MPLS VPN Inter-AS
From IPFlow Netflow Collector
Inter-AS MPLS VPN Configuration Example
This is a simple example of Inter-AS MPLS VPN configuration on Cisco routers (using Dynamips and GNS3).
Author: Christophe Fillot - 06-Nov-2007
| Table of contents |
Topology
IOS configurations
- P1 (http://www.ipflow.utc.fr/configs/MPLS_VPN_IAS/P1.cfg)
- P2 (http://www.ipflow.utc.fr/configs/MPLS_VPN_IAS/P2.cfg)
- PE1 (http://www.ipflow.utc.fr/configs/MPLS_VPN_IAS/PE1.cfg)
- PE2 (http://www.ipflow.utc.fr/configs/MPLS_VPN_IAS/PE2.cfg)
- ASBR1 (http://www.ipflow.utc.fr/configs/MPLS_VPN_IAS/ASBR1.cfg)
- ASBR2 (http://www.ipflow.utc.fr/configs/MPLS_VPN_IAS/ASBR2.cfg)
Dynamips/Dynagen/GNS3 configuration
You can use this configuration file (http://www.ipflow.utc.fr/configs/MPLS_VPN_IAS/mpls_vpn_ias.net) directly with Dynagen or GNS3. Change the working directory and Cisco IOS image path to match your needs.
Description
We want to exchange MPLS/VPN routes between two different Autonomous Systems (AS): P1, PE1 and ASBR1 are in AS #100, while P2, PE2 and ASBR2 are in AS #200.
There is nothing specific in the configurations of P1, P2, PE1 and PE2 (classical MPLS/VPN), and VPNv4 eBGP will be used between ASBR1 and ASBR2.
Configuring VPNv4 eBGP
The configuration of ASBR1 and ASBR2 interfaces is as follows (note that LDP is not enabled):
ASBR1#sh run int fa 0/0 interface FastEthernet0/0 description To ASBR2 ip address 123.0.0.1 255.255.255.252 ! ASBR2#sh run int fa 0/0 interface FastEthernet0/0 description To ASBR1 ip address 123.0.0.2 255.255.255.252 !
A MP-eBGP session is established between ASBR1 and ASBR2:
ASBR1#sh run | begin ^router bgp router bgp 100 no bgp default ipv4-unicast no bgp default route-target filter bgp log-neighbor-changes neighbor 10.10.0.1 remote-as 100 neighbor 10.10.0.1 update-source Loopback0 neighbor 123.0.0.2 remote-as 200 ! address-family vpnv4 neighbor 10.10.0.1 activate neighbor 10.10.0.1 send-community extended neighbor 123.0.0.2 activate neighbor 123.0.0.2 send-community both exit-address-family !
The "no bgp default route-target filter" command prevents the BGP process to filter routes which are not imported locally with the route-targets.
Note: make sure that the PE routers (here, PE1 and PE2) can reach the ASBR routers (here, 123.0.0.0/30 subnet).
Verifying the configuration
MPLS prefixes learnt through BGP:
ASBR1#sh ip bgp vpnv4 all
BGP table version is 7, local router ID is 10.10.0.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1
*>i100.1.0.1/32 10.10.0.1 0 100 0 ?
*> 200.1.0.1/32 123.0.0.2 0 200 ?
Route Distinguisher: 100:2
*>i100.2.0.1/32 10.10.0.1 0 100 0 ?
*> 200.2.0.1/32 123.0.0.2 0 200 ?
Route Distinguisher: 100:3
*>i100.3.0.1/32 10.10.0.1 0 100 0 ?
*> 200.3.0.1/32 123.0.0.2 0 200 ?
MPLS labels learnt with BGP:
ASBR1#sh ip bgp vpnv4 all labels Network Next Hop In label/Out label Route Distinguisher: 100:1 100.1.0.1/32 10.10.0.1 26/18 200.1.0.1/32 123.0.0.2 nolabel/26 Route Distinguisher: 100:2 100.2.0.1/32 10.10.0.1 27/19 200.2.0.1/32 123.0.0.2 nolabel/27 Route Distinguisher: 100:3 100.3.0.1/32 10.10.0.1 28/20 200.3.0.1/32 123.0.0.2 nolabel/28
MPLS LFIB:
ASBR1#sh mpls for
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 16 10.10.0.1/32 0 Fa1/0 10.1.1.1
17 Pop tag 10.10.0.0/32 0 Fa1/0 10.1.1.1
18 Pop tag 10.1.0.0/30 0 Fa1/0 10.1.1.1
22 Pop tag 123.0.0.2/32 2738 Fa0/0 123.0.0.2
26 18 100:1:100.1.0.1/32 \
5554 Fa1/0 10.1.1.1
27 19 100:2:100.2.0.1/32 \
0 Fa1/0 10.1.1.1
28 20 100:3:100.3.0.1/32 \
0 Fa1/0 10.1.1.1
ASBR2#sh mpls for
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 16 10.20.0.1/32 0 Fa1/0 10.2.1.1
17 Pop tag 10.20.0.0/32 0 Fa1/0 10.2.1.1
18 Pop tag 10.2.0.0/30 0 Fa1/0 10.2.1.1
22 Pop tag 123.0.0.1/32 7838 Fa0/0 123.0.0.1
26 18 100:1:200.1.0.1/32 \
3658 Fa1/0 10.2.1.1
27 19 100:2:200.2.0.1/32 \
1524 Fa1/0 10.2.1.1
28 20 100:3:200.3.0.1/32 \
0 Fa1/0 10.2.1.1
Traceroute example
We run a traceroute in VRF VPN1 from PE1 (100.1.0.1) to PE2 (200.1.0.1):
PE1#trace vrf VPN1 200.1.0.1 Type escape sequence to abort. Tracing the route to 200.1.0.1 1 10.1.0.1 [MPLS: Labels 18/26 Exp 0] 72 msec 60 msec 28 msec 2 10.1.1.2 [MPLS: Labels 22/26 Exp 0] 28 msec 60 msec 68 msec 3 123.0.0.2 [MPLS: Label 26 Exp 0] 28 msec 32 msec 28 msec 4 10.2.1.1 [MPLS: Labels 16/18 Exp 0] 28 msec 20 msec 32 msec 5 200.1.0.1 28 msec * 16 msec
As we can see with CEF commands, two labels are used by PE1 to reach PE2/200.1.0.1: {18 26}
PE1#sh ip cef vrf VPN1 200.1.0.1
200.1.0.1/32, version 8, epoch 0, cached adjacency 10.1.0.1
0 packets, 0 bytes
tag information set
local tag: VPN-route-head
fast tag rewrite with Fa0/0, 10.1.0.1, tags imposed: {18 26}
via 123.0.0.2, 0 dependencies, recursive
next hop 10.1.0.1, FastEthernet0/0 via 123.0.0.2/32
valid cached adjacency
tag rewrite with Fa0/0, 10.1.0.1, tags imposed: {18 26}
Label {18} corresponds to 123.0.0.2 (ASBR2), and {26} is the VPN label chosen by ASBR2 for this route.
If we examine ASBR2 label table for label {26}, we have:
ASBR2#sh mpls for label 26 detail
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
26 18 100:1:200.1.0.1/32 \
3658 Fa1/0 10.2.1.1
MAC/Encaps=14/22, MRU=1496, Tag Stack{16 18}
CA030C27001CCA010C22001C8847 0001000000012000
No output feature configured
We can see that label {26} is removed and replaced by labels {16 18}: {16} corresponds to PE2, while {18} is the VPN label chosen by PE2.
