MPLS VPN Configurations

8/8/2019 MPLS VPN Configurations

1/101

1CQFE rev17 Russ Davis 1999, Cisco Systems, Inc.

MPLS VPN Configurations

Khalid Raza

MPLS VPN Configurations

Khalid Raza


2/101

2CQFE rev14 Russ Davis 1999, Cisco Systems, Inc. www.Cisco.com

AgendaAgenda

Introduction to VPNs concepts

VPN definitions

Types of VPNs (Overlay/Peer)

Comparison between Overlay and Peermodel

Benefits for MPLS VPNs


3/101


AgendaAgenda

Idea behind VRF, RD, RT

Route propagation in MP-BGP

Routing between PE-CE

MPLS Packet Forwarding


4/101


AgendaAgenda

MPLS configuration

VRF

MP-BGP

PE-CE configuration

Advance configuration


5/101


AgendaAgenda

MPLS topologies VPN connectivity

Design considerations

Deployment strategies


6/101


VPN/MPLS ConceptsVPN/MPLS Concepts

VPN

Concept is to use the service providers sharedresources connecting multiple customer sites

Technologies such as X.25, Frame-relay which usevirtual circuits to establish end-to-end connectionusing shared service of the provider infrastructure

This statistical sharing of resources enables theservice provider to offer low cost services to theend user


7/101


VPN Terminology

Provider Network (P-Network)

The backbone under control of a Service

Provider

Customer Network (C-Network)

Network under customer control

CE routerCustomer Edge router. Part of the C-

network and interfaces to a PE router


8/101


VPN Terminology

Site

Set of (sub)networks part of the C-network and co-located

A site is connected to the VPN backbonethrough one or more PE/CE links

PE router

Provider Edge router. Part of the P-Network and interfaces to CE routers

P router

Provider (core) router, without knowledge

of VPN


9/101


Service Provider Network

Provider Edge

(PE) device

Provider Edge

(PE) device

VPN Site

VPN Site

VPN TerminologyVPN Terminology

CPE (CE)

Device

CPE (CE)

Device

Provider core

(P) device


10/101


Types of VPNsTypes of VPNs

VPN services are offered in two majorways

Overlay Model where the service providerprovides the virtual connections between sites

Peer model where the service providerparticipates in the layer routing of the customer


11/101


VPN Overlay ModelVPN Overlay Model

Service provider network is a connection

of point-to-point links Routing within the customer network is

transparent to the service providernetwork

Service provider is responsible purely fordata transport between customer sites


12/101



Layer 1 implementation (IP, HDLC,

PPP (customer) - provider gives bitpipes only

Layer 2 implementation - serviceprovider responsible for L2 VC viaATM, Frame-relay


13/101



Provider Edge

(PE) device

Provider Edge

(PE) device

VPN Site VPN Site

Virtual Circuit


CPE (CE)

Device

CPE (CE)

Device

Layer-3 Routing Adjacency


14/101


VPN Peer Model

Both provider and customer network usesame network protocol

CE and PE routers have a routing

adjacency at each site All provider routers hold the full routing

information about all customer networks

Private addresses are not allowed May use the virtual router capability

Multiple routing and forwarding tablesbased on Customer Networks


15/101



Provider Edge

(PE) Router

Provider Edge

(PE) Router

VPN Site VPN Site

CPE (CE)

Router

CPE (CE)

Router


VPN Peer-to-Peer ModelVPN Peer-to-Peer Model



16/101


VPN Peer ModelVPN Peer Model

Peer model used two types ofapproach

Shared router

Dedicated router


17/101



Shared router

Where a common router was used, extensivepacket filtering is used on the PE router toisolate customer

Service provider allocated addresses out of itsspace to the customer and managed the packetfilter to ensure same customer reachability,

and isolation between customers.High maintenance cost associated with packetfilters

Performance impact due to packet filtering


18/101


Peer-to-Peer ModelShared Router Approach

Peer-to-Peer ModelShared Router Approach

PE

CE

VPN-A

VPN-B

CEVPN-C

CE

Shared router approach with complex filters

Paris

London

Munich

interface Serial0/1

description ** interface to VPN-A customer

ip address 192.168.61.6 255.255.255.252ip access-group VPN-A inip access-group VPN-A out

!interface Serial0/2

description ** interface to VPN-B customerip address 192.168.61.9 255.255.255.252

ip access-group VPN-B inip access-group VPN-B out

!interface Serial0/3

description ** interface to VPN-C customerip address 192.168.62.6 255.255.255.252

ip access-group VPN-C inip access-group VPN-C out

PE Routing TableVPN-A routesVPN-B routes

VPN-C routes


19/101



Dedicated router

Customer isolation is achieved via dedicatedrouters connected to customer

POP edge router filter routing updates betweendifferent provider edge routers

Route filtering is achieved via BGPCommunities

Not cost effective


20/101


Peer-to-Peer ModelDedicated Router Approach

Peer-to-Peer ModelDedicated Router Approach

VPN-A PE

CE

VPN-A

VPN-B

CE

Dedicated router approach expensive to deploy

Paris

London

P Routing TableVPN-A routes (community 111:1)

VPN-B routes (community 111:2)

VPN-B PE

P Router CE VPN-A

Brussels

VPN-A routes ONLYVPN-B

router bgp 111

neighbor 10.13.1.2 remote-as 111

neighbor 10.13.1.2 route-reflector-client

neighbor 10.13.1.2 route-map VPN-A out

!

route-map VPN-A permit 10

match community-list 75

!

ip community-list 75 permit 111:1


21/101


Comparison Betweenthe Two Models


Overlay Model

Easy to implement

No knowledge ofcustomer routing

Isolation betweenthe two network

Peer Model

Optimal routing

Easy to provisionadditional VPNsthrough site

provisioning - noneed for linkprovisioning


22/101




Overlay Model

Optimal routing betweensites requires full mesh

Bandwidth provisioning

Virtual circuits have tobe manually configured

Peer Model

Customerconvergence isdepended on SProuting convergence

Lot of routes withthe providernetworks causesscalability problems


23/101


Benefits of MPLS VPNsBenefits of MPLS VPNs

Best of both worlds

PE participates in routing so you canachieve optimal routing between sites

PE isolates customer routing informationlike dedicated router solution

Overlapping addresses are permittedbetween customers


24/101



PE router is subdivided into virtual routers

Similar to the dedicated router approach

Each customer is assigned independentrouting tables

IOS does this isolation through theconcept of VRF (Virtual Routing andForwarding)


25/101



PE

CE

VPN-A

VPN-A

CEVPN-B

Global Routing Table

VRF for VPN-A

VRF for VPN-B

VPN Routing Table

CE

Multiple routing & forwarding instances (VRFs) providethe separation

Paris

London

Munich

IGP &/or BGP


26/101


ProblemProblem

How to propagate routing across the

network between the PE devices? We need a routing protocol that will

transport the customer routes across theprovider network

Need to maintain the independency ofcustomers routing and address space


27/101


Easy and Lazy AnswerEasy and Lazy Answer

Run multiple routing protocols, one eachfor customer

But PE routers will have to run largenumber of routing instances

Poor P router will have to carry all the VPNroutes

P routers still will run into overlappingaddress problem unless you configure allthe vrfs on the PE router

Does not scale


28/101


Better SolutionBetter Solution

Run a routing protocol that canexchange the routing updates onlybetween PE routers

P router is protected from customerroutes


29/101


But how to do it ?But how to do it ?

Use BGP to pass the routing information

between PE devices

Use MPLS labels to exchange packetsbetween next-hops (PE routers)

Extend BGP to be able to handleoverlapping addresses


30/101


PE routers maintain separate routing tables

Global routing table

contains all PE and P routes (perhaps BGP)

populated by the VPN backbone IGP

VRF (VPN routing & forwarding)

routing & forwarding table associated with one or moredirectly connected sites (CE routers)

VRF is associated with any type of interface, whetherlogical or physical (e.g. sub/virtual/tunnel)

interfaces may share the same VRF if the connectedsites share the same routing information

VPN Routing & ForwardingInstance (VRF)



31/101




PE

CE

VPN-A

VPN-A

CEVPN-B

Global Routing Table

VRF for VPN-A

VRF for VPN-B

VPN Routing Table

CE

Multiple routing & forwarding instances (VRFs) providethe separation

Paris

London

Munich

IGP &/or BGP


32/101


MPLS/VPN Connectivity ModelMPLS/VPN Connectivity Model

Private addressing in multiple VPNs nolonger an issue

provided that members of a VPN do not use the

same address range

VPN A

VPN B VPN C

London

Milan

Paris Munich

Brussels Vienna

Address space for

VPN A and B must be

unique

10.2.1.0/24 10.22.12.0/24

10.2.1.0/24 10.3.3.0/24 10.2.12.0/24

10.4.12.0/24


33/101




VRF can be thought of as a virtual routerwith the following structures:

forwarding table based on CEF

a set of interfaces that use the derived forwarding table

rules to control import/export of routes from/into the VPNrouting table

set of routing protocols/peers which inject information intothe VPN routing table (including static routing)

router variables associated with the routing protocol usedto populate the VPN routing table


34/101


VRF Route PopulationVRF Route Population

VRF is populated locally through PE and CErouting protocol exchange

RIP Version 2, OSPF, BGP-4 & Static routing

Separate routing context for each VRF

routing protocol context (BGP-4 & RIP V2)

separate process (OSPF)

PE

CE

CE

Site-2

Site-1

EBGP,OSPF, RIPv2,Static


35/101


Local VRF Route PopulationLocal VRF Route Population

PE

CE

VPN-A

VPN-A

CEVPN-B

VRF for VPN-A

VRF for VPN-B

CE

Local VRF population driven by routing protocol contextor process (OSPF)

Paris

London

Munich

Which routingprotocol context or

process ?

Global


36/101


VRF Route DistributionVRF Route Distribution

PE routers distribute local VPN informationacross the MPLS/VPN backbone

through the use of MP-BGP & redistribution from VRF

receiving PE imports routes into attached VRFs

PE PECE Router CE Router

P Router

VPN Site VPN SiteMP-BGP

MPLS/VPN Backbone


37/101


Concept of RDConcept of RD

If customers have overlapping address,

BGP will treat them is single prefix

Extend the prefix with a 64-bit prefix(route-distinguisher)

Now, with 32 bit IP address and 64 bit RD,the two overlapping IP address are unique


38/101



32 bit IP prefix is the IPv4 address

With 64 bit RD, it is now extended to96 bit and is now VPNv4 address

This address is exchanged only

between the PE routers via BGP

This is carried in Multi-Protocol BGP


39/101



PE1

CE

VPN-A

VPN-B

VPN-B

CE

MP-BGP

PE2

BGP Table

Routes from VPN-A

Routes from VPN-B

Munich

MPLS/VPN Backbone

CE router sends 32 bit IPv4 prefix

PE router converts it into a 96 bit VPNv4 prefix


40/101


Processing of RDProcessing of RD

RD is propagated between the PE

routers RD is removed by the receiving PE

routers

CE router receives just the IPv4prefixes


41/101


Usage of RDUsage of RD

RD is only used to extend the IP prefixsuch that overlapping address are unique

Simple VPN topologies require single RDper customer

In some cases multiple RDs may berequired


42/101


Can RD be the VPN Identifier?Can RD be the VPN Identifier?

Yes - it could be a VPN identifier Complex topologies require another

component for VPN topologies other

than RD, just like communities aremore flexible.


43/101


Concept of RTConcept of RT

Sites that have to participate in more than

one VPN- RD is not sufficient You need another way of deciding the

membership

RT was introduced to support complextopologies such that separation andgrouping is easier


44/101



RT is extended BGP communities,attached to VPNv4 address

Give more flexibility to the VPNmembership

Any number of RT can be attached to aroute

Extended communities are 64 bit values


45/101



RTs are either exported or imported

Export route target are attached to theroute the moment it is converted from IPv4to VPNv4

Import RT is used to decide the routes thatwould be imported into the VPN


46/101


Routing Within MPLS VPNRouting Within MPLS VPN

Pass IPv4 to the customer routers

No VPN routes within the MPLS core (Prouters)

P routers run IGP and global BGP (ifneeded)

Provider Edge router carries connectedVPN routes and Internet routes


47/101


Routing P-router PerspectiveRouting P-router Perspective

Runs IGP with all the P and PErouters in the network

No MPLS VPN routing information

Very simple view of the network


48/101


Routing PE-router PerspectiveRouting PE-router Perspective

Exchanges IPv4 routes with CE router Exchange VPNv4 routes with other PE

routers

Run common IGP with P router and alsointernet BGP with P routers (if needed)


49/101


Routing Table on PE RouterRouting Table on PE Router

PE router has to maintain number ofrouting tables

Global routing table (IGP, Internet routes)

VRF routing information for VPNsconnected

VRF routing is populated via CE and otherPE routes


50/101


PE to PE RouteInformation FlowPE to PE Route

Information Flow

PE router creates VPNv4 update

Adds extended community attribute (RT,

SOO)

All other BGP attributes

Received route is imported into

appropriate VRF according to RT values

Routes installed into VRF are propagatedto CE routers


51/101


MP-BGP UpdateMP-BGP Update

Any other standard BGP attribute

Local PreferenceMEDNext-hopAS_PATHStandard Community

A Label identifying:

The outgoing interface or VRF where a lookuphas to be performed (aggregate/connected)

The BGP label will be the second label in thelabel stack of packets travelling in the core


52/101


VRF Population of MP-BGPVRF Population of MP-BGP

PE-1

CE-1

ip vrf VPN-A

route-target import VPN-A

VPN-v4 update:RD:1:27:149.27.2.0/24, Next-hop=PE-1SOO=Paris, RT=VPN-A,Label=(28)

CE-2

Receiving PE routers translate to IPv4

Insert the route into the VRF identified by the RT

attribute (based on PE configuration)

The label associated to the VPN-V4 address will be

set on packets forwarded toward the destination

VPN-v4 update is translated intoIPv4 address and put into VRFVPN-A as RT=VPN-A andoptionally advertised to CE-2

Paris London

PE-2


53/101


Routing Between PE-CERouting Between PE-CE

CE does not need any understanding ofMPLS

CE needs standard IP software

Currently EBGP, OSPF, RIP, and staticrouting is supported

PE router looks like a standard corporatebackbone to the CE router


54/101


In Label FEC Out Label- 197.26.15.1/32 -

In Label FEC Out Label41 197.26.15.1/32 POP

In Label FEC Out Label- 197.26.15.1/32 41

MPLS/VPN Packet ForwardingMPLS/VPN Packet Forwarding

Paris

Use label implicit-null for

destination 197.26.15.1/32

Use label 41 for destination

197.26.15.1/32

VPN-v4 update:RD:1:27:149.27.2.0/24,NH=197.26.15.1SOO=Paris, RT=VPN-A,Label=(28)

PE-1

London

PE and P routers have BGP next-hop reachability

through the backbone IGP

Labels are distributed through LDP correspondingto BGP Next-Hops or RSVP with Traffic Engineering

149.27.2.0/24

PE-2197.26.15.1


55/101



Label Stack is used for packet forwarding

Top label indicates BGP Next-Hop (interior label)

Second level label indicates outgoing interface or VRF(exterior VPN label)

MPLS nodes forward packets based on top label

any subsequent labels are ignored

Penultimate Hop Popping procedures used one

hop prior to egress PE router


56/101


Penultimate Hop PoppingPenultimate Hop Popping

LondonLondon BrusselsBrussels ParisParis

197.26.15.1

In Label FEC Out Label

- 197.26.15.1/32


41 197.26.15.1/32 POP


- 197.26.15.1/32 41

Use label 41 for destination

197.26.15.1/32

Use label implicit-null for

destination 197.26.15.1/32

London# show tag-switching tdp binding 197.26.15.1tib entry: 197.26.15.1/32, rev 10

local binding: tag: imp-null(1)

remote binding: tsr: 172.16.3.1:0, tag: 41

Brussels# show tag-switching tdp binding 197.26.15.1tib entry: 197.26.15.1/32, rev 10local binding: tag: 41

remote binding: tsr: 172.16.3.2:0, tag: imp-null(1)

Brussels# show tag-switching forwardingLocal Outgoing Prefix Bytes tag Outgoing Next Hop

tag tag or VC or Tunnel Id switched interface

41 Pop tag 197.26.15.1/32 0 Se0/0/2 point2point


57/101


In Label FEC Out Label- 197.26.15.1/32 41


Paris

149.27.2.27

PE-1

London149.27.2.0/24

Ingress PE receives normal IP packets

PE router performs IP Longest Match fromVPN FIB, finds iBGP next-hop and imposesa stack of labels

149.27.2.272841

VPN-A VRF149.27.2.0/24,

NH=197.26.15.1Label=(28)


58/101


In Label FEC Out Label41 197.26.15.1/32 POP


Paris

149.27.2.27

PE-1

London149.27.2.0/24

149.27.2.272841

VPN-A VRF149.27.2.0/24,

NH=197.26.15.1Label=(28)

149.27.2.2728

In Label FEC Out Label28(V) 149.27.2.0/24 -

VPN-A VRF149.27.2.0/24,

NH=Paris

149.27.2.27

Penultimate PE router removes the IGP label

Penultimate Hop Popping procedures (implicit-null label)

Egress PE router uses the VPN label to selectwhich VPN/CE to forward the packet to

VPN label is removed and the packet is routedtoward the VPN site


59/101


MPLS/VPN Configuration andImplementation

MPLS/VPN Configuration andImplementation


60/101


MPLS ConfigurationMPLS Configuration

VRF: Sites requiring same routingpolicies share same VRF

IP routing table

CEF forwarding

Route distinguisher

Route Target (export, import)


61/101



VRF configuration

Step 1. Create VRF

Step 2. Assign an RD

Step 3. RT export

Step 4. RT import

Step 5. Define an interface to a VRF


62/101



VRF configuration

Step 1.Creating a VRF

ip vrfname

Example ip vrfbootcampWhere bootcamp is just a name like route-map name


63/101



VRF configurations

Step 2.

Every VRF needs an associated RD

rd route-distinguisher

Could be AS:X or IP address :X

Example: rd 109:12345


64/101



VRF configuration

Step 3.Defining a route target that will be exportedwith every route that is send from the VRF

Multiple route-target can be attached to a vrf

route-target export RT

Example: route-target export 109:1234


65/101



VRF configuration

Step 4.

Define a route-target that will be accepted bythe router to be imported into the VRF

route-target import

Example: route-target import 109:1345


66/101



VRF configuration

Step 5.

Associate an interface to the VRF; this willremove the interface from the global routingprocess

Existing IP address is removed once the

interface is defined to a VRF; you will have tore-configure the IP address


67/101



VRF configurationIp vrf GREEN

rd 109:145

route-target export 109:145

route-target import 109:145

interface serial 1/0/1

ip forwarding vrf GREEN

ip address 10.1.1.5 255.255.255.252


68/101



MP-BGP configuration

BGP process is extended to perform three

functions

Tasks are configured in same BGP processthrough address families

1. Maintain and exchange global routing information(IPv4 routing)

2. VPNv4 routing

3. VRF routing exchange with CE


69/101



MP-BGP configurations

Global neighbor are configured under theglobal BGP process (All P and PE neighbors)

These neighbors need to be activated underthe appropriate address family according torequirements

VRF specific neighbors are defined under thecorresponding VRFs


70/101



MP-BGP configurations

Step 1. Configure neighbors and theirparameters under the global process

Step 2. Configure address family VPNv4

Step 3. Activate neighbors to carry VPNv4

routesStep 4. Activate the VPNv4 specific parameters

under the address family (filter, etc.)


71/101



MP-BGP configurationsStep 1. Configure BGP process

router bgp 110


neighbor 131.108.1.1 update-source loopback 0


72/101



MP-BGP Configurations

Step 2. Configure the address family, activate theneighbor under the address family for VNPv4routes. Neighbor that was defined earlier undermain BGP process

address-family vpnv4

neighbor 131.108.1.1 activate

neighbor 131.108.1.1 next-hop-self


73/101



Lets talk a little about the IPv4address family

Address-family IPv4 is same is yourregular BGP process

Configurations done under this family

will be added to the global BGPconfigurations


74/101



no bgp default ipv4 unicast

Disables the default behavior of IPv4 routepropagation

Activate the neighbors that need to getIPv4 routes

Isolation of VPNv4 and IPv4 routes suchthat few neighbors get both and fewreceive VPnv4 only


75/101



Example: 3 neighbors: two of themneed IPv4 routes, one does not

Requirements

Neighbor 131.108.1.1 (IPv4, VPNv4)

Neighbor 131.108.1.2 (IPv4 only)

Neighbor 131.108.1.3 (VPNv4 only)


76/101



Router bgp 110

No bgp default ipv4 unicast

Neighbor 131.108.1.1 remote-as 110



Neighbor 131.108.1.1 activate


Address-family vpnv4




77/101



Configuring PE-CE Routing

BGP between PE-CE

RIP between PE-CE

OSPF between PE-CEStatic routes


78/101



BGP/RIP require single routing process

Distance/path vector no databaseseparation needed; done through address-families

OSPF requires a separate routing processfor each VRF to maintain a separatedatabase


79/101



All non-BGP VRF routes have to beredistributed

No sync is default

No auto summary is default


80/101



BGP

Define the neighbor under the address-familyvrf and not under the global BGP

router bgp 110

!

address-family ipv4 vrf Green


neighbor 10.1.1.1 activate


81/101



RIP

Single routing process

RIP parameters in each VRFrouter rip

version 2

address-family ipv4 vrf BLUE

network 10.0.0.0

redistribute bgp 110 metric transparent


82/101


MPLS OSPFMPLS OSPF

IGP-BGP redistribution is done byMPLS

Not a very good thing for OSPF

Routes redistributed in OSPF are

external Single LSA for every external route


83/101


MPLS OSPFMPLS OSPF

If all the routes are carried as

external Route summarization would be a

problem

Stub areas would be hard toimplement


84/101


MPLS OSPFMPLS OSPF

MPLS VPNs needed to be extended tocarry OSPF information

Per se create a concept of super backbone

Super backbone is created with MP-BGPbetween the PE-routers

This super backbone is between the PErouters; it is transparent to OSPF


85/101


MPLS OSPFMPLS OSPF

CE

VPN-A CEVPN-B

MPLS BGPbackbone

VPN-A

CE

ParisLondon

Area 0

Area 1

VPN-A CEVPN-B

Area 2

Area 0


86/101


MPLS OSPFMPLS OSPF

OSPF between sites does not use normalOSPF-BGP redistribution

Internal OSPF routes are kept internal toOSPF

External routes are kept external

OSPF metrics are preserved MPLS OSPF backbone is transparent to

CE OSPF that runs standard software


87/101


MPLS OSPFMPLS OSPF

PE routers act as ABRs

In the case of no stub area, PErouters also act as ASBRs

For CE routers perspective, send an

inter-area route into the connectedarea


88/101


MPLS OSPFMPLS OSPF

Intra-area OSPF routes are

redistributed into BGP by the PErouter

Route Summarization can be done at

the redistribution point by the PErouter


89/101


MPLS OSPFMPLS OSPF

Super backbone acts just like area 0 inregular OSPF

Redistributed routes at the PE routersappear as inter-area routes

Routes from one area 0 site into anotherarea 0 sites appear as inter-area routes

Redistributed intra- and inter-area routesappear as inter-area routes; external stillappear as external


90/101


MPLS OSPFMPLS OSPF

For MP-BGP, extended community of

0x8000 is used

OSPF cost is copied as MED for BGP

LSA type and metric are carriedacross


91/101


MPLS OSPFMPLS OSPF

OSPF-BGP loop avoidance

VPN-AVPN-B

MPLS BGP

backbone

VPN-A

CE

ParisArea 0

VPN-AVPN-BArea 0

OSPF route

Redistributed into BGPPE1 PE2PE3


92/101


MPLS OSPFMPLS OSPF

PE1 learns the route via OSPF intra-area

PE1 advertises the route to PE2 and PE3via MP-BGP

One of the PE router redistributes it first(sort of race condition)

PE2 sends the route to PE3 via OSPFsummary LSA


93/101


MPLS OSPFMPLS OSPF

PE3 removes the iBGP route for the

destination and installs the OSPF summaryroute, due to lower admin distance

You can solve the problem by lowering the

administrative distance of iBGP to beless not a clean solution

S OSS OS


94/101


MPLS OSPFMPLS OSPF

To solve this problem a (Down bit) hasbeen added to option field of the header

like ISIS TLV 135 PE router sets the down bit when

redistributing routes from MP-BGP toOSPF

PE router will never redistribute OSPFroute back into BGP with down bit set

MPLS OSPFMPLS OSPF


95/101


MPLS OSPFMPLS OSPF

Double redistribution loop is still possible

When the CE does redistribution between

domains and the down bit is lost

For this purpose, tag field is used as doneby standard BGP-OSPF redistribution

PE routers never redistributes OSPFroutes with Tag field equal to their own ASnumber into MP-BGP

MPLS C fi tiMPLS C fi ti


96/101



OSPF

Configuration is still simple

router ospf 110 vrf RED

network 10.1.0.0 0.0.255.255 area 0redistribute bgp 110

MPLS IS ISMPLS IS IS


97/101


MPLS IS-ISMPLS IS-IS

VPN backbone is treated as a level

above L2 All L1/L2 routes will be redistributed

into BGP at the PE router

New extended community in BGP0x0006



98/101



Same as route leaking concept: dontsend out IS-IS back into BGP ifUP/Down bit is set

Dont send route if the route in thetable is not learned via IS-IS



99/101



At the receiving site redistribute theroute into IS-IS with UP/Down bit set

Same concept as separation of

LSDB: one DB can belong to one VPN



100/101



Configuration is similar to OSPF

router isis tag1 vrf vpn-bluenet 49.0001.1201.0003.0001.00redistribute bgp 65000 metric transparent level-1-2

MPLS C fi tiMPLS C fi ti


101/101


Static

Used to configure VRF specific routes

Always need to specify the interfaceeven though you have the next-hop

ip route vrf YELLOW 10.1.0.0 255.255.0.0 10.1.1.5 serial 2/0

MPLS VPN Configurations

Text of MPLS VPN Configurations

MPLS and VPN Architecturesarmstrong.craig.free.fr/eBooks/Cisco/Cisco Press MPLS and VPN... · Migration of VPN Sites onto the MPLS/VPN Solution Summary A. Tag-switching and MPLS Command

RIEDEL Managed MPLS VPN - savecall.de · Leistungsbeschreibung Seite 3 von 14 Riedel Networks Managed MPLS VPN 1 Technische Realisierung des Riedel Managed MPLS VPN 1.1 MPLS MPLS

Standortvernetzung – MPLS VPN - rtr.at · Leistungsbeschreibung Standortvernetzung – MPLS VPN 3/13 1 EINLEITUNG

Presentación+02+ +mpls-vpn

MPLS L3 VPN

MPLS Protocol & Services Interoperability Event ...• VPN - Virtual Private Network • BGP/MPLS VPN - Layer 3 MPLS VPN using BGP-4 • VRF Table - VPN Routing and Forwarding Table

GRE VPN Mpls

MPLS e VPN

MPLS - VPN

VPN-MPLS - OK

Managed MPLS VPN Product Sheet - Global Cloud Xchangeglobalcloudxchange.com/.../2016/11/Managed-MPLS-VPN-Product-S… · globalcloudxchange.com V2.02 Managed MPLS VPN from Global

VPN Mpls Ipsec Tls

Mpls l3 VPN Tmpll3v001

MPLS VPN Technology

MPLS/WAN/VPN Bandwidth Services at NNPC Nodal … MPLS Based Bandwidth... · MPLS/WAN/VPN Bandwidth Services at NNPC Nodal Hubs ... Service (MPLS) and Virtual Private Network (VPN)

vpn/mpls GNS3

VPN, Mpls, Ipsec

Interas Mpls VPN

MPLS VPN - HH

Sigcom Mpls VPN

MPLS-VPN Services

MPLS VPN Enterprise

Mpls l2 VPN Tmpll2v001

Mpls Mpls VPN

MPLS VPN. MPLS/BGP VPNs Goals MPLS/BGP VPN Features Implementation Conclusions

MPLS VPN - utcluj.roftp.utcluj.ro/pub/users/dadarlat/retele_master/mpls-vpn/MPLS_VPN/... · MPLS VPN • MPLS VPNs are enhancement to MPLS • MPLS uses a virtual circuit (VC) across

Mpls l3 VPN Principle

Kamal-mpls Based VPN

Comparison between traditional vpn and mpls vpn

Artigo VPN Mpls

Documents

MPLS VPN Configurations

Text of MPLS VPN Configurations