MPLS VPN

Nov 19 2008

Inter-AS MPLS VPN Option b – Type 2b

Inter AS MPLS VPN Option b has three options as described below.

In the second option ie 2b an MP-eBGP session is configured between ASBRs to exchange VPNv4 prefixes.

The Link between the ASBRs does NOT run LDP/TDP and does not require an IGP.

The link is a straight forward point to point IP link.

A sample topology can be seen below.

In this option, the ASBRs do not change the next hop of the destination prefix when advertising the prefixes using MP-iBGP.

When an ASBR receives a VPNv4 prefix from another ASBR, a /32 host route is created for the sending ASBR.

This host route needs to be redistributed into your IGP to ensure the LSP can be built.

The VPN label for the prefix changes only twice compared to three times of option b, 2a.

For a prefix Generated by CE1, PE1 will generate the first VPN label. ASBR1 will then change the VPN label when it sends the VPNv4 prefix using MP-eBGP to ASBR2. ASBR2 will then send the VPNv4 prefix to PE2 with the VPN label unchanged.

To can see the VPN label generated as an “in” label using the commands

sh ip bgp vpnv4 all label

On PE1 and ASBR1 you will see the locally generated “in” label.

If you run the above command on ASBR2 you will notice their is no “in” label, this shows the difference between the two sub options 2a and 2b.

By zismail • BGP, CCIE SP, Inter-AS, MPLS VPN • 0 • Tags: BGP, CCIE SP, Inter-AS, MPLS VPN

Nov 19 2008

Inter-AS MPLS VPN Option b – Type 2c

Inter AS MPLS VPN Option b has three options as described below.

In the third option ie 2c an MP-eBGP session is configured between ASBRs to exchange VPNv4 prefixes.

The Link between the ASBRs is an MPLS link but does not require an IGP.

A sample topology can be seen below.

In this option, the ASBRs do not change the next hop of the destination prefix when advertising the prefixes using MP-iBGP.

The MP-eBGP session is configured between the loopback addresses of the ASBRs.

To enable the MP-eBGP session to be established a static route neets to be configured on each ASBR pointing to the other ASBRs loopback address.

If order for a full LSP to be established the static routes need to be redistributed into the service providers IGP.

The VPN label for the prefix changes only twice compared to three times of option b, 2a.

For a prefix generated by CE1, PE1 will generate the first VPN label. ASBR1 will then change the VPN label when it sends the VPNv4 prefix using MP-eBGP to ASBR2. ASBR2 will then send the VPNv4 prefix to PE2 with the VPN label unchanged.

To can see the VPN label generated as an “in” label using the commands

sh ip bgp vpnv4 all label

On PE1 and ASBR1 you will see the locally generated “in” label.

If you run the above command on ASBR2 you will notice their is no “in” label, this shows the difference between the two sub options 2a and 2c.

As far as I can see there is very little difference between the two sub options 2b and 2c of Option b.

By zismail • BGP, CCIE SP, Inter-AS, MPLS VPN • 1 • Tags: BGP, CCIE SP, Inter-AS, MPLS VPN

Nov 19 2008

Inter-AS MPLS VPN Option A

Option A is the simplist of the three inter-AS MPLS options, however its simplicity has drawbacks in that it doesn’t scale too well.

Option A required two bordering PE routes to share an EBGP session. VPN customers VPNv4 prefixes are converted into IPv4 prefixes and advertised across the EBGP session.

Once they are received on the other side, they are converted back into VPNv4 prefixes and advertised accross the MPLS VPN cloud.

A sample setup is as below.

If there are 100 Inter-As MPLS VPNS configured using option A, the service providers will have to configure 100 EBGP sessions between their neighboring PEs.

By zismail • BGP, CCIE SP, Inter-AS, MPLS VPN • 2 • Tags: BGP, CCIE SP, Inter-AS, MPLS VPN

Nov 19 2008

Inter AS MPLS VPN – Option what?

When people talk about Inter AS MPLS VPN they often mention option A, B or C. I searched high a low trying to make sense of this naming convention, thinking it was some official terminology.

I concluded whether rightly or wrongly, that this is referring to paragraph 10 in RFC 4364 BGP/MPLS IP Virtual Private Networks (VPNs) (This RFC Obsoletes the well known RFC 2547).

Paragraph 10 describes 3 ways to connect an MPLS VPN using multiple service providers.

The 3 ways are described in 3 sub paragraphs a, b, and c. Which I believe became known as option A, option B and option C.

To further confuse matters, there are some references* namely option 2a, 2b and 2c which are suboptions for RFC 4364 option b.

*see Cisco press – MPLS configuration on Cisco IOS Software

By zismail • CCIE SP, Inter-AS, MPLS VPN • 0 • Tags: CCIE SP, Inter-AS, MPLS VPN

Nov 18 2008

OSPF Sham-Links

OSPF sham-links give the technical administrator an option to use either the back door link or the WAN link by presenting Type 1 LSAs over the WAN cloud. CEs then have Type 1 LSAs via 2 routes and as they are the same type of LSA you can manipulate the cost to either use the back door or the WAN link.

By zismail • CCIE SP, MPLS VPN, OSPF, PE-CE Routing • 0 • Tags: CCIE SP, MPLS VPN, OSPF

Nov 18 2008

MPLS VPN – using Site of Origin (SOO)

When an MPLS VPN customer is dual homed, SOO can be used to prevent routing loops as well as sub optimal routing.

Toplology as below.

Using Site of Origin community with BGP

I’ve used EIGRP between CE1 and CE3 to demonstrate the sub optimal routing.(its only suboptimal if you want to route traffic between sites using the backdoor link, which isnt always the case)

By zismail • CCIE SP, MPLS VPN, PE-CE Routing • 0 • Tags: BGP, CCIE SP, MPLS VPN, PE-CE Routing, SOO