VRF, MPLS and MPBGP

VRF, MPLS and MPBGP
Fundamentals
An Nguyen, Network Consulting Engineer
Agenda
Introduction to Virtualisation
VRF-Lite
MPLS BGP Free Core
MP-BGP
Conclusion
Q&A
Introduction
MPLS
The Common Perception
Customer Customer
CE Routers owned by customer Managed Managed
CE SP Demarcation
PE Routers owned by SP Site1
Customer peers to PE via IP Provider CE
MPLS Site3
Exchanges routing with SP via routing Site 2 PE
VPN
PE
protocol (or static route) CE IP Routing Peer
Customer relies on SP to advertise (BGP, Static, IGP)
routes to reach other customer CEs * No Labels Are Exchanged with the SP
Enterprise Network Virtualisation
Key Building Blocks
Device Partitioning Virtualised Interconnect
Si
VRF
VRF
Global
Virtualising the Routing Extending and Maintaining the

and Forwarding of the Device Virtualised Devices/Pools over Any Media
Device Partitioning
Layer 2 vs. Layer 3 Virtualisation
VRF VRF
VRF
Global
VLANVirtual LAN VRFVirtual Routing and Forwarding

Virtualise at Layer 2 forwarding Virtualise at Layer 3 forwarding
Associates to one or more L2 interfaces on switch Associates to one or more Layer 3 interfaces on
router/switch
Has its own MAC forwarding
table and spanning-tree instance per VLAN Each VRF has its own
Interconnect options? Forwarding table (CEF)
VLANs are extended via a physical cable or virtual Routing process (RIP, EIGRP, OSPF, BGP)
802.1q trunk
Interconnect options (VRF-Lite)?
802.1q, GRE, sub-interfaces, physical cables,
signalling
Path Isolation
Functional Components
Per VRF:
Virtual Routing Table
Device virtualisation Virtual Forwarding Table
Control plane virtualisation
Data plane virtualisation
Services virtualisation
VRF
Data path virtualisation VRF
Hop-by-Hop - VRF-Lite End-to-End Global
Multi-Hop - VRF-Lite GRE
MPLS-VPN
MPLS VPN over IP
MPLS VPN over DMVPN
MPLS VPN o GRE/mGRE 802.1q
IP/MPLS
VRF-Lite
What is VRF-Lite?
Functional Components Per VRF:
Virtual Routing Table
Virtual Forwarding Table
WAN/Campus
VRF VRF
VRF VRF
VRF VRF
802.1q, GRE, DLCI
Defined router supports routing (RIB), forwarding (FIB), and interface per VRF
Leverages Virtual encapsulation for separation:
Ethernet/802.1Q, GRE, Frame Relay
The routing protocol is also VRF aware
RIP/v2, EIGRP, OSPF, BGP, static (per VRF)
Layer 3 VRF interfaces cannot belong to more than a single VRF
VRF-Lite End-to-End
Target Requirements
End to End segmentation, per VRF and per

interface VLAN 10
VLAN 20
Targets a small number of VRFs as requirement
Seen frequently in Access Distribution (vs. VLAN 11 VLAN 12
VLAN 21
end to end) VLAN 22
No MP-BGP or control plane signalling is

required and does not use labels IGPs
No LDP is required (i.e. MPLS) VLAN 14

VLAN 13
VLAN 24
Still leverages existing QoS model and supports VLAN 23
IP multicast VLAN 16
VLAN 15 VLAN 26
Full range of platform support within the Cisco VLAN 25
portfolio of switches and routers
VRF-Lite Per VRF:
Sub-interface Example Virtual Routing Table
Virtual Forwarding Table
Locally Significant
Lo1 R1 R2 Lo1
.1 .2
VLAN 12
VRF-R VRF-R
1.1.1.1 Lo2 VLAN 112 Lo2 2.2.2.2
VRF-E VRF-E
VLAN 212
VRF-O VRF-O
Lo3 .1 .2 Lo3
G0/1.X
VLAN X IGPs:
VLAN 114
VLAN 214
VLAN 223
VLAN 123
VRF-R = RIP
VLAN 14
VLAN 23
10.1.X.0/24
Sub-interface/VLAN/VRF Mapping VRF-E = EIGRP
.4 .3 VRF-O = OSPF
Lo1 Lo1
VLAN 34
VRF-R VRF-R
4.4.4.4 Lo2 VRF-E
VLAN 134
VRF-E Lo2 3.3.3.3
VLAN 234
VRF-O VRF-O
.4 .3
Lo3 R4 R3 Lo3
Configuration Note: Devices are IOS Routers

VRF-Lite Sub-interface Configuration
Command Line Interface (CLI) Review
ip vrf VRF-R
rd 1:1
interface GigabitEthernet0/1.12
ip vrf forwarding VRF-R
interface Loopback1
ip vrf VRF-E
rd 2:2
ip vrf forwarding VRF-E
VRF
interface Loopback2
ip vrf forwarding VRF-E VRF
ip vrf VRF-O VRF
rd 3:3
ip vrf forwarding VRF-O
interface Loopback3
VRF Aware RIP Configuration
Similar to what you already know!
router rip
version 2
network 1.0.0.0
network 10.0.0.0
no auto-summary
router rip
!
address-family ipv4 vrf VRF-R
network 1.0.0.0
network 10.0.0.0
no auto-summary
version 2
exit-address-family
VRF
RIP leverages address-family ipv4 vrf ______
VRF Aware EIGRP Configuration
router eigrp 10
network 1.1.1.1 0.0.0.0
network 10.1.112.0 0.0.0.255
no auto-summary
router eigrp 10
!
address-family ipv4 vrf VRF-E autonomous-system 10
network 1.1.1.1 0.0.0.0
network 10.1.112.0 0.0.0.255
no auto-summary
exit-address-family
VRF
EIGRP leverages address-family ipv4 vrf ______
Set unique autonomous system number per VRF

VRF Aware OSPF Configuration
router ospf 1
log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 1
network 10.1.212.0 0.0.0.255 area 0
router ospf 2 vrf VRF-O

log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 1
network 10.1.212.0 0.0.0.255 area 0
VRF
OSPF leverages vrf ______ after the unique
process number
Live Exploration
CML: VRF REO Lab Topology
CML: VRF REO Lab
R1#show ip interface brief

Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 10.255.1.63 YES NVRAM administratively down down
GigabitEthernet0/1 unassigned YES unset up up
GigabitEthernet0/1.12 10.1.12.1 YES NVRAM up up
Loopback1 1.1.1.1 YES NVRAM up up
CML: VRF REO Lab
R1#show ip vrf interface

Interface IP-Address VRF Protocol
Lo2 1.1.1.1 VRF-E up
Gi0/1.112 10.1.112.1 VRF-E up
Gi0/1.114 10.1.114.1 VRF-E up
Lo3 1.1.1.1 VRF-O up
Gi0/1.212 10.1.212.1 VRF-O up
Gi0/1.214 10.1.214.1 VRF-O up
Lo1 1.1.1.1 VRF-R up
Gi0/1.12 10.1.12.1 VRF-R up
Gi0/1.14 10.1.14.1 VRF-R up
CML: VRF REO Lab
R1#show vrf
Name Default RD Protocols Interfaces
VRF-E 2:2 ipv4 Lo2
Gi0/1.112
Gi0/1.114
VRF-O 3:3 ipv4 Lo3
Gi0/1.212
Gi0/1.214
VRF-R 1:1 ipv4 Lo1
Gi0/1.12
Gi0/1.14
CML: VRF REO Lab
R1#show run vrf VRF-R router rip
Building configuration... !
Current configuration : 572 bytes network 1.0.0.0
ip vrf VRF-R network 10.0.0.0
rd 1:1 no auto-summary
! version 2
! exit-address-family
interface GigabitEthernet0/1 !
no ip address end
duplex auto
speed auto R1#
media-type rj45
!
encapsulation dot1Q 12
ip address 10.1.12.1 255.255.255.0
!
ip address 10.1.14.1 255.255.255.0
!
interface Loopback1
ip address 1.1.1.1 255.255.255.255
!
CML: VRF REO Lab
R1#show run | section router rip

router rip
passive-interface Loopback1
!
network 1.0.0.0
network 10.0.0.0
no auto-summary
version 2
exit-address-family
R1#
CML: VRF REO Lab
R1#show ip protocol vrf VRF-R
*** IP Routing is NSF aware ***
Routing Protocol is "rip"

Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Sending updates every 30 seconds, next due in 24 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Redistributing: rip
Default version control: send version 2, receive version 2
Interface Send Recv Triggered RIP Key-chain
GigabitEthernet0/1.12 2 2
GigabitEthernet0/1.14 2 2
Maximum path: 4
Routing for Networks:
1.0.0.0
10.0.0.0
Passive Interface(s):
Loopback1
Routing Information Sources:
Gateway Distance Last Update
10.1.14.4 120 00:00:22
10.1.12.2 120 00:00:26
Distance: (default is 120)
CML: VRF REO Lab
R1#show ip rip database vrf VRF-R

1.0.0.0/8 auto-summary
1.1.1.1/32 directly connected, Loopback1
2.2.2.2/32
[1] via 10.1.12.2, 00:00:25, GigabitEthernet0/1.12
3.3.3.3/32
4.4.4.4/32
10.1.12.0/24 directly connected, GigabitEthernet0/1.12
10.1.14.0/24 directly connected, GigabitEthernet0/1.14
10.1.23.0/24
10.1.34.0/24
CML: VRF REO Lab
R1#show ip route vrf VRF-R
Routing Table: VRF-R

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets

C 1.1.1.1 is directly connected, Loopback1
R 2.2.2.2 [120/1] via 10.1.12.2, 00:00:24, GigabitEthernet0/1.12
[120/2] via 10.1.12.2, 00:00:24, GigabitEthernet0/1.12
10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
C 10.1.12.0/24 is directly connected, GigabitEthernet0/1.12
L 10.1.12.1/32 is directly connected, GigabitEthernet0/1.12
R 10.1.23.0/24 [120/1] via 10.1.12.2, 00:00:24, GigabitEthernet0/1.12
R 10.1.34.0/24 [120/1] via 10.1.14.4, 00:00:19, GigabitEthernet0/1.14
CML: VRF REO Lab
R1#show run vrf VRF-E router eigrp 10
address-family ipv4 vrf VRF-E autonomous-system 10
Current configuration : 655 bytes network 1.1.1.1 0.0.0.0
ip vrf VRF-E network 10.1.112.0 0.0.0.255
rd 2:2 network 10.1.114.0 0.0.0.255
! passive-interface Loopback2
! exit-address-family
interface GigabitEthernet0/1 !
no ip address end
duplex auto
speed auto
media-type rj45
!
ip address 10.1.112.1 255.255.255.0
!
ip address 10.1.114.1 255.255.255.0
!
interface Loopback2
ip address 1.1.1.1 255.255.255.255
!
CML: VRF REO Lab
R1#show ip eigrp vrf VRF-E interface
EIGRP-IPv4 Interfaces for AS(10) VRF(VRF-E)
Xmit Queue PeerQ Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable Un/Reliable SRTT Un/Reliable Flow Timer Routes
Gi0/1.112 1 0/0 0/0 55 0/0 256 0
Gi0/1.114 1 0/0 0/0 93 0/0 428 0
R1#show ip eigrp vrf VRF-E neighbors

EIGRP-IPv4 Neighbors for AS(10) VRF(VRF-E)
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 10.1.112.2 Gi0/1.112 11 4d05h 55 330 0 46
0 10.1.114.4 Gi0/1.114 10 4d05h 93 558 0 22
CML: VRF REO Lab
R1#show ip eigrp vrf VRF-E topology

EIGRP-IPv4 Topology Table for AS(10)/ID(1.1.1.1) VRF(VRF-E)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 10.1.114.0/24, 1 successors, FD is 2816

via Connected, GigabitEthernet0/1.114
via 10.1.114.4 (130816/128256), GigabitEthernet0/1.114
via Connected, GigabitEthernet0/1.112
via Connected, Loopback2
CML: VRF REO Lab
R1#show ip route vrf VRF-E
Routing Table: VRF-E


D 2.2.2.2 [90/130816] via 10.1.112.2, 4d05h, GigabitEthernet0/1.112
D 10.1.123.0/24 [90/3072] via 10.1.112.2, 4d05h, GigabitEthernet0/1.112
D 10.1.134.0/24 [90/3072] via 10.1.114.4, 4d05h, GigabitEthernet0/1.114
CML: VRF REO Lab
R1#show run vrf VRF-O router ospf 2 vrf VRF-O
Building configuration... passive-interface Loopback3
network 1.1.1.1 0.0.0.0 area 1
Current configuration : 608 bytes network 10.1.212.0 0.0.0.255 area 0
ip vrf VRF-O network 10.1.214.0 0.0.0.255 area 0
rd 3:3 !
! !
! end
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
media-type rj45
!
ip address 10.1.212.1 255.255.255.0
!
ip address 10.1.214.1 255.255.255.0
!
interface Loopback3
ip address 1.1.1.1 255.255.255.255
!
CML: VRF REO Lab
R1#show ip ospf interface br

Interface PID Area IP Address/Mask Cost State Nbrs F/C
Gi0/1.214 2 0 10.1.214.1/24 1 BDR 1/1
Gi0/1.212 2 0 10.1.212.1/24 1 BDR 1/1
Lo3 2 1 1.1.1.1/32 1 LOOP 0/0
R1#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface

4.4.4.4 1 FULL/DR 00:00:34 10.1.214.4 GigabitEthernet0/1.214
2.2.2.2 1 FULL/DR 00:00:33 10.1.212.2 GigabitEthernet0/1.212
CML: VRF REO Lab
R1#show ip ospf 2 database
OSPF Router with ID (1.1.1.1) (Process ID 2)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count

1.1.1.1 1.1.1.1 66 0x800000CC 0x004979 2
2.2.2.2 2.2.2.2 1705 0x800000C9 0x00E3B5 2
3.3.3.3 3.3.3.3 753 0x800000CB 0x007DE2 2
4.4.4.4 4.4.4.4 1312 0x800000CC 0x001F57 2
Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum

10.1.212.2 2.2.2.2 1705 0x800000C8 0x0082F9
10.1.214.4 4.4.4.4 1312 0x800000CA 0x005C0A
10.1.234.4 4.4.4.4 1312 0x800000C8 0x00E764
Summary Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum

1.1.1.1 1.1.1.1 66 0x800000C7 0x00B9B3
2.2.2.2 2.2.2.2 1460 0x800000C7 0x006DF7
--More--
CML: VRF REO Lab
R1#show ip route vrf VRF-O
Routing Table: VRF-O


O IA 2.2.2.2 [110/2] via 10.1.212.2, 4d10h, GigabitEthernet0/1.212
O 10.1.223.0/24 [110/2] via 10.1.212.2, 4d10h, GigabitEthernet0/1.212
O 10.1.234.0/24 [110/2] via 10.1.214.4, 4d05h, GigabitEthernet0/1.214
CML: VRF REO Lab
R1#ping vrf VRF-R 2.2.2.2 source 1.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 9/21/29 ms
R1#ping vrf VRF-E 2.2.2.2 source 1.1.1.1

!!!!!
R1#ping vrf VRF-O 2.2.2.2 source 1.1.1.1

!!!!!
CML: VRF REO Lab

Lo2 2.2.2.2 VRF-E up
Gi0/1.112 10.1.112.2 VRF-E up
Gi0/1.123 10.1.123.2 VRF-E up
Lo3 2.2.2.2 VRF-O up
Gi0/1.212 10.1.212.2 VRF-O up
Gi0/1.223 10.1.223.2 VRF-O up
Lo1 2.2.2.2 VRF-R up
Gi0/1.12 10.1.12.2 VRF-R up
Gi0/1.23 10.1.23.2 VRF-R up
R2#config t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#int lo2
R2(config-if)#shu
R2(config-if)#
CML: VRF REO Lab
R1#ping vrf VRF-R 2.2.2.2 source 1.1.1.1

!!!!!
R1#ping vrf VRF-E 2.2.2.2 source 1.1.1.1

.....
Success rate is 0 percent (0/5)
R1#ping vrf VRF-O 2.2.2.2 source 1.1.1.1

!!!!!
No Sub-interface Support/No Problem
GRE Example
VRF Lite can also leverage GRE tunnels
Lo11 R1 R2 as a segmentation technology Lo1
.1 .2
Tunnel 12
Each VRF uses a unique GRE tunnel
VRF-R VRF-R
1.1.1.1 Lo12 Tunnel 112
GRE tunnel interface is VRF aware

VRF-E VRF-E
Tunnel 212
VRF-O VRF-O
Lo13 .1 .2 Lo13
Tunnel X
Tunnel 114 10.1.X.0/24
Tunnel 214
Tunnel 223
Tunnel 123
Tunnel 14
Tunnel 23
Tunnel/VRF Mapping
.4 .3
Lo11 Lo11
Tunnel 34
VRF-R VRF-R
4.4.4.4 Lo12 VRF-E
Tunnel 134
VRF-E Lo12 3.3.3.3
Tunnel 234
VRF-O VRF-O
.4 .3
Lo13 R4 R3 Lo13
Configuration Note: Each GRE Tunnel Could Require Unique Source/Destination IP (Platform Dependent)
VRF-Lite Tunnel Configuration
ip vrf VRF-S
rd 4:4
interface Loopback0 ip route vrf VRF-S 2.2.2.2 255.255.255.255 10.1.12.2

ip address 192.168.1.1 255.255.255.255 (Global Routing Table)
interface Tunnel12
ip vrf forwarding VRF-S
ip address 10.1.12.1 255.255.255.0
tunnel source Loopback0
tunnel destination 192.168.2.2
ip vrf VRF-S
rd 4:4
interface Loopback0
VRF
ip address192.168.2.2 255.255.255.255 (Global Routing Table)
interface Tunnel12
ip vrf forwarding VRF-S ip route vrf VRF-S 1.1.1.1 255.255.255.255 10.1.12.1
ip address 10.1.12.2 255.255.255.0
Layer 2 Serial Link/No Problem
Back-to-Back Frame Relay Example
VRF Lite can also leverage Frame Relay
Lo111 R1 R2 Sub-interfaces
Lo1
as a segmentation
.1 .2 technology
Serial1/0.12
1.1.1.1 Lo112 VRF-R

VRF-E
Serial1/0.112
VRF-R
VRF-E
Each VRF uses a unique Frame-Relay
Serial1/0.212
VRF-O VRF-O
sub-interface and DLCI
Lo113 .1 .2 Lo3
Serial1/0.X
Serial1/1.114 Serial1/1.X Frame Relay sub-interface is VRF aware
Serial1/1.214
Serial1/1.223
Serial1/1.123
Serial1/1.14
Serial1/1.23
10.1.X.0/24
FR VC/VRF Mapping
.4 .3
Lo111 Lo111
Serial1/0.34
VRF-R VRF-R
4.4.4.4 Lo112 VRF-E
Serial1/0.134
VRF-E Lo112 3.3.3.3
Serial1/0.234
VRF-O VRF-O
.4 .3
Lo113 R4 R3 Lo113
Configuration Note: Leveraging Back-to-Back Frame-Relay Configuration

VRF-Lite Back-to-Back Frame Relay Configuration
ip vrf VRF-B
rd 5:5 router bgp 1
address-family ipv4 vrf VRF-B
interface Serial1/0 neighbor 10.1.12.2 remote-as 1
encapsulation frame-relay neighbor 10.1.12.2 activate
no keepalive no synchronization
network 1.1.1.1 mask 255.255.255.255
Interface Serial1/0.12 point-to-point exit-address-family
ip vrf forwarding VRF-B
ip address 10.1.12.1 255.255.255.0
frame-relay interface-dlci 201
ip vrf VRF-B
rd 5:5
interface Serial1/0
encapsulation frame-relay VRF
no keepalive
router bgp 1
Interface Serial1/0.12 point-to-point address-family ipv4 vrf VRF-B
ip vrf forwarding VRF-B neighbor 10.1.12.1 remote-as 1
ip address 10.1.12.2 255.255.255.0 neighbor 10.1.12.1 activate
frame-relay interface-dlci 201 no synchronization
network 2.2.2.2 mask 255.255.255.255
exit-address-family
Live Exploration
CML: VRF SB Lab Topology
R1#show ip interface brief

Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 10.255.1.68 YES NVRAM administratively down down
GigabitEthernet0/1 192.168.12.1 YES NVRAM up up
GigabitEthernet0/2 192.168.14.1 YES NVRAM up up
Tunnel12 10.1.12.1 YES NVRAM up up

Lo4 1.1.1.1 VRF-S up
Tu12 10.1.12.1 VRF-S up
R1#show run vrf VRF-S
Building configuration...
Current configuration : 305 bytes

ip vrf VRF-S
rd 4:4
!
!
interface Loopback4
ip address 1.1.1.1 255.255.255.255
!
interface Tunnel12
ip address 10.1.12.1 255.255.255.0
!
ip route vrf VRF-S 2.2.2.2 255.255.255.255 10.1.12.2
end
R1#show ip route vrf VRF-S
Routing Table: VRF-S


S 2.2.2.2 [1/0] via 10.1.12.2
C 10.1.12.0/24 is directly connected, Tunnel12
L 10.1.12.1/32 is directly connected, Tunnel12
R1#ping vrf VRF-S 2.2.2.2 source 1.1.1.1

!!!!!
R4#show run vrf VRF-B
Building configuration...
Current configuration : 426 bytes

ip vrf VRF-B
rd 5:5
!
!
interface Loopback5
ip address 4.4.4.4 255.255.255.255
!
interface Tunnel34
ip address 10.1.34.4 255.255.255.0
!
router bgp 34
!
address-family ipv4 vrf VRF-B
network 4.4.4.4 mask 255.255.255.255
neighbor 10.1.34.3 remote-as 34
neighbor 10.1.34.3 activate
exit-address-family
!
end
R4# show bgp vpnv4 unicast vrf VRF-B summary
BGP router identifier 192.168.4.4, local AS number 34
BGP table version is 3, main routing table version 3
2 network entries using 312 bytes of memory
2 path entries using 160 bytes of memory
2/2 BGP path/bestpath attribute entries using 320 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 792 total bytes of memory
BGP activity 2/0 prefixes, 2/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

10.1.34.3 4 34 6772 6767 3 0 0 4d06h 1
R4# show bgp vpnv4 unicast vrf VRF-B

BGP table version is 3, local router ID is 192.168.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 5:5 (default for vrf VRF-B)
*>i 3.3.3.3/32 10.1.34.3 0 100 0 i
*> 4.4.4.4/32 0.0.0.0 0 32768 i
R4#show ip route vrf VRF-B
Routing Table: VRF-B


B 3.3.3.3 [200/0] via 10.1.34.3, 4d06h
C 10.1.34.0/24 is directly connected, Tunnel34
L 10.1.34.4/32 is directly connected, Tunnel34
R4#traceroute vrf VRF-B 3.3.3.3 source 4.4.4.4

Tracing the route to 3.3.3.3
VRF info: (vrf in name/id, vrf out name/id)
1 10.1.34.3 59 msec * 58 msec
VRF-Lite
Summary
Leverages VRF in router (RIB/FIB, interface) and

interface for segmentation
No MPLS, LDP, or BGP required
Optimal solution when VRF count is small (~ <8)
Scale usually dependent on routing protocol
Supports multicast and QoS solutions
If you understand routing protocols then you
already understand PE-CE VRF Routing
MPLS BGP Free Core
BGP
No BGP in Core
0.0.0.0 0.0.0.0
0.0.0.0 0.0.0.0 Next-Hop=PE2
Site 1 Next-Hop=PE1
iBGP Relationship Site 2
10.1.1.0/24 CE1 CE2 10.2.1.0/24
R7 R8
P P
PE1 PE2
10.1.1.0/24 R1 R2 10.2.1.0/24
Next-Hop=CE1 R5 R6 Next-Hop=CE2
P P
R3 R4
OSPF Area 0
Redistribute Static
Redistribute Static
Into BGP
Into BGP
1. Always route towards BGP Next-Hop

2. Routes will be valid on PE Routers
3. Routing will break when reaches the P Routers as they are not participating in BGP
Could run BGP all the way through or redistribute routes into OSPF, but why!
IP Routing
IGP vs. BGP
Exchange of IP routes for Forwarding Table Forwarding Table Forwarding Table

Loopback Reachability In Address Out Out In Address Out Out In Address Out Out
Label Prefix Iface Label Label Prefix Iface Label Label Prefix Iface Label
OSPF, IS-IS, EIGRP, etc. 10.2 F0/0 10.2 NA 10.2 F0/0

iBGP neighbour peering over
IGP transport
F0/0 10.2
Route towards BGP Next-Hop F0/0

F0/0
You Can Reach 10.2 Thru Me
By routing towards 2.2.2.2
You Can Reach 2.2 Through Me
Routing Updates
(BGP)
Routing Updates You Can Reach 2.2 Thru Me
(OSPF)
What Is MPLS?
Multi-Protocol: The ability to carry any payload

Multi
Have: IPv4, IPv6, Ethernet, ATM, FR
Protocol
Uses Labels to tell a node what to do with a
Label packet; separates forwarding (hop by hop
behaviour) from routing (control plane)
Routing == IPv4 or IPv6 lookup.
Switching Everything else is Switching.
MPLS Path (LSP) Setup with LDP
Assignment of Remote Labels
Local label mapping are sent to Forwarding Table Forwarding Table Forwarding Table
connected nodes In Address Out Out
Label Prefix IfaceLabel
In Address Out Out In Address Out Out
Label Prefix IfaceLabel Label Prefix IfaceLabel
- 2.2 F0/0 20 20 2.2 F0/0 30 30 2.2 - -
Receiving nodes update forwarding - 10.2 F0/0 -
table
Out label
10.2
F0/0 F0/0
LDP label advertisement happens in F0/0
parallel (downstream unsolicited) Use Label 30 for 2.2

Use Label 20 for 2.2 1

Label Distribution By routing towards 2.2.2.2
Protocol (LDP)
(Downstream
Allocation)
MPLS Traffic Forwarding with LDP
Hop-by-hop Traffic Forwarding Using Labels
Ingress PE node adds label to Forwarding Table Forwarding Table Forwarding Table
In Address Out Out In Address Out Out In Address Out Out
packet (push) Label Prefix IfaceLabel Label Prefix IfaceLabel Label Prefix IfaceLabel
- 2.2 F0/0 20 20 2.2 F0/0 30 30 2.2 - -
Via forwarding table
- - 10.2 F0/0 -

Downstream node use label for
forwarding decision (swap) F0/0 10.2
Outgoing interface F0/0
10.2.1.1 Data
F0/0
Out label 30 2.2.2.2 Data
10.2.1.1 Data 20 2.2.2.2 Data
Egress PE removes label and
forwards original packet (pop) Forwarding based on Label towards BGP
Next-Hop (Loopback of far end router)
By routing towards 2.2.2.2
BGP
MPLS in Core
0.0.0.0 0.0.0.0
0.0.0.0 0.0.0.0 Next-Hop=PE2
Next-Hop=PE1
Site 1
10.1.1.0/24 CE1 CE2 10.2.1.0/24
R7 R8
P P
PE1 PE2
10.1.1.0/24 R1 R2 10.2.1.0/24
Next-Hop=CE1 R5 Next-Hop=CE2
P P R6
R3 R4
OSPF Area 0
1. Always route towards BGP Next-Hop

2. Routes will be valid on PE Routers
3. Will label switch towards BGP Next-Hop with MPLS enabled
End-to-End BGP and redistribution of routes into OSPF not necessary!

Live Exploration
CML: MPLS/MPBGP Lab Topology
CML: MPLS/MPBGP Lab
P-R1#show ip bgp
% BGP not active
P-R1#show vrf
P-R1#show run | include mpls

mpls label protocol ldp
mpls ip
mpls ip
mpls ip
mpls ldp router-id Loopback0
CML: MPLS/MPBGP Lab
P-R1#show mpls interface
Interface IP Tunnel BGP Static Operational
GigabitEthernet0/1 Yes (ldp) No No No Yes
P-R1#show mpls ldp discovery

Local LDP Identifier:
1.1.1.1:0
Discovery Sources:
Interfaces:
GigabitEthernet0/1 (ldp): xmit/recv
LDP Id: 2.2.2.2:0
LDP Id: 4.4.4.4:0
LDP Id: 5.5.5.5:0
CML: MPLS/MPBGP Lab
P-R1# show ip route ospf

O 2.2.2.2 [110/2] via 192.168.12.2, 2d12h, GigabitEthernet0/1
O 192.168.23.0/24 [110/2] via 192.168.12.2, 2d12h, GigabitEthernet0/1
O 192.168.45.0/24 [110/11] via 192.168.15.5, 00:03:11, GigabitEthernet0/3
[110/11] via 192.168.14.4, 00:03:11, GigabitEthernet0/2
CML: MPLS/MPBGP Lab
P-R1#show mpls ldp neighbor
Peer LDP Ident: 4.4.4.4:0; Local LDP Ident 1.1.1.1:0
TCP connection: 4.4.4.4.37956 - 1.1.1.1.646
State: Oper; Msgs sent/rcvd: 9632/9662; Downstream
Up time: 5d20h
LDP discovery sources:
GigabitEthernet0/2, Src IP addr: 192.168.14.4
Addresses bound to peer LDP Ident:
192.168.34.4 192.168.14.4 4.4.4.4 192.168.45.4
TCP connection: 2.2.2.2.58733 - 1.1.1.1.646
Up time: 5d20h
192.168.12.2 2.2.2.2 192.168.23.2 192.168.26.2
TCP connection: 5.5.5.5.11708 - 1.1.1.1.646
Up time: 5d17h
192.168.15.5 5.5.5.5 192.168.45.5
CML: MPLS/MPBGP Lab
P-R1#show mpls ldp bindings
lib entry: 1.1.1.1/32, rev 8
local binding: label: imp-null
remote binding: lsr: 4.4.4.4:0, label: 18
lib entry: 2.2.2.2/32, rev 28
local binding: label: 25
remote binding: lsr: 2.2.2.2:0, label: imp-null
lib entry: 3.3.3.3/32, rev 14
lib entry: 4.4.4.4/32, rev 12
remote binding: lsr: 4.4.4.4:0, label: imp-null
--More--
CML: MPLS/MPBGP Lab
P-R1#show mpls forwarding-table

Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 50 6.6.6.6/32 0 Gi0/1 192.168.12.2
17 Pop Label 4.4.4.4/32 835004 Gi0/2 192.168.14.4
18 53 3.3.3.3/32 0 Gi0/1 192.168.12.2
19 Pop Label 192.168.45.0/24 0 Gi0/2 192.168.14.4
Pop Label 192.168.45.0/24 0 Gi0/3 192.168.15.5
20 Pop Label 192.168.26.0/24 0 Gi0/1 192.168.12.2
21 Pop Label 192.168.23.0/24 0 Gi0/1 192.168.12.2
22 58 192.168.36.0/24 0 Gi0/1 192.168.12.2
23 Pop Label 192.168.34.0/24 0 Gi0/2 192.168.14.4
24 Pop Label 5.5.5.5/32 798232 Gi0/3 192.168.15.5
25 Pop Label 2.2.2.2/32 0 Gi0/1 192.168.12.2
MP-BGP
MPLS VPN TechnologyRefresher
MPLS VPN Connection Model
Global Address Space
CE P P
VPN 2 VRF Green PE
PE
EIGRP, OSPF, IS-IS, RIPv2, BGP, Static
VPN Backbone IGP
VPN 1 P P
VRF Blue
CE
MP-iBGP VPNv4 Label Exchange

CE Routers PE Routers P Routers
VRF Associates to one or more MPLS Edge routers P routers are in the core of
interfaces on PE the MPLS cloud
Has its own routing table and MPLS forwarding to P routers
forwarding table (CEF) P routers do not need to run BGP
IGP/BGP IP to CE routers
VRF has its own instance for the Do not have knowledge of VPNs
routing protocol Distributes VPN information through MP-
(static, RIP, BGP, EIGRP, OSPF) BGP to other PE routers with VPN-IPv4 Switches packets based on labels
addresses, extended community, VPN (push/pop) not IP
labels
Multi Protocol BGP (MPBGP)
Bringing It All Together
Site 1
10.1.1.0/24 CE1 CE2 10.2.1.0/24
R7 R8
P P
PE1 PE2
10.1.1.0/24 R1 R2 10.2.1.0/24
Next-Hop=CE1 R5 R6 Next-Hop=CE2
P P
VRF Instance R3 R4
VRF Instance
OSPF Area 0
1. PE1 receives an IPv4 update on a VRF interface (eBGP/OSPF/ISIS/RIP/EIGRP)
2. PE1 translates it into VPNv4 address
Assigns an RT per VRF configuration
Rewrites next-hop attribute to itself
Assigns a label based on VRF and/or interface
3. PE1 sends MP-iBGP update to other PE routers

MPLS VPN
CE
Customer 1 VRF VRF-1 P P VRF VRF-1
PE PE CE
EIGRP, OSPF, IS-IS, RIPv2, BGP, Static
VPN Backbone IGP
CE P CE
Customer 2 P
VRF VRF-2
VRF VRF-2
VRF Configuration (PE)
! PE Router Multiple VRFs
MP-iBGP VPNv4
MP-iBGP Configuration (PE) Label Exchange
ip vrf VRF-1 ! PE router
rd 65100:10 router bgp 65102
route-target import 65102:10 no bgp default ipv4-unicast
route-target export 65102:10 neighbor 2.2.2.2 remote-as 65102
ip vrf VRF-2 !
rd 65100:20
address-family vpnv4
route-target import 65102:20
route-target export 65102:20
neighbor 2.2.2.2 send-community extended
!
exit-address-family
Interface FastEthernet0/1.10
!
ip vrf forwarding VRF-1
address-family ipv4 vrf VRF-1
Interface FastEthernet0/1.20
redistribute rip
ip vrf forwarding VRF-2
exit-address-family
Live Exploration
CML: MPLS/MPBGP Lab
PE-R5#show run vrf VRF-R router bgp 56
Current configuration : 456 bytes redistribute rip
ip vrf VRF-R exit-address-family
rd 56:10 !
route-target export 56:10 end
route-target import 56:10
!
!
interface GigabitEthernet0/3
ip address 10.1.57.5 255.255.255.0
duplex auto
speed auto
media-type rj45
!
router rip
!
redistribute bgp 56 metric 5
network 10.0.0.0
no auto-summary
version 2
exit-address-family
!
CML: MPLS/MPBGP Lab
PE-R5#show run | section router bgp
router bgp 56
bgp router-id 5.5.5.5
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 6.6.6.6 remote-as 56
neighbor 6.6.6.6 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family vpnv4
neighbor 6.6.6.6 send-community extended
exit-address-family
!
redistribute rip
exit-address-family
!
address-family ipv4 vrf VRF-S
redistribute static
exit-address-family
CML: MPLS/MPBGP Lab
PE-R5#show bgp vpnv4 unicast all summary

BGP router identifier 5.5.5.5, local AS number 56
BGP table version is 16, main routing table version 16
6 network entries using 936 bytes of memory
6 path entries using 480 bytes of memory
6/6 BGP path/bestpath attribute entries using 960 bytes of memory
2 BGP extended community entries using 48 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 2424 total bytes of memory
BGP activity 6/0 prefixes, 6/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

6.6.6.6 4 56 6374 6276 16 0 0 3d23h 3
CML: MPLS/MPBGP Lab
PE-R5#show bgp vpnv4 unicast vrf VRF-R

BGP table version is 10, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 56:10 (default for vrf VRF-R)
*> 10.1.1.0/24 10.1.57.7 1 32768 ?
*> 10.1.57.0/24 0.0.0.0 0 32768 ?
*>i 10.1.69.0/24 6.6.6.6 0 100 0 ?
*>i 10.2.1.0/24 6.6.6.6 1 100 0 ?
PE-R5#
CML: MPLS/MPBGP Lab
PE-R5#show ip route vrf VRF-R
Routing Table: VRF-R


R 10.1.1.0/24 [120/1] via 10.1.57.7, 00:00:10, GigabitEthernet0/3
C 10.1.57.0/24 is directly connected, GigabitEthernet0/3
L 10.1.57.5/32 is directly connected, GigabitEthernet0/3
B 10.1.69.0/24 [200/0] via 6.6.6.6, 2d11h
B 10.2.1.0/24 [200/1] via 6.6.6.6, 2d11h
CML: MPLS/MPBGP Lab
PE-R5# show ip rip database vrf VRF-R

10.1.1.0/24
[1] via 10.1.57.7, 00:00:22, GigabitEthernet0/3
10.1.57.0/24 directly connected, GigabitEthernet0/3
10.1.69.0/24 redistributed
[5] via 6.6.6.6,
10.2.1.0/24 redistributed
[5] via 6.6.6.6,
CML: MPLS/MPBGP Lab
CE-R7#show ip route

C 10.1.1.0/24 is directly connected, Loopback0
L 10.1.1.1/32 is directly connected, Loopback0
C 10.1.57.0/24 is directly connected, GigabitEthernet0/1
L 10.1.57.7/32 is directly connected, GigabitEthernet0/1
CML: MPLS/MPBGP Lab
CE-R7#ping 10.2.1.1 source 10.1.1.1
!!!!!
CE-R7#traceroute 10.2.1.1 source 10.1.1.1

Tracing the route to 10.2.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 10.1.57.5 111 msec 36 msec 21 msec
2 192.168.15.1 [MPLS: Labels 16/28 Exp 0] 74 msec 88 msec 101 msec
3 192.168.12.2 [MPLS: Labels 50/28 Exp 0] 130 msec 80 msec 57 msec
4 10.1.69.6 [MPLS: Label 28 Exp 0] 110 msec 105 msec 112 msec
5 10.1.69.9 55 msec * 68 msec
CML: MPLS/MPBGP Lab
PE-R5#show bgp vpnv4 unicast vrf VRF-R labels
Network Next Hop In label/Out label
Route Distinguisher: 56:10 (VRF-R)
10.1.1.0/24 10.1.57.7 91/nolabel
10.1.57.0/24 0.0.0.0 92/nolabel(VRF-R)
10.1.69.0/24 6.6.6.6 nolabel/27 16 28 Data
10.2.1.0/24 6.6.6.6 nolabel/28
PE-R5#show mpls forwarding-table

80 16 6.6.6.6/32 0 Gi0/1 192.168.15.1
81 17 4.4.4.4/32 0 Gi0/1 192.168.15.1
82 18 3.3.3.3/32 0 Gi0/1 192.168.15.1
83 25 2.2.2.2/32 0 Gi0/1 192.168.15.1
84 Pop Label 1.1.1.1/32 0 Gi0/1 192.168.15.1
85 23 192.168.34.0/24 0 Gi0/1 192.168.15.1
86 22 192.168.36.0/24 0 Gi0/1 192.168.15.1
87 20 192.168.26.0/24 0 Gi0/1 192.168.15.1
88 21 192.168.23.0/24 0 Gi0/1 192.168.15.1
89 Pop Label 192.168.12.0/24 0 Gi0/1 192.168.15.1
90 Pop Label 192.168.14.0/24 0 Gi0/1 192.168.15.1
91 No Label 10.1.1.0/24[V] 0 Gi0/3 10.1.57.7
92 No Label 10.1.57.0/24[V] 0 aggregate/VRF-R
93 No Label 10.1.1.0/24[V] 0 Gi0/4 10.1.58.8
CML: MPLS/MPBGP Lab
P-R1#show mpls forwarding-table labels 16
16 50 6.6.6.6/32 4287217 Gi0/1 192.168.12.2
P-R2#show mpls forwarding-table labels 50

50 Pop Label 6.6.6.6/32 4474638 Gi0/3 192.168.26.6
PE-R6#show mpls forwarding-table labels 28

28 No Label 10.2.1.0/24[V] 11544 Gi0/3 10.1.69.9
Closing Tips
Personal Insights
Separate the building blocks of MPLS to foster an improved understanding

Dont over complicate things
PE-CE VRF based routing is not much different than regular routing
MPLS LDP Configuration is pretty simple
MPBGP and traditional IPv4 BGP configuration is nearly the same
If routes are not present on CE routers check route-target import/export and
redistribution between IPv4 VRF address-families under IGP and BGP
If routes are present but you are having problems with reachability, check MPLS
configuration
Remember that on PE devices you are living in a VRF world
Q&A
Complete Your Online Session Evaluation
Give us your feedback and receive a
Cisco 2016 T-Shirt by completing the
Overall Event Survey and 5 Session
Evaluations.
Directly from your mobile device on the Cisco Live
Mobile App
By visiting the Cisco Live Mobile Site
http://showcase.genie-connect.com/ciscolivemelbourne2016/
Visit any Cisco Live Internet Station located
throughout the venue
Learn online with Cisco Live!
T-Shirts can be collected Friday 11 March Visit us online after the conference
for full access to session videos and
at Registration presentations.
www.CiscoLiveAPAC.com
Thank you

VRF, MPLS and MPBGP

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

VRF, MPLS and MPBGP

Hochgeladen von

Copyright:

Verfügbare Formate

VRF, MPLS and MPBGP

Device Partitioning Virtualised Interconnect

Virtualising the Routing Extending and Maintaining the

VLANVirtual LAN VRFVirtual Routing and Forwarding

End to End segmentation, per VRF and per

No MP-BGP or control plane signalling is

No LDP is required (i.e. MPLS) VLAN 14

Configuration Note: Devices are IOS Routers

Set unique autonomous system number per VRF

router ospf 2 vrf VRF-O

R1#show ip interface brief

R1#show ip vrf interface

R1#show run | section router rip

Routing Protocol is "rip"

R1#show ip rip database vrf VRF-R

Routing Table: VRF-R

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets

R1#show ip eigrp vrf VRF-E neighbors

R1#show ip eigrp vrf VRF-E topology

P 10.1.114.0/24, 1 successors, FD is 2816

Routing Table: VRF-E

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets

R1#show ip ospf interface br

R1#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

OSPF Router with ID (1.1.1.1) (Process ID 2)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count

Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum

Summary Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum

Routing Table: VRF-O

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets

R1#ping vrf VRF-R 2.2.2.2 source 1.1.1.1

R1#ping vrf VRF-E 2.2.2.2 source 1.1.1.1

R1#ping vrf VRF-O 2.2.2.2 source 1.1.1.1

R2#show ip vrf interface

R1#ping vrf VRF-R 2.2.2.2 source 1.1.1.1

R1#ping vrf VRF-E 2.2.2.2 source 1.1.1.1

R1#ping vrf VRF-O 2.2.2.2 source 1.1.1.1

GRE tunnel interface is VRF aware

interface Loopback0 ip route vrf VRF-S 2.2.2.2 255.255.255.255 10.1.12.2

1.1.1.1 Lo112 VRF-R

Configuration Note: Leveraging Back-to-Back Frame-Relay Configuration

R1#show ip interface brief

R1#show ip vrf interface

Current configuration : 305 bytes

Routing Table: VRF-S

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets

R1#ping vrf VRF-S 2.2.2.2 source 1.1.1.1

Current configuration : 426 bytes

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

R4# show bgp vpnv4 unicast vrf VRF-B

Network Next Hop Metric LocPrf Weight Path

Routing Table: VRF-B

Gateway of last resort is not set

3.0.0.0/32 is subnetted, 1 subnets

R4#traceroute vrf VRF-B 3.3.3.3 source 4.4.4.4