Beruflich Dokumente
Kultur Dokumente
BRKMPL-2105
Sangita Pandya, TME, Cisco Systems, Inc. SPANDYA@cisco.com
The Prerequisites
Must understand basic IP routing Familiar with MPLS architectures Familiar with MPLS applications Some level of MPLS network design/ deployment experience
BRKMPL-2105
Cisco Public
Goal
Explore Inter-AS MPLS VPN use cases
Discuss various architectures that facilitate support of MPLS VPN services in Inter-AS environment Highlight some of the key differences between IOS and IOS XR Introduce some of the key commands in IOS or IOS XR For full configuration examples please refer to www.cisco.com
BRKMPL-2105
Cisco Public
Agenda
Inter-AS Networks
Inter-AS Connectivity Models
Inter-AS RSVP-TE
BRKMPL-2105
Cisco Public
SubscriberN
Cisco Public
Customer Carrier-B
Provider-A
Subscriber A Site1
Provider-B
Subscriber A Site1
Subscriber A Site2
Subscriber A Site2
CSC
IP/MPLS Carrier doesnt want to manage own MPLS backbone IP/MPLS Carrier is a customer of another MPLS backbone provider Only the backbone provider is required to have MPLS VPN core Customer Carriers do not distribute their subscribers VPN info to the backbone carrier Client-Server model
Inter-AS
Single SP POPs not available in all geographical areas required by their subscribers/customers SPs provide services to the common customer base Both SPs must support MPLS VPNs Subscribers VPN information distributed to peering SPs network Peer-Peer model
Cisco Public
BRKMPL-2105
BRKMPL-2105
Cisco Public
ASBR1
ASBR2
AS #1
PE11
AS #2
PE22
CE1
VPN-R1
VPN-R2
BRKMPL-2105
Cisco Public
Route Distinguisher (RD) convert IPv4 routes to VPNv4 Routes Route Target allows VPN routes to be imported/exported to/from a VPN Peer PE loopbacks are known via IGP
VPN/VRF Endpoints
18.1/16
IP
VPN/VRF Endpoints
16.1/16
IP
PE1
P1 P2
PE2
MPLS Core
MP-iBGP Update:
BGP VPN-IPv4 Net=RD:18.1/16 NH=PE1 Route Target 100:1 VPN Label=41
MP-BGP protocol carries VPNv4 routes and communities using BGP address-families
IP
40
P1
IP
40
@PE1
BRKMPL-2105
2011 Cisco and/or its affiliates. All rights reserved.
@PE2
9
Cisco Public
Inter-AS VPNOption A
BGP VPN-IPv4 Net=RD:16.1/16 NH=PE1 Route Target 100:1 VPN Label=40
PE1
P1
P1
Unlabeled IP Packets
VRF-Lite Configuration
PE2
P2
AS1
IP
PE-ASBR1
IP 40
PE-ASBR2
IP 80 P2
AS2
IP 80 IP
IP
40
P1
IP
Cisco Public
10
Inter-AS VPNOption B
ASBR2 AS #2
IGP2
PE1
PE2
AS #2 PE2
PE1
BRKMPL-2105
2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
11
Inter-AS VPNOption B
Establishing reachability between geographically dispersed VPNs using Next Hop Self on ASBRs
eBGP for VPNv4
ASBR1
ASBR2
AS #1
AS #2
PE2
CE2 BGP, OSPF, RIPv2 152.12.4.0/24,NH=PE2
CE1
Customer-A 152.12.4.0/24
Customer-A
BRKMPL-2105
All VPNv4 Prefixes/Labels from PEs Distributed to ASBRs Next Hop and labels are rewritten on ASBRs when routes are advertised across domains. ASBRs store all VPNv4 routes in BGP table.
2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
12
Inter-AS VPNOption B
Establishing reachability between geographically dispersed VPNs using Next Hop Self on ASBRs
No Virtual Routing Forwarding tables on ASBRs unless ASBR also supports PE functionality (has VRF interfaces)
In IOS, Receiving PE-ASBR automatically creates a /32 host route to a peer ASBR
Which must be advertised into receiving IGP if next-hop-self is not in operation to maintain the LSP
In XR, must define a static route to the Next Hop of peer ASBR for Option B and C as well as all address families (IPv4, IPv6, VPNv4, VPNv6). The CLI is only shown in Option B configuration example. In XR, must define route-policy to pass or filter selected VPNv4 routes for for Option B and Option C as well as all address families (IPv4, IPv6, VPNv4, VPNv6). The CLI is only shown in Option B configuration example.
ASBR-ASBR link must be directly connected!!!!!! Could use GRE tunnelconsidered directly connected.
BRKMPL-2105
Cisco Public
13
Inter-AS VPNOption B
L1 AS #1
L2 152.12.4.1 AS #2 PE2 CE1 VPN-R1 152.12.4.0/24
PE1
152.12.4.1
CE2
VPN-R2
152.12.4.1
The Outer Most Core (IGP Labels in an AS) Label Is not displayed in on this slide.
BRKMPL-2105
2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
14
Inter-AS VPNOption B
ASBR1
AS #2
PE2
! router bgp 1 neighbor <ASBR2> remote-as 2 neighbor <PE1> remote-as 1 neighbor <PE1> update-source loopback0 no bgp default route-target filter ! address-family vpnv4 neighbor <PE1> remote-as 1 activate neighbor <PE1> remote-as 1 next-hop-self neighbor <ASBR2> remote-as 2 activate neighbor <ASBR2> remote-as 2 send-community extended
CE2
VPN-R2
ASBRs require no bgp default route-target filter command to store VPNv4 routes as it does not have any VRF interfaces.
BRKMPL-2105
2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
15
Inter-AS VPNOption B
ASBR1 PE1
AS #1
Int gig0/0/1
50.0.0.2
ASBR2
PE2 AS #2
neighbor <ASBR2> remote-as 2 address-family vpnv4 unicast route-policy pass-all in route-policy pass-all out
! neighbor <PE1> remote-as 1 update-source loopback0 address-family vpnv4 unicast next-hop-self (!Set ASBR1 as next-hop-self!) ! router static 50.0.0.2/32 interface gig0/0/1 ! (!Static Route for ASBR-ASBR link must be configured. It is not installed automatically like in IOS!)
Note: Static route and route-policy required for all address-families & Option B and C
Cisco Public
16
Inter-AS VPNOption C
Route Reflectors exchange VPNv4 routes ASBRs Exchange PE loopbacks (IPv4) with labels as these are BGP NH addresses
Eliminates LFIB duplication at ASBRs. ASBRs dont hold VPNv4 prefix/label info.
Two Options for Label Distribution for BGP NH Addresses for PEs in each domain:
RR1
RR2
AS #1
ASBR1 ASBR2
AS #2
PE1
IGP + LDP
PE2
Cisco Public
17
I-AS VPNOption C
RR1
RR2
ASBR1
ASBR2
PE2
CE2
VPN-R2
Cisco Public
18
I-AS VPNOption C
VPN packet forwarding
RR1
RR2
ASBR1
L1 152.12.4.1 PE1
ASBR2 L3
L1
152.12.4.1 PE2
L2
CE1
L1
152.12.4.1
CE2
152.12.4.1
152.12.4.1
VPN-R1 152.12.4.0/24
VPN-R2
The Outer Most Core (IGP Labels in an AS) Label Is not displayed in on this slide.
BRKMPL-2105
2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
19
I-AS VPNOption C
! address-family ipv4 neighbor <RR1> activate neighbor <RR1> send-label !
RR1
AS #1
PE1
neighbor ASBR2 <ASBR1> activate neighbor <ASBR1> send-label PE2 ! address-family vpnv4 neighbor <RR2> next-hop-unchanged exit-address-family !
Cisco Public
20
I-AS VPNOption C
! Command towards all peers! address-family ipv4 labeled-unicast ! RR1
AS #1 PE1 ! router bgp 1 address-family vpnv4 unicast ! neighbor <RR2> remote-as 2 address-family vpnv4 unicast ebgp-multihop 255 next-hop-unchanged !
BRKMPL-2105
2011 Cisco and/or its affiliates. All rights reserved.
ASBR1
ASBR2 PE2
Cisco Public
21
AS2
ASBR2
ASBR2 ASBR3
Topo-2
ASBR1
ASBR2
ASBR3
ASBR4
Topo-3
BRKMPL-2105
Cisco Public
22
RR2
E0/0: 168.192.0.1 ASBR-1
PE1
AS #1
AS #2
PE2
E2/0: 168.192.2.1
E2/0: 168.192.2.2
Create loopback interfaces on directly connected ASBRs HOSTNAME ASBR2 (IOS configuration)
! interface e0/0 ip address 168.192.0.2 255.255.255.252 mpls bgp forwarding ! Enable BGP forwarding on connecting interfaces ! interface e2/0 ip address 168.192.2.2 255.255.255.252 mpls bgp forwarding ! router bgp 2 neighbor 10.10.10.10 remote-as 1 neighbor 10.10.10.10 disable-connected-check neighbor 10.10.10.10 update-source Loopback0 !
! address-family vpnv4 neighbor 10.10.10.10 activate neighbor 10.10.10.10 send-community extended ! ip route 10.10.10.10 255.255.255 e0/0 168.192.0.1 ip route 10.10.10.10 255.255.255 e2/0 168.192.2.1 ! Configure /32 static routes to the eBGP neighbor loopback address
BRKMPL-2105
Cisco Public
23
Apply max prefix Static Labels TTL check to diagnose DoS attacks Filtering with BGP attributes ASPATH, ext communities, RDs checks, etc. Set route-maps to filter and send only the desirable prefixes RT Constraint (filtering) Customize Route Targets, RT Rewrite
BRKMPL-2105
Cisco Public
24
VPN-A
Export RT 200:1
Import RT 100:1
VPNv4 Exchange
PE-ASBR1
Import RT 200:1
PE-1
AS #1
PE-ASBR2
AS #2
PE2 CE2
CE-1
VPN-A-1
ip extcommunity-list 1 permit rt 100:1 ! route-map extmap permit 10 match extcommunity 1 set extcomm-list 1 delete set extcommunity rt 200:1 additive ! route-map extmap permit 20 ! neighbor X.X.X.X route-map extmap in
Cisco Public
VPN-A-2
BRKMPL-2105
25
Option B, more scalable than Option-A for high numbers of VRFs. more adoptable by different provider corporations
Less invasive than Option C, More invasive than Option A More scalable than Option-A if have high numbers of VRFs Use eBGP for ASBR peering ASBRs store VPNv4 routes and allocate labels for VPN prefixes
Option C, most scalable, most invasive, mostly deployed in a single service providers multi-AS network
Use ASBRs to handle IPv4 PE loopbacks Route Reflectors exchange VPNv4 routes
BRKMPL-2105
2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
26
BRKMPL-2105
Cisco Public
27
ASBR1
10.10.10.2
ASBR2
10.10.20.2
2003:1:: is reachable via BGP Next Hop = 10.10.20.1 bind BGP label to 2003:1:: (*)
6VPE1
AS1
AS2
10.10.20.1
6VPE2
CE1
VPN-R1 2001:0db8::
CE2
VPN-R2 2003:1::
All three ASBR-to-ASBR connectivity options discussed in earlier sections are supported for
-IPv6 Provider Edge Router - 6PE model (uses vanilla IPv6) -IPv6 VPN Provider Edge - 6VPE model (uses option A,B,C)
Cisco Public
28
ASBR2
20.20.20.2
AS1
AS2
20.20.20.1
6VPE1
6VPE2
CE1
VPN-R1 2001:0db8::
router bgp 1 no bgp default ipv4-unicast no bgp default route-target filter neighbor 20.20.20.2 remote-as 2 neighbor 10.10.10.1 remote-as 1 neighbor 10.10.10.1 update-source Loopback1 ! address-family vpnv6 !Peering to ASBR2 over an IPv4 link! neighbor 20.20.20.2 activate neighbor 20.20.20.2 send-community extended !Peering to PE1 over an IPv4 link! neighbor 10.10.10.1 activate neighbor 10.10.10.1 next-hop-self neighbor 10.10.10.1 send-community extended
2011 Cisco and/or its affiliates. All rights reserved.
CE2
VPN-R2 2003:1::
BRKMPL-2105
Cisco Public
29
ASBR2
20.20.20.2
AS1
AS2
20.20.20.1
6VPE1
6VPE2
CE1
VPN-R1 2001:0db8::
router bgp 1 ! address-family vpnv6 unicast !Peering to ASBR2 over an IPv4 link! neighbor 20.20.20.2 remote-as 2 address-family vpnv6 unicast
CE2
VPN-R2 2003:1::
!Peering to PE1 over an IPv4 link! neighbor 10.10.10.1 remote-as 1 address-family vpnv6 unicast
BRKMPL-2105
Cisco Public
30
Inter-AS L2 VPNs
BRKMPL-2105
Cisco Public
31
Enabling L2VPNs
Targetted-LDP Peers VC types & Labels exchanged PE1
PW1 Pseudowire
CE1
PE2
PW2
CE3
CE2
AC
IP/MPLS AS1
AC
CE4
An L2VPN is comprised of switched connections between subscriber endpoints over a shared network PW is an emulated circuit over IP or MPLS core Virtual Circuit(VC) is created for every Attachment Circuit (AC) Goal is to transport Native Services without loosing original encapsulation format
Cisco Public
32
Solution:
Use Option A, dont need to know loopbacks of L2VPN peers in other AS
Use Option B to establish NLRI beween L2VPN peers Use Option C to establish NLRI between L2VPN peers
BRKMPL-2105
Cisco Public
33
CE1
PE1
PW2
ASBR1
ASBR2
PE2
PW2
CE2
AC PL 40
IP/MPLS AS1 PL 40
. .
AC
PL 80
IP/MPLS AS2 PL 80
AC
Need T-LDP sessions to build a PW. Need an IP address to build T-LDP session. One PW/AC (AC types: Ethernet, VLAN, PPP, ATM, TDM, FR, HDLC) Clear demarcation between ASs
PE-ASBR exchange PW (VC) label Granular QoS control between ASBRs
BRKMPL-2105
2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
34
PE1
ASBR2
PW3
PW1
IP/MPLS AS1
T-LDP
Peers
PL
40
PL
40
PL
10
PL
80
PL
80
Cisco Public
35
HOSTNAME PE1
! interface giga1/0 xconnect <ASBR1> 10 encapsulation mpls !
HOSTNAME PE2
! interface giga1/0 xconnect <ASBR2> 20 encapsulation mpls !
PE1
ASBR1
PW1 IP/MPLS AS1
ASBR2
PW3
PE2
IP/MPLS AS2
PW2
HOSTNAME ASBR1
! pseudowire-class pw-switch encapsulation mpls
HOSTNAME ASBR2
! pseudowire-class pw-switch encapsulation mpls
! l2 vfi pw-switch point-to-point neighbor <ASBR2> 100 pw-class pw-switch neighbor <PE3> 10 pw-class pw-switch !
Interface giga3/0 mpls bgp forwarding ! ! router bgp 1 Neighbor <ASBR2-WAN> remote-as 2 exit-address-family ! *Also announce the loopback address (xconnect ID) of ASBR1 in IGP(AS1) and eBGP
BRKMPL-2105
! L2 vfi pw-switch point-to-point neighbor <ASBR1> 100 pw-class pw-switch neighbor <PE4> 20 pw-class pw-switch !
Interface giga3/0 mpls bgp forwarding ! router bgp 2 neighbor <ASBR1-WAN> remote-as1 exit-address-family ! *Also announce the loopback address of ASBR2 in IGP(AS2) and eBGP
Cisco Public
36
ASBR2
PL
40
10
PL
40
20
PL
40
PL
40
PW endpoint addresses leaked between ASs using eBGP IPv4+label and distributed to PEs using iBGP IPv4+label
PWs are not terminated on ASBRs
BRKMPL-2105
2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
37
HOSTNAME PE4 ! interface Gig1/1/1 xconnect <PE3> 100 encapsulation mpls ! ! Activate IPv4 label capability ! router bgp 2 ! address-family ipv4 neighbor <ASBR-2> send-label exit-address-family !
T-LDP Peers
PE3
Int Gig1/1/1
PE4
Int Gig1/1/1
HOSTNAME ASBR1 ! Activate IPv4 label capability ! router bgp 1 ! address-family ipv4 neighbor <PE3> send-label neighbor <ASBR-2> send-label exit-address-family !
BRKMPL-2105
2011 Cisco and/or its affiliates. All rights reserved.
38
BRKMPL-2105
Cisco Public
39
Inter-AS mVPNs
BRKMPL-2105
Cisco Public
40
CE
A Source
B2 A B
New York
CE
B1
San Francisco
CE
CE
E
PE PE
E
PE
PEs perform RPF check on Source to build Default and Data Trees (Multicast Data Trees MDT) Interfaces are associated with mVRF Source-Receivers communicate using mVRFs
Default MDT
For low Bandwidth & control traffic only. Los Angeles
CE
F
Data MDT
D
C
For High Bandwidth traffic only.
PE PE
Receiver 3
CE
D
Dallas
C
Join high bandwidth source
CE
Receiver 2
41
Cisco Public
Solution:
Support reverse path forwarding (RPF) check for I-AS sources P and PE devices
Build I-AS MDTs
Cisco Public
42
PE1
CE1 VPN-A1
P11
AS #1
MDTs
AS #2
PE2
CE4 VPN-A2
For Option B(eBGP between ASBRs): Use BGP Connector Attribute to RPF to source that is reachable via PE router in remote AS
Preserves identity of a PE router originating a VPNv4 Prefix
Receiving PEs in the remote AS use RPF Connector to resolve RPF
For Option B and C: Use PIM RPF Vector to help P routers build an I-AS MDT to Source PEs in remote AS
Leverage BGP MDT SAFI on ASBRs and receiver PEs to insert the RPF Vector needed to build an I-AS MDT to source PEs in remote ASs
BRKMPL-2105
2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
43
I-AS MVPN MDT Establishment for Option B using BGP connector attribute
From ASBR1 to PE1 RD 1:1, Prefix 152.12.4.0/24 NH ASBR1, CONN PE2
BGP MDT SAFI Update RD1:1, Prefix PE2, MDT 232.1.1.1, NH ASBR1
3.
ASBR1
2.
ASBR2
PE1 CE2
P11 AS #1
MDTs
AS #2
PE2
CE-4
1. VPN-A1
VPN-A2
BGP VPNv4 Update from PE2 to ASBR2 RD 1:1, Prefix 152.12.4.0/24 NH PE2, CONN PE2 BGP MDT SAFI Update (Source and Group) RD1:1, Prefix PE2, MDT 232.1.1.1, NH PE2
2011 Cisco and/or its affiliates. All rights reserved.
BRKMPL-2105
Cisco Public
44
ASBR1
ASBR2
P11 AS #1
PE1
2.
MDTs AS #2 PE2
PIM Join From P11 to ASBR1 Source PE2, RD 1:1, Group 232.1.1.1 RPF Neighbor ASBR1, RPF Vector ASBR1
BRKMPL-2105
2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
45
3.
ASBR1
ASBR2
PE1
AS #1
P11
MDTs
AS #2
PE2
CE-4
From ASBR2 to PE2 Source PE2, RD 1:1, Group 232.1.1.1 RPF Neighbor PE2
4.
VPN-A2
Step #4 completes the setup of the SSM tree for MDT Default Group 232.1.1.1 rooted at PE2. The SSM Setup from CE1 to PE2 follows the same procedure
BRKMPL-2105
2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
46
1. 2.
3.
Configure PE router to send BGP MDT updates to build the Default MDT
ip multicast vrf <vrf name> rpf proxy rd vector
BRKMPL-2105
2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
47
Agenda
Inter-AS Networks
Inter-AS Connectivity Models
Inter-AS RSVP-TE
BRKMPL-2105
Cisco Public
48
How can Tier 2 or Tier 3 MPLS VPN service providers interconnect remote sites without self managing own MPLS WAN
MPLS NW San Francisco Tier 2 or 3 ISP Site 1 MPLS NW
MPLS Backbone
How can a corporation (enterprise network) MPLS VPN service providers interconnect remote sites without self managing own MPLS WAN
New York Enterprise MPLS VPN NW
MPLS Backbone
BRKMPL-2105
Cisco Public
49
MPLS VPN services offerings by an MPLS VPN backbone provider to customers with MPLS networks
Provide business continuity by extending segmented networks
Cisco Public
50
PE1
MPLS
London ISP1
RR1
CSC-CE1
CSC-PE2
RR2
PE4
MPLS
MPLS Backbone
CSC-CE2
CSC-PE: MPLS VPN PEs located in backbone Carriers Core CSC-CE: Located at the Customer Carrier (ISP/SPs/Enterprise) network edge and connects to a CSC-PE
PE: located in Customer carrier networks & carries customer VPN routes CSC-RR: Route Reflectors located in MPLS Backbone provider network RR: Route Reflectors located in Customer Carrier Network
Cisco Public
51
Internal Routes
PE1
Internal Routes
RR2
RR1
CSC-RR1
CSC-PE2
PE4
MPLS
CSC-CE1
MPLS
PE2
MPLS Backbone
CSC-CE2
PE3
External Routes: IP routes from VPN customer networks Internal Routes: Internal routes (global table) of Customer Carrier network
External routes are stored and exchanged among Customer Carrier PEs MPLS Backbone network doesnt have any knowledge of external routes Customer Carrier selectively provides NLRI to MPLS VPN backbone provider
BRKMPL-2105
2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
52
Carriers Carrier Building Blocks (Cont.) What is unique between Subscriber to Provider connection?
San Francisco ISP1
PE1
RR1
CSC-CE1
London ISP1
RR2
PE4
MPLS
MPLS
PE2
eBGP + Label
MPLS Backbone
eBGP + Label
PE3
CE1R
CE1G
CE2G
CE2R
CSC-PE and CSC-CE exchange MPLS Labels -this is necessary to transport labeled traffic from a Customer Carrier IP between CE and PE for customer Carriers VPN customers
BRKMPL-2105
2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
53
CSC-CE to CSC-PE is a VPN link to exchange Customer Carriers internal routes. These routes are redistributed into the BSPs CSC PE using:
1. Static Routes OR 2. Dynamic IGP OR 3. eBGP
Customer Carriers dont exchange their Subscribers (external) VPN routes with the Backbone Service Provider CSC-PE-to-CSC-CE links extend Label Switching Path using:
1. IGP+LDP 2. eBGPv4 + Labels
BRKMPL-2105
Cisco Public
54
BRKMPL-2105
Cisco Public
55
MPLS Backbone
eBGP + Label
MPLS NW
London ISP1
LSP is extended to CSC-PE, CSC-CE advertises labels for internal routes to CSC-PE; CSC-PE1 performs imposition for site VPN label and IGP label PE swaps the site IGP label with a BB VPN label and push IGP label; PHP is now extended to inside of site 2
External and VPNv4 routes are carried by MP-BGP between customer carrier sites
CSC-CE and CSC-PE exchange labels using IGP+LDP or eBGP+Label
BRKMPL-2105
2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
56
CSC-CE1
London ISP1
RR2 PE4
MPLS
eBGP + Label
MPLS
PE2
MPLS Backbone
eBGP + Label
PE3
CE1R RR1R
CE1G RR1G
CE2G
CE2R
RR2G
RR2R
Backbone CSC-PE1 adds backbone VPN label which is removed by backbone CSC-PE2
BRKMPL-2105
2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
57
Customer Carrier Supports MPLS VPNs Establishing peers and forwarding VPN traffic
MP-iBGP Peering VPN-v4 Update: RD:1:27:149.27.2.0/24, NH=PE2 RT=1:231, Label=(28)
MPLS
PE1
VRF
CSC-CE1
IP/MPLS
VRF
Site A VPNA
MPLS
CSC-CE2
PE2 VRF
VRF
CSC-PE1
AS2
CSC-PE2
AS1
CE1
AS1
Swap
Swap Push Swap Label
Push Push
Pop
Pop
Label
CE2-VPN-Label
Label=120 Label=28
Label=50 Label=28
Label=100
Label=28
Label
Label=28
Label=28
Payload
Payload
Payload
Payload
Payload
Payload
Payload
BRKMPL-2105
Cisco Public
58
GlobalCom London
MPLS Backbone
GC-SFPE2 CE-VPN-GC CE-VPN-B1 CSC-PE1# ip vrf GC rd 1:100 route-target export 1:100 route-target import 1:100 ! CSC-PE1# ip vrf GC rd 1:100 route-target export 1:100 route-target import 1:100 !
GC-LONPE1
CE-VPN-A2 CE-VPN-B2
GC-SFPE2# ip vrf VPNA rd 1:100 route-target export 1:100 route-target import 1:100 !
BRKMPL-2105
Cisco Public
59
BRKMPL-2105
Cisco Public
60
BRKMPL-2105
Cisco Public
61
Customer Carrier A
PE2
PE1
Multi-Hop PW
ASBR1 ASBR3 ASBR4 ASBR2
Pseudowire
PE1
PE2
Customer Carrier A
BRKMPL-2105
Cisco Public
62
Use dynamic protocol instead of static on CSC-CE CSC-PE link preferably eBGP+IPv4 Labels
Set Next-Hop-Self on ASBRs carrying external routes If using IGP on CSC-CE routers, use filters to limit incoming routes from the CSC-PE side
If using RRs in customer carrier network, set next-hop-unchanged on RRs
BRKMPL-2105
Cisco Public
63
CSC Summary
CSC supports hierarchical VPNs VPNs inside customer carriers network are transparent to the backbone MPLS VPN Service Provider QoS will be honored based on MPLS EXP bits between CSC-CE and CSC-PE Granular QoS policies should be pre-negotiated and manually configured Services supported over CSC network
MPLS IPV6 VPNs Multicast VPNs (for PIM, require native mulitcast in the provider network)
MPLS L2 VPNs
MPLS TE
BRKMPL-2105
Cisco Public
64
Agenda
Inter-AS Networks
Inter-AS Connectivity Models
Inter-AS RSVP-TE
BRKMPL-2105
Cisco Public
65
Inter-AS TE Applications
Transporting CustomerVPN traffic over TE tunnels
IP/MPLS
ASBR1 ASBR2
P2
P4
IP/MPLS
P6
PE11
PE7
P3
ASBR3
ASBR4
P5
IP/MPLS
P6
SP1 PoP1
PE11
PE7
SP1 PoP2
P3
ASBR3
ASBR4
P5
BRKMPL-2105
Cisco Public
66
TE Mid points
RESV
RESV
PATH
OSPF-TE
full view of the topology PATH
PATH
TE Tailend
Label (RESV)
Explicit_Route Object Record_Route (Path/RESV)
Policy route
CBTS
Session_Attribute (Path)
Tunnel Select
Forwarding Adjacency
6. Packets follow the tunnel LSP and Not the IGP LSP
Cisco Public
67
Solution: Use Explicit Route Object (ERO) Loose Hop Expansion, Node-id, and Path re-evaluation request/reply Flags to provide per-domain path computation at the head-end + RSVP Policy Control and Confidentiality
RFCs: 3209, 4736, 4561, etc.
draft-ietf-ccamp-inter-domain-rsvp-te-06.txt draft-ietf-ccamp-inter-domain-pd-path-comp-05.txt
BRKMPL-2105
68
IP/MPLS
ASBR1
ASBR2
P4
IP/MPLS
P6
PE11
P3 ASBR3 ASBR4 P5
PE7
ERO
R3, ASBR3, ASBR4 PE7 (Loose)
ERO
PE7 (Loose) Expansion
ERO
P5, PE7
BRKMPL-2105
Cisco Public
69
IP/MPLS
P6
PE7
ASBR3
ASBR4
PathErr
P5
Reoptimization can be timer/event/admin triggered Head end sets path re-evaluation request flag (SESSION_ATTRIBUTE)
Head end receives a PathErr message notification from the boundary router if a preferable path exists
Cisco Public
70
IP/MPLS
P2
ASBR1
ASBR2
P4
IP/MPLS
P6 PE7
PE1
P3
ASBR3
ASBR4
P5
Link and Node protection include ASBRs and ASBR to ASBR links Support for Node-id sub-object is required to implement ABR/ASBR node protection
Node-id helps point of local repair (PLR) detect a merge point (MP) Node-id flag defined in draft-ietf-nodeid-subobject
BRKMPL-2105
2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
71
IP/MPLS
P2
ASBR1
ASBR2
P4
IP/MPLS
P6 PE7
PE1
Policy
P3
ASBR3
ASBR4
P5
ASBR may enforce a local policy during Inter-AS TE LSPs setup (e.g. limit bandwidth, message types, protection, etc.)
Route Recording may be limited ASBR may modify source address of messages (PathErr) originated in the AS
Cisco Public
72
interface Tunnel1
ip unnumbered Loopback0
no ip directed-broadcast
tunnel destination 172.31.255.5
Loose-hop path
!
ip route 172.31.255.5 255.255.255.255 Tunnel1
!
ip explicit-path name LOOSE-PATH enable
BRKMPL-2105
Cisco Public
73
Authentication key
Process signaling from AS 65016 if FRR not requested and 10M or less
BRKMPL-2105
Cisco Public
74
BRKMPL-2105
Cisco Public
75
Lets Summarize
CSC: Hierarchical VPNs
Customer Carrier-B
MPLS Backbone Provider
Provider-A
Subscriber A Site1
Provider-B
Subscriber A Site1
Subscriber A Site2
MPLS VPNs model A, B and C have been deployed to support VPNs among Service Providers and within a single Service Providers multi-AS networks MPLS L2 VPNs, L3VPNs (IPv4, IPv6, and multicast VPNs) are supported in multi-domain environment
MPLS TE is also supported in multi-area or multi-AS networks QoS policies across the ASBRs need to be agreed by the partners
BRKMPL-2105
2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
76
BRKMPL-2102 Deploying IP/MPLS VPNs BRKMPL-2103 Design considerations for enterprise WAN migrating to subscribed MPLS VPN services
BRKMPL-2104 Deploying MPLS Traffic Engineering BRKMPL-2107 Data Center deployments with MPLS on NX-OS (Nexus 7000)
BRKMPL-2108 Global WAN Redesign Case Study BRKMPL-3101 Advanced Topics and Future Directions in MPLS BRKMPL-3102 Designing NGN Networks for Scale, Resiliency and Reliability
BRKMPL-2105
Cisco Public
77
BRKMPL-2105
Cisco Public
78
BRKMPL-2105
Cisco Public
79
Recommended Reading
LTRRST-2106
Cisco Public
80
Complete your session evaluation online now (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center.
Dont forget to activate your Cisco Live and Networkers Virtual account for access to all session materials, communities, and on-demand and live activities throughout the year. Activate your account at any internet station or visit www.ciscolivevirtual.com.
BRKMPL-2105
Cisco Public
81
BRKMPL-2105
Cisco Public
82
BRKMPL-2105
Cisco Public
83
MP-iBGP MDT 3.
PE1
P21 P11 AS #1
MDTs
AS #2
P21
P22 PE2
1.
VPN-A1
VPN-A2
1. From PE2 to RR2 RD 1:1, Prefix PE2, MDT 232.1.1.1, NH PE2 2. From RR2 to RR1 (MP-iBGP MDT) RD 1:1, Prefix PE2, MDT 232.1.1.1, NH PE2 3. From RR1 to PE1 RD 1:1, Prefix PE2, MDT 232.1.1.1, NH PE2
BRKMPL-2105
2011 Cisco and/or its affiliates. All rights reserved.
Cisco Public
85
ASBR2 RR2
P21 P11 AS #1
2.
3.
MDTs AS #2
VPN-A1
PE1
VPN-A2
Cisco Public
86