Complete MPLS Inter-AS VPN Lab Part 4
Welcome to Part 4 of the MPLS Inter-AS VPN Lab Series.
In this section we will configure a complete Intra-AS MPLS VPN infrastructure using:
- VRFs
- VPNv4 MP-BGP
- Route Reflectors
- PE-CE BGP
- Route Targets
- Route Distinguishers
The primary goal is to establish end-to-end MPLS VPN communication between:
- R9
- R10
- R11
- R12
Table of Contents
1. MPLS VPN Architecture Overview
An MPLS VPN allows multiple customers to use the same provider backbone while maintaining traffic separation.
The separation is achieved using:
- VRFs
- Route Distinguishers
- Route Targets
- VPNv4 routes
MPLS VPN Formula
$$ VPNv4 = RD + IPv4\\ Prefix $$Example:
$$ 100:1 + 10.9.9.0/24 $$This creates a globally unique VPNv4 route.
๐ก Important MPLS VPN Components
- VRF = Virtual Routing and Forwarding
- RD = Route Distinguisher
- RT = Route Target
- PE = Provider Edge Router
- CE = Customer Edge Router
- RR = Route Reflector
2. Configure Intra-AS MPLS VPN in AS 100 US Site
We first configure the US MPLS VPN infrastructure connecting:
- R9
- R10
Configure PE Router R1
Code Example
vrf definition Cust-A
R1 router bgp 100 neighbor 3.3.3.3 remote-as 100 neighbor 3.3.3.3 update-source lo0 ! address-family vpnv4 neighbor 3.3.3.3 activate ! vrf definition Cust-A rd 100:1 address-family ipv4 route-target both 100:1 ! interface E0/2 vrf forwarding Cust-A ip address 192.168.10.1 255.255.255.0 no shut ! router bgp 100 address-family ipv4 vrf Cust-A neighbor 192.168.10.9 remote-as 65009
Configure PE Router R2
R2 router bgp 100 neighbor 3.3.3.3 remote-as 100 neighbor 3.3.3.3 update-source lo0 ! address-family vpnv4 neighbor 3.3.3.3 activate ! vrf definition Cust-A rd 100:1 address-family ipv4 route-target both 100:1 ! interface E0/2 vrf forwarding Cust-A ip address 192.168.20.2 255.255.255.0 no shut ! router bgp 100 address-family ipv4 vrf Cust-A neighbor 192.168.20.10 remote-as 65010
Configure Route Reflector R3
R3 router bgp 100 neighbor IBGP peer-group neighbor IBGP remote-as 100 neighbor IBGP update-source lo0 neighbor 1.1.1.1 peer-group IBGP neighbor 2.2.2.2 peer-group IBGP ! address-family vpnv4 neighbor IBGP route-reflector-client neighbor 1.1.1.1 activate neighbor 2.2.2.2 activate
Configure Customer Edge Router R9
R9 router bgp 65009 neighbor 192.168.10.1 remote-as 100 network 10.9.9.0 mask 255.255.255.0
Configure Customer Edge Router R10
R10 router bgp 65010 neighbor 192.168.20.2 remote-as 100 network 10.10.10.0 mask 255.255.255.0
Why Route Reflectors Are Needed
Without Route Reflectors:
$$ Number\\ of\\ iBGP\\ Sessions = \frac{n(n-1)}{2} $$This creates scalability problems.
Route Reflectors reduce the number of required BGP peerings.
Route Reflector Scaling Formula
$$ Full\\ Mesh = \frac{n(n-1)}{2} $$3. Configure Intra-AS MPLS VPN in AS 100 UK Site
Now we configure the UK MPLS VPN infrastructure connecting:
- R11
- R12
Configure PE Router R5
R5 router bgp 100 neighbor 7.7.7.7 remote-as 100 neighbor 7.7.7.7 update-source lo0 ! address-family vpnv4 neighbor 7.7.7.7 activate ! vrf definition Cust-A rd 100:1 address-family ipv4 route-target both 100:1 ! interface E0/2 vrf forwarding Cust-A ip address 192.168.50.5 255.255.255.0 no shut ! router bgp 100 address-family ipv4 vrf Cust-A neighbor 192.168.50.11 remote-as 65011
Configure PE Router R6
R6 router bgp 100 neighbor 7.7.7.7 remote-as 100 neighbor 7.7.7.7 update-source lo0 ! address-family vpnv4 neighbor 7.7.7.7 activate ! vrf definition Cust-A rd 100:1 address-family ipv4 route-target both 100:1 ! interface E0/2 vrf forwarding Cust-A ip address 192.168.60.6 255.255.255.0 no shut ! router bgp 100 address-family ipv4 vrf Cust-A neighbor 192.168.60.12 remote-as 65012
Configure Route Reflector R7
R7 router bgp 100 neighbor IBGP peer-group neighbor IBGP remote-as 100 neighbor IBGP update-source lo0 neighbor 5.5.5.5 peer-group IBGP neighbor 6.6.6.6 peer-group IBGP ! address-family vpnv4 neighbor IBGP route-reflector-client neighbor 5.5.5.5 activate neighbor 6.6.6.6 activate
Configure Customer Edge Router R11
R11 router bgp 65011 neighbor 192.168.50.5 remote-as 100 network 10.11.11.0 mask 255.255.255.0
Configure Customer Edge Router R12
R12 router bgp 65012 neighbor 192.168.60.6 remote-as 100 network 10.12.12.0 mask 255.255.255.0
Route Target Import Formula
$$ Import\\ RT = Export\\ RT $$Routes are imported only when Route Targets match.
4. Configure Route Reflector Relationship
Route Reflectors reduce iBGP scaling complexity.
R3 and R7 act as local Route Reflectors.
VPNv4 Reflection Formula
$$ RR \rightarrow Reflect\\ VPNv4\\ Routes $$5. Configure MP-iBGP Between Route Reflectors
Configure R3
R3 router bgp 100 neighbor 7.7.7.7 remote-as 100 neighbor 7.7.7.7 update-source lo0 ! address-family vpnv4 neighbor 7.7.7.7 activate neighbor 7.7.7.7 route-reflector-client
Configure R7
R7 router bgp 100 neighbor 3.3.3.3 remote-as 100 neighbor 3.3.3.3 update-source lo0 ! address-family vpnv4 neighbor 3.3.3.3 activate neighbor 3.3.3.3 route-reflector-client
Understanding VPNv4 MP-BGP
Standard IPv4 BGP cannot transport VPN information.
MP-BGP extends BGP using:
- VPNv4 address family
- Route Targets
- MPLS labels
This allows multiple customer VPNs to coexist in the same provider backbone.
MP-BGP Formula
$$ MP\text{-}BGP = IPv4 + VPN\\ Metadata + Label $$6. Verification Commands
| Command | Purpose |
|---|---|
| show bgp vpnv4 unicast all | Verify VPNv4 routes |
| show ip vrf | Verify VRFs |
| show ip route vrf Cust-A | Verify VRF routes |
| show bgp vpnv4 summary | Verify MP-BGP neighbors |
| ping | Verify reachability |
| traceroute | Verify forwarding path |
Sample VPNv4 Output
R1#show bgp vpnv4 unicast all Route Distinguisher: 100:1 *>i10.10.10.0/24 *>i10.11.11.0/24 *>i10.12.12.0/24
Expected Ping Verification
R9#ping 10.12.12.1 !!!!! Success rate is 100 percent
๐ฏ Verification Goals
- All PE routers must learn VPNv4 routes
- Route Reflectors must reflect routes correctly
- VRF routing tables must contain remote customer routes
- R9 to R12 communication must succeed
7. MPLS VPN Mathematics
VPNv4 Prefix Formula
$$ VPNv4 = RD + IPv4\\ Prefix $$Label Stack Formula
$$ Transport\\ Label + VPN\\ Label $$Route Reflection Scaling Formula
$$ n^2 \rightarrow Centralized\\ Reflection $$VRF Isolation Formula
$$ Separate\\ VRF = Separate\\ Routing\\ Table $$RT Matching Formula
$$ Import\\ RT = Export\\ RT $$8. Troubleshooting MPLS VPN
| Problem | Cause | Solution |
|---|---|---|
| No VPNv4 routes | Neighbor not activated | Activate VPNv4 AF |
| No VRF routes | RT mismatch | Verify RT values |
| No CE connectivity | BGP neighbor down | Verify PE-CE peering |
| No route reflection | Missing RR client | Configure route-reflector-client |
| Ping failure | No MPLS labels | Verify MPLS forwarding |
9. Best Practices
- Use Loopbacks for MP-BGP sessions
- Use Route Reflectors for scalability
- Maintain consistent Route Targets
- Use descriptive VRF names
- Verify MPLS before enabling VPNv4
- Separate customer traffic using VRFs
- Document Route Distinguishers carefully
๐ก Key Takeaways
- VRFs isolate customer routing tables
- Route Distinguishers create unique VPNv4 routes
- Route Targets control route import/export
- MP-BGP exchanges VPNv4 routes
- Route Reflectors improve scalability
- MPLS labels transport VPN traffic
10. Related Articles
- Complete MPLS Inter-AS VPN Options B & C Configuration Guide (Part 1)
- Complete MPLS Inter-AS VPN Lab Part 2
- Complete MPLS Inter-AS VPN Lab Part 3
Final Conclusion
In Part 4 we successfully configured a complete Intra-AS MPLS VPN environment using VRFs, MP-BGP VPNv4 and Route Reflectors.
We established:
- PE-CE BGP connectivity
- VPNv4 route exchange
- Route Reflector infrastructure
- VRF-based customer separation
- End-to-end MPLS VPN communication
The MPLS provider backbone can now securely transport multiple customer VPNs while maintaining traffic isolation and scalability.
No comments:
Post a Comment