IPExpert CoD: MPLS-VPN

This post contains my notes from an old version of IPX Class on Demand by Joe Astorino.

RD has no special meaning—it is only used to make potentially overlapping IPv4 addresses globally unique

Route Targets are additional attributes attached to VPNv4 BGP routes to indicate VPN membership

Export Route Targets identifying VPN membership are appended to customer route when it is converted into VPNv4 route

RD & RT are extended BGP communities; neighbor send-community extended is required!

RR for VPNv4 does not need to be the same as RR of IPv4.

PE imposes 2 labels, the one if from LDP, and the bottom one is from VPNv4 address-family.

Each bgp address-family is a different RIB.

  • Import policy means that routes will come from the VPN extended community
  • Export policy means that routes will go to the VPN extended community

ARF –Automatic Route Filtering:  Only VPN information matching a locally configured RT will be imported
Could be disabled: no default bgproute-target filter

By default, when running OSPF over Frame-Relay and network type is anything except point-to-multipoint, on a spoke, the nexthop for a route originated  from another spoke will be that spoke.
But when the network type is point-to-multipoint, the nexthop will be the hub, and a host route for each spoke will exist.
So make sure to use point-to-multipoint when using MPLS.

RIP/EIGRP address-family version and summarization is different form the RIP/EIGRP’s itself.

When the customer needs the same AS on multiple sites, the AS Override feature should be triggered. So the PE will override its (prepend). Another way to handle this requirement is using allowas-in.

  • If a single customer site has multiple PE links, the same SOO should be used
  • If a single customer has multiple sites, multiple SOO values should be used
VRF Lite
  • VRF-Lite is essentially using VRF without MPLS and MP-BGP involved in the picture.
  • VRF Lite is typically a switch-based deployment to allow multiple customers connecting through to a single PE with overlapping address spaces.
  • Physical interface is only Layer2 with access VLAN
  • SVI –interface vlanis in ip vrfforwarding

ip route vrf cust1 0.0.0.0 0.0.0.0 10.14.4.1 global // means that the nexthop is in global routing-table

Routing is bidirectional, so traffic needs to know how to come back as well:

ip route 10.3.44.0 255.255.255.0 serial 0/1 192.168.10.1
ip route vrf cust1 10.3.44.0 255.255.255.0 192.168.10.1

Both are needed!

VRF Route Leaking
  • ip route 100.40.3.0 255.255.255.0 serial 0/1/0.4 10.1.4.1 // Outgoing interface and nexthop are VRF-enabled.
    That will add a route to the global routing table pointing to a VRF-enabled interface.
ip route vrf cust2 100.40.2.0 255.255.255.0 serial 0/1/0.2
ip route vrf cust2 100.40.1.0 255.255.255.0 10.0.1.4 global

The routes above affect the VRF routing table and can point to an interface, or an IP.  If the IP is not in the VRF already, global may be needed

  • no ip route static inter-vrf // Prevents bleeding between VRFs if not planned for
  • For Inter-VRF stuff, simply use ―route-target import to add additional community routes into a VRF table

In a Hub & Spoke Frame-Relay network, running MPLS & OSPF, Serial interfaces should have the ospf network type of point-to-multipoint, on hub all frame-relay mappings should have broadcast keyword, also on spokes there should be a mapping of its ip to the dlci used for reaching the hub plus having broadcast keyword.

Configuration Steps:
  1. Setting up loopbacks, ip addresses and Frame-Relay (P2M)
  2. Enabling CEF and MPLS globally and on interfaces
  3. Running IGP (ospf) and advertising loopbacks too
  4. There is no need to carry IPv4 prefixes, so it will be disabled: no bgp default ipv4-unicast //It’s better to be done before adding neighbors, because address-family ipv4 will be created which we do not need. (no need of BGP on P router)
  5. Running MP-iBGP in the SP network (because of partial mesh, R2 will be route-reflector) to carry VPNv4 prefixes using address-family (activating neighbors, setting R4 & R5 as route-reflector-client, send-community extended is added automatically)
  6. Creating VRFs, setting RD and RT, and binding them to interfaces
  7. Running RIP on PE & CE for CustA (address-family on PE)
  8. Running EIGRP with a random AS# on PE & CE for CustB (address-family on PE)
  9. Redistribution of routes in address-family of each customer (BGP–>RIP/EIGRP & RIP/EIGRP–>BGP)

R2# sh ip bgp vp all sum

BGP router identifier 2.2.2.2, local AS number 245

BGP table version is 1, main routing table version 1

 

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd

4.4.4.4         4   245       5       5        1    0    0 00:01:55        0

5.5.5.5         4   245       4       4        1    0    0 00:00:35        0

To check the label stack: show ip cef vrf CustA 7.7.7.7

Share this!

Author: Mo Moghaddas

Traveler. Casual investor. Amateur photographer loving Networks. Blockchain/Cryptocurrency enthusiast. Internet citizen!

Leave a Reply

Your email address will not be published. Required fields are marked *