Tuesday, November 13, 2007

MPLS VPN Inter-AS [Cisco Config Sample]


MPLS VPN Inter-AS - IPFlow Netflow Collector



MPLS VPN Inter-AS


From IPFlow Netflow Collector

Inter-AS MPLS VPN Configuration Example


This is a simple example of Inter-AS MPLS VPN configuration on Cisco routers (using Dynamips and GNS3).


Author: Christophe Fillot - 06-Nov-2007


Table of contents [showhide]


1 Topology


2 IOS configurations


3 Dynamips/Dynagen/GNS3 configuration


4 Description


5 Configuring VPNv4 eBGP


6 Verifying the configuration


7 Traceroute example


[edit]


Topology


Image:MPLS_VPN_IAS_topo.png


[edit]


IOS configurations



  • P1 (http://www.ipflow.utc.fr/configs/MPLS_VPN_IAS/P1.cfg)

  • P2 (http://www.ipflow.utc.fr/configs/MPLS_VPN_IAS/P2.cfg)

  • PE1 (http://www.ipflow.utc.fr/configs/MPLS_VPN_IAS/PE1.cfg)

  • PE2 (http://www.ipflow.utc.fr/configs/MPLS_VPN_IAS/PE2.cfg)

  • ASBR1 (http://www.ipflow.utc.fr/configs/MPLS_VPN_IAS/ASBR1.cfg)

  • ASBR2 (http://www.ipflow.utc.fr/configs/MPLS_VPN_IAS/ASBR2.cfg)


[edit]


Dynamips/Dynagen/GNS3 configuration


You can use this configuration file (http://www.ipflow.utc.fr/configs/MPLS_VPN_IAS/mpls_vpn_ias.net) directly with Dynagen or GNS3. Change the working directory and Cisco IOS image path to match your needs.


[edit]


Description


We want to exchange MPLS/VPN routes between two different Autonomous Systems (AS): P1, PE1 and ASBR1 are in AS #100, while P2, PE2 and ASBR2 are in AS #200.


There is nothing specific in the configurations of P1, P2, PE1 and PE2 (classical MPLS/VPN), and VPNv4 eBGP will be used between ASBR1 and ASBR2.


[edit]


Configuring VPNv4 eBGP


The configuration of ASBR1 and ASBR2 interfaces is as follows (note that LDP is not enabled):



ASBR1#sh run int fa 0/0
interface FastEthernet0/0
description To ASBR2
ip address 123.0.0.1 255.255.255.252
!

ASBR2#sh run int fa 0/0
interface FastEthernet0/0
description To ASBR1
ip address 123.0.0.2 255.255.255.252
!


A MP-eBGP session is established between ASBR1 and ASBR2:



ASBR1#sh run | begin ^router bgp
router bgp 100
no bgp default ipv4-unicast
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 10.10.0.1 remote-as 100
neighbor 10.10.0.1 update-source Loopback0
neighbor 123.0.0.2 remote-as 200
!
address-family vpnv4
neighbor 10.10.0.1 activate
neighbor 10.10.0.1 send-community extended
neighbor 123.0.0.2 activate
neighbor 123.0.0.2 send-community both
exit-address-family
!


The "no bgp default route-target filter" command prevents the BGP process to filter routes which are not imported locally with the route-targets.


Note: make sure that the PE routers (here, PE1 and PE2) can reach the ASBR routers (here, 123.0.0.0/30 subnet).


[edit]




Verifying the configuration



MPLS prefixes learnt through BGP:



ASBR1#sh ip bgp vpnv4 all
BGP table version is 7, local router ID is 10.10.0.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1
*>i100.1.0.1/32 10.10.0.1 0 100 0 ?
*> 200.1.0.1/32 123.0.0.2 0 200 ?
Route Distinguisher: 100:2
*>i100.2.0.1/32 10.10.0.1 0 100 0 ?
*> 200.2.0.1/32 123.0.0.2 0 200 ?
Route Distinguisher: 100:3
*>i100.3.0.1/32 10.10.0.1 0 100 0 ?
*> 200.3.0.1/32 123.0.0.2 0 200 ?


MPLS labels learnt with BGP:



ASBR1#sh ip bgp vpnv4 all labels
Network Next Hop In label/Out label
Route Distinguisher: 100:1
100.1.0.1/32 10.10.0.1 26/18
200.1.0.1/32 123.0.0.2 nolabel/26
Route Distinguisher: 100:2
100.2.0.1/32 10.10.0.1 27/19
200.2.0.1/32 123.0.0.2 nolabel/27
Route Distinguisher: 100:3
100.3.0.1/32 10.10.0.1 28/20
200.3.0.1/32 123.0.0.2 nolabel/28


MPLS LFIB:



ASBR1#sh mpls for
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 16 10.10.0.1/32 0 Fa1/0 10.1.1.1
17 Pop tag 10.10.0.0/32 0 Fa1/0 10.1.1.1
18 Pop tag 10.1.0.0/30 0 Fa1/0 10.1.1.1
22 Pop tag 123.0.0.2/32 2738 Fa0/0 123.0.0.2
26 18 100:1:100.1.0.1/32 \
5554 Fa1/0 10.1.1.1
27 19 100:2:100.2.0.1/32 \
0 Fa1/0 10.1.1.1
28 20 100:3:100.3.0.1/32 \
0 Fa1/0 10.1.1.1

ASBR2#sh mpls for
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 16 10.20.0.1/32 0 Fa1/0 10.2.1.1
17 Pop tag 10.20.0.0/32 0 Fa1/0 10.2.1.1
18 Pop tag 10.2.0.0/30 0 Fa1/0 10.2.1.1
22 Pop tag 123.0.0.1/32 7838 Fa0/0 123.0.0.1
26 18 100:1:200.1.0.1/32 \
3658 Fa1/0 10.2.1.1
27 19 100:2:200.2.0.1/32 \
1524 Fa1/0 10.2.1.1
28 20 100:3:200.3.0.1/32 \
0 Fa1/0 10.2.1.1


[edit]




Traceroute example



We run a traceroute in VRF VPN1 from PE1 (100.1.0.1) to PE2 (200.1.0.1):



PE1#trace vrf VPN1 200.1.0.1

Type escape sequence to abort.
Tracing the route to 200.1.0.1

1 10.1.0.1 [MPLS: Labels 18/26 Exp 0] 72 msec 60 msec 28 msec
2 10.1.1.2 [MPLS: Labels 22/26 Exp 0] 28 msec 60 msec 68 msec
3 123.0.0.2 [MPLS: Label 26 Exp 0] 28 msec 32 msec 28 msec
4 10.2.1.1 [MPLS: Labels 16/18 Exp 0] 28 msec 20 msec 32 msec
5 200.1.0.1 28 msec * 16 msec


As we can see with CEF commands, two labels are used by PE1 to reach PE2/200.1.0.1: {18 26}



PE1#sh ip cef vrf VPN1 200.1.0.1
200.1.0.1/32, version 8, epoch 0, cached adjacency 10.1.0.1
0 packets, 0 bytes
tag information set
local tag: VPN-route-head
fast tag rewrite with Fa0/0, 10.1.0.1, tags imposed: {18 26}
via 123.0.0.2, 0 dependencies, recursive
next hop 10.1.0.1, FastEthernet0/0 via 123.0.0.2/32
valid cached adjacency
tag rewrite with Fa0/0, 10.1.0.1, tags imposed: {18 26}


Label {18} corresponds to 123.0.0.2 (ASBR2), and {26} is the VPN label chosen by ASBR2 for this route.


If we examine ASBR2 label table for label {26}, we have:



ASBR2#sh mpls for label 26 detail
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
26 18 100:1:200.1.0.1/32 \
3658 Fa1/0 10.2.1.1
MAC/Encaps=14/22, MRU=1496, Tag Stack{16 18}
CA030C27001CCA010C22001C8847 0001000000012000
No output feature configured


We can see that label {26} is removed and replaced by labels {16 18}: {16} corresponds to PE2, while {18} is the VPN label chosen by PE2.


Retrieved from "http://www.ipflow.utc.fr/index.php/MPLS_VPN_Inter-AS"