Documente Academic
Documente Profesional
Documente Cultură
MPLS L3 VPN
25 JULY 2018
11:00 AM AEST Brisbane (UTC+10)
Specialties:
Routing & Switching
MPLS, IPv6
QoS
2
Agenda
• MPLS VPN
• VRF
• RD & RT
• Control Plane of MPLS L3VPN
• Data Plane of MPLS L3VPN
• Configuration Example
3
MPLS VPN Models
3
Advantages of MPLS Layer-3 VPN
• Scalability
• Security
• Easy to Create
• Flexible Addressing
• Integrated Quality of Service (QoS) Support
• Straightforward Migration
5
MPLS L3VPN Topology
P P
CE CE
VPNA PE PE VPNB
MPLS Network
VPNB
P P
CE VPNA
CE
6
Virtual Routing and Forwarding Instance
CE
VPNA VRF A
PE
MPLS Backbone
CE
VPNB
VRF B
7
Control Plane: Multi-Protocol BGP
• PE routers use MP-BGP to distribute VPN routes to each
other.
• MP-BGP customizes the VPN Customer Routing
Information as per the Locally Configured VRF Information
at the PE using:
– Route Distinguisher (RD)
– Route Target (RT)
– VPN Label
8
What is RD
• Route distinguisher is an 8-octet field prefixed to the
customer's IPv4 address. RD makes the customer’s IPv4
address unique inside the SP MPLS network.
• RD is configured in the VRF at PE
IPv4 Address (4
VPNv4 Address: Route Distinguisher (8 bytes)
bytes)
9
Route Advertisement: RD
• VPN customer IPv4 prefix is converted into a VPNv4 prefix
by appending the RD to the IPv4 address
• PE devices use MP-BGP to advertise the VPNv4 address
VPNv4 Prefixes on PE:
100:1:10.1.1.0
VPNA
200:1:10.1.1.0
10.1.1.0/24 CE
VRF A
RD: 100:1
PE
MPLS Backbone
VPNB
CE VRF B
10.1.1.0/24 RD: 200:1
10
What is RT
• Route Target is a BGP extended community attribute, is
used to control VPN routes advertisement.
Type 0 100:1
Example:
Type 1 192.168.1.1:1
11
Route Advertisement: RT
VRF A:
200:1:10.1.1.0/24
RT: 200:1, 300:1 VRF B:
CE CE
VPNB
VPNA
MPLS Network
VPNB
10.1.1.0/24 CE PE1 PE2 VPNA
CE
12
Using RT to Configure VPN Topologies
Im RT: 100:10 Im RT: 100:12
Ex RT: 100:10 Ex RT: 100:11
13
VPN Label
VRF B:
200:1:10.1.1.0/24
200:1:10.1.1.0/24 RT: 200:1, 300:1
RT: 200:1, 300:1
Out Label: 100
Local Label: 100
CE MP-iBGP CE
VPNB
VPNA
VPNB
CE PE1 PE2 VPNA
MPLS Network
10.1.1.0/24 CE
14
Control Plane Walkthrough(1/2)
MP-iBGP Update:
RD:10.1.1.0
Next-Hop=PE-1
Site 1 3 RT=200:1, Label=100 Site 2
10.1.1.0/24 CE1
2 P P
CE2
10.1.1.0/24
Next-Hop=CE-1
P P
1 PE1 PE2
MPLS Backbone
15
Control Plane Walkthrough(2/2)
MP-iBGP Update:
RD:10.1.1.0
10.1.1.0/24
Next-Hop=PE-1
Site 1 3 RT=200:1, Label=100 Next-Hop=PE-2 Site 2
10.1.1.0/24 CE1 5
2 P P 4
CE2
10.1.1.0/24
Next-Hop=CE-1
P P
1 PE1 PE2
MPLS Backbone
4. PE2 receives and checks whether the RT=200:1 is locally configured as ‘import RT’
within any VRF, if yes, then
– PE2 translates VPNv4 prefix back to IPv4 prefix
– Updates the VRF CEF Table for 10.1.1.0/24 with label=100
5. PE2 advertises this IPv4 prefix to CE2 (using whatever routing protocol)
16
Control Plane: Tunnel Label
Local Out Out Local Out Out Local Out Out Local Out Out
Prefix Prefix Prefix Prefix
Label Interface Label Label Interface Label Label Interface Label Label Interface Label
Pop- Pop-
1.1.1.1/32 - - 50 1.1.1.1/32 Eth0/1 25 1.1.1.1/32 Eth0/0 50 - 1.1.1.1/32 Eth0/1 25
Label Label
Eth0 0/1
/1 E
th0/ Eth
1 0/1
PE1 LD P Eth0/0 Eth0/0 Eth
P
L0:1.1.1.1/32 LDP
LD PE2
P1 P2
MPLS Backbone
• LDP runs on the MPLS backbone network to build the public LSP. The
tunnel label is also called transport label or public label.
• Local label mapping are sent to connected nodes. Receiving nodes
update forwarding table.
17
Data Plane
Site 1 Site 2
CE1
10.1.1.0/24 CE2
P3 P4
PE1 PE2
10.1.1.1 10.1.1.1 IP Packet
100 10.1.1.1 P1 P2
IP Packet
18
Application Scenario Business L3 VPN
CE
HQ of
HQ of Company B
Company A
CE
PE2 Branch of
Company A
CE
MPLS Backbone
Branch of CE
Company B CE PE1 Branch of
Company B
PE3 Branch of
Company A
CE
19
Application Scenario IP Carrier Network
Softswitch
MGW
Voice VPN PE MGW
PE
MGW
Media VPN
Softswitch
PE PE
MPLS Backbone
SGSN
GGSN
20
Configuration Example
• Task: Configure MPLS L3VPN on Cisco IOS (Version 15.2) to
make the following CEs communication with each other.
• Prerequisite configuration:
– 1. IP address configuration on PE & P routers
– 2. IGP configuration on PE & P routers
• Make sure all the routers in public network can reach each other.
21
Configure MPLS & LDP
• Configuration steps:
– 1. Configure MPLS and LDP on PE & P routers
ip cef
mpls ldp router-id loopback 0
interface ethernet1/0
mpls ip
mpls label protocol ldp
interface ethernet1/1
mpls ip
mpls label protocol ldp
22
Configure VRF
• Configuration steps:
– 2. Configure VRF instance on PE routers
vrf definition VPNA
rd 100:10
route-target export 100:10
route-target import 100:10
!
address-family ipv4
exit-address-family
!
23
Configure MP-iBGP
• Configuration steps:
– 3. Activate VPNv4 address family on PE routers
router bgp 100
neighbor 4.4.4.4 remote-as 100
neighbor 4.4.4.4 update-source loopback 0
!
address-family vpnv4
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-community both
exit-address-family
!
24
Configure PE-CE eBGP Neighbour
• Configuration steps:
– 4. Adding PE-CE eBGP neighbour in VRF context of BGP on PE
router bgp 100
address-family ipv4 vrf VPNA
neighbor 10.1.1.2 remote-as 65001
neighbor 10.1.1.2 activate
exit-address-family
!
26
Verify Results – VPN Reachability
• CE can learn the routes from each other:
CE2#show ip route
....
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.2.0/30 is directly connected, FastEthernet0/1
L 10.1.2.2/32 is directly connected, FastEthernet0/1
100.0.0.0/24 is subnetted, 1 subnets
B 100.1.1.0 [20/0] via 10.1.2.1, 00:38:26
200.1.1.0/24 is variably subnetted, 2 subnets, 2 masks
S 200.1.1.0/24 is directly connected, Null0
C 200.1.1.1/32 is directly connected, Loopback1
27
Configuration Example
• Task: Configure MPLS L3VPN on Huawei VRP (Version 5.1) to
make the following CEs communication with each other.
• Prerequisite configuration:
– 1. IP address configuration on PE & P routers
– 2. IGP configuration on PE & P routers
• Make sure all the routers in public network can reach each other.
VPNA VPNA
MPLS Network
28
Configure MPLS & LDP
• Configuration steps:
– 1. Configure MPLS and LDP on PE & P routers
29
Configure VRF
• Configuration steps:
– 2. Configure VRF instance on PE routers
[PE1] ip vpn-instance VPNA
[PE1-vpn-instance-VPNA] ipv4-family
[PE1-vpn-instance-VPNA-af-ipv4] route-distinguisher 100:10
[PE1-vpn-instance-VPNA-af-ipv4] vpn-target 100:10 both
IVT Assignment result:
Info: VPN-Target assignment is successful.
EVT Assignment result:
Info: VPN-Target assignment is successful.
[PE1-vpn-instance-VPNA-af-ipv4] quit
30
Configure MP-iBGP
• Configuration steps:
– 3. Enable MP-iBGP neighbors in vpnv4 address-family on PE routers
[PE1] bgp 100
[PE1-bgp] peer 4.4.4.4 as-number 100
[PE1-bgp] peer 4.4.4.4 connect-interface loopback 0
[PE1-bgp] ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 4.4.4.4 enable
[PE1-bgp-af-vpnv4] quit
[PE1-bgp] quit
31
Configure PE-CE eBGP Neighbour
• Configuration steps:
– 4. Adding PE-CE eBGP neighbour in VRF context of BGP on PE
[PE1] bgp 100
[PE1-bgp] ipv4-family vpn-instance VPNA
[PE1-bgp-vpna] peer 10.1.1.2 as-number 65001
[PE1-bgp-vpna] quit
32
Verify Results – VRF Routing Table
• Check the routes of VRF VPNA on PE.
33
Check VPN Routes in BGP
• Check the detailed route of VRF VPNA on PE.
<PE1> display bgp vpnv4 vpn-instance VPNA routing-table 200.1.1.0
34
Verify Results – VPN Reachability
• CE can learn the routes from each other:
[CE2]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 7 Routes : 7
35
Please remember to fill out the
feedback form:
https://www.surveymonkey.com/r/a
pnic-20180725-eL1
36
APNIC Helpdesk Chat
Thank You!
END OF SESSION
38