPv4/IPv6 Transition Mechanisms. Luka Koršič, Matjaž Straus Istenič

MPLS Concepts. MPLS Concepts

Kingston University London

This feature was introduced. This feature was integrated in Cisco IOS Release 12.2(11)T.

S ITGuru Excercise 3: BGP/MPLS VPN. Spring Timo-Pekka Heikkinen, Juha Järvinen and Piia Töyrylä

In this chapter, you learn about the following: How MPLS provides security (VPN separation, robustness against attacks, core hiding, and spoofing

Introduction to MPLS-based VPNs

MPLS-based Virtual Private Network (MPLS VPN) The VPN usually belongs to one company and has several sites interconnected across the common service

DD2491 p MPLS/BGP VPNs. Olof Hagsand KTH CSC

Routing Protocol - BGP

RFC 2547bis: BGP/MPLS VPN Fundamentals

Customized BGP Route Selection Using BGP/MPLS VPNs

Border Gateway Protocol (BGP)

IMPLEMENTING CISCO MPLS V3.0 (MPLS)

MPLS VPN Security in Service Provider Networks

Deploying and Configuring MPLS Virtual Private Networks In IP Tunnel Environments

Expert Reference Series of White Papers. Cisco Service Provider Next Generation Networks

Expert Reference Series of White Papers. An Overview of MPLS VPNs: Overlay; Layer 3; and PseudoWire

Table of Contents. Cisco Configuring a Basic MPLS VPN

How To Import Ipv4 From Global To Global On Cisco Vrf.Net (Vf) On A Vf-Net (Virtual Private Network) On Ipv2 (Vfs) On An Ipv3 (Vv

MPLS Virtual Private Networks

How To Understand Bg

How To Make A Network Secure

Methods of interconnecting MPLS Networks

MPLS Implementation MPLS VPN

BGP Support for Next-Hop Address Tracking

DD2491 p BGP-MPLS VPNs. Olof Hagsand KTH/CSC

BGP-4 Case Studies. Nenad Krajnovic.

Understanding Route Redistribution & Filtering

Approach to build MPLS VPN using QoS capabilities

Secure Inter-Provider IP VPNs

Tackling the Challenges of MPLS VPN Testing. Todd Law Product Manager Advanced Networks Division

Design of Virtual Private Networks with MPLS

BGP Advanced Features and Enhancements

Advanced BGP Policy. Advanced Topics

Example: Advertised Distance (AD) Example: Feasible Distance (FD) Example: Successor and Feasible Successor Example: Successor and Feasible Successor

MPLS Security Considerations

Implementing MPLS VPN in Provider's IP Backbone Luyuan Fang AT&T

BGP Attributes and Path Selection

Multiprotocol Label Switching Load Balancing

- Multiprotocol Label Switching -

MPLS multi-domain services MD-VPN service

Module 12 Multihoming to the Same ISP

Building A Cheaper Peering Router. (Actually it s more about buying a cheaper router and applying some routing tricks)

Transcription:

MPLS Inter-AS VPNs Configuration on Cisco Devices (C) Herbert Haas 2005/03/11 1

#1: Back-to-Back VRF ip vrf blue rd 1:1 route-target both 1:1 address-family ipv4 vrf blue neighbor 1.1.1.2 activate ip vrf blue rd 1:1 route-target both 1:1 address-family ipv4 vrf blue neighbor 1.1.1.1 activate Provider X AS 1 1.1.1.0/30 BGP, OSPF, RIPv2 Provider Y AS 2 Note: ASBR must already have MP-iBGP session with ibgp neighbors (RRs or PEs) 2 2

#2: MP-eBGP between ASBRs no bgp default route-target filter neighbor 1.1.1.2 remote-as 2 neighbor 1.1.1.2 activate neighbor 1.1.1.2 send-com exte no bgp default route-target filter neighbor 1.1.1.1 remote-as 1 neighbor 1.1.1.1 activate neighbor 1.1.1.1 send-com exte Provider X AS 1 MP-eBGP for VPNv4 1.1.1.0/30 Label exchange via MP-eBGP Provider Y AS 2 Note: ASBR must already have MP-iBGP session with ibgp neighbors (RRs or PEs) 3 3

#2: Receiving ASBRs May allocate a new label if desired Depends on next-hop-self configuration Default off Will automatically create a host route (/32) for its ASBR neighbor Must be advertised into receiving IGP if nexthop-self is NOT in operation to maintain the LSP Either through redistribution or passive-interface on PE-ASBR link with network statements 4 Note that /32 host route is created regardless of whether nhs is set or not on the receiving PE-ASBR. This is because we need an implicit-null entry within the LFIB for the originating PE-ASBR (implementation specific), even though we do not use the entry within the LFIB. 4

#2/3: Multi-Hop MP-eBGP interface s0/0 ip address 1.1.1.1/30 tag-switching ip no bgp default route-target filter neighbor < ASBR-2 > remote-as 2 neighbor < ASBR-2 > update loop0 neighbor < ASBR-2 > ebgp-multihop neighbor < ASBR-2 > activate neighbor < ASBR-2 > send-com exte Provider X AS 1 Multi-Hop MP-eBGP for VPNv4 IGP + LDP interface s0/0 ip address 2.2.2.1/30 tag-switching ip no bgp default route-target filter neighbor < ASBR-1 > remote-as 1 neighbor < ASBR-1 > update loop0 neighbor < ASBR-1 > ebgp-multihop neighbor < ASBR-1 > activate neighbor < ASBR-1 > send-com exte IGP + LDP Provider Y AS 2 Multi-Hop MP-BGP session between ASBRs 5 Note LDP is required to maintain the LSP between ASBR routers this could be done with static routing and static labels??? See details at http://nsite.cisco.com/groups/st5/content/mmpls/web/feature/inter- AS/inter-as-main.html 5

#2/3: Packet Flow 2.2.2.0/24 2.2.2.1 2.2.2.1 2.2.2.1 40 30 2.2.2.1 30 60 2.2.2.1 30 2.2.2.1 50 2.2.2.1 50 60 2.2.2.1 40 ASBR3 6 6

#3: MP-eBGP btw ASBRs neighbor <RR-2> remote-as 2 neighbor <RR-2> ebgp-multihop neighbor <RR-2> update loo0 neighbor <RR-2> activate neighbor <RR-2> send-com extend neighbor <RR-2> next-hop-unchan RR1 AS 1 AS 2 Multihop MP-eBGP for VPNv4 with next-hop-unchange ebgp IPv4 + Labels neighbor <RR-1> remote-as 1 neighbor <RR-1> ebgp-multihop neighbor <RR-1> update loo0 neighbor <RR-1> activate neighbor <RR-1> send-com extend neighbor <RR-1> next-hop-unchan RR2 router ospf 1 redistribute bgp 1 subnets neighbor < ASBR-2 > remote-as 2 address-family ipv4 network <> mask 255.255.255.255 network <RR1> mask 255.255.255.255 neighbor < ASBR-2 > activate neighbor < ASBR-2 > send-label router ospf 2 redistribute bgp 2 subnets neighbor < ASBR-1 > remote-as 1 address-family ipv4 network <> mask 255.255.255.255 network <RR2> mask 255.255.255.255 neighbor < ASBR-1 > activate neighbor < ASBR-1 > send-label 7 BGP IPv4 with labels in 12.0(21)ST will also be in 12.2S FCS2 and 12.2(x)T (where x is the 4 th release of 12.2T) ibgpipv4+label could also be used in within AS (instead of network <x.x.x.x> ) to propagate the label information for PEs. 7

Next-hop Treatment Update-Type: ibgp to ibgp ebgp to ibgp ibgp to ebgp ebgp to ebgp ebgp to MP-iBGP MP-eBGP to MP-iBGP MP-iBGP to MP-eBGP MP-eBGP to MP-eBGP Next-hop Attribute: no change by default no change by default no change by default When a router changes the BGP next-hop of an IPv4 or VPNv4 prefix, then this router must allocate a new label And advertise this label to the BGP neighbor Also this router must provide a label binding in the LFIB 8 Anton: Check if correct! The slide gives a summarized answer to the frequently asked question, when does the router change the next-hop of a BGP prefix. When dealing with Inter-AS, most of us often get confused about the label allocation at ASBR. Following rule might help you understand - In other words, if the router doesn t change the BGP next-hop of a prefix, then it doesn t allocate any label and doesn t write anything in the LFIB for that prefix. 8

Rewrite RT at ASBR ASBR can add/delete RT associated with VPNv4 prefix Used to secure the VPN environment router router bgp bgp 25 25 ASBR(conf-router)# ASBR(conf-router)# neighbor neighbor 1.1.1.1 1.1.1.1 route-map route-map route-target-deletion route-target-deletion out out ASBR(conf-router)# ASBR(conf-router)# exit exit route-map route-map route-target-delete route-target-delete match match extcommunity extcommunity set set extcomm-list extcomm-list delete delete set set extcommunity extcommunity rt rt 88:99 88:99 additive additive ip ip extcommunity-list extcommunity-list permit permit rt rt 110:120 110:120 9 This is a huge plus for the Inter-AS providers, as it saves them lot of headaches of managing/filtering 9

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information