Inter-Autonomous System Mpls VPN: Configuration and Troubleshooting

INTER-AUTONOMOUS SYSTEM MPLS VPN: CONFIGURATION AND TROUBLESHOOTING
DECEMBER 2003
MPLS VPN Inter-AS, 12/03
2003 Cisco Systems, Inc. All rights reserved.
Agenda
Troubleshooting Commands Inter-AS Case Study Inter-AS Summary
BASIC TROUBLESHOOTING COMMANDS
Troubleshooting Commands
Check VRF routing table
show ip route vrf <vrf name> Check the imported route and associated NH address
Check BGP VPNv4 table

show ip bgp vpnv4 all Check routes associated with an RD
Check CEF table CEF

show ip CEF VRF <vrf name> Entries for the imported prefixes from a neighbor
Check TFIB table

show tag forwarding
CASE STUDY
Inter-AS Case Study Agenda

Introduction Configuration Analysis
Backup path check

Load Balancing VPNv4 prefixes across the Inter-AS paths Inter-AS Design Considerations Inter-AS Configurations
Introduction
Case study scenario Setup
Inter-AS VPN Distribution Methods

Next-Hop-Self Method Redistribute Connected Subnet Method Label Switch Path Next-Hop-Self Label Switch Path Redistribute Connected Subnets
Case Study Scenario

Two separate MPLS VPN networks: (AS200 and AS300) that distribute VPN routes between each other. Two Inter-AS (eBGP) connections: primary and backup paths
VPN traffic will normally travel over the primary Inter-AS path and switch over to the backup path in the event of a failure
Four VRFs used in this example:

AS300: VRF green and emerald sites AS200: VRF red and pink
Topology
AS 300 AS 200
Route with * disallowed from crossing AS (does not hold RT 200:777)
vrf green 30.1.1.0
vrf red 20.1.1.0 20.2.1.0 * vrf pink 21.1.1.0 21.2.1.0
VPNv4 Route Distribution between ASs vrf emerald 31.1.1.0 PE-200 eBGP Backup ASBR-B300
Accept all routes Redistribute connected subnets Set MED = 100
PE-300
ASBR-B200 Primary eBGP

Only accept routes with RT = 200:777 Set next-hop = self Set MED = 100
ASBR-A300
ASBR-A200
Only accept routes with RT = 200:777 Set next-hop = self Set MED = 50
IP Addressing for the Topology

PE-300 LO0 LO10 LO11 FA4/0 156.50.10.3/32 30.1.1.1/24 31.1.1.1/24 3.3.3.6/30 vrf green vrf emerald vrf red vrf pink LO0 LO10 LO11 FA4/0 PE-200 166.50.10.3/32 20.1.1.1/24 21.1.1.1/24 2.2.2.6/30
ASBR-B300 LO0 FA0/0 POS4/0 ATM1/0 156.50.10.2/32 3.3.3.5/30 1.1.1.6/30 3.3.3.2/30 ASBR-A300 LO0 POS8/0/0 ATM8/1/0 156.50.10.1/32 1.1.1.2/30 3.3.3.1/30 LO0 POS1/0/0 ATM1/1/0 ASBR-A200 166.50.10.1/32 1.1.1.1/30 2.2.2.1/30 LO0 FA0/0
ASBR-B200 166.50.10.2/32 2.2.2.5/30 1.1.1.5/30 2.2.2.2/30
POS4/0 ATM1/0
10
Inter-AS Distribution Methods

Next-hop-self Method
Changing next-hop to that of the local ASBR for all VPNv4 routes learned from the other ASBR BGP label and NH are changed by the receiving ASBR, which that has next-hop-self enabled
Redistribute-Connected-Subnets
Redistributing the next hop address of the remote ASBR into the local IGP using redistribute connected subnets command Example: BGP label and next hop is not changed when the VPNv4 routes are redistributed into the local AS
Both methods will be used in this case study. ASBR in AS200 will change NH to themselves. ASBRs in AS300 will use host route to NH address of ASBR in AS200.
11
Inter-AS Case Study Specifications

AS 200 has three routers
Primary ASBR: ASBR-A200 Using Next-Hop-Self Method on ASBR-200 Backup ASBR / P router: ASBR-B200 PE: PE-200; two VRFs red and pink
AS 300 has three routers:

Primary ASBR: ASBR-A300
Using Redistribute Connected subnets on ASBR-300

Backup ASBR / P router: ASBR-B300 PE: PE-300; two VRFs green and emerald
12
Inter-AS Distribution: Next-Hop-Self Method on Primary path
AS 300
Network: 300:1:30.1.1.0 156.50.10.3 Next-hop: PE-300 BGP Label: 161
AS 200
Network: 300:1:30.1.1.0 Next-hop:
PE-300
PE-200
166.50.10.1 ABSR-A200
BGP Label: 23
1
ASBR-B300 ASBR-B200
Network: 300:1:30.1.1.0 1.1.1.2 1.1.1.1 166.50.10.1 ASBR-A200 BGP Label: 23 Next-hop:
ASBR-A300
ASBR-A200
2 3
Network: 300:1:30.1.1.0 1.1.1.2 Next-hop: ABSR-A300 BGP Label: 164
13
Inter-AS Distribution: Next-Hop-Self Method

Changing next-hop to that of the local ASBR for all VPNv4
routes learnt from the other ASBR. Sample config for ASBR-A200:
address-family vpnv4 neighbor 1.1.1.2 activate neighbor 1.1.1.2 send-community extended neighbor 1.1.1.2 route-map SETMETRIC out neighbor 166.50.10.3 activate neighbor 166.50.10.3 next-hop-self (! neighbor 166.50.10.3 send-community extended neighbor 166.50.10.3 route-map INTER-AS in exit-address-family ! ip extcommunity-list 10 permit rt 200:777 ! access-list 1 permit any route-map SETMETRIC permit 10 match ip address 1 set metric 50 ! route-map INTER-AS permit 10 match extcommunity 10
PE-200 peer)
14
Inter-AS Distribution: Redistribute Connected Subnet Method

ASBRs in AS300 uses the redistribute connected subnets method to distribute VPNv4 routes BGP next-hop is not changed for remote VPNv4 routes and will remain that of ASBR-A200 which is 1.1.1.1 (the interface address)
AS 300
Network: 200:1:20.1.1.0 1.1.1.1 Next-hop: ABSR-A200 BGP Label: 20
AS 200
Network: 200:1:20.1.1.0 Next-hop:
PE-300
PE-200
166.50.10.3 PE-200
BGP Label: 29
5
ASBR-B300 ASBR-B200
Network: 200:1:20.1.1.0 Next-hop: 1.1.1.1 ABSR-A200
1.1.1.2
1.1.1.1
BGP Label: 20
ASBR-A300
ASBR-A200
Network: 200:1:20.1.1.0 Next-hop: 1.1.1.1 ASBR-A200
2 3
BGP Label: 20
15
Inter-AS Distribution: Label Switch Path Next-Hop-Self
Network: 300:1:30.1.1.0 Network: 300:1:30.1.1.0 156.50.10.3 Next-hop: PE-300 BGP Label: 161 Next-hop: 166.50.10.1 ABSR-A200
AS 300
AS 200
PE-200
BGP Label: 23 IGP Label: 16
PE-300
Network: 300:1:30.1.1.0 156.50.10.3 Next-hop: PE-300 BGP Label: 161 IGP Label: Pop
Network: 300:1:30.1.1.0
ASBR-B300
ASBR-B200
Next-hop:
166.50.10.1 ABSR-A200
BGP Label: 23 IGP Label: Pop
2
Network: 300:1:30.1.1.0 156.50.10.3 Next-hop: PE-300 BGP Label: 161 IGP Label: 162 1.1.1.2 1.1.1.1 Network: 300:1:30.1.1.0 166.50.10.1 Next-hop: ASBR-A200 BGP Label: 23
ASBR-A300
ASBR-A200
3 4
BGP Label: 164
16
Inter-AS Distribution: Label Switch Path Redistribute Connected Subnets
Network: 200:1:20.1.1.0 Next-hop: 166.50.10.3 PE-200
AS 300
AS 200
PE-200
BGP Label: 29
PE-300
Network: 200:1:20.1.1.0 Next-hop: 1.1.1.1 ASBR-A200
Network: 200:1:20.1.1.0
ASBR-B300
ASBR-B200
Next-hop:
166.50.10.3 PE-200
BGP Label: 29 IGP Label: Pop Network: 200:1:20.1.1.0
Network: 200:1:20.1.1.0 1.1.1.1 Next-hop: ASBR-A200 BGP Label: 20 IGP Label: Pop
1.1.1.2
1.1.1.1
Next-hop:
166.50.10.3 PE-200
ASBR-A300
ASBR-A200
5 4
BGP Label: 20
17
Backup path check

Under normal circumstances, all traffic between the Autonomous Systems will travel along the primary eBGP path, circuit addresses 1.1.1.1 1.1.1.2.
This section verifies that the backup path works correctly if the primary path fails
Simple test was executed with traffic originating from PE300 traveling to PE200
Shutdown primary interface on AS200

Backup path is selected on PE-300
18
Backup path check: Traceroute on the primary path

PE-300#trace vrf green 20.1.1.1
Type escape sequence to abort. Tracing the route to 20.1.1.1 1 2 3 4 3.3.3.5 4 msec 4 msec 0 msec 3.3.3.1 4 msec 4 msec 0 msec 1.1.1.1 4 msec 4 msec 0 msec ASBR-A200 primary 2.2.2.2 4 msec 0 msec 4 msec 5 20.1.1.1 0 msec * 0 msec
19
Backup path check: Traceroute on the primary path (Cont.)
PE-300#trace vrf green 20.1.1.1

Type escape sequence to abort. Tracing the route to 20.1.1.1 1 3.3.3.5 0 msec 4 msec 0 msec 2 1.1.1.5 0 msec 0 msec 4 msec ASBR-B200 backup 3 20.1.1.1 0 msec * 0 msec
20
Load Balancing VPNv4 Prefixes Across the Inter-AS Paths

Overview ASBR 200 configurations
PE-200 configuration
PE-300 VPNv4 BGP Table
21
Load Balancing VPNv4 Prefixes Across the Inter-AS Paths: Topology
AS 300
AS 200
Route with * disallowed from crossing AS (does not hold RT 777:1 or RT 777:2) Via gateway 1
vrf green 30.1.1.0
vrf red 20.1.1.0 20.2.1.0 * vrf pink 21.1.1.0 21.2.1.0
VPNv4 Route Distribution between ASs vrf emerald 31.1.1.0

Via gateway 2
PE-300 eBGP Gateway 2 ASBR-B300

PE-200
ASBR-B200 Gateway 1 eBGP

Only accept routes with RT = 777:1 or 777:2 Set next-hop = self Set MED = 50 if RT 777:2 MED=100 if RT 777:1
ASBR-A300
ASBR-A200
Only accept routes with RT = 777:1 or 777:2 Set next-hop = self Set MED = 50 if RT 777:1 MED=100 if RT 777:2
22
Load Balancing VPNv4 Prefixes Across the Inter-AS Paths: Goals and Specs
Goal: load balance VPNv4 prefixes across both Inter-AS links from AS300 to AS200. Note that there are two paths:
Gateway 1 (path between ASBR-A200 and ASBR-A300): only VRF green traffic Gateway 2 (path between ASBR-B200 & ASBR-B300): only VRF emerald traffic
ASBR-A200: accept routes only from VRF green
ASBR-B200: accept routes only from VRF emerald
If load balancing is required in both directions, mirror ASBR-A200 configuration on ASBR-A300 and ASBRB200 configuration on ASBR-B300
23
Load-balancing: VPNv4 Related Specifications

MED is set at each gateway, depending upon the route-target/extcommunity value on the VPNv4 route Route-target = 777:1
Primary: Gateway 1; prefix: MED=50 Backup: Gateway 2; MED=100
Route-target = 777:2
Primary: Gateway 2; prefix: MED=50
Backup: Gateway 1; MED=100
Gateways have both been configured to accept only VPNv4 routes that have the extcommunity attribute 777:1 or 777:2
MPLS VPN Inter-AS, 12/03 24
Load Balancing Across the Inter-AS Paths: PE 200 Configuration

The primary path for VRF pink is via ASBR-B200 All routes in VRF pink have the route-target 777:2; ASBR-A200 will be the backup path (from perspective of the PE-300) The primary path for VRF red is via ASBR-A200; backup path is via ASBR-B200
VRF Prefix RT Primary Backup
Re d
Pin k
20.1.1. 0 20.2.1. 0 21.1.1. 0 21.2.1. 0
200:1 777:1 200:1
ASBR-A200 (1.1.1.1) Denied
ASBR-B200 (1.1.1.5) Denied

ASBR-A200 (1.1.1.1) ASBR-A200 (1.1.1.1)
200:2 777:2 200:2 777:2
ASBR-B200 (1.1.1.5) ASBR-B200 (1.1.1.5)
*should see the red routes via 1.1.1.1 and the pink routes via 1.1.1.5
25
Load Balancing Across the Inter-AS Paths: PE 200 Configuration (Cont.)

ip vrf pink rd 200:2 route-target export 200:2 route-target export 777:2 route-target import 200:2 route-target import 300:2 ! ip vrf red rd 200:1 export map OUT-INTER-AS route-target export 200:1 route-target import 200:1 route-target import 300:1
use ASBR-B200 as the primary path
access-list 10 permit 20.1.1.0 0.0.0.55 route-map OUT-INTER-AS permit 10 match ip address 10 set extcommunity rt 777:1 additive !
use ASBR-A200 as the primary path
26
Load Balancing Across the Inter-AS Paths: ASBR-A200 Configuration

router bgp 200 address-family vpnv4 neighbor 1.1.1.2 activate neighbor 1.1.1.2 send-community extended neighbor 1.1.1.2 route-map SETMETRIC out neighbor 166.50.10.3 activate neighbor 166.50.10.3 next-hop-self neighbor 166.50.10.3 send-community extended neighbor 166.50.10.3 route-map INTER-AS in exit-address-family ! ip extcommunity-list 10 permit rt 777:1 ip extcommunity-list 11 permit rt 777:2 ! route-map SETMETRIC permit 10 match extcommunity 10 set metric 50 Metric is 100 on ASBR-B200 ! route-map SETMETRIC permit 11 match extcommunity 11 set metric 100 Metric is 50 on ASBR-B200 ! route-map INTER-AS permit 10 match extcommunity 10 11 AS200 ASBRs to accept VPNv4 routes
that hold the extcommunity attribute of
777:1 or 777:2
27
Load Balancing Across the Inter-AS Paths: PE-300 VPNv4 BGP Table
PE-300#show ip bgp vpnv4 all
BGP table version is 99, local router ID is 156.50.10.3 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 200:1 *>i20.1.1.0/24 1.1.1.1 50 100 0 200 ? * i 1.1.1.5 100 100 0 200 ? Route Distinguisher: 200:2 * i21.1.1.0/24 1.1.1.1 100 100 0 200 ? *>i 1.1.1.5 50 100 0 200 ? * i21.2.1.0/24 1.1.1.1 100 100 0 200 ? *>i 1.1.1.5 50 100 0 200 ? Route Distinguisher: 300:1 (default for vrf green) *>i20.1.1.0/24 1.1.1.1 50 100 0 200 ? Via ASBR-A200 *> 30.1.1.0/24 0.0.0.0 0 32768 ? Route Distinguisher: 300:2 (default for vrf emerald) *>i21.1.1.0/24 1.1.1.5 50 100 0 200 ? Via ASBR-B200 *>i21.2.1.0/24 1.1.1.5 50 100 0 200 ? Via ASBR-B200 *> 31.1.1.0/24 0.0.0.0 0 32768 ?
Note: BGP VPNv4 table on PE-300 after the VPNv4 routes from AS 200 have been redistributed using the new route-targets and MED values. As can be seen, the best routes have been chosen and imported into the green and emerald VRFs using the lowest metric (MED) the next hop being either 1.1.1.1 or 1.1.1.5. MPLS VPN Inter-AS,
12/03
28
Configurations
ASBR-A200 ASBR-A300
ASBR-B200
ASBR-B300 PE-200
PE-300
29
Configurations: ASBR-A200
hostname ABSR-A200 ! logging rate-limit console 10 except errors ! ip subnet-zero no ip finger no ip domain-lookup ! ip cef distributed call rsvp-sync cns event-service server ! interface Loopback0 ip address 166.50.10.1 255.255.255.255 ! interface ATM1/0/0 ip address 2.2.2.1 255.255.255.252 ip route-cache distributed ip ospf network point-to-point no atm ilmi-keepalive pvc 1/102 broadcast encapsulation aal5snap ! tag-switching ip ! interface POS1/1/0 ip address 1.1.1.1 255.255.255.252 ip route-cache distributed clock source internal pos ais-shut pos report lais pos report lrdi ! router ospf 200 log-adjacency-changes network 2.2.2.0 0.0.0.255 area 0 network 166.50.10.0 0.0.0.255 area 0 ! router bgp 200 no synchronization no bgp default ipv4-unicast no bgp default route-target filter bgp log-neighbor-changes neighbor 1.1.1.2 remote-as 300 neighbor 166.50.10.3 remote-as 200 neighbor 166.50.10.3 update-source Loopback0 ! address-family vpnv4 neighbor 1.1.1.2 activate ! neighbor 1.1.1.2 send-community extended neighbor 1.1.1.2 route-map SETMETRIC out neighbor 166.50.10.3 activate neighbor 166.50.10.3 next-hop-self neighbor 166.50.10.3 send-community extended neighbor 166.50.10.3 route-map INTER-AS in exit-address-family ! ip kerberos source-interface any ip classless no ip http server ip extcommunity-list 10 permit rt 200:777 ! access-list 1 permit any route-map SETMETRIC permit 10 match ip address 1 set metric 50 ! route-map INTER-AS permit 10 match extcommunity 10 ! end
30
Configurations: ASBR-A300
hostname ABSR-A300 ! logging rate-limit console 10 except errors ! ip subnet-zero no ip finger no ip domain-lookup ! ip cef distributed tag-switching tag-range downstream 160 1000 0 call rsvp-sync cns event-service server ! interface Loopback0 ip address 156.50.10.1 255.255.255.255 ! interface ATM8/0/0 ip address 3.3.3.1 255.255.255.252 ip route-cache distributed ip ospf network point-to-point no atm ilmi-keepalive pvc 1/102 broadcast encapsulation aal5snap ! tag-switching ip ! interface POS8/1/0 ip address 1.1.1.2 255.255.255.252 ip route-cache distributed pos ais-shut pos report lais pos report lrdi ! ! router ospf 300 log-adjacency-changes redistribute connected subnets network 3.3.3.0 0.0.0.3 area 0 network 156.50.10.0 0.0.0.255 area 0 ! router bgp 300 no synchronization no bgp default ipv4-unicast no bgp default route-target filter bgp log-neighbor-changes neighbor 1.1.1.1 remote-as 200 neighbor 156.50.10.3 remote-as 300 neighbor 156.50.10.3 update-source Loopback0 ! address-family vpnv4 neighbor 1.1.1.1 activate neighbor 1.1.1.1 send-community extended neighbor 1.1.1.1 route-map SETMETRIC out neighbor 156.50.10.3 activate neighbor 156.50.10.3 send-community extended bgp scan-time 10 bgp scan-time import 10 exit-address-family ! ip kerberos source-interface any ip classless no ip http server ! access-list 1 permit any route-map SETMETRIC permit 10 match ip address 1 set metric 50
31
Configurations: ASBR-B200
hostname ABSR-B200 ! boot system disk0:c7200-js-mz.121-5.T8.bin logging rate-limit console 10 except errors enable password cisco ! ip subnet-zero ! no ip finger no ip domain-lookup ! ip cef call rsvp-sync cns event-service server ! interface Loopback0 ip address 166.50.10.2 255.255.255.255 ! interface FastEthernet0/0 ip address 2.2.2.5 255.255.255.252 duplex full tag-switching ip ! interface ATM3/0 ip address 2.2.2.2 255.255.255.252 ip ospf network point-to-point no atm ilmi-keepalive pvc 1/102 broadcast encapsulation aal5snap ! tag-switching ip ! interface POS4/0 ip address 1.1.1.5 255.255.255.252 no ip route-cache cef clock source internal ! ! interface FastEthernet6/0 ip address 10.64.37.50 255.255.255.0 duplex full ! router ospf 200 log-adjacency-changes network 2.2.2.0 0.0.0.255 area 0 network 166.50.10.0 0.0.0.255 area 0 ! router bgp 200 no synchronization no bgp default ipv4-unicast no bgp default route-target filter bgp log-neighbor-changes neighbor 1.1.1.6 remote-as 300 neighbor 166.50.10.3 remote-as 200 neighbor 166.50.10.3 update-source Loopback0 ! address-family vpnv4 neighbor 1.1.1.6 activate neighbor 1.1.1.6 send-community extended neighbor 1.1.1.6 route-map SETMETRIC out neighbor 166.50.10.3 activate neighbor 166.50.10.3 next-hop-self neighbor 166.50.10.3 send-community extended neighbor 166.50.10.3 route-map INTER-AS in exit-address-family ! ip kerberos source-interface any ip classless no ip http server ip extcommunity-list 10 permit rt 200:777 ! access-list 1 permit any route-map SETMETRIC permit 10 match ip address 1 set metric 100 ! route-map INTER-AS permit 10 match extcommunity 10 ! end
32
Configurations: ASBR-B300
hostname ABSR-B300 ! boot system disk0:c7200-js-mz.121-5.T8.bin logging rate-limit console 10 except errors enable password cisco ! ip subnet-zero ! ! no ip finger no ip domain-lookup ! ip cef tag-switching tag-range downstream 160 1000 0 call rsvp-sync cns event-service server ! interface Loopback0 ip address 156.50.10.2 255.255.255.255 ! interface FastEthernet0/0 ip address 3.3.3.5 255.255.255.252 duplex full tag-switching ip ! interface ATM3/0 ip address 3.3.3.2 255.255.255.252 ip ospf network point-to-point no atm ilmi-keepalive pvc 1/102 broadcast encapsulation aal5snap ! tag-switching ip ! interface POS4/0 ip address 1.1.1.6 255.255.255.252 no ip route-cache cef ! router ospf 300 log-adjacency-changes redistribute connected subnets network 3.3.3.0 0.0.0.3 area 0 network 3.3.3.4 0.0.0.3 area 0 network 156.50.10.0 0.0.0.255 area 0 ! router bgp 300 no synchronization no bgp default ipv4-unicast no bgp default route-target filter bgp log-neighbor-changes neighbor 1.1.1.5 remote-as 200 neighbor 156.50.10.3 remote-as 300 neighbor 156.50.10.3 update-source Loopback0 ! address-family vpnv4 neighbor 1.1.1.5 activate neighbor 1.1.1.5 send-community extended neighbor 1.1.1.5 route-map SETMETRIC out neighbor 156.50.10.3 activate neighbor 156.50.10.3 send-community extended bgp scan-time 10 bgp scan-time import 10 exit-address-family ! ip kerberos source-interface any ip classless no ip http server ! access-list 1 permit any route-map SETMETRIC permit 10 match ip address 1 set metric 100 ! end
33
Configurations: PE-200
hostname PE-200 ! boot system disk0:c7200-js-mz.121-5c.E8.bin ! ip subnet-zero ! ip vrf pink rd 200:2 route-target export 200:2 route-target export 200:777 route-target import 200:2 route-target import 300:2 ! ip vrf red rd 200:1 export map OUT-INTER-AS route-target export 200:1 route-target import 200:1 route-target import 300:1 ip cef tag-switching tdp router-id Loopback0 cns event-service server ! interface Loopback0 ip address 166.50.10.3 255.255.255.255 ! interface Loopback10 ip vrf forwarding red ip address 20.1.1.1 255.255.255.0 ! interface Loopback11 ip vrf forwarding pink ip address 21.1.1.1 255.255.255.0 ! interface FastEthernet4/0 ip address 2.2.2.6 255.255.255.252 no ip route-cache cef duplex full tag-switching ip ! router ospf 200 log-adjacency-changes network 2.2.2.0 0.0.0.255 area 0 network 166.50.10.0 0.0.0.255 area 0 router bgp 200 no synchronization no bgp default ipv4-unicast bgp log-neighbor-changes neighbor 166.50.10.1 remote-as 200 neighbor 166.50.10.1 update-source Loopback0 neighbor 166.50.10.2 remote-as 200 neighbor 166.50.10.2 update-source Loopback0 default-information originate ! address-family ipv4 vrf red redistribute connected redistribute static no auto-summary no synchronization exit-address-family ! address-family ipv4 vrf pink redistribute connected redistribute static default-information originate no auto-summary no synchronization exit-address-family ! address-family vpnv4 neighbor 166.50.10.1 activate neighbor 166.50.10.1 send-community extended neighbor 166.50.10.2 activate neighbor 166.50.10.2 send-community extended default-information originate exit-address-family ! ip classless ip route vrf red 20.2.1.0 255.255.255.0 Loopback10 20.1.1.2 ip route vrf pink 21.2.1.0 255.255.255.0 Loopback11 21.1.1.2 no ip http server ! access-list 10 permit 20.1.1.0 0.0.0.55 route-map OUT-INTER-AS permit 10 match ip address 10 set extcommunity rt 200:777 additive ! end
34
Configurations: PE-300
hostname PE-300 ! ip subnet-zero ! no ip finger no ip domain-lookup ! ip vrf emerald rd 300:2 route-target export 300:2 route-target import 300:2 route-target import 200:2 ! ip vrf green rd 300:1 route-target export 300:1 route-target import 300:1 route-target import 200:1 ip cef tag-switching tag-range downstream 160 1000 0 cns event-service server ! interface Loopback0 ip address 156.50.10.3 255.255.255.255 ! interface Loopback10 ip vrf forwarding green ip address 30.1.1.1 255.255.255.0 ! interface Loopback11 ip vrf forwarding emerald ip address 31.1.1.1 255.255.255.0 ! interface ATM1/0 no ip address no ip route-cache cef no atm ilmi-keepalive ! interface FastEthernet4/0 ip address 3.3.3.6 255.255.255.252 duplex full tag-switching ip ! router ospf 300 log-adjacency-changes network 3.3.3.4 0.0.0.3 area 0 network 156.50.10.0 0.0.0.255 area 0 ! router bgp 300 no synchronization no bgp default ipv4-unicast bgp log-neighbor-changes neighbor 156.50.10.1 remote-as 300 neighbor 156.50.10.1 update-source Loopback0 neighbor 156.50.10.2 remote-as 300 neighbor 156.50.10.2 update-source Loopback0 ! address-family ipv4 vrf green redistribute connected no auto-summary no synchronization exit-address-family ! address-family ipv4 vrf emerald redistribute connected no auto-summary no synchronization exit-address-family ! address-family vpnv4 neighbor 156.50.10.1 activate neighbor 156.50.10.1 send-community extended neighbor 156.50.10.2 activate neighbor 156.50.10.2 send-community extended bgp scan-time 15 bgp scan-time import 10 exit-address-family ! ip classless no ip http server ! tftp-server disk0:c7200-js-mz.121-5c.E8.bin ! end
35
INTER-AS SUMMARY
36
Inter-AS Summary
Service Providers have deployed Inter-AS for:
Scalability purposes Partitioning the network based on services or management boundaries
Some contract work is in progress amongst Service Providers to establish partnership and offer end-end VPN services to the common customer base Service Provider networks are completely separate
Do not need to exchange internal prefix or label information
Each Service Provider establishes a direct MP-eBGP session with the others to exchange VPN-IPv4 addresses with labels /32 route to reach the ASBR is created by default so ASBRs can communicate without a need for IGP
Must be redistributed in the receiving Service Providers IGP
37
Inter-AS Summary (Cont.)

IGP or LDP across ASBR links is not required
Labels are already assigned to the routes when exchanged via MPeBGP
Interface used to establish MP-eBGP session does not need to be associated with a VRF
Direct eBGP routes and labels can be exchanged. Next-Hop self can be turned on on ASBRs, enabling the ASBR to use its own address for next-hop Using the next-hop self requires an additional entry in the TFIB for each VPNv4 route (about 180) bytes
If the Service Provider wishes to hide the Inter-AS link then use the next-hop-self method otherwise use the redistribute connected subnets method
38
Inter-AS Summary (Cont.)

Multi-hop MP-eBGP sessions can be passed between Service Providers without conversions to VPNv4 routes Configuration of VRFs is not required on the ASBRs because bgp default route-target filter (automatic route filtering feature) has been disabled To conserve memory on both sides of the boundary and implement a simple form of security, always configure inbound route-maps to filter only routes that need to be passed to the other AS
39
References
Inter-AS for MPLS VPNs CCO Documentation:
www.cisco.com/univercd/cc/td/doc/product/software/ios121/ 121newft/121t/121t5/interas.htm
MPLS and VPN architectures Jim Guichard/Ivan Pepelnjak ISBN 1-58705-002-1:

www.ciscopress.com/book.cfm?book=168
Support for Inter-provider MPLS VPN ENG-48803 Dan Tappan, (internal only)
40
41

Inter-Autonomous System Mpls VPN: Configuration and Troubleshooting

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Inter-Autonomous System Mpls VPN: Configuration and Troubleshooting

Hochgeladen von

Copyright:

Verfügbare Formate

INTER-AUTONOMOUS SYSTEM MPLS VPN: CONFIGURATION AND TROUBLESHOOTING

MPLS VPN Inter-AS, 12/03

2003 Cisco Systems, Inc. All rights reserved.

MPLS VPN Inter-AS, 12/03

2003 Cisco Systems, Inc. All rights reserved.

BASIC TROUBLESHOOTING COMMANDS

MPLS VPN Inter-AS, 12/03

2003 Cisco Systems, Inc. All rights reserved.

Check BGP VPNv4 table

Check CEF table CEF

Check TFIB table

MPLS VPN Inter-AS, 12/03

2003 Cisco Systems, Inc. All rights reserved.

Inter-AS Case Study Agenda

Backup path check

MPLS VPN Inter-AS, 12/03

2003 Cisco Systems, Inc. All rights reserved.

Inter-AS VPN Distribution Methods

MPLS VPN Inter-AS, 12/03

2003 Cisco Systems, Inc. All rights reserved.

Case Study Scenario

Four VRFs used in this example:

MPLS VPN Inter-AS, 12/03

2003 Cisco Systems, Inc. All rights reserved.

vrf green 30.1.1.0

vrf red 20.1.1.0 20.2.1.0 * vrf pink 21.1.1.0 21.2.1.0

ASBR-B200 Primary eBGP

Accept all routes Redistribute connected subnets Set MED = 50

MPLS VPN Inter-AS, 12/03

2003 Cisco Systems, Inc. All rights reserved.

IP Addressing for the Topology

ASBR-B200 166.50.10.2/32 2.2.2.5/30 1.1.1.5/30 2.2.2.2/30

MPLS VPN Inter-AS, 12/03

2003 Cisco Systems, Inc. All rights reserved.

Inter-AS Distribution Methods

MPLS VPN Inter-AS, 12/03

2003 Cisco Systems, Inc. All rights reserved.

Inter-AS Case Study Specifications

AS 300 has three routers:

Using Redistribute Connected subnets on ASBR-300

MPLS VPN Inter-AS, 12/03

2003 Cisco Systems, Inc. All rights reserved.

Inter-AS Distribution: Next-Hop-Self Method on Primary path

Network: 300:1:30.1.1.0 156.50.10.3 Next-hop: PE-300 BGP Label: 161

Network: 300:1:30.1.1.0 1.1.1.2 1.1.1.1 166.50.10.1 ASBR-A200 BGP Label: 23 Next-hop:

Network: 300:1:30.1.1.0 1.1.1.2 Next-hop: ABSR-A300 BGP Label: 164

MPLS VPN Inter-AS, 12/03

2003 Cisco Systems, Inc. All rights reserved.

Inter-AS Distribution: Next-Hop-Self Method

Inter-AS Distribution: Redistribute Connected Subnet Method

Network: 200:1:20.1.1.0 Next-hop: 1.1.1.1 ABSR-A200

Network: 200:1:20.1.1.0 166.50.10.3 Next-hop: PE-200 BGP Label: 29

Network: 200:1:20.1.1.0 Next-hop: 1.1.1.1 ASBR-A200

MPLS VPN Inter-AS, 12/03

2003 Cisco Systems, Inc. All rights reserved.

Inter-AS Distribution: Label Switch Path Next-Hop-Self

BGP Label: 23 IGP Label: 16

BGP Label: 23 IGP Label: Pop

Network: 300:1:30.1.1.0 Next-hop: 1.1.1.2 ABSR-A300

BGP Label: 164

MPLS VPN Inter-AS, 12/03

2003 Cisco Systems, Inc. All rights reserved.