Beruflich Dokumente
Kultur Dokumente
BRKMPL-2105
The Prerequisites
Must understand basic IP routing
Familiar with MPLS Architectures
Familiar with MPLS Applications
Some level of MPLS network Design/
Deployment Experience
Presentation_ID
Cisco Public
Agenda
Inter-AS Networks
Inter-AS Connectivity
Models
Carrier Supporting
Carrier
CSC Service Models
Inter-AS L3 VPNs
MPLS L3 VPNs
Inter-AS L2VPNs
Multicast VPNs
MPLS L2 VPNs
Presentation_ID
Cisco Public
Subscriber1
AS1
AS2
AS3
SubscriberN
SubscriberN
Presentation_ID
Cisco Public
Subscriber A
Site1
MPLS
Backbone
Provider
ASBR-A
Customer
Carrier-B
Subscriber A
Site1
Provider-A
Subscriber A
Site1
ASBR-B
Provider-B
Subscriber A
Site2
CSC
Inter-AS
Client-Server model
IP/MPLS Carrier is a customer of
another MPLS backbone provider
IP/MPLS Carrier doesnt want to
manage own backbone
Only the backbone provider is
required to have MPLS VPN core
Customer Carriers do not
distribute their subscribers VPN
info to the backbone carrier
Peer-Peer model
SPs provide services to the
common customer base
Single SP POPs not available in
all geographical areas required by
their subscribers/customers
Both SPs must support MPLS
VPNs
Subscriber VPN information
shared between peering SPs
(ASs)
Presentation_ID
Cisco Public
I-AS L3 VPNs
Overview
Presentation_ID
Cisco Public
ASBR1
ASBR2
Back-to-Back VRFs
MP-eBGP for VPNv4
AS #1
PE11
Multihop MP-eBGP
between RRs
AS #2
PE22
Option AB
CE1
VPN-R1
Presentation_ID
CE2
Cisco Public
VPN-R2
Inter-AS VPNOption A
Back-to-Back VRFs
Each ASBR Thinks the Other Is a CE
Unlabeled
IP Packets
PE1
PE2
P1
P1
AS1
IP
IP
40
P1
P2
PE-ASBR1
IP
42
PE-ASBR2
IP
IP
80
AS2
P2
IP
80
IP
Cisco Public
Inter-AS VPNOption B
Setting up Control Plane
eBGP for VPNv4
VPN-v4 update:
RD:1:27:152.12.4.0
/24, NH=PE1
RT=1:222,
Label=(L1)
ASBR1
AS #1
PE1
Label Exchange
between Gateway
PE-ASBR Routers
Using eBGP
VPN-v4 update:
RD:1:27:152.12.4.0
/24, NH=ASBR1
RT=1:222,
Label=(L2)
CE1
ASBR2
AS #2
PE2
CE2
VPN-R1
VPN-v4 update:
RD:1:27:152.12.4.0/24,
NH=ASBR2
RT=1:222, Label=(L3)
VPN-R2
152.12.4.0/24
Cisco Public
Inter-AS VPNOption B
Key Points
PE-ASBRs exchange routes directly using eBGP
External MP-BGP for VPNv4 prefix exchange;
ASBR-ASBR link must be directly connected!!!!!! Could use GRE tunnelconsidered directly connected
Receiving PE-ASBRs may allocate new label
Controlled by configuration of next-hop-self (default is off)
Presentation_ID
Cisco Public
10
Inter-AS VPNOption B
Packet Forwarding between MPLS VPN AS
L3
ASBR1
152.12.4.1
152.12.4.1
ASBR2
L1
AS #1
L2
152.12.4.1
AS #2
PE1
152.12.4.1
PE2
CE2
CE1
VPN-R1
152.12.4.0/24
152.12.4.1
VPN-R2
Note: The outer most core (IGP labels in an AS) label is not displayed in
this presentation
Presentation_ID
Cisco Public
11
Inter-AS VPNOption B
Cisco IOS Configuration
ASBR1
eBGP for
VPNv4
AS #1
ASBR2
AS #2
PE1
CE1
VPN-R1
Presentation_ID
PE2
!
router bgp 1
neighbor <ASBR2> remote-as 2
neighbor <PE1> remote-as 1
neighbor <PE1> update-source loopback0
no bgp default route-target filter
!
address-family vpnv4
neighbor <PE1> remote-as 1 activate
neighbor <PE1> remote-as 1 next-hop-self
neighbor <ASBR2> remote-as 2 activate
neighbor <ASBR2> remote-as 2 send-community extended
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
CE2
VPN-R2
12
Inter-AS VPNOption C
Multi-hop eBGP VPNv4 between RRs
RR1
ASBR1
RR2
ASBR2
AS #1
PE1
AS #2
eBGP IPv4 + Labels
IGP + LDP
PE2
Eliminates LFIB duplication at ASBRs. ASBRs dont hold VPNv4 prefix/label info.
ASBRs Exchange PE loopbacks (IPv4) with labels as these are BGP NH addresses
Two Options for Label Distribution for BGP NH Addresses:
IGP + LDP OR BGP IPv4 + Labels (RFC3107)
Cisco Public
13
I-AS VPNOption C
Setting up Control Plane
BGP update:
RD:1:27:152.12.4.0/24,
NH=PE1
RT=1:222, Label=(L1)
RR1
AS #1
ASBR1
RR2
BGP VPN-v4
update:
RD:1:27:152.12.4.0/2
4, NH=PE1
RT=1:222,
Label=(L1)
ASBR2
PE1
PE2
Presentation_ID
To ASBR2:
Network=PE1
NH=ASBR-1
Label=(L2)
From ASBR1:
Network=PE1
NH=ASBR-2
Label=(L3)
Cisco Public
14
I-AS VPNOption C
Forwarding Plane
RR1
RR2
ASBR1
L1 152.12.4.1
PE1
L2
152.12.4.1
L1
ASBR2 L3
L1
152.12.4.1
PE2
152.12.4.1
CE1
CE2
152.12.4.1
VPN-R2
VPN-R1
152.12.4.0/24
Note: The diagram does not display an outer most core (IGP labels in an
AS) label
Presentation_ID
Cisco Public
15
I-AS VPNOption C
IPv4+Label, Cisco IOS Configuration
!
address-family ipv4
neighbor <RR1> activate
neighbor <RR1> send-label
!
!
router bgp 1
neighbor <RR2> ebgp-multihop 255
!
address-family ipv4
RR2activate
neighbor <RR2>
RR1
AS #1
ASBR1
PE1
!
address-family ipv4
neighbor <ASBR2> activate
neighbor <ASBR2> send-label
Cisco Public
16
Interface Peering
Loopback peering
IPv4 + Label
VPNv4 + Label
AS2
ASBR2
ASBR1
ASBR2
ASBR3
Topo-2
ASBR1
ASBR2
ASBR3
ASBR4
Topo-3
Presentation_ID
Cisco Public
17
RR1
L0:10.20.20.20/32
L0:10.10.10.10
PE1
E0/0:
168.192.0.1
AS #1
ASBR-1
E0/0:
168.192.0.2 ASBR-2
E2/0:
168.192.2.1
AS #2
PE2
E2/0:
168.192.2.2
Presentation_ID
!
address-family vpnv4
neighbor 10.10.10.10 activate
neighbor 10.10.10.10 send-community extended
!
ip route 10.10.10.10 255.255.255 e0/0 168.192.0.1
ip route 10.10.10.10 255.255.255 e2/0 168.192.2.1
! Configure /32 static routes to the eBGP neighbor
loopback address
Cisco Public
18
Presentation_ID
Cisco Public
19
Rewrite RT:
100:1->200:1
VPNv4
Exchange
Import RT 100:1
VPN-A
Export RT 200:1
Import RT 200:1
PE-ASBR1
AS #1
AS #2
PE-1
PE-ASBR2
PE2
CE2
CE-1
VPN-A-1
Presentation_ID
Rewrite RT:
200:1->100:1
Cisco Public
VPN-A-2
20
Presentation_ID
Cisco Public
21
Presentation_ID
Cisco Public
22
ASBR1
2003:1:: is reachable
via BGP Next Hop = 10.10.20.2
10.10.10.2
10.10.10.1
6VPE1
ASBR2
2003:1:: is reachable
via BGP Next Hop = 10.10.20.1
bind BGP label to 2003:1:: (*)
10.10.20.2
AS2
AS1
10.10.20.1
6VPE2
CE1
CE2
VPN-R1
2001:0db8::
VPN-R2
2003:1::
Cisco Public
23
AS1
ASBR2
20.20.20.2
20.20.20.1
6VPE1
6VPE2
CE1
VPN-R1
2001:0db8::
Presentation_ID
AS2
CE2
router bgp 1
no bgp default ipv4-unicast
no bgp default route-target filter
neighbor 20.20.20.2 remote-as 2
neighbor 10.10.10.1 remote-as 1
neighbor 10.10.10.1 update-source Loopback1
!
address-family vpnv6
!Peering to ASBR2 over an IPv4 link!
neighbor 20.20.20.2 activate
neighbor 20.20.20.2 send-community extended
!Peering to PE1 over an IPv4 link!
neighbor 10.10.10.1 activate
neighbor 10.10.10.1 next-hop-self
neighbor 10.10.10.1 send-community extended
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
VPN-R2
2003:1::
24
Presentation_ID
Cisco Public
25
Inter-AS L2VPN
Multiple PW Segments using Option A
T-LDP
Peers
T-LDP
Peers
PW1
PW1
CE1
PE1
ASBR1
PW2
PL
40
PL
PW2
IP/MPLS
AS2
AC
40
CE2
PE2
..
IP/MPLS
AS1
AC
ASBR2
PL
80
PL
AC
80
Pseudowire
PW Label
PL = Payload
Cisco Public
26
Inter-AS L2VPN
Multi-Hop PW using Option B
T-LDP
Peers
T-LDP
Peers
ASBR1
PE1
PW1
IP/MPLS
AS1
PL
40
PL
PW2
ASBR2
PE2
PW3
IP/MPLS
AS2
T-LDP
Peers
40
PL
10
PL
80
PL
80
Cisco Public
27
HOSTNAME PE1
HOSTNAME PE2
!
interface giga1/0
xconnect <ASBR1> 10 encapsulation mpls
!
!
interface giga1/0
xconnect <ASBR2> 20 encapsulation mpls
!
PE1
ASBR1
ASBR2
PE2
PW1
IP/MPLS
AS1
PW3
PW2
IP/MPLS
AS2
HOSTNAME ASBR1
HOSTNAME ASBR2
!
pseudowire-class pw-switch
encapsulation mpls
!
pseudowire-class pw-switch
encapsulation mpls
!
l2 vfi pw-switch point-to-point
neighbor <ASBR2> 100 pw-class pw-switch
neighbor <PE3> 10 pw-class pw-switch
!
!
L2 vfi pw-switch point-to-point
neighbor <ASBR1> 100 pw-class pw-switch
neighbor <PE4> 20 pw-class pw-switch
!
Interface giga3/0
mpls bgp forwarding
!
! router bgp 1
Neighbor <ASBR2-WAN> remote-as 2
exit-address-family
!
*Also announce the loopback address (xconnect ID) of ASBR1
in IGP(AS1) and eBGP
Interface giga3/0
mpls bgp forwarding
!
router bgp 2
neighbor <ASBR1-WAN> remote-as1
exit-address-family
!
*Also announce the loopback address of ASBR2 in IGP(AS2) and
eBGP
Presentation_ID
Cisco Public
28
Inter-AS AToMOption C
Single-Hop PW: BGP IPv4+label
Pseudowire
T-LDP Peers
ASBR1
PE1
ASBR2
IP/MPLS
AS1
PL
40
10
PE2
IP/MPLS
AS2
PL
40
PL
20
40
PL
40
Cisco Public
29
ASBR1
MPLS
Int
AS1 eth1/0
IPv4 +
Labels
ASBR2
Int
eth1/0
PE1
HOSTNAME ASBR1
! Activate IPv4 label capability !
router bgp 1
!
address-family ipv4
neighbor <PE3> send-label
neighbor <ASBR-2> send-label
exit-address-family
!
Presentation_ID
PE4
HOSTNAME PE4
!
interface Ethernet1/0
xconnect <PE3> 100
encapsulation mpls
!
! Activate IPv4 label capability !
router bgp 2
!
address-family ipv4
neighbor <ASBR-2> send-label
exit-address-family
!
MPLS
AS2
PE2
HOSTNAME ASBR2
! Activate IPv4 label capability !
router bgp 2
!
address-family ipv4
neighbor <PE4> send-label
neighbor <ASBR-1> send-label
exit-address-family
!
Cisco Public
30
Cisco Public
31
Presentation_ID
Cisco Public
32
PE3
CE3
PE4
CE4
VPLS
AS1
CE1
VPLS
AS2
ASBR1
CE2
ASBR2
PE1
PE2
CE2
CE1
Presentation_ID
CE4
Exchange Virtual
Switching Instance
Database (MAC
Addresses, VLAN IDs +
Labels
Cisco Public
33
Inter-AS VPLSOption C
Single Hop Pseudowires
CE3
CE4
PE3
ASBR1
VPLS
AS1
CE1
PE1
PE4
ASBR2
CE2
VPLS
AS2
IPv4 +
Labels
PE2
Cisco Public
34
PE3:10.0.0.1
CE2
PE4
VPLS ID:
customer1
VPLS
AS1
CE1
PE1
IPv4 +
Labels
VPLS
AS2
CE4
VPLS ID:
customer1
Cisco Public
35
Inter-AS mVPNs
Overview
Presentation_ID
Cisco Public
36
Join High
Bandwidth Source
CE
A
CE
CE
Receiver 1
New York
B2
B1
PE
San
Francisco
MPLS VPN
Core
PE
Default
MDT
For low
Bandwidth &
Control
Traffic Only.
Los
Angeles
Data
MDT
PE
For High
Bandwidth
Traffic Only.
D
C
CE
PE
Dallas
Receiver 3
Join High
Bandwidth Source
High bandwidth
Multicast Source
Presentation_ID
Cisco Public
CE
Receiver 2
37
Solution:
Support reverse path forwarding (RPF) check for I-AS
sources P and PE devices
Build I-AS MDTs
Presentation_ID
Cisco Public
38
PE1
P11
ASBR2
AS #1
AS #2
MDTs
PE2
CE1
CE4
VPN-A2
VPN-A1
For Option B and C: Use PIM RPF Vector to help P routers build an I-AS
MDT to Source PEs in remote AS
Presentation_ID
Leverage BGP MDT SAFI on ASBRs and receiver PEs to insert the RPF Vector needed to
build an I-AS MDT to source PEs in remote ASs
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
39
3.
2.
ASBR1
PE1
ASBR2
P11
AS #1
AS #2
MDTs
PE2
CE-4
CE2
1.
VPN-A1
Presentation_ID
VPN-A2
Cisco Public
40
Presentation_ID
Cisco Public
41
MPLS
Backbone
MPLS NW
Customer
Carrier ISP1
Cisco Public
42
Backbone
Service Provider
MPLS
Backbone
MPLS NW
London
ISP1
Cisco Public
43
PE1
MPLS
London
ISP1
Backbone
Service Provider
CSC-PE1
RR1
CSC-RR1
RR2
CSC-PE2
MPLS
CSC-CE1
PE2
PE4
MPLS
Backbone
Customer Carrier1
CSC-CE2
PE3
Customer Carrier1
Cisco Public
44
Backbone
Service Provider
Internal Routes
PE1
CSC-PE1
RR1
MPLS
External
Routes
RR2
CSC-PE2
PE4
MPLS
CSC-CE1
MPLS
Backbone
PE2
CE1R
CSC-RR1
Internal Routes
CSC-CE2
PE3
CE2G
CE1G
External
Routes
CE2R
External
Routes
VPN Customers
External
Routes
VPN Customers
Cisco Public
45
2. Dynamic IGP
OR
3. eBGP
Presentation_ID
Cisco Public
46
San Francisco
ISP1
PE1
RR1
CSC-CE1
Backbone
Service Provider
CSC-PE1
CSC-RR1
CSC-PE2 CSC-CE2
CE1R
RR2
PE4
MPLS
MPLS
PE2
London
ISP1
MPLS
Backbone
PE3
CE2G
CE1G
CE2R
Cisco Public
47
Presentation_ID
Cisco Public
48
Backbone
Service Provider
MPLS
Backbone
MPLS NW
London
ISP1
Cisco Public
49
CSC-CE1
RR1
Backbone
Service Provider
CSC-PE1
CSC-RR1
CSC-PE2 CSC-CE2
MPLS
Backbone
PE2
RR1R
RR2
PE4
MPLS
MPLS
CE1R
London
ISP1
PE3
CE2G
CE1G
RR1G
RR2G
CE2R
RR2R
Cisco Public
PE1
IP/MPLS
VRF
CSC-CE1
VRF
IP/MPLS
VRF
CSCPE2
CSC-PE1
PE2
VRF
CSC-CE2
IP/MPLS
CE1
Site A VPNA
Push
Push
Swap
Push
Swap
CE2
Pop
Swap
Label
CE2-VPN-Label
Payload
Label
Label=28
Label=120
Payload
Presentation_ID
Label=100
Label
Label=28
Label=50
Label=28
Label=28
Label=28
Payload
Payload
Payload
Payload
Cisco Public
Payload
51
GC-CSC-CE1#
!
mpls label protocol ldp
BB-P1
200.0.0.5/32
CSC-PE1
200.0.0.4/32
GlobalCom
San Francisco
GC-CSC-CE1
100.0.0.3/32
172.16.0.x/24
CSC-PE2
200.0.0.6/32
172.16.1.x/24
MPLS Backbone
GC-CSC-CE2
100.0.0.7/32
GlobalCom
London
192.168.2.x/24
192.168.0.x/24
GC-SFPE2
100.0.0.2/32
GC-LONPE1
100.0.0.8/32
CE-VPN-GC
10.1.1.1/32
CE-VPN-B1
CSC-PE1#
ip vrf GC
rd 1:100
route-target export 1:100
route-target import 1:100
!
mpls label protocol ldp
CSC-PE1#
ip vrf GC
rd 1:100
route-target export 1:100
route-target import 1:100
!
mpls label protocol ldp
GC-SFPE2#
ip vrf GC
rd 1:100
route-target export 1:100
route-target import 1:100
!
mpls label protocol ldp
Presentation_ID
CE-VPN-A2
10.1.1.9/32
CE-VPN-B2
GC-SFPE2#
ip vrf VPNA
rd 1:100
route-target export 1:100
route-target import 1:100
!
mpls label protocol ldp
Cisco Public
52
PE1
Pseudowire
Customer
Carrier A ASBR1
MPLS Backbone
Carrier
ASBR3
ASBR4
(CsC)
Customer
Carrier A
ASBR2
PE2
PW1
Multi-Hop PW
PE1
Pseudowire
PW1
Customer
Carrier A
Presentation_ID
ASBR1
ASBR3
ASBR4
MPLS Backbone
Carrier
(CsC)
Cisco Public
ASBR2
PE2
Customer
Carrier A
53
Presentation_ID
Cisco Public
54
Presentation_ID
Cisco Public
56
Presentation_ID
Cisco Public
58
I-AS RSVP TE
Overview
Presentation_ID
Cisco Public
59
RESV
RESV
PATH
OSPF-TE
full view of the topology
TE Mid
points
PATH
TE
Tailend
PATH
Label_Request (PATH)
Static routed
Label (RESV)
Autoroute
Explicit_Route Object
Policy route
Record_Route (Path/RESV)
CBTS
Session_Attribute (Path)
Tunnel Select
Forwarding Adjacency
60
Solution:
Use Explicit Route Object (ERO) Loose Hop Expansion, Node-id,
and Path re-evaluation request/reply Flags to provide per-domain
path computation at the head-end + RSVP Policy Control and
Confidentiality
RFCs: 3209, 4736, 4561, etc.
draft-ietf-ccamp-inter-domain-rsvp-te-06.txt an
draft-ietf-ccamp-inter-domain-pd-path-comp-05.txt
Presentation_ID
Cisco
Public
http://www.cisco.com/go/mpls
61
Head-End Defines
the Path with ASBR
and the Destination
as Loose Hops
IP/MPLS
ASBR1
ASBR2
P2
P4
IP/MPLS
P6
PE7
PE11
P3
ASBR3
ASBR4
P5
Inter-AS TE LSP
ERO
ERO
ASBR4 (Loose)
PE7 (Loose)
PE7 (Loose)
ERO
Expansion
P5, PE7
ASBR4
Topology
Database
R1
Topology
Database
Presentation_ID
ERO
Cisco Public
62
ASBR1
ASBR2
P2
P4
Inter-AS TE
LSP before
reoptimization
IP/MPLS
P6
Make PE1
before
break
P3
ASBR3
ASBR4
PE7
Inter-AS TE
LSP after
reoptimization
P5
PATH
Path re-evaluation
request
PathErr
Preferable
Path exists
Cisco Public
63
ASBR1
ASBR2
P2
P4
IP/MPLS
P6
PE1
P3
ASBR3
ASBR4
PE7
P5
Cisco Public
64
ASBR1
ASBR2
P2
P4
IP/MPLS
P6
PE1
PE7
Policy
P3
ASBR3
ASBR4
P5
Cisco Public
65
Presentation_ID
Cisco Public
Loose-hop path
Static route
mapping IP
traffic to
Tunnel1
List of ASBRs
as loose hops
66
Presentation_ID
Cisco Public
Authentication
key
Add ASBR
link to TE
topology
database
Enable RSVP
authentication
Process
signaling
from AS
65016 if
FRR not
requested
and 10M or
less
67
Summary
Presentation_ID
Cisco Public
68
Lets Summarize
CSC: Hierarchical VPNs
Customer
Carrier-B
Subscriber A
Site1
MPLS
Backbone
Provider
Customer
Carrier-B
Subscriber A
Site1
Provider-A
Subscriber A
Site1
ASBR-B
Provider-B
Subscriber A
Site2
Cisco Public
69
Presentation_ID
Cisco Public
70
ASBR2 Configuration:
! ASBR1
!
ip multicast-routing
PE2
AS #2
ip multicast routing vrf VPN-A
!
router bgp 1
CE-4
!
address-family ipv4 mdt
neighbor <ASBR2> activate
neighbor <PE1> activate
neighbor <PE1> next-hop-self
exit-address-family
!
ip pim ssm default
!
Configuration Steps:
1.
2.
3.
Configure PE router to send BGP MDT updates to build the Default MDT
Presentation_ID
2010
Cisco and/or its affiliates.
All rights reserved.
Public
ip
multicast
vrf <vrf
name> rpfCiscoproxy
rd vector
72