Complete MPLS Inter-AS VPN Options A, B and C Configuration Guide
This complete educational tutorial explains MPLS Inter-AS VPN connectivity using Cisco IOS routers. We will deeply understand Inter-AS MPLS VPN Option A, Option B and Option C with complete configurations, detailed explanations, mathematical concepts, MP-BGP logic, Route Reflector behavior, Route Targets, VPNv4 route exchange and label forwarding architecture.
๐ฏ What You Will Learn
- MPLS Inter-AS VPN Architecture
- Option A configuration and logic
- Option B configuration and logic
- Option C configuration and logic
- MP-eBGP VPNv4 exchange
- Label exchange between autonomous systems
- Route Reflector interaction
- BGP send-label operation
- VPNv4 next-hop behavior
- Route redistribution techniques
- End-to-end MPLS VPN reachability
Table of Contents
1. MPLS Inter-AS Introduction
MPLS Inter-AS VPN allows service providers to connect VPN customers across multiple autonomous systems.
This architecture is commonly used when:
- Multiple ISPs cooperate
- Large enterprises merge networks
- Global MPLS services are deployed
- Different MPLS domains must exchange VPN routes
MPLS VPN Reachability Formula
$$ Reachability = VPNv4 + Labels + RT\\ Matching $$For successful MPLS VPN communication:
$$ VPNv4\\ Exchange = TRUE $$ $$ Label\\ Reachability = TRUE $$ $$ Route\\ Target\\ Import = TRUE $$2. MPLS Inter-AS Option A Explained
Option A is called VRF-to-VRF Inter-AS connectivity.
In Option A:
- ASBRs behave like PE routers
- VRFs are configured on ASBRs
- PE-CE routing is used between ASBRs
- VPN routes are exchanged inside VRFs
Option A Logical Formula
$$ ASBR_{VRF1} \leftrightarrow ASBR_{VRF2} $$The ASBR treats the remote ASBR like a customer edge router.
3. Option A Configuration
Task 1 - Configure VRF Connectivity Between ASBRs
Connect R4 and R8 using interface E0/3 and configure the peer ASBR as a CE router inside the VRF.
Code Example
vrf forwarding Cust-A
This command binds the interface directly into the VRF routing table.
R4 interface E0/3 vrf forwarding Cust-A ip address 192.1.48.4 255.255.255.0 no shut ! router bgp 100 address-family ipv4 vrf Cust-A neighbor 192.1.48.8 remote-as 200
R8 interface E0/3 vrf forwarding Cust-A ip address 192.1.48.8 255.255.255.0 no shut ! router bgp 200 address-family ipv4 vrf Cust-A neighbor 192.1.48.4 remote-as 100
Detailed Explanation
In Option A:
- ASBRs maintain VRFs
- Inter-AS exchange occurs inside VRFs
- VPN labels are removed at ASBR boundaries
- BGP behaves exactly like PE-CE routing
This is operationally simple but less scalable.
Option A Scalability Formula
$$ VRFs_{ASBR} = Customers $$If customer count increases:
$$ Configuration\\ Complexity \uparrow $$Verification for Option A
show bgp vpnv4 unicast all show ip route vrf Cust-A ping vrf Cust-A x.x.x.x
Sample Verification Output
R4#show ip bgp vpnv4 all Route Distinguisher: 100:1 *> 10.10.10.0/24 192.1.48.8
4. MPLS Inter-AS Option B Explained
Option B uses MP-eBGP VPNv4 exchange directly between ASBRs.
Unlike Option A:
- VRFs are not required on ASBRs
- VPNv4 routes are exchanged directly
- Labels are preserved across AS boundaries
- ASBRs exchange labeled VPNv4 routes
Option B Formula
$$ ASBR_1 \leftrightarrow VPNv4 \leftrightarrow ASBR_2 $$Labels remain intact across the AS boundary.
5. Option B Configuration
Task 1 - Disable Route Target Filtering
By default ASBRs reject VPNv4 routes that do not match local VRFs.
Disable Route Target filtering to allow all VPNv4 routes.
R4 router bgp 100 no bgp default route-target filter
R8 router bgp 200 no bgp default route-target filter
Why This Command Is Required
Without this command:
- VPNv4 routes are filtered
- ASBR cannot forward unknown VPN routes
- Inter-AS VPN exchange fails
Task 2 - Configure MP-eBGP VPNv4 Between ASBRs
R4 interface E0/3 ip address 192.1.48.4 255.255.255.0 no shut ! router bgp 100 neighbor 192.1.48.8 remote-as 200 address-family vpnv4 neighbor 192.1.48.8 activate neighbor 10.3.3.3 next-hop-self
R8 interface E0/3 ip address 192.1.48.8 255.255.255.0 no shut ! router bgp 200 neighbor 192.1.48.4 remote-as 100 address-family vpnv4 neighbor 192.1.48.4 activate neighbor 10.7.7.7 next-hop-self
BGP Next-Hop Formula
$$ NextHop_{VPNv4} = ASBR\\ Loopback $$Using next-hop-self ensures stable forwarding.
Task 3 - Configure PE Routers to Import Remote RT
R1 vrf definition Cust-A address-family ipv4 route-target import 200:1 R2 vrf definition Cust-A address-family ipv4 route-target import 200:1 R5 vrf definition Cust-A address-family ipv4 route-target import 100:1 R6 vrf definition Cust-A address-family ipv4 route-target import 100:1
Detailed Route Target Logic
AS 100 exports RT 100:1.
AS 200 exports RT 200:1.
Importing the opposite RT enables cross-AS VPN communication.
6. MPLS Inter-AS Option C Explained
Option C is the most scalable MPLS Inter-AS architecture.
It uses:
- MP-eBGP between Route Reflectors
- Labeled IPv4 BGP between ASBRs
- End-to-end MPLS label switching
- Carrier Supporting Carrier concepts
Option C Formula
$$ RR_1 \leftrightarrow VPNv4 \leftrightarrow RR_2 $$ $$ ASBRs = Label\\ Transport\\ Only $$7. Option C Configuration
Task 1 - Configure Labeled BGP Between ASBRs
R4 interface E0/3 ip address 192.1.48.4 255.255.255.0 no shut ! router bgp 100 neighbor 192.1.48.8 remote-as 200 neighbor 192.1.48.8 send-label no neighbor 3.3.3.3
R8 interface E0/3 ip address 192.1.48.8 255.255.255.0 no shut ! router bgp 200 neighbor 192.1.48.4 remote-as 100 neighbor 192.1.48.4 send-label no neighbor 7.7.7.7
Understanding send-label
The command:
neighbor x.x.x.x send-label
enables BGP labeled unicast exchange.
This allows MPLS labels to travel between autonomous systems.
Label Exchange Formula
$$ Forwarding = IP\\ Prefix + MPLS\\ Label $$Task 2 - Configure Route Redistribution
Redistribute RR loopbacks into BGP and local IGP.
R4 access-list 1 permit 3.3.3.3 0.0.0.0 access-list 2 permit 7.7.7.7 0.0.0.0 ! route-map O2B match ip address 1 ! route-map B2O match ip address 2 ! router bgp 100 redistribute ospf 1 route-map O2B ! router ospf 1 redistribute bgp 100 route-map B2O
R8 access-list 1 permit 7.7.7.7 0.0.0.0 access-list 2 permit 3.3.3.3 0.0.0.0 ! route-map I2B match ip address 1 ! route-map B2I match ip address 2 ! router bgp 200 redistribute isis route-map I2B ! router isis redistribute bgp 200 route-map B2I
Redistribution Formula
$$ IGP \rightarrow BGP $$ $$ BGP \rightarrow IGP $$Controlled redistribution prevents routing loops.
Task 3 - Configure MP-eBGP Between Route Reflectors
R3 router bgp 100 neighbor 7.7.7.7 remote-as 200 neighbor 7.7.7.7 update-source lo0 neighbor 7.7.7.7 ebgp-multihop ! address-family vpnv4 neighbor 7.7.7.7 activate neighbor 7.7.7.7 next-hop-unchanged
R7 router bgp 200 neighbor 3.3.3.3 remote-as 100 neighbor 3.3.3.3 update-source lo0 neighbor 3.3.3.3 ebgp-multihop ! address-family vpnv4 neighbor 3.3.3.3 activate neighbor 3.3.3.3 next-hop-unchanged
Why Use next-hop-unchanged?
This prevents the Route Reflector from becoming part of the forwarding path.
Traffic flows directly between PEs.
Multi-hop Formula
$$ TTL > 1 $$eBGP multihop allows neighbors that are not directly connected.
8. Option C with Carrier Supporting Carrier
Option C may use an intermediate provider AS.
AS 1000 provides labeled transport between AS 100 and AS 200.
Carrier Supporting Carrier Logic
$$ Customer\\ SP \rightarrow Transit\\ SP \rightarrow Remote\\ SP $$The transit provider only transports labels.
9. Verification Commands
| Command | Purpose |
|---|---|
| show bgp vpnv4 unicast all | Verify VPNv4 routes |
| show mpls forwarding-table | Verify MPLS labels |
| show bgp ipv4 labeled-unicast | Verify labeled BGP routes |
| show ip route vrf Cust-A | Verify VRF routes |
| ping vrf Cust-A x.x.x.x | Test VPN reachability |
Expected MPLS Label Output
R4#show mpls forwarding-table Local Outgoing Prefix 17 22 7.7.7.7/32
10. MPLS Inter-AS Mathematics
MPLS Label Stack Formula
$$ Packet = IP + VPN\\ Label + Transport\\ Label $$VPNv4 Route Formula
$$ VPNv4 = RD + IPv4\\ Prefix $$RT Matching Formula
$$ Import = Export\\ RT \cap Import\\ RT $$Scalability Comparison
$$ OptionA < OptionB < OptionC $$Option C provides the highest scalability.
11. Troubleshooting MPLS Inter-AS VPN
| Issue | Cause | Solution |
|---|---|---|
| VPNv4 neighbor down | Missing activate command | Enable address-family vpnv4 |
| No MPLS labels | send-label missing | Enable BGP labeled-unicast |
| No VPN routes | RT mismatch | Verify route-target import/export |
| Ping failure | Next-hop unreachable | Verify IGP reachability |
| Loopback unreachable | Redistribution issue | Check route-maps |
12. Best Practices
- Use Option C for large-scale deployments
- Use route filtering wherever possible
- Verify MPLS labels regularly
- Use Route Reflectors for scalability
- Document Route Targets carefully
- Avoid unnecessary redistribution
- Use next-hop-unchanged in Option C
- Monitor BGP VPNv4 stability
๐ก Key Takeaways
- Option A is simple but less scalable
- Option B exchanges VPNv4 between ASBRs
- Option C provides best scalability
- send-label enables labeled BGP routes
- Route Targets control VPN route sharing
- MP-eBGP exchanges VPNv4 routes
- Redistribution provides RR reachability
- next-hop-unchanged avoids RR in data path
13. Related Networking Articles
- Complete MPLS Inter-AS VPN Lab Part 2 | OSPF, IS-IS, MPLS LDP & MP-BGP Configuration Guide
- Complete Cisco Nexus VXLAN EVPN
- Complete Cisco Nexus BGP Authentication
- Complete Cisco Nexus OSPF
- Complete Cisco Nexus EIGRP
- Complete Cisco Nexus Static Routing Lab
- Cisco Nexus vPC and LACP Configuration
Final Conclusion
This complete MPLS Inter-AS VPN tutorial explained how service providers exchange VPN routes across autonomous systems using Option A, Option B and Option C architectures.
We covered:
- VRF-to-VRF Inter-AS connectivity
- VPNv4 MP-eBGP exchange
- BGP labeled-unicast
- Route Reflector peering
- Label exchange mechanisms
- Redistribution strategies
- Carrier Supporting Carrier concepts
- MPLS forwarding mathematics
Mastering MPLS Inter-AS VPN options is essential for designing scalable service provider and enterprise WAN infrastructures.
No comments:
Post a Comment