Multiprotocol-BGP provides additional capabilities to the BGP protocol and allows exchanging routes for a variety of address-families such as IPv4, IPv6, and multicast. Most importantly for MPLS L3VPN the MP-BGP extension is used to advertise VPN prefixes between the PE routers and the BGP Route Reflector (RR). A 32-bit IPv4 prefix becomes a 96-bit VPNv4 prefix when advertised with MP-BGP in an MPLS L3VPN.
By using MP-BGP, a PE router can advertise a VPN service label (bottom label) together with a prefix originating from a customer site. Additionally, the PE router assigns a Route Distinguisher (RD) to the prefix within the MPLS network. The following packet capture shows a VPNv4 prefix advertised by a PE router.
What is Route Target and Route Distinguisher?
The Route Target (RT) and Route Distinguisher (RD) are BGP extended communities attached to a VPNv4 prefix within the MPLS core network. The RD makes the customer route unique within a service provider MPLS network by attaching 8-bytes of additional information to an IPv4 (or IPv6) prefix. A 32-bit IPv4 prefix advertised together with an RD becomes a VPNv4 prefix which is encoded in 96 bits (12 bytes).
A large service provider (SP) may offer MPLS L3VPN to several thousand customer locations which may have overlapping IP addresses. The RD ensures that each customer's routing table remains unique and independent within the SP network.
There are different approaches to assigning RD values for PE routers depending on design requirements. However, a particular customer VRF/VPN does not need to have the same RD between two PE routers.
The RT extended community value import and export rules define which VPNv4/v6 prefixes should be imported to a particular customer's VRF routing table. An ingress PE attaches an export RT value to a created VPNv4/v6 prefix, and an egress PE will use an RT import rule to install that VPN route into one of its attached customer VRF route tables.
Thus, the RT values define VRF import and export criteria, and not the RD values. Route Target import and export-maps provide even more control over route distribution between MPLS VPNs. A VPN route can have more than one RT value attached.
Additionally, RD and RT are not only used in MPLS L3VPN networks, but also in L2VPN VPLS networks for autodiscovery and signaling and with EVPN-VXLAN to exchange MAC-VRF routes (L2VNI) or IP prefixes (L3VNI).
MPLS L3VPN configuration with IGP OSPF and LDP
The following example scenario shows an MPLS L3VPN configured with a single customer that has two sites connected. Each site advertises one prefix, 192.168.1.0/24 from Site 1, 192.168.2.0/24 from Site 2. The PE-CE routing protocol is eBGP configured in VRF Gold. The PE routers receive the Site-local prefix from the CE router through eBGP. The access network between the PE and CE is not MPLS label switched.
Within the service provider network between the PE routers MPLS label switching is used. The SP routers use Label Distribution Protocol (LDP) to advertise next-hop prefix-to-label bindings. This creates a transport Label Switched Path (LSP) between the two PEs. A BGP Route Reflector (RR) is used to distribute site prefixes and VPN service labels (with MP-BGP VPNv4) between the PE routers.
The MPLS label range is defined on each SP router to facilitate demonstration of the technology. Thus, R2 assigns labels between 200 - 299, R3 has 300 - 399, and so on. A label stack is being used. The top-label (IGP label, transport label) is assigned by each next-hop MPLS router, however the bottom label (VPN service label) is assigned only by the PE routers and is advertised with BGP VPNv4.
Configuration:
R2 (PE)
R2#show run all | sec ^mpls ip$
mpls ip
R2#show run | sec ^mpls
mpls label range 200 299
mpls ldp router-id Loopback10 force
R2#show run int Lo10 | sec int
interface Loopback10
ip address 2.2.2.2 255.255.255.255
R2#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
description ** to CE R1 **
no ip address
duplex auto
speed auto
media-type rj45
R2#show run int Gi0/0.10 | sec int
interface GigabitEthernet0/0.10
description ** to CE R1 in VRF Gold **
encapsulation dot1Q 10
vrf forwarding Gold
ip address 10.0.1.1 255.255.255.252
R2#show run int Gi0/1 | sec int
interface GigabitEthernet0/1
description ** to P router R3 **
ip address 10.1.0.1 255.255.255.252
ip ospf network point-to-point
duplex auto
speed auto
media-type rj45
R2#show run | sec ^router
router ospf 10
mpls ldp autoconfig area 0
router-id 2.2.2.2
network 2.2.2.2 0.0.0.0 area 0
network 10.1.0.0 0.0.0.3 area 0
router bgp 65100
bgp router-id 2.2.2.2
bgp log-neighbor-changes
neighbor 8.8.8.8 remote-as 65100
neighbor 8.8.8.8 update-source Loopback10
!
address-family vpnv4
neighbor 8.8.8.8 activate
neighbor 8.8.8.8 send-community extended
exit-address-family
!
address-family ipv4 vrf Gold
neighbor 10.0.1.2 remote-as 65001
neighbor 10.0.1.2 activate
exit-address-family
R6 (PE)
R6#show run all | sec ^mpls ip$
mpls ip
R6#show run | sec ^mpls
mpls label range 600 699
mpls ldp router-id Loopback10 force
R6#show run int Lo10 | sec int
interface Loopback10
ip address 6.6.6.6 255.255.255.255
R6#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
description ** to CE R7 **
no ip address
duplex auto
speed auto
media-type rj45
R6#show run int Gi0/0.10 | sec int
interface GigabitEthernet0/0.10
description ** to CE R7 in VRF Gold **
encapsulation dot1Q 10
vrf forwarding Gold
ip address 10.0.2.1 255.255.255.252
R6#show run int Gi0/1 | sec int
interface GigabitEthernet0/1
description ** to P router R5 **
ip address 10.4.0.1 255.255.255.252
ip ospf network point-to-point
duplex auto
speed auto
media-type rj45
R6#show run | sec ^router
router ospf 10
mpls ldp autoconfig area 0
router-id 6.6.6.6
network 6.6.6.6 0.0.0.0 area 0
network 10.4.0.0 0.0.0.3 area 0
router bgp 65100
bgp router-id 6.6.6.6
bgp log-neighbor-changes
neighbor 8.8.8.8 remote-as 65100
neighbor 8.8.8.8 update-source Loopback10
!
address-family vpnv4
neighbor 8.8.8.8 activate
neighbor 8.8.8.8 send-community extended
exit-address-family
!
address-family ipv4 vrf Gold
neighbor 10.0.2.2 remote-as 65002
neighbor 10.0.2.2 activate
exit-address-family
R1 (CE)
R1#show run | sec ^vrf
vrf definition Gold
rd 1:1
!
address-family ipv4
exit-address-family
R1#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
description ** to Host1 **
no ip address
duplex auto
speed auto
media-type rj45
R1#show run int Gi0/0.10 | sec int
interface GigabitEthernet0/0.10
description ** to Host1 in VRF Gold **
encapsulation dot1Q 1 native
vrf forwarding Gold
ip address 192.168.1.2 255.255.255.0
R1#show run int Gi0/1 | sec int
interface GigabitEthernet0/1
description ** to PE R2 **
no ip address
duplex auto
speed auto
media-type rj45
R1#show run int Gi0/1.10 | sec int
interface GigabitEthernet0/1.10
description ** to PE R2 in VRF Gold **
encapsulation dot1Q 10
vrf forwarding Gold
ip address 10.0.1.2 255.255.255.252
R1#show run | sec ^router
router bgp 65001
bgp router-id 1.1.1.1
bgp log-neighbor-changes
!
address-family ipv4 vrf Gold
network 192.168.1.0
neighbor 10.0.1.1 remote-as 65100
neighbor 10.0.1.1 activate
exit-address-family
R7 (CE)
R7#show run | sec ^vrf
vrf definition Gold
rd 1:1
!
address-family ipv4
exit-address-family
R7#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
description ** to Host2 **
no ip address
duplex auto
speed auto
media-type rj45
R7#show run int Gi0/0.10 | sec int
interface GigabitEthernet0/0.10
description ** to Host2 in VRF Gold **
encapsulation dot1Q 1 native
vrf forwarding Gold
ip address 192.168.2.2 255.255.255.0
R7#show run int Gi0/1 | sec int
interface GigabitEthernet0/1
description ** to PE R6 **
no ip address
duplex auto
speed auto
media-type rj45
R7#show run int Gi0/1.10 | sec int
interface GigabitEthernet0/1.10
description ** to PE R6 in VRF Gold **
encapsulation dot1Q 10
vrf forwarding Gold
ip address 10.0.2.2 255.255.255.252
R7#show run | sec ^router
router bgp 65002
bgp router-id 7.7.7.7
bgp log-neighbor-changes
!
address-family ipv4 vrf Gold
network 192.168.2.0
neighbor 10.0.2.1 remote-as 65100
neighbor 10.0.2.1 activate
exit-address-family
R3
R3#show run all | sec ^mpls ip$
mpls ip
R3#show run | sec ^mpls
mpls label range 300 399
mpls ldp router-id Loopback10 force
R3#show run int Lo10 | sec int
interface Loopback10
ip address 3.3.3.3 255.255.255.255
R3#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
description ** to PE R2 **
ip address 10.1.0.2 255.255.255.252
ip ospf network point-to-point
duplex auto
speed auto
media-type rj45
R3#show run int Gi0/1 | sec int
interface GigabitEthernet0/1
description ** to P router R4 **
ip address 10.2.0.1 255.255.255.252
ip ospf network point-to-point
duplex auto
speed auto
media-type rj45
R3#show run | sec ^router
router ospf 10
mpls ldp autoconfig area 0
router-id 3.3.3.3
network 3.3.3.3 0.0.0.0 area 0
network 10.1.0.0 0.0.0.3 area 0
network 10.2.0.0 0.0.0.3 area 0
R4
R4#show run all | sec ^mpls ip$
mpls ip
R4#show run | sec ^mpls
mpls label range 400 499
mpls ldp router-id Loopback10 force
R4#show run int Lo10 | sec int
interface Loopback10
ip address 4.4.4.4 255.255.255.255
R4#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
description ** to P router R3 **
ip address 10.2.0.2 255.255.255.252
ip ospf network point-to-point
duplex auto
speed auto
media-type rj45
R4#show run int Gi0/1 | sec int
interface GigabitEthernet0/1
description ** to P router R5 **
ip address 10.3.0.1 255.255.255.252
ip ospf network point-to-point
duplex auto
speed auto
media-type rj45
R4#show run int Gi0/2 | sec int
interface GigabitEthernet0/2
description ** to BGP RR R8 **
ip address 10.5.0.2 255.255.255.252
ip ospf network point-to-point
duplex auto
speed auto
media-type rj45
R4#show run | sec ^router
router ospf 10
mpls ldp autoconfig area 0
router-id 4.4.4.4
network 4.4.4.4 0.0.0.0 area 0
network 10.2.0.0 0.0.0.3 area 0
network 10.3.0.0 0.0.0.3 area 0
network 10.5.0.0 0.0.0.3 area 0
R8 (BGP RR)
R8#show run int Lo10 | sec int
interface Loopback10
ip address 8.8.8.8 255.255.255.255
R8#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
description ** to P router R4 **
ip address 10.5.0.1 255.255.255.252
ip ospf network point-to-point
duplex auto
speed auto
media-type rj45
R8#show run | sec ^router
router ospf 10
router-id 8.8.8.8
network 8.8.8.8 0.0.0.0 area 0
network 10.5.0.0 0.0.0.3 area 0
router bgp 65100
bgp router-id 8.8.8.8
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 65100
neighbor 2.2.2.2 update-source Loopback10
neighbor 6.6.6.6 remote-as 65100
neighbor 6.6.6.6 update-source Loopback10
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
neighbor 2.2.2.2 route-reflector-client
neighbor 6.6.6.6 activate
neighbor 6.6.6.6 send-community extended
neighbor 6.6.6.6 route-reflector-client
exit-address-family
Host1
Host1#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
description ** to CE R1 **
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
media-type rj45
Host1#show run | sec ^ip route
ip route 0.0.0.0 0.0.0.0 192.168.1.2
Host1#ping 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/5 ms « Site 1 prefix can reach Site 2 prefixHost1#trace 192.168.2.1 probe 1
Type escape sequence to abort.
Tracing the route to 192.168.2.1
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.1.2 2 msec
2 10.0.1.1 2 msec
3 10.1.0.2 [MPLS: Labels 306/609 Exp 0] 5 msec « MPLS label stack is used, 306 top label, 609 bottom label
4 10.2.0.2 [MPLS: Labels 405/609 Exp 0] 6 msec
5 10.3.0.2 [MPLS: Labels 506/609 Exp 0] 5 msec
6 10.0.2.1 [MPLS: Label 609 Exp 0] 5 msec « Penultimate Hop Pop (PHP) is used on the last hop before PE
7 10.0.2.2 4 msec
8 192.168.2.1 4 msec
Host2#trace 192.168.1.1 probe 1
Type escape sequence to abort.
Tracing the route to 192.168.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.2.2 2 msec
2 10.0.2.1 2 msec
3 10.4.0.2 [MPLS: Labels 502/209 Exp 0] 5 msec
4 10.3.0.1 [MPLS: Labels 401/209 Exp 0] 5 msec
5 10.2.0.1 [MPLS: Labels 300/209 Exp 0] 4 msec
6 10.0.1.1 [MPLS: Label 209 Exp 0] 4 msec
7 10.0.1.2 4 msec
8 192.168.1.1 5 msec
The above outputs show that Host1 in Site 1 and Host2 in Site 2 can communicate over the MPLS network. The traceroute shows the MPLS label stack, the VPN service label 609 is assigned by PE R6, and VPN label 209 is assigned by PE R2.
The following outputs are from PE router R2, and the MPLS label stack is shown in more detail. These commands can be useful when troubleshooting MPLS L3VPN.
R2#show ip cef vrf Gold 192.168.2.0 detail
192.168.2.0/24, epoch 0, flags [rib defined all labels]
recursive via 6.6.6.6 label 609« This is the VPN label assigned by PE R6
nexthop 10.1.0.2 GigabitEthernet0/1 label 306-(local:207) « This is the next-hop label assigned be R3R2#show mpls forwarding-table vrf Gold detail
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
209 No Label 192.168.1.0/24[V] \ « This is the VPN label assigned by PE R2
5662 Gi0/0.10 10.0.1.2
MAC/Encaps=18/18, MRU=1504, Label Stack{}
5254001521DE52540016C4E68100000A0800
VPN route: Gold
No output feature configured
R2#show ip bgp vpnv4 rd 65100:2 192.168.2.0
BGP routing table entry for 65100:2:192.168.2.0/24, version 2
Paths: (1 available, best #1, no table)
Flag: 0x100
Not advertised to any peer
Refresh Epoch 1
65002
6.6.6.6 (metric 5) (via default) from 8.8.8.8 (8.8.8.8)
Origin IGP, metric 0, localpref 100, valid, internal, best
Extended Community: RT:65100:2« Route Target extended BGP community assigned by PE R6
Originator: 6.6.6.6, Cluster list: 8.8.8.8
mpls labels in/out nolabel/609« VPN service label assigned by PE R6
rx pathid: 0, tx pathid: 0x0
R2#show ip cef vrf Gold exact-route 10.0.1.1 192.168.2.0
10.0.1.1 -> 192.168.2.0 => label 609 label 306-(local:207)TAG adj out of GigabitEthernet0/1, addr 10.1.0.2 « Label stack used by PE R2
The following commands show how the BGP Route Reflector R8 receives the site prefixes from the PE routers. The Route Distinguisher (RD) value is visible for both prefixes. The RD makes a VPNv4 prefix unique in the MPLS core network, it allows for customers with overlapping IPv4 addresses.
R8#show ip bgp vpnv4 all | begin Network
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 65100:1« RD assigned by PE R2
*>i 192.168.1.0 2.2.2.2 0 100 0 65001 i
Route Distinguisher: 65100:2
*>i 192.168.2.0 6.6.6.6 0 100 0 65002 i
R8#show ip bgp vpnv4 rd 65100:1 192.168.1.0
BGP routing table entry for 65100:1:192.168.1.0/24, version 3 « BGP VPNv4 prefix
Paths: (1 available, best #1, no table)
Flag: 0x100
Advertised to update-groups:
1
Refresh Epoch 1
65001, (Received from a RR-client)
2.2.2.2 (metric 4) (via default) from 2.2.2.2 (2.2.2.2)
Origin IGP, metric 0, localpref 100, valid, internal, best
Extended Community: RT:65100:1
mpls labels in/out nolabel/209« VPN service label assigned by PE R2
rx pathid: 0, tx pathid: 0x0
R8#show ip bgp vpnv4 rd 65100:2 192.168.2.0
BGP routing table entry for 65100:2:192.168.2.0/24, version 2
Paths: (1 available, best #1, no table)
Flag: 0x100
Advertised to update-groups:
1
Refresh Epoch 1
65002, (Received from a RR-client)
6.6.6.6 (metric 4) (via default) from 6.6.6.6 (6.6.6.6)
Origin IGP, metric 0, localpref 100, valid, internal, best
Extended Community: RT:65100:2
mpls labels in/out nolabel/609
rx pathid: 0, tx pathid: 0x0
Based on the outputs it is visible how a prefix from a specific customer site becomes unique in the service provider MPLS L3VPN. The Route Distinguisher (RD) and the VPN label assigned to an IPv4 prefix make it uniquely identifiable, and traceable to a specific VRF interface on a particular PE router in the network. There may be hundreds of PE routers in a large SP network.
MPLS L3VPN configuration with IGP IS-IS and MPLS TE
Instead of using LDP to distribute label information within the SP network, MPLS Traffic Engineering (TE) is configured between the PE routers in the following example topology. This means that an MPLS TE tunnel is configured on PE R2 and on PE R6. Also, the routing protocol IS-IS is used in this topology (instead of OSPF). To distribute labels with MPLS TE, an IS-IS extension TLV is used on each router in the SP network.
An important part of MPLS TE is how to make traffic choose the tunnel as its next-hop to reach a far end PE router and customer site. The solution chosen in this example is the tunnel interface command tunnel mpls traffic-eng autoroute announce. There are also other options to achieve this result, such as policy-based routing (PBR).
With MPLE TE, the VPN service labels attached to the site prefixes are still advertised using MP-BGP VPNv4 routes. The MPLS TE tunnel is created to assign the top label (IGP label, transport label) and enable an LSP between the PE routers.
Configuration:
R2 (PE)
R2#show run | sec ^mpls
mpls label range 200 299
mpls traffic-eng tunnels
R2#show run int Lo10 | sec int
interface Loopback10
ip address 2.2.2.2 255.255.255.255
R2#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
description ** to CE R1 **
no ip address
duplex auto
speed auto
media-type rj45
R2#show run int Gi0/0.10 | sec int
interface GigabitEthernet0/0.10
description ** to CE R1 in VRF Gold **
encapsulation dot1Q 10
vrf forwarding Gold
ip address 10.0.1.1 255.255.255.252
R2#show run int Gi0/1 | sec int
interface GigabitEthernet0/1
description ** to P router R3 **
ip address 10.1.0.1 255.255.255.252
ip router isis
duplex auto
speed auto
media-type rj45
mpls traffic-eng tunnels
isis circuit-type level-2-only
isis network point-to-point
ip rsvp bandwidth 10 10
R2#show run int Tu10 | sec int
interface Tunnel10
description ** MPLS TE tunnel to PE R6 **
ip unnumbered Loopback10
tunnel mode mpls traffic-eng
tunnel destination 6.6.6.6
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng priority 1 1
tunnel mpls traffic-eng bandwidth 10
tunnel mpls traffic-eng path-option 10 dynamic
no routing dynamic
R2#show run | sec ^router
router isis
mpls traffic-eng router-id Loopback10
mpls traffic-eng level-2
net 49.0010.0000.0000.0002.00
is-type level-2-only
advertise passive-only
metric-style wide
log-adjacency-changes
passive-interface Loopback10
router bgp 65100
bgp router-id 2.2.2.2
bgp log-neighbor-changes
neighbor 8.8.8.8 remote-as 65100
neighbor 8.8.8.8 update-source Loopback10
!
address-family vpnv4
neighbor 8.8.8.8 activate
neighbor 8.8.8.8 send-community extended
exit-address-family
!
address-family ipv4 vrf Gold
neighbor 10.0.1.2 remote-as 65001
neighbor 10.0.1.2 activate
exit-address-family
R6 (PE)
R6#show run | sec ^mpls
mpls label range 600 699
mpls traffic-eng tunnels
R6#show run int Lo10 | sec int
interface Loopback10
ip address 6.6.6.6 255.255.255.255
R6#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
description ** to CE R7 **
no ip address
duplex auto
speed auto
media-type rj45
R6#show run int Gi0/0.10 | sec int
interface GigabitEthernet0/0.10
description ** to CE R7 in VRF Gold **
encapsulation dot1Q 10
vrf forwarding Gold
ip address 10.0.2.1 255.255.255.252
R6#show run int Gi0/1 | sec int
interface GigabitEthernet0/1
description ** to P router R5 **
ip address 10.4.0.1 255.255.255.252
ip router isis
duplex auto
speed auto
media-type rj45
mpls traffic-eng tunnels
isis circuit-type level-2-only
isis network point-to-point
ip rsvp bandwidth 10 10
R6#show run int Tu10 | sec int
interface Tunnel10
description ** MPLS TE tunnel to PE R2 **
ip unnumbered Loopback10
tunnel mode mpls traffic-eng
tunnel destination 2.2.2.2
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng priority 1 1
tunnel mpls traffic-eng bandwidth 10
tunnel mpls traffic-eng path-option 10 dynamic
no routing dynamic
R6#show run | sec ^router
router isis
mpls traffic-eng router-id Loopback10
mpls traffic-eng level-2
net 49.0010.0000.0000.0006.00
is-type level-2-only
advertise passive-only
metric-style wide
log-adjacency-changes
passive-interface Loopback10
router bgp 65100
bgp router-id 6.6.6.6
bgp log-neighbor-changes
neighbor 8.8.8.8 remote-as 65100
neighbor 8.8.8.8 update-source Loopback10
!
address-family vpnv4
neighbor 8.8.8.8 activate
neighbor 8.8.8.8 send-community extended
exit-address-family
!
address-family ipv4 vrf Gold
neighbor 10.0.2.2 remote-as 65002
neighbor 10.0.2.2 activate
exit-address-family
R8 (BGP RR)
R8#show run int Lo10 | sec int
interface Loopback10
ip address 8.8.8.8 255.255.255.255
R8#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
description ** to P router R4 **
ip address 10.5.0.1 255.255.255.252
ip router isis
duplex auto
speed auto
media-type rj45
isis circuit-type level-2-only
isis network point-to-point
R8#show run | sec ^router
router isis
net 49.0010.0000.0000.0008.00
is-type level-2-only
advertise passive-only
metric-style wide
log-adjacency-changes
passive-interface Loopback10
router bgp 65100
bgp router-id 8.8.8.8
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 65100
neighbor 2.2.2.2 update-source Loopback10
neighbor 6.6.6.6 remote-as 65100
neighbor 6.6.6.6 update-source Loopback10
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
neighbor 2.2.2.2 route-reflector-client
neighbor 6.6.6.6 activate
neighbor 6.6.6.6 send-community extended
neighbor 6.6.6.6 route-reflector-client
exit-address-family
R3
R3#show run | sec ^mpls
mpls label range 300 399
mpls traffic-eng tunnels
R3#show run int Lo10 | sec int
interface Loopback10
ip address 3.3.3.3 255.255.255.255
R3#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
description ** to PE R2 **
ip address 10.1.0.2 255.255.255.252
ip router isis
duplex auto
speed auto
media-type rj45
mpls traffic-eng tunnels
isis circuit-type level-2-only
isis network point-to-point
ip rsvp bandwidth 10 10
R3#show run int Gi0/1 | sec int
interface GigabitEthernet0/1
description ** to P router R4 **
ip address 10.2.0.1 255.255.255.252
ip router isis
duplex auto
speed auto
media-type rj45
mpls traffic-eng tunnels
isis circuit-type level-2-only
isis network point-to-point
ip rsvp bandwidth 10 10
R3#show run | sec ^router
router isis
mpls traffic-eng router-id Loopback10
mpls traffic-eng level-2
net 49.0010.0000.0000.0003.00
is-type level-2-only
advertise passive-only
metric-style wide
log-adjacency-changes
passive-interface Loopback10
R4
R4#show run | sec ^mpls
mpls label range 400 499
mpls traffic-eng tunnels
R4#show run int Lo10 | sec int
interface Loopback10
ip address 4.4.4.4 255.255.255.255
R4#show run int Gi0/0 | sec int
interface GigabitEthernet0/0
description ** to P router R3 **
ip address 10.2.0.2 255.255.255.252
ip router isis
duplex auto
speed auto
media-type rj45
mpls traffic-eng tunnels
isis circuit-type level-2-only
isis network point-to-point
ip rsvp bandwidth 10 10
R4#show run int Gi0/1 | sec int
interface GigabitEthernet0/1
description ** to P router R5 **
ip address 10.3.0.1 255.255.255.252
ip router isis
duplex auto
speed auto
media-type rj45
mpls traffic-eng tunnels
isis circuit-type level-2-only
isis network point-to-point
ip rsvp bandwidth 10 10
R4#show run int Gi0/2 | sec int
interface GigabitEthernet0/2
description ** to BGP RR R8 **
ip address 10.5.0.2 255.255.255.252
ip router isis
duplex auto
speed auto
media-type rj45
isis circuit-type level-2-only
isis network point-to-point
R4#show run | sec ^router
router isis
mpls traffic-eng router-id Loopback10
mpls traffic-eng level-2
net 49.0010.0000.0000.0004.00
is-type level-2-only
advertise passive-only
metric-style wide
log-adjacency-changes
passive-interface Loopback10
R2#show mpls traffic-eng tunnels brief
Signalling Summary:
LSP Tunnels Process: running
Passive LSP Listener: running
RSVP Process: running
Forwarding: enabled
Periodic reoptimization: every 3600 seconds, next in 2082 seconds
Periodic FRR Promotion: Not Running
Periodic auto-bw collection: every 300 seconds, next in 282 seconds
TUNNEL NAME DESTINATION UP IF DOWN IF STATE/PROT
** MPLS TE tunnel to PE R6 *... 6.6.6.6 - Gi0/1 up/up« MPLE TE tunnels are up
** MPLS TE tunnel to PE R2 *... 2.2.2.2 Gi0/1 - up/up
Displayed 1 (of 1) heads, 0 (of 0) midpoints, 1 (of 1) tails
R2#show mpls traffic-eng autoroute
MPLS TE autorouting enabled« Autoroute announce is enabled
destination 0000.0000.0006.00, area isis level-2, has 1 tunnels
Tunnel10 (load balancing metric 200000000, nexthop 6.6.6.6)
(flags: Announce)
R2#show isis topology
Tag null:
IS-IS TID 0 paths to level-2 routers
System Id Metric Next-Hop Interface SNPA
R2 --
R3 10 R3 Gi0/1 5254.000e.b07a
R4 20 R3 Gi0/1 5254.000e.b07a
R5 30 R3 Gi0/1 5254.000e.b07a
R6 40 R6 Tu10 *MPLS TE-Tunnel« IS-IS uses MPLS TE tunnel in SPF calculation
R8 30 R3 Gi0/1 5254.000e.b07a
R2#show isis rib 6.6.6.6
IPv4 local RIB for IS-IS process
IPV4 unicast topology base (TID 0, TOPOID 0x0) =================
Routes under majornet 6.0.0.0/8:
6.6.6.6/32 prefix attr X:0 R:0 N:1 source router id: 6.6.6.6
[115/L2/40] via 6.6.6.6(Tunnel10), from 6.6.6.6, tag 0, LSP[5/5/3] « Due to autoroute announce IS-IS includes MPLS TE tunnel
prefix attr: X:0 R:0 N:1
source router id: 6.6.6.6
(TE)(installed)
- - - - - -
[115/L2/40] via 10.1.0.2(GigabitEthernet0/1), from 6.6.6.6, tag 0, LSP[2/5/3]
(ALT)
Host1#ping 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/5/6 ms « Host1 in Site 1 can reach Host2 in Site 2Host1#trace 192.168.2.1 probe 1
Type escape sequence to abort.
Tracing the route to 192.168.2.1
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.1.2 2 msec
2 10.0.1.1 2 msec
3 10.1.0.2 [MPLS: Labels 300/600 Exp 0] 6 msec « MPLS label stack is used in the SP network
4 10.2.0.2 [MPLS: Labels 400/600 Exp 0] 4 msec
5 10.3.0.2 [MPLS: Labels 500/600 Exp 0] 5 msec
6 10.0.2.1 [MPLS: Label 600 Exp 0] 5 msec
7 10.0.2.2 5 msec
8 192.168.2.1 6 msec
The following capture shows an ICMP packet which has an MPLS label stack attached. The packet is sent from Site 1 and is destined to Site 2. The top label is the transport label assigned by MPLS TE. The bottom label is the VPN service label assigned by the PE routers and advertised with BGP VPNv4.
5 design aspects to consider when planning an MPLS L3VPN
The following list includes example scenarios introducing different MPLS L3VPN architectures. The list highlights some of the aspects that make MPLS L3VPNs flexible and at the same time complex to design.
MPLS L3VPN solutions
Requirement
Description
Scalability
An important building block of a scalable SP MPLS network is the BGP Route Reflector (RR). The number of redundant RRs and the placement of the RRs can influence routing behavior. Additionally, a unified MPLS (aka hierarchical MPLS) architecture can improve the scalability of large MPLS L3VPN networks by deploying inline RRs.
Shared services
An MPLS L3VPN can provide its subscribers a number of shared services. This means that the SP MPLS network connects to another type of network to access these shared resources. Shared services include internet access, access to datacenter services or to cloud providers (cloud on-ramp services).
Security
By default, an MPLS L3VPN is not encrypted at the network layer and does not natively provide encryption to its subscribers. However, GETVPN (Group Encrypted Transport VPN) with GDOI (Group Domain of Interpretation) can provide security in the form of network layer encryption.
Inter-domain MPLS
An MPLS L3VPN may need to leverage the capabilities of another SP's MPLS L3VPN to offer inter-regional (or inter-continental) WAN connections. As a result, two MPLS L3VPN networks may need to share routing information. This can be achieved with inter-AS options A, AB, B, or C. Additionally, a Carrier Supporting Carrier (CSC) architecture can also be considered.
MPLS label switched path
There are many options to create an LSP with a variety of positives and drawbacks. For example, MPLS TE tunnels are used for traffic engineering and fast reroute (FRR). However, if traffic engineering is not required then LDP can be used which is easier to deploy and operate. But in fact, LDP and MPLS TE can be combined in a single MPLS network to leverage their benefits. Furthermore, there is Segment Routing which provides many benefits (e.g traffic engineering and FRR) but without deploying LDP or RSVP.
Additionally, the MPLS L3VPN access network (between the PE and CE) is an essential part of any design. Connecting customer locations to the MPLS L3VPN core requires a network of its own. This is called the access network or last-mile. A variety of access technologies are possible, such as wireless 3G/4G or DSL with DSLAM, or MSAN/BNG for additional access services.
However it is important to note that an MPLS L2VPN (for example VPLS, EoMPLS or their EVPN alternatives) can be configured or subcontracted. This means, between the MPLS L3VPN PE and CE routers, there may be an independent MPLS L2VPN service provider deploying Layer-2 pseudowires in the last-mile.
New methods to provision MPLS-based L3VPN services
A combination of more recent technology standards can be deployed to provide MPLS-based Layer-3 IP VPN services. Namely, the control plane EVPN IRB can carry IP prefixes between PE routers, and thus advertise Layer-3 VPN services per customer VRF. EVPN IRB uses the Route Type 5 to carry IP prefix information in MP-BGP Update messages. This means the BGP VPNv4/v6 address-family is no longer used with EVPN IRB. Additionally, Segment Routing can be deployed as a transport service together with EVPN IRB.
These technologies provide multiple benefits over the more traditional approach of MP-BGP VPNv4 using LDP and RSVP Traffic Engineering. A main advantage of EVPN IRB is its capability to handle both L2VPN and L3VPN services at the same time using BGP. This is also called a unified control plane, and simplifies the deployment of various service provider offerings.
Moreover, Segment Routing improves network scalability by reducing protocol state in the MPLS core network. In other words, since there are no LDP neighborships to maintain and no RSVP Path messages to exchange, this reduces the protocol overhead and network complexity. Also, Segment Routing simplifies the deployment of Fast Reroute with TI-LFA, and simplifies Traffic Engineering (for example SR TE Automated Steering) as there is no need for a separate protocol (RSVP).
Can you have L3VPN without MPLS?
Yes, many types of L3VPN do not rely on MPLS, although in terms of scale, flexibility and optional added value services (QoS, Traffic Engineering, Fast Reroute, Integrated Layer-2/Layer-3) MPLS-based variants are the preferred method, especially for service providers.
But for example, EVPN-VXLAN L3VNI does provide scalability and per-VRF segmentation of customers (also called tenants) without relying on MPLS. EVPN-VXLAN L3VNI exchanges IP Prefixes through Route Type 5, and does so over a purely IP routed network.
Also, FlexVPN and DMVPN provide a Layer-3 overlay network using purely IP-based forwarding. So in essence, these are L3VPN WAN services (just like MPLS L3VPN) to connect remote locations.
And finally, SD-WAN solutions are also L3VPNs that are independent from MPLS. Note, the mentioned L3VPNs can be deployed in parallel to MPLS L3VPN, or combined with MPLS features. For example, MPLSoDMVPN (2547 over DMVPN) provides network segmentation for DMVPN, and MPLS over FlexVPN is also possible.
Download section
Disclaimer: You download and use files from networkstudysite.com at your own risk.
Use at your own risk: networkstudysite.com makes no representations as to accuracy, completeness, currentness, suitability, or validity of any information found on this website. Full disclaimer on the About page.
Privacy Policy:
networkstudysite.com does not install browser cookies to collect or store your data.
Thank you for your interest in this blog post!
Looking for something else? View infographics, explore the archives or read the recommended posts below:
