Documente Academic
Documente Profesional
Documente Cultură
Khalid Raza, Kyle Bearden, & Munther Antoun March, 2001 Version 0.1
MPLS Bootcamp
Cisco Confidential
MPLS Bootcamp
Cisco Confidential
Cisco Confidential
Delivered at Layer-2 (SP backbone) or Layer-3 (IP backbone) Private connectivity amongst multiple sites
Controlled access into the VPN
Cisco Confidential
irt al Pri at
t orks
irt al ial p
t orks
irt al L
O rla
P r-to-P r P
La r-2 P
La r-3 P
Acc ss lists (S ar ro t r)
Split ro ti ( icat ro t r)
MPLS/VP
X.25
F/R
ATM
RE
IPS c
MPLS Bootcamp
Cisco Confidential
Private Trunks Across a Telco/SP Shared Infrastructure Leased/Dialup Lines FR/ATM Virtual Circuits IP(GRE) Tunnelling Point-to-point Solution between Customer Sites How to Size Inter-site Circuit Capacities? Full Mesh Requirement for Optimal Routing CPE Routing Adjacencies between Sites
MPLS Bootcamp
2000, Cisco Systems, Inc.
Cisco Confidential
CPE Router
CPE Router
VPN Site 1
VPN Site 2
Provider Edge Device Exchanges Routing Information with CPE All customer routes carried within SP IGP Simple routing scheme for VPN customer Routing between sites is optimal Circuit sizing no longer an issue Private Addressing is N T an ption Addition of New Sites is Simpler No overlay mesh to contend with
MPLS Bootcamp
2000, Cisco Systems, Inc.
Cisco Confidential
MP-iBGP Session
Customer Edge (CE) Router VPN Site 1 Customer Edge (CE) Router VPN Site 2
Combines Benefits of verlay and Peer-to-peer Paradigms verlay (security and isolation amongst customers) Peer-to-peer (simplified customer routing) PE Routers only Hold Routes for Attached VPNs Reduces size of PE routing information Proportional to number of VPNs attached MPLS Used to Forward Packets (not Traditional IP Routing) Full routing within backbone no longer required
MPLS Bootcamp
2000, Cisco Systems, Inc.
Cisco Confidential
MPLS Bootcamp
Cisco Confidential
10.2.0.0 CE
VPN_B
iBGP sessions
CE P P
VPN_A
11.5.0.0
VPN_A
10.2.0.0 CE
VPN_A
PE
PE
CE
10.1.0.0
11.6.0.0
VPN_B
CE PE
P PE CE
VPN_B
10.3.0.0
10.1.0.0 CE
P Routers (LSRs) are in the core of the MPLS cloud PE Routers (Edge LSRs or LERs) use MPLS with the core and plain IP with CE routers P and PE routers share a common IGP PE routers are MP-iBGP fully-meshed
or use Route-Reflectors (RRs)
MPLS Bootcamp
2000, Cisco Systems, Inc.
Confederations supported in IOS 12.1(5)T & higher [maybe also 10 Cisco Confidential 12.0(14)ST?]
P Router
CE Router
PE Router
PE Router
CE Router
VPN Site
C-Network
MPLS Bootcamp
Cisco Confidential
11
MPLS Bootcamp
Cisco Confidential
12
MPLS Bootcamp
Cisco Confidential
13
Control Planes LDP/TDP, MP-BGP, CE-PE Peering, IGP Forwarding Table VRF
Data Plane
MPLS Bootcamp
Cisco Confidential
14
Cisco Confidential
15
VPN-A
CE PE
VRF for VPN-A
Paris
VPN-A
CE
IGP & nonVPN BGP VRF for VPN-B
London
VPN-B
CE
Multiple routing & forwarding instances (VRFs) provide separation amongst different customers
MPLS Bootcamp
2000, Cisco Systems, Inc.
Cisco Confidential
16
VPN B
MPLS Bootcamp
2000, Cisco Systems, Inc.
VPN C
17
Cisco Confidential
PE
EBGP,OSPF, RIPv2,Static
CE
Site-2
MPLS Bootcamp
Cisco Confidential
18
P Router
CE Router PE PE CE Router
Site
MP-iBGP
Site
MPLS Bootcamp
Cisco Confidential
19
MPLS Bootcamp
Cisco Confidential
20
MPLS Bootcamp
Cisco Confidential
21
MPLS Bootcamp
Cisco Confidential
22
Cisco Confidential
23
VPN-A CE
Paris
PE
PE
VPN-A
CE MP-iBGP
London
BGP Table
Routes from VPN-A Routes from VPN-B
VRF VPN-A VRF VPN-B
VPN-B
CE
Munich
Cisco Confidential
24
Cisco Confidential
25
(Site of
rigin)
Cisco Confidential
26
PE
CE-1
Paris
CE-2
London
Cisco Confidential
27
MP-iBGP Update
VPN-V4 Address
Route Distinguisher (64 bits) Makes the IPv4 route globally unique RD is configured in the PE for each VRF RD may or may not be related to a site or a VPN IPv4 address (32bits)
rigin
MPLS Bootcamp
Cisco Confidential
28
MP-iBGP Update
Any other standard BGP attribute
Local Preference MED Next-hop AS_PATH Standard community
A Label identifying:
The outgoing interface or VRF where a lookup has to be performed (Aggregate/Connected) MP-iBGP utilizes a second label in the label stack
MPLS Bootcamp
2000, Cisco Systems, Inc.
Cisco Confidential
29
PE
CE-1
Paris
VPN-v4 update is translated into IPv4 address and put into VRF VPN-A as RT=VPN-A and optionally advertised to CE2
CE-2
London
The label associated to the VPN-V4 address will be set on packets forwarded towards the destination
MPLS Bootcamp
2000, Cisco Systems, Inc.
Cisco Confidential
30
VPN A
VPN A
SITESITE-1
SITESITE-3
MP-iBGP
P Router
SITESITE-2
VPN A
SITESITE-4
VPN A
MPLS Bootcamp
Cisco Confidential
31
MPLS Bootcamp
Cisco Confidential
32
RT & SOO
Two EXTENDED (64-bit) BGP Attributes Used to Define
Route-target Set of routers the route has to be exported to SOO (Site of Origin Identifier) Routers where the route has been originated
This enables the closed user group functionality Set by PE routers in order to define import/export policies on a per-site/VRF basis
MPLS Bootcamp
2000, Cisco Systems, Inc.
Cisco Confidential
33
BGP-4 Enhancements
MPLS Bootcamp
Cisco Confidential
34
Extended Community
Types 0 through 0x7FFF inclusive are assigned by IANA Types 0x8000 through 0xFFFF inclusive are vendor-specific
MPLS Bootcamp
2000, Cisco Systems, Inc.
Cisco Confidential
35
Extended Community
MPLS Bootcamp
Cisco Confidential
36
Extended Community
Router origin community Identifies one or more routers that inject a set of routes (that carry this community) into BGP
The Type field for the Route Origin community is 0x0001 or 0x0101
MPLS Bootcamp
Cisco Confidential
37
Extended Community
Cisco Confidential
38
Extended Community
MPLS Bootcamp
Cisco Confidential
39
Site of Origin
Site-1 192.168.0.5/32
PE
CE
7200-1#sh ip route vrf odd C 192.168.65.0/24 is directly connected, Serial2 B 192.168.0.5 [20/0] via 192.168.65.5, 00:08:44, Serial2 7200-1# 7200-1#sh ip bgp vpn all Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100:1 (default for vrf odd) *> 192.168.0.5/32 192.168.65.5 0 0 250 i 7200-1#sh ip bgp vpn all 192.168.0.5 BGP routing table entry for 100:1:192.168.0.5/32, version 17 Paths: (1 available, best #1) Advertised to non peer-group peers: 192.168.0.7 250 192.168.65.5 from 192.168.65.5 (192.168.0.5) Origin IGP, metric 0, localpref 100, valid, external, best Extended community: SoO:100:65 RT:100:3 7200-1#
ip vrf odd rd 100:1 route-target export 100:3 route-target import 100:3 ! interface Serial1 ip vrf forwarding odd ip address 192.168.65.6 255.255.255.0 ! router bgp 100 no synchronization no bgp default ipv4-unicast neighbor 192.168.0.7 remote-as 100 neighbor 192.168.0.7 update-source Loop0 neighbor 192.168.0.7 activate neighbor 192.168.0.7 next-hop-self no auto-summary ! address-family ipv4 vrf odd neighbor 192.168.65.5 remote-as 250 neighbor 192.168.65.5 activate neighbor 192.168.65.5 route-map setsoo in no auto-summary no synchronization exit-address-family ! address-family vpnv4 neighbor 192.168.0.7 activate neighbor 192.168.0.7 send-community extended no auto-summary exit-address-family ! route-map setsoo permit 10 set extcommunity soo 100:65
40
MPLS Bootcamp
Cisco Confidential
Site of Origin
PE-1
intCE1
PE-2
eBGP4 update: 192.168.0.5/32
PE-2 will not propagate the route since the update SOO is equal to the one configured for the site
CE-1
192.168.0.5/32
Site-1 SOO=100:65
CE-2
MPLS Bootcamp
Cisco Confidential
41
Multi-Protocol BGP
Extension to the BGP protocol in order to carry routing information about other protocols
Multicast MPLS IPv6
Cisco Confidential
42
MP_UNREACH_NLRI
Carry the set of unreachable destinations
Cisco Confidential
43
MPLS Bootcamp
Cisco Confidential
44
The label is changed by the router that modifies the next-hop value
Typically the EBGP speaker Or iBGP forwarder configured with next-hop-self
MPLS Bootcamp
Cisco Confidential
45
BGP will consider two VPN-IPV4 comparable even with different labels
A withdrawn of a VPN-IPv4 address will be considered for all NLRI corresponding to the VPN-IPV4 address, whatever are the different assigned labels
MPLS Bootcamp
2000, Cisco Systems, Inc.
Cisco Confidential
46
BGP routers establish BGP sessions through the OPEN message OPEN message contains optional parameters BGP session is terminated if OPEN parameters are not recognised A new optional parameter: CAPABILITIES
MPLS Bootcamp
2000, Cisco Systems, Inc.
Cisco Confidential
47
A BGP router sends an OPEN message with CAPABILITIES parameter containing its capabilities:
Multiprotocol extension Route Refresh Co-operative Route Filtering ...
MPLS Bootcamp
2000, Cisco Systems, Inc.
Cisco Confidential
48
MPLS Bootcamp
Cisco Confidential
49
BGP routers use BGP-4 Multiprotocol Extension to carry label (label) mapping information
Multiprotocol Extension capability Used to negotiate the Address Family Identifier AFI = 1 Sub-AFI = 128 for MPLS-VPN
MPLS Bootcamp
Cisco Confidential
50
BGP speakers may send Route-Refresh message only to neighbors from which the capability has been exchanged
MPLS Bootcamp
2000, Cisco Systems, Inc.
Cisco Confidential
51
When the inbound policy has been modified, the BGP speaker sends a Route-Refresh message to its neighbors
With AFI, Sub-AFI attributes
Neighbors will re-transmit all routes for that particular AFI and Sub-AFI
MPLS Bootcamp
Cisco Confidential
52
Cisco Confidential
53
ORF capable BGP speaker will install ORFs per neighbor Each ORF will be defined by the upstream neighbor through routerefresh messages
MPLS Bootcamp
2000, Cisco Systems, Inc.
Cisco Confidential
54
ORF Entry
AFI/Sub-AFI Filter will apply only to selected address families ORF-Type Determine the content of ORF-Value NLRI is one ORF-Type NLRI is used to match IP addresses (subnets)
MPLS Bootcamp
Cisco Confidential
55
ORF Entry
Action ADD: Add an ORF entry to the current ORF DELETE: Delete a previously received ORF entry DELETE ALL: Delete all existing ORF entries Match PERMIT: Pass routes that match the ORF entry DENY: Do not pass routes that match the ORF entry
MPLS Bootcamp
2000, Cisco Systems, Inc.
Cisco Confidential
56
MPLS Bootcamp
Cisco Confidential
57
MPLS Bootcamp
Cisco Confidential
58
MPLS Bootcamp
Cisco Confidential
59
10.2.0.0 CE
VPN_B
CE P2 PE2 P1 P4 PE4 P3
L8L2Data
11.5.0.0
VPN_A
10.2.0.0 CE
VPN_A
CE
Data
10.1.0.0
11.6.0.0
VPN_B
CE PE1
PE3
CE
VPN_B
10.3.0.0
10.1.0.0 CE
<RD_B,10.1> iBGP NH= PE2 L2 <RD_B,10.2> ,, iBGPnext hop PE1,T1 L7 L8 <RD_B,10.2> , iBGP next hop <RD_B,10.3> , iBGP next hop <RD_A,11.6> , iBGP next hop <RD_A,10.1> , iBGP next hop <RD_A,10.4> , iBGP next hop <RD_A,10.2> , iBGP next hop PE2 L2 PE3 L3 PE1 L4 PE4 L5 PE4 L6 L7 PE2
Ingress PE Receives Normal IP Packets from CE Router PE Router Does IP Longest Match in VRF , Finds iBGP Next Hop PE2 and Imposes a Stack of Labels: Second Level Label L2 + Top Label L8
MPLS Bootcamp
2000, Cisco Systems, Inc.
L8 L9 L7 LB LB L8
Cisco Confidential
60
10.2.0.0
VPN_B VPN_A
CE CE
Data L2 Data
VPN_A
11.5.0.0
VPN_A
10.2.0.0 CE 11.6.0.0
VPN_B
PE2
P2
P4 PE4
L2 Data
LAL2 Data
CE
Data
10.1.0.0
P1 CE PE1
P3
PE3
CE
VPN_B
10.3.0.0
10.1.0.0 CE
in / out
L8, POP T8 Lw
T7 Lu L9 Lx La Ly Lb Lz
All subsequent P routers switch packet solely on top label Egress PE routers upstream LDP neighbor (Penultimate Hop or PH) removes top label (PHP) Egress PE uses bottom (VPN) label to select which VPN/CE to forward the Packet to
MPLS Bootcamp
Cisco Confidential
61
PE-1 P router
Use label implicit-null for destination 197.26.15.1/32 VPN-v4 update: RD:1:27:149.27.2.0/24, NH=197.26.15.1 SOO=Paris, RT=VPN-A, Label=(28) Use label 41 for destination 197.26.15.0/24
Paris
149.27.2.0/24
London
PE and P routers have BGP next-hop reachability through the backbone IGP Labels are distributed through LDP corresponding to BGP next-hops or RSVP with Traffic Engineering
MPLS Bootcamp
2000, Cisco Systems, Inc.
Cisco Confidential
62
MPLS Bootcamp
Cisco Confidential
63
PE-1
Paris
149.27.2.0/24
London
Ingress PE receives normal IP packets PE router performs IP Longest Match from VPN FIB, finds iBGP next-hop and imposes a stack of labels <IGP, VPN>
MPLS Bootcamp
2000, Cisco Systems, Inc.
Cisco Confidential
64
PE-1
149.27.2.27
Paris
149.27.2.0/24
London
Egress PE router uses the VPN label to select which VPN/CE to forward the packet to VPN label is removed and the packet is routed toward the VPN site
MPLS Bootcamp
2000, Cisco Systems, Inc.
Cisco Confidential
65
MPLS Bootcamp
Cisco Confidential
66
Cisco Confidential
67
PE
VRF for VPN-A Extranet VPN Routing Table VRF for VPN-B
VPN-A
VPN-B CE
Munich
Cisco Confidential
68
Cisco Confidential
69
195.12.2.0/24
VPN A VRF (Export RT=client-rt) (Import RT=server-rt) VPN A VRF 195.12.2.0/24 146.12.9.0/24 MP-iBGP Update RD:195.12.2.0/24, RT=client-rt 146.12.9.0/24 MP-iBGP Update RD:146.12.9.0/24, RT=server-rt
VPN A
VPN B
VPN B VRF (Export RT=client-rt) (Import RT=server-rt)
146.12.7.0/24
MPLS Bootcamp
Cisco Confidential
70
Default route provided through static or dynamic route within the VRF
extension to ip route command - Global keyword Internet gateway points to an exit point whose address is within the global routing table
PE router generates VPN customer routes into BGP through global static routes
MPLS Bootcamp
2000, Cisco Systems, Inc.
Cisco Confidential
71
195.12.2.0/24
ip route vrf VPN_A 0.0.0.0 0.0.0.0 Internet-PE global ip route 195.12.2.0 255.255.255.0 serial 1/0 VPN A VRF 0.0.0.0 NH=Internet-PE NH=Internet-
VPN B 146.12.9.0/24
ip route vrf VPN_B 0.0.0.0 0.0.0.0 Internet-PE global ip route 146.12.9.0 255.255.255.0 serial 1/1
MPLS Bootcamp
Cisco Confidential
72
Export VPN A default with RT=17:22 RT=17:22 and VPN B default with RT=17:28 RT=17:28
VPNVPN-IPv4 Update Net=0.0.0.0/0 RT=17:28 RT=17:28 VPNVPN-IPv4 Update Net=0.0.0.0/0 RT=17:22 RT=17:22
VPNVPN-IPv4 Update Net=0.0.0.0/0 RT=17:28 RT=17:28 VPNVPN-IPv4 Update Net=0.0.0.0/0 RT=17:22 RT=17:22
VPN A
VPN B
MPLS Bootcamp
Cisco Confidential
73
Cisco Confidential
74
MPLS Bootcamp
Cisco Confidential
75
With multiple interfaces, sub-optimal routing a possibility with default route generation
as multiple defaults would allow load balancing but no best path selection
Association of Internet routes with VRF provide ability to generate aggregate default
MPLS Bootcamp
2000, Cisco Systems, Inc.
Cisco Confidential
76
ISP A
ISP B
PE
Static default pointing to loopback interface so lookup in VRF will occur on incoming packets
PE
MPLS Bootcamp
Cisco Confidential
77
Label assignment will occur for every route within the VRF
memory overhead even though labels are never used
If full routes distributed, could result in multiple copies of Internet routing table
MPLS Bootcamp
2000, Cisco Systems, Inc.
Cisco Confidential
78
MPLS Bootcamp
Cisco Confidential
79
Routing Convergence
Convergence needs to be assessed in two main areas
convergence within the MPLS VPN backbone convergence between VPN client sites
MPLS Bootcamp
Cisco Confidential
80
VPN Client A
New VPN route propagated across MPiBGP session New VPN route advertised
VPN Client A
PE
PE
BGP next-hop
Cisco Confidential
81
MPLS Bootcamp
Cisco Confidential
82
Cisco Confidential
83
VPN Client A
Use label 23 for destination 197.26.15.1/32 Use label POP for destination 197.26.15.1/32
VPN Client A
PE-1 P-1
Use label 41 for destination 197.26.15.1/32
PE-2
P-3
Use label 25 for destination 197.26.15.1/32
P-2
Cisco Confidential
84
Two-stage Convergence:
IGP: converge around topology changes MPLS: re-establish label mappings
MPLS Bootcamp
2000, Cisco Systems, Inc.
Cisco Confidential
85
VPN Client A
Use label 1/239 for destination 197.26.15.1/32 Use label 1/321 for destination 197.26.15.1/32
VPN Client A
PE-1 P-1
Label request for destination 197.26.15.1/32
PE-2
P-3
Label request for destination 197.26.15.1/32
P-2
MPLS LSR must re-converge on IGP change AND resignal for label mapping to downstream next-hop
MPLS Bootcamp
2000, Cisco Systems, Inc.
Cisco Confidential
86
Client-to-Client Convergence
Four Main Convergence Areas
Advertisement of routes from CE to PE and placement into VRF Propagation of routes across the MPLS VPN backbone Import process of these routes into relevant VRFs Advertisement of VRF routes to attached VPN sites
MPLS Bootcamp
Cisco Confidential
87
Cisco Confidential
88
Import Process
Import Process Uses a Separate Invocation of the Scanner Process
Default = 15 seconds Can be tuned using the bgp scan-time import command
MPLS Bootcamp
Cisco Confidential
89
Scanner Process
Cisco Confidential
90
Cisco Confidential
91
MPLS Bootcamp
Cisco Confidential
92
Scaling
Existing BGP techniques can be used to scale the route distribution: route reflectors (RRs) & BGP confederations (Inter-AS VPN) Each edge router needs only the information for the directly-connected VPNs it supports RRs are used to distribute VPN routing information
MPLS Bootcamp
Cisco Confidential
93
Route reflectors may be partitioned Each RR stores routes for a set of VPNs Thus, no BGP router needs to store information on ALL VPNs PEs will peer to RRs according to the VPNs they support
MPLS Bootcamp
2000, Cisco Systems, Inc.
Cisco Confidential
94
iBGP full mesh amongst PEs results in flooding of all VPN routes to all PEs Scaling problems when large amount of routes. PEs need routes for only attached VRFs
MPLS Bootcamp
Cisco Confidential
95
Each PE will discard any VPN-IPv4 route that hasnt a route-target configured to be imported in any of the attached VRFs This reduces significantly the amount of information each PE has to store Volume of BGP table is equivalent of volume of attached VRFs (nothing more)
MPLS Bootcamp
2000, Cisco Systems, Inc.
Cisco Confidential
96
PE
MP-iBGP sessions
VPN-IPv4 update: RD:Net1, Next-hop=PE-X SOO=Site1, RT=Green, Label=XYZ VPN-IPv4 update: RD:Net1, Next-hop=PE-X SOO=Site1, RT=Red, Label=XYZ
Each VRF has an import and export policy configured Policies use route-target attribute (extended community) PE receives MP-iBGP updates for VPN-IPv4 routes If route-target is equal to any of the import values configured in the PE, the update is accepted Otherwise it is silently discarded
MPLS Bootcamp
2000, Cisco Systems, Inc.
Cisco Confidential
97
However, the PE may not have stored routing information which become useful after a change PE request a re-transmission of updates to neighbors Route-Refresh
MPLS Bootcamp
2000, Cisco Systems, Inc.
Cisco Confidential
98
PE
2. PE issue a Route-Refresh message with a ORF entry to neighbors in order not to receive red routes: Permit RT = Green, Yellow
VPN-IPv4 update: RD:Net1, Next-hop=PE-X SOO=Site1, RT=Green, Label=XYZ VPN-IPv4 update: RD:Net1, Next-hop=PE-X SOO=Site1, RT=Red, Label=XYZ
Import RT=green
1. PE doesnt need red routes
3. Neighbors dynamically configure the outbound filter and send updates accordingly
PE router will discard update with unused routetarget Optimisation requires these updates NOT to be sent Outbound Route Filter (ORF) allows a router to tell its neighbors which filter to use prior to propagate BGP updates
MPLS Bootcamp
2000, Cisco Systems, Inc.
Cisco Confidential
99
MPLS Bootcamp
Cisco Confidential
100
Requires PE-ASBRs to store VPN routes that need to be exchanged Routes are in the MP-BGP table but not in any routing table
PE-ASBRs do not have any VRFs MP-eBGP labels are used in LFIB
MPLS Bootcamp
2000, Cisco Systems, Inc.
Cisco Confidential
101
PE-ASBR1
PE-ASBR2
CE-3 CE-4
MPLS Bootcamp
Cisco Confidential
102
PE-2
PE-3
PE-ASBR1
PE-ASBR2
Network=N Next-hop=CE2
Network=N Next-hop=PE3
CE-3 CE-4
MPLS Bootcamp
Cisco Confidential
103
L1 Dest=N
RR-2 L3 Dest=N
PE-1
L2 Dest=N PE-ASBR2
PE-ASBR1 Dest=N
Dest=N
CE-3 CE-4
MPLS Bootcamp
Cisco Confidential
104
MPLS Bootcamp
Cisco Confidential
105
Cisco Confidential
106
MPLS Bootcamp
Cisco Confidential
107
VRF Configuration
ip vrf VPN-A rd 1:129 route-target export 100:1 route-target import 100:1 ip vrf VPN-B rd 1:131 route-target export 100:2 route-target import 100:2
VPN-A CE
Paris
PE
VPN-A
CE
VPN-B
CE
Munich VRF for VPN-A (RT100:1) Paris routes London routes VRF for VPN-B (RT100:2) Munich routes
MPLS Bootcamp
Cisco Confidential
108
Cisco Confidential
109
MPLS Bootcamp
Cisco Confidential
110
VPN-A
CE
Paris
PE
VPN-A
CE
London
VPN-B
CE
Munich
router bgp 109 no bgp default ipv4-unicast neighbor 195.27.2.1 remote-as 100 neighbor 195.27.2.1 update-source Loopback0 ! address-family ipv4 vrf VPN-B neighbor 192.168.62.5 remote-as 65503 neighbor 192.168.62.5 activate exit-address-family ! address-family ipv4 vrf VPN-A neighbor 192.168.61.5 remote-as 65501 neighbor 192.168.61.5 activate neighbor 192.168.61.10 remote-as 65502 neighbor 192.168.61.10 activate exit-address-family ! address-family vpnv4 neighbor 195.27.2.1 activate neighbor 195.27.2.1 send-community extended exit-address-family
MPLS Bootcamp
Cisco Confidential
111
MPLS Bootcamp
Cisco Confidential
112
Internet PE-IG
MP-BGP 192.168.1.2
PE
Serial0
PE
MPLS Bootcamp
Cisco Confidential
113
192.168.1.1
Internet
PE-IG
192.168.1.2
PE
Serial0
Global Table and LFIB 192.168.1.1/32 Label=3 192.168.1.2/32 Label=5 ... Site-2 VRF 0.0.0.0/0 192.168.1.1 (global) Site-1 routes Site-2 routes
PE
IP packet D=cisco.com
MPLS Bootcamp
Cisco Confidential
114
Internet PE-IG
MP-BGP 192.168.1.2
PE
PE
Serial0.1
Serial0.2
MPLS Bootcamp
Cisco Confidential
192.168.1.1
Internet
PE-IG
192.168.1.2
PE
Serial0.1 Serial0.2
IP packet D=cisco.com
PE
Serial0.1 Site-1
Serial0.2 CE routing table Site-1 routes ----> Serial0.1 Internet routes ---> Serial0.2
MPLS Bootcamp
Cisco Confidential
116
PE
VPN-IPv4 update: RD:Net1, Next-hop=PE-X SOI=Site1, RT=Green, Label=XYZ VPN-IPv4 update: RD:Net1, Next-hop=PE-X SOI=Site1, RT=Red, Label=XYZ
New BGP capability: route refresh Allows a router to request to any neighbor the re-transmission of BGP updates
Useful when inbound policy has been modified Similar to Cisco soft-reconfiguration without need to store any route
MPLS Bootcamp
BGP speakers may send Route-Refresh Cisco Confidential message only to neighbors from which the
2000, Cisco Systems, Inc.
117
PE
2. PE issue a ORF message to all neighbors in order not to receive red routes
VPN-IPv4 update: RD:Net1, Next-hop=PE-X SOI=Site1, RT=Green, Label=XYZ VPN-IPv4 update: RD:Net1, Next-hop=PE-X SOI=Site1, RT=Red, Label=XYZ
Import RT=green
1. PE doesnt need red routes
3. Neighbors dynamically configure the outbound filter and send updates accordingly
PE router will discard update with unused route-target Optimisation requires these updates NOT to be sent Outbound Route Filter (ORF) allows a router to tell its neighbors which filter to Cisco Confidential use prior to propagate BGP updates
2000, Cisco Systems, Inc.
MPLS Bootcamp
118
VPN-C
VPN-A
PE1
Site-1
MPLS Bootcamp
2000, Cisco Systems, Inc.
Site-2
Site-3
Site-4
119
Cisco Confidential
router bgp 100 no bgp default ipv4-unicast neighbor 6.6.6.6 remote-as 100 neighbor 6.6.6.6 update-source Loop0 ! address-family ipv4 vrf site4 neighbor 192.168.74.4 remote-as 65504 neighbor 192.168.74.4 activate exit-address-family ! address-family ipv4 vrf site3 neighbor 192.168.73.3 remote-as 65503 neighbor 192.168.73.3 activate exit-address-family ! address-family vpnv4 neighbor 6.6.6.6 activate neighbor 6.6.6.6 next-hop-self exit-address-family
Site-1
MPLS Bootcamp
2000, Cisco Systems, Inc.
Site-2
Site-3
Site-4
120
Cisco Confidential
MPLS Bootcamp
Cisco Confidential
121
Initial limited deployment release in 12.0(10)ST and up 12.0(11)ST available on CCO General deployment also planned for 12.2(1)T Will be based on the current IETF draft (draft-ietf-mpls-ldp-11.txt?)
MPLS Bootcamp
2000, Cisco Systems, Inc.
Cisco Confidential
122
References
MPLS Bootcamp
Cisco Confidential
123
References
RFCs and Internet Drafts
draft-rosen-rfc2547bis-02.txt (was RFC2547) RFC2858 (Obsoletes RFC2283) draft-ietf-mpls-bgp4-mpls-02.txt draft-ramachandra-bgp-extcommunities04.txt
Textbook
MPLS and VPN Architectures, by Ivan Pepelnjak, Jim Guichard (ISBN# 1-58705-002-1) MPLS: Technology and Applications, by Bruce Davie, Yakov Rekhter (ISBN#1-55860-656-4)
Useful URLs
http://wwwin-mpls.cisco.com/ http://wwwin-ch.cisco.com/SQA/devtest/tag-switching/ http://wwwin-people.cisco.com/sprevidi/
MPLS Bootcamp
2000, Cisco Systems, Inc.
Cisco Confidential
124
Reference Pointers
Mailing Lists
tag-vpn@cisco.com <-- (mpls-vpn questions) cs-tagswitching@cisco.com <-- (general mpls questions) CS-rrr@cisco.com <--(mpls-te questions) mpls-deployment@cisco.com
MPLS Bootcamp
Cisco Confidential
125
NW00 Paris
126