Complete Cisco IOS XR MPLS L3VPN Inter-AS Option B Configuration Guide | MP-eBGP VPNv4 Tutorial

Complete Cisco IOS XR MPLS L3VPN Inter-AS Option B Configuration Part 3

Welcome to Part 3 of the Cisco IOS XR MPLS L3VPN series.

In Part 1, we built the MPLS underlay infrastructure using:

• OSPF
• ISIS
• MPLS LDP
• MP-iBGP
• Route Reflectors

In Part 2, we implemented:

• VRFs
• Route Distinguishers
• Route Targets
• PE-CE BGP
• VPNv4 Route Exchange

Now in Part 3, we move into one of the most important enterprise and service provider technologies:

🎯 MPLS Inter-AS Option B

This architecture allows two different Autonomous Systems to exchange MPLS VPN routes while preserving VPN separation and scalability.

Table of Contents

• 1. Inter-AS MPLS Overview
• 2. Understanding Inter-AS Option B
• 3. ASBR Connectivity
• 4. Route Policy Configuration
• 5. BGP Labeled-Unicast
• 6. Redistribution into IGP
• 7. MP-eBGP VPNv4 Exchange
• 8. Cross-AS Route-Target Import
• 9. Verification Commands
• 10. Troubleshooting
• 11. MPLS Mathematics
• 12. Related Articles

1. Inter-AS MPLS Overview

Large service providers commonly operate multiple Autonomous Systems.

Inter-AS MPLS VPN technologies allow VPN customers to communicate across multiple provider AS boundaries.

Inter-AS Connectivity Formula

$$ Customer\\ Site\\ A \rightarrow AS100 \rightarrow AS200 \rightarrow Customer\\ Site\\ B $$

The goal is seamless VPN communication across independent MPLS domains.

2. Understanding Inter-AS Option B

There are three major MPLS Inter-AS models:

Option	Description	Scalability
Option A	VRF-to-VRF	Low
Option B	ASBR VPNv4 Exchange	Medium/High
Option C	Carrier Supporting Carrier	Very High

💡 Why Option B?

• Better scalability
• No VRF stitching on ASBRs
• VPNv4 exchange between providers
• Efficient MPLS label exchange

Option B Core Formula

$$ VPNv4 + MPLS\\ Label = Cross\\ AS\\ VPN\\ Connectivity $$

3. Configure Interface Between ASBRs

R4 and R8 act as Autonomous System Boundary Routers.

These routers connect AS100 and AS200 together.

R4 Configuration

R4

interface Gig0/0/0/2
 ip address 192.1.48.4 255.255.255.0
 no shut

commit

R8 Configuration

R8

interface Gig0/0/0/2
 ip address 192.1.48.8 255.255.255.0
 no shut

commit

Why ASBR Connectivity Matters

ASBRs provide the exchange point between different MPLS provider domains.

Without ASBR connectivity:

• VPNv4 routes cannot be exchanged
• MPLS labels cannot traverse AS boundaries
• Customer traffic remains isolated within a single AS

4. Configure Route Policies for Route Leaking

Route policies control which loopback routes are exchanged between AS100 and AS200.

Route Leakage Formula

$$ Allowed\\ Routes = Policy\\ Matched\\ Prefixes $$

R4 Route Policies

R4

route-policy O2B

 if destination in (1.1.1.1/32,2.2.2.2/32,3.3.3.3/32) then
  pass
 endif

end-policy

route-policy B2O

 if destination in (5.5.5.5/32,6.6.6.6/32,7.7.7.7/32) then
  pass
 endif

end-policy

route-policy PASSALL
 pass
exit

commit

R8 Route Policies

R8

route-policy B2I

 if destination in (1.1.1.1/32,2.2.2.2/32,3.3.3.3/32) then
  pass
 endif

end-policy

route-policy I2B

 if destination in (5.5.5.5/32,6.6.6.6/32,7.7.7.7/32) then
  pass
 endif

end-policy

route-policy PASSALL
 pass
exit

commit

💡 Important Learning Point

Only loopback routes are leaked between ASes.

This provides:

• Controlled route exchange
• Reduced routing table size
• Improved security
• Better scalability

5. Configure BGP Labeled-Unicast

BGP labeled-unicast is one of the most critical technologies in Inter-AS Option B.

It allows labels to be exchanged together with IPv4 routes.

Labeled-Unicast Formula

$$ IPv4\\ Route + MPLS\\ Label = BGP\\ LU $$

R4 BGP Configuration

R4

router bgp 100

 address-family ipv4 unicast
  redistribute ospf 1 route-policy O2B
  allocate-label all
 exit

 neighbor 192.1.48.8
  remote-as 200

  address-family ipv4 labeled-unicast
   route-policy PASSALL in
   route-policy PASSALL out
  exit

 exit

exit

commit

R8 BGP Configuration

R8

router bgp 200

 address-family ipv4 unicast
  redistribute isis 1 route-policy I2B
  allocate-label all
 exit

 neighbor 192.1.48.4
  remote-as 100

  address-family ipv4 labeled-unicast
   route-policy PASSALL in
   route-policy PASSALL out
  exit

 exit

exit

commit

What Does allocate-label all Do?

This command allocates MPLS labels for all BGP routes.

Without labels:

• MPLS forwarding fails
• VPN traffic cannot cross AS boundaries
• LSP continuity breaks

6. Configure Redistribution into IGP

Redistribution injects learned BGP routes into the local IGP.

Redistribution Logic

$$ BGP\\ Route \rightarrow OSPF/ISIS $$

R4 Redistribution

R4

router ospf 1
 redistribute bgp 100 route-policy B2O

router static

 address-family ipv4 unicast
  192.1.48.8/32 GigabitEthernet0/0/0/2

commit

R8 Redistribution

R8

router isis 1

 address-family ipv4 unicast
  redistribute bgp 200 route-policy B2I
 exit

router static

 address-family ipv4 unicast
  192.1.48.4/32 GigabitEthernet0/0/0/2

commit

💡 Why Static Routes Are Added

Static routes ensure next-hop reachability between ASBRs.

Without next-hop reachability:

• BGP routes become unusable
• VPNv4 forwarding breaks
• MPLS labels cannot be resolved

7. Configure MP-eBGP Between Route Reflectors

This is the heart of Inter-AS Option B.

The Route Reflectors exchange VPNv4 routes directly across Autonomous Systems.

VPNv4 Exchange Formula

$$ AS100\\ RR \leftrightarrow AS200\\ RR $$

R3 Configuration

R3

route-policy PASSALL
 pass
exit

router bgp 100

 neighbor 7.7.7.7
  remote-as 200
  update-source Loopback0
  ebgp-multihop

  address-family vpnv4 unicast
   route-policy PASSALL in
   route-policy PASSALL out
   next-hop-unchanged
  exit

 exit

exit

commit

R7 Configuration

R7

route-policy PASSALL
 pass
exit

router bgp 200

 neighbor 3.3.3.3
  remote-as 100
  update-source Loopback0
  ebgp-multihop

  address-family vpnv4 unicast
   route-policy PASSALL in
   route-policy PASSALL out
   next-hop-unchanged
  exit

 exit

exit

commit

Why ebgp-multihop Is Required

The RR loopbacks are not directly connected.

By default, eBGP requires directly connected neighbors.

ebgp-multihop allows BGP sessions across multiple hops.

Why next-hop-unchanged Is Critical

Normally eBGP changes the next-hop attribute.

In MPLS VPN Option B:

• Original next-hop must be preserved
• MPLS label forwarding depends on it
• VPNv4 resolution requires original PE loopbacks

8. Configure Cross-AS Route-Target Import

Now both ASes must import each other's Route Targets.

Cross-AS Import Formula

$$ AS100\\ Import = 200:1 $$ $$ AS200\\ Import = 100:1 $$

R1 Configuration

R1

vrf Cust-A

 address-family ipv4 unicast

  import route-target
   200:1

commit

R2 Configuration

R2

vrf Cust-A

 address-family ipv4 unicast

  import route-target
   200:1

commit

R5 Configuration

R5

vrf Cust-A

 address-family ipv4 unicast

  import route-target
   100:1

commit

R6 Configuration

R6

vrf Cust-A

 address-family ipv4 unicast

  import route-target
   100:1

commit

🎯 Final MPLS VPN Result

Now all customer sites across AS100 and AS200 belong to the same MPLS VPN.

• R9 can reach R11
• R9 can reach R12
• R10 can reach R11
• R10 can reach R12

9. Verification Commands

Verify VPNv4 Routes

show bgp vpnv4 unicast

Verify Labeled-Unicast Routes

show bgp ipv4 labeled-unicast

Verify MPLS Forwarding

show mpls forwarding

Verify Route Targets

show bgp vpnv4 unicast rd all

Verify VRF Routes

show route vrf Cust-A

Verify Connectivity

ping 10.11.11.11
ping 10.12.12.12
ping 10.9.9.9
ping 10.10.10.10

Expected VPNv4 Output

R1#show bgp vpnv4 unicast

Route Distinguisher: 200:1

*>i10.11.11.0/24
    7.7.7.7

*>i10.12.12.0/24
    7.7.7.7

10. Inter-AS MPLS Troubleshooting

Problem	Cause	Solution
VPNv4 routes missing	MP-eBGP failure	Verify RR VPNv4 session
No labels	allocate-label missing	Add allocate-label all
Routes not imported	RT mismatch	Verify import/export RT
BGP LU failure	Address-family issue	Check labeled-unicast AF
Next-hop unreachable	No underlay route	Verify IGP redistribution
VPN traffic blackhole	MPLS forwarding issue	Verify LFIB and labels

11. MPLS Inter-AS Mathematics

Label Stack Formula

$$ Packet = Transport\\ Label + VPN\\ Label + Payload $$

End-to-End MPLS Formula

$$ CE \rightarrow PE \rightarrow P \rightarrow ASBR \rightarrow ASBR \rightarrow P \rightarrow PE \rightarrow CE $$

VPNv4 Route Structure

$$ VPNv4 = RD:IPv4\\ Prefix $$

Route Target Membership

$$ Import\\ Success = \begin{cases} TRUE, & RT_{import}=RT_{export} \\\\ FALSE, & otherwise \end{cases} $$

BGP Scalability Formula

$$ Sessions = \frac{n(n-1)}{2} $$

Route Reflectors reduce the need for full mesh.

MPLS Switching Formula

$$ Incoming\\ Label \rightarrow LFIB \rightarrow Outgoing\\ Label $$

💡 Key Takeaways

• Inter-AS Option B exchanges VPNv4 routes between ASes
• ASBRs exchange labeled-unicast routes
• MP-eBGP exchanges VPNv4 information
• Route policies control route leakage
• Route Targets determine VPN membership
• next-hop-unchanged preserves MPLS forwarding integrity
• allocate-label all enables MPLS label distribution

12. Related Articles

• Complete Cisco IOS XR MPLS L3VPN Part 1
• Complete Cisco IOS XR MPLS L3VPN Part 2

Final Conclusion

In this Part 3 MPLS Inter-AS Option B guide, we successfully connected two independent MPLS provider domains together.

We implemented:

• ASBR connectivity
• BGP labeled-unicast
• Route leaking policies
• MP-eBGP VPNv4 exchange
• Cross-AS route-target imports
• End-to-end VPN communication

At this stage, all customer sites across AS100 and AS200 can communicate securely through MPLS VPN technology.

This architecture is heavily used in real-world service provider MPLS deployments because of its scalability and operational simplicity.