Home > Service Provider > Inter-AS MPLS VPN using MP-EBGP VPNv4

Inter-AS MPLS VPN using MP-EBGP VPNv4

There are a requirement from one company, who want to connect their sites that connected to the different ISP MPLS VPN. To fulfill the requirement, the two ISPs need to interconnect their MPLS Autonomous Systems. For this purpose, we can use a few method below:

  • Back to back VRF
  • VPNv4 MP-EBGP
  • VPNv4 MP-EBGP between RR

The easy method and less security impact, is back to back VRF connection, but it is not scalable. The VPNv4 MP-EBGP without or with RR as ASBR, is more scalable, but need deeply security concern.

In this article, we will not discuss about how to secure the inter-AS MPLS connection (i hope i will cover it in the next article). We just highlight the mandatory configuration between the two ASBRs to provide the inter-AS MPLS connection.

Here are the connection diagram:

interas-mpls

Here are the important configuration on the PE-ABC-1 and PE-XYZ-1 for the interface and VRF.  For example we use vrf  Company. We don’t use CE routers, instead just loopback interfaces at the PEs acting like the interface that facing to the CE router:

hostname PE-ABC-1
!
ip cef
ip vrf Company
rd 100:111
route-target export 100:111
route-target import 100:111
route-target import 200:222
!
!
interface Loopback0
ip address 10.10.127.1 255.255.255.255
no ip directed-broadcast
!
interface Loopback111
ip vrf forwarding Company
ip address 10.10.111.1 255.255.255.255
no ip directed-broadcast
!
interface FastEthernet1/1
ip address 10.10.12.1 255.255.255.0
no ip directed-broadcast
duplex half
speed auto
mpls label protocol ldp
tag-switching ip
!
router bgp 100
no synchronization
bgp router-id 10.10.127.1
bgp log-neighbor-changes
neighbor 10.10.127.3 remote-as 100
neighbor 10.10.127.3 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 10.10.127.3 activate
neighbor 10.10.127.3 send-community both
exit-address-family
!
address-family ipv4 vrf Company
redistribute connected
no synchronization
exit-address-family
!

hostname PE-XYZ-1
ip cef
ip vrf Company
rd 200:222
route-target export 200:222
route-target import 200:222
route-target import 100:111
!
interface Loopback0
ip address 100.100.127.3 255.255.255.255
no ip directed-broadcast
!
interface Loopback222
ip vrf forwarding Company
ip address 10.10.222.1 255.255.255.255
no ip directed-broadcast
!
interface FastEthernet1/0
ip address 100.100.23.3 255.255.255.0
no ip directed-broadcast
duplex half
speed auto
mpls label protocol ldp
tag-switching ip
!
router bgp 200
no synchronization
bgp router-id 100.100.127.3
bgp log-neighbor-changes
neighbor 100.100.127.1 remote-as 200
neighbor 100.100.127.1 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 100.100.127.1 activate
neighbor 100.100.127.1 send-community extended
exit-address-family
!
address-family ipv4 vrf Company
redistribute connected
no synchronization
exit-address-family
!

And here are the important configuration for the two PE-ASBR for MP-EBGP VPNv4 connection:

hostname PE-ABC-ASBR
!

ip cef
interface Loopback0
ip address 10.10.127.3 255.255.255.255
no ip directed-broadcast
!
interface FastEthernet1/0
ip address 10.10.23.3 255.255.255.0
no ip directed-broadcast
duplex half
speed auto
mpls label protocol ldp
tag-switching ip
!
interface FastEthernet1/1
ip address 172.16.0.1 255.255.255.252
no ip directed-broadcast
!
router bgp 100
no synchronization
bgp router-id 10.10.127.3
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 10.10.127.1 remote-as 100
neighbor 10.10.127.1 update-source Loopback0
neighbor 172.16.0.2 remote-as 200
no auto-summary
!
address-family vpnv4
neighbor 10.10.127.1 activate
neighbor 10.10.127.1 send-community extended
neighbor 10.10.127.1 next-hop-self
neighbor 172.16.0.2 activate
neighbor 172.16.0.2 send-community extended
exit-address-family
!

hostname PE-XYZ-ASBR
ip cef
!
interface Loopback0
ip address 100.100.127.1 255.255.255.255
!
interface FastEthernet0/0
ip address 172.16.0.2 255.255.255.252
!
interface FastEthernet1/0
ip address 100.100.12.1 255.255.255.0
duplex auto
speed auto
mpls label protocol ldp
mpls ip
!
router bgp 200
no synchronization
bgp router-id 100.100.127.1
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 100.100.127.3 remote-as 200
neighbor 100.100.127.3 update-source Loopback0
neighbor 172.16.0.1 remote-as 100
no auto-summary
!
address-family vpnv4
neighbor 100.100.127.3 activate
neighbor 100.100.127.3 send-community extended
neighbor 100.100.127.3 next-hop-self
neighbor 172.16.0.1 activate
neighbor 172.16.0.1 send-community extended
exit-address-family
!

Note that because we don’t configure the vrf, rd and the route-target in the two PE-ASBRs, we need to turn off the BGP route-target filter, so we can receive the vpnv4 routes. We use “no bgp default route-target filter” command.

Verify the vpnv4 bgp connection and routes on PE-ASBRs:

PE-XYZ-ASBR#sh ip bgp vpnv4 all summary
BGP router identifier 100.100.127.1, local AS number 200
Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
100.100.127.3   4   200      35      36       11    0    0 00:26:38        1
172.16.0.1      4   100      81      81       11    0    0 00:07:25        1

PE-XYZ-ASBR#sh ip bgp vpnv4 all
BGP table version is 11, local router ID is 100.100.127.1
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:111
*> 10.10.111.1/32   172.16.0.1                             0 100 ?
Route Distinguisher: 200:222
*>i10.10.222.1/32   100.100.127.3            0    100      0 ?

PE-ABC-ASBR#sh ip bgp vpnv4 all summary
BGP router identifier 10.10.127.3, local AS number 100
Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.10.127.1     4   100      83      83        7    0    0 00:08:27        1
172.16.0.2      4   200      82      82        7    0    0 00:08:24        1

PE-ABC-ASBR#sh ip bgp vpnv4 all
BGP table version is 7, local router ID is 10.10.127.3
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete
Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:111
*>i10.10.111.1/32   10.10.127.1              0    100      0 ?
Route Distinguisher: 200:222
*> 10.10.222.1/32   172.16.0.2                             0 200 ?

Verify the IPv4 vrf routes on and connectivity the PE-ABC1 and PE-XYZ-1:

PE-ABC-1#sh ip route vrf Company
Gateway of last resort is not set
10.0.0.0/32 is subnetted, 2 subnets
C       10.10.111.1 is directly connected, Loopback111
B       10.10.222.1 [200/0] via 10.10.127.3, 00:10:23
PE-ABC-1#ping vrf BMW-EURO 10.10.222.1
Sending 5, 100-byte ICMP Echos to 10.10.222.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 168/205/268 ms

PE-XYZ-1#sh ip route vrf Company
Gateway of last resort is not set
10.0.0.0/32 is subnetted, 2 subnets
B       10.10.111.1 [200/0] via 100.100.127.1, 00:12:40
C       10.10.222.1 is directly connected, Loopback222
PE-XYZ-1#ping vrf Company 10.10.111.1
Sending 5, 100-byte ICMP Echos to 10.10.111.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 124/162/220 ms

Advertisements
  1. amit
    April 29, 2009 at 9:03 am

    How can your PE-ABC-1 and PE-XYZ-1 routers reach 172.16.0.0/30 network if they are not redistributed by their corresponding ASBRs?

  2. amit
    April 29, 2009 at 9:06 am

    That’s ok, I just realized that you dont need to redistribute that prefix since the next-hops are the ASBRs themselves.

    Thanks.

    • irwanp
      May 15, 2009 at 10:53 am

      Yes Amit, we used next-hop-self feature, so we don’t need to redistribute the prefixes.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: