Click here to load reader

Inter-AS MPLS Sol BRKMPL-2105 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 8 Extending VPN services over Inter-AS networks VPN-R1 VPN-R2 PE22 CE1 CE2 AS #1

  • View
    2

  • Download
    0

Embed Size (px)

Text of Inter-AS MPLS Sol BRKMPL-2105 © 2011 Cisco and/or its affiliates. All rights reserved. Cisco...

  • BRKMPL-2105

    Sangita Pandya, TME, Cisco Systems, Inc.

    [email protected]

    Inter-AS MPLS Solutions

  • © 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKMPL-2105 22

    The Prerequisites

     Must understand basic IP routing  Familiar with MPLS architectures  Familiar with MPLS applications  Some level of MPLS network design/

    deployment experience

    2

  • © 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKMPL-2105 33

    Goal

     Explore Inter-AS MPLS VPN use cases  Discuss various architectures that facilitate support of

    MPLS VPN services in Inter-AS environment  Highlight some of the key differences between IOS and

    IOS XR  Introduce some of the key commands in IOS or IOS XR  For full configuration examples please refer to

    www.cisco.com

    3

    http://www.cisco.com/

  • © 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKMPL-2105 4

    Agenda

     Inter-AS Networks Inter-AS Connectivity Models Inter-AS L3 VPNs Inter-AS L2VPNs Inter-AS Multicast VPNs

     Carrier Supporting Carrier

    CSC Service Models MPLS L3 VPNs Multicast VPNs MPLS L2 VPNs

     Inter-AS RSVP-TE

  • © 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKMPL-2105 55

    Inter-AS MPLS Service Use Cases

     Extend VPN services over multiple independently managed MPLS domains

    Fast geographic service coverage expansion

    Two MPLS VPN Providers peering to cover for a common customer base

     Build MPLS VPN networks on original multi-domain network IGP isolation with service continuity

    Interconnect BGP confederations with different IGPs in the same AS

     Two available as described in RFC 4364 : 1.Carrier Supporting Carrier (CSC)

    2.Inter-Autonomous Systems (I-AS)

    AS3 Provider 2

    AS2 Provider 2

    AS1 Provider 1

    Subscriber1Subscriber1

    SubscriberN SubscriberN

    5

  • © 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKMPL-2105 6

    Carrier Supporting Carrier vs. Inter-AS

    CSC  IP/MPLS Carrier  doesn’t  want  to  

    manage own MPLS backbone  IP/MPLS Carrier is a customer of

    another MPLS backbone provider  Only the backbone provider is

    required to have MPLS VPN core  Customer Carriers do not

    distribute  their  subscribers’    VPN info to the backbone carrier

     Client-Server model

    Inter-AS  Single SP POPs not available in

    all geographical areas required by their subscribers/customers

     SPs provide services to the common customer base

     Both SPs must support MPLS VPNs

     Subscribers’  VPN information distributed to peering SPs’   network

     Peer-Peer model

    MPLS Backbone ProviderCustomer Carrier-B

    Customer Carrier-B

    Subscriber A Site1

    Subscriber A Site2

    Subscriber A Site1 Subscriber A Site2

    Provider-A Provider-B ASBR-A ASBR-B

    6

  • © 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKMPL-2105 7

    Inter-AS L3 VPNs Overview

  • © 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKMPL-2105 8

    Extending VPN services over Inter-AS networks

    VPN-R1 VPN-R2

    PE22

    CE2 CE1

    AS #1 AS #2 PE11

    MP-eBGP for VPNv4 (Option B)

    Multihop MP-eBGP between RRs

    (Option C) MP-eBGP+Labels

    Back-to-Back VRFs (Option A)

    ASBR1 ASBR2

    •VPN Sites attached to different MPLS VPN Service Providers •How do you distribute and share VPN routes between ASs

  • © 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKMPL-2105 99

    Intra-AS MPLS VPNs Review

     Route Distinguisher (RD) convert IPv4 routes to VPNv4 Routes

     Route Target allows VPN routes to be imported/exported to/from a VPN

     Peer PE loopbacks are known via IGP

     MP-BGP protocol carries VPNv4 routes and communities using BGP address-families

    MPLS Core PE2

    PE1

    P1

    MP-iBGP Update BGP VPN-IPv4 Net=RD:16.1/16 NH=PE1 Route Target 100:1 VPN Label=40

    MP-iBGP Update: BGP VPN-IPv4 Net=RD:18.1/16 NH=PE1 Route Target 100:1 VPN Label=41

    18.1/16 16.1/16

    P2

    VPN/VRF Endpoints

    VPN/VRF Endpoints

    IP IP

    IP 40 P1

    @PE1 IP 40

    @PE2

  • © 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKMPL-2105 1010

    Each ASBR Thinks the Other Is a CE

    Inter-AS VPN—Option A Connecting ASBRs using Back-to-Back VRFs

     Two providers prefer not to share MPLS link

     One logical interface per VPN/VRF on directly connected ASBRs;

     Packet is forwarded as an IP packet between the ASBRs

     Link may use any supported PE-CE routing protocol

     IP QoS policies negotiated and configured manually on the ASBRs

     Option A is the most secure and easiest to provision

     May not be easy to manage as #s of VPNs grow

    AS1 PE-ASBR1

    PE1 P1

    Unlabeled IP Packets

    AS2PE-ASBR2

    PE2

    P2P1

    IP IP 40 P1 IP 40 IP IPIP 80 P2 IP 80

    10

    VRF-Lite Configuration

    BGP VPN-IPv4 Net=RD:16.1/16 NH=PE1 Route Target 100:1 VPN Label=40

    BGP VPN-IPv4 Net=RD:17.1/16 NH=PE1 Route Target 200:1 VPN Label=80

  • © 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKMPL-2105 1111

    1. Redistribute eBGP link into the IGP of both AS

    Inter-AS VPN—Option B Connecting two ASBRs – Two Methods

    ASBR1 ASBR2

    PE1 PE2

    AS #1 AS #2

    IGP2 IGP1

    11

    ASBR1 ASBR2

    PE1 PE2

    AS #1 AS #2

    I’m  the   Next Hop

    to AS2

    I’m  the   Next Hop

    to AS1

    2. Receiving PE-ASBRs be the next hop

  • © 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKMPL-2105 12

    AS #1 AS #2 PE1

    PE2

    Customer-A

    CE1 CE2

    Customer-A

    ASBR1

    152.12.4.0/24

    BGP, OSPF, RIPv2 152.12.4.0/24,NH=CE2

    VPN-v4 update: RD:1:27:152.12.4.0

    /24, NH=PE1 RT=1:222, Label=(L1)

    VPN-v4 update: RD:1:27:152.12.4.0/24,

    NH=ASBR2 RT=1:222, Label=(L3)

    BGP, OSPF, RIPv2 152.12.4.0/24,NH=PE2

    Inter-AS VPN—Option B Establishing reachability between geographically dispersed VPNs using Next Hop Self on ASBRs

    ASBR2

     All VPNv4 Prefixes/Labels from PEs Distributed to ASBRs  Next Hop and labels are rewritten on ASBRs when routes are advertised across

    domains. ASBRs store all VPNv4 routes in BGP table.

    VPN-v4 update: RD:1:27:152.12.4.0

    /24, NH=ASBR1 RT=1:222, Label=(L2)

    eBGP for VPNv4

    Label Exchange between Gateway PE-ASBR Routers

    Using eBGP

    © 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKMPL-2105 12

  • © 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKMPL-2105 1313

    Inter-AS VPN—Option B Establishing reachability between geographically dispersed VPNs using Next Hop Self on ASBRs

     No Virtual Routing Forwarding tables on ASBRs unless ASBR also supports PE functionality (has VRF interfaces)

     In IOS, Receiving PE-ASBR automatically creates a /32 host route to a peer ASBR

    Which must be advertised into receiving IGP if next-hop-self is not in operation to maintain the LSP

     In XR, must define a static route to the Next Hop of peer ASBR for Option B and C as well as all address families (IPv4, IPv6, VPNv4, VPNv6). The CLI is only shown in Option B configuration example.

     In XR, must define route-policy to pass or filter selected VPNv4 routes for for Option B and Option C as well as all address families (IPv4, IPv6, VPNv4, VPNv6). The CLI is only shown in Option B configuration example.

     ASBR-ASBR link must be directly connected!!!!!! Could use GRE tunnel- considered directly connected.

  • © 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKMPL-2105 14

    ASBR1 ASBR2

    152.12.4.1

    152.12.4.1L3

    L2 152.12.4.1

    152.12.4.1 L1

    152.12.4.1

    PE1

    VPN-R1

    CE1

    152.12.4.0/24

    PE2

    CE2

    VPN-R2

    Inter-AS VPN—Option B End-to-end VPN packet forwarding - Next Hop Self on ASBRs

    AS #1 AS #2

     L1, L2, L3 are BGP VPN label.

     The Outer Most Core (IGP Labels in an AS) Label Is not displayed in on this slide.

  • © 2011 Cisco and/or its affiliates. All rights reserved. Cisco PublicBRKMPL-2105 15

    Inter-AS VPN—Option B Cisco IOS ASBR eBGP configuration

    PE1 PE2

    AS #1 AS #2

    CE1

    VPN-R1 VPN-R2

    CE2

    ASBR1 ASBR2 eBGP for VPNv4

    ! router bgp 1 neighbor remote-as 2 neighbor remote-as 1 neighbor update-source loopback0 no bgp default route-target filter ! address-family vpnv4 neighbor remote-as 1 activate neighbor remote-as 1 next-hop-self neighbor remote-as 2 activate neighbor remote-as 2 send-community extended

     ASBRs require no bgp default route-target filter command to store VPNv4 routes as it does not have any VRF interfaces.

  • © 2011 Cisco and/or i