MPLS L3VPN: Inter-AS - Option B
The previous post was used to explain Inter-AS L3VPN Option A, this post will be used to explain all related with Option B that in fact is similar to Option A with an exception that the Inter-AS connection use VPNv4 eBGP to exchange VPNv4 updates, instead of multiple VRF aware IGP or BGP. By this reason Inter-AS Option B becomes more scalable. Option B has some characteristics that define it:
- A unique interface to interconnect the ASBRs.
- ASBRs must be directly connected, also a GRE tunnel could be used, and thus be considered directly connected.
- It doesn’t require any VRFs on the ASBRs.
- ASBRs require
no bgp default route-target filtercommand to store VPNv4 routes, because it doesn’t have any VRFs. - More invasive compared to Option A.
- More scalable than Option A if the Service Provider has high number of VRFs.
In the previous post during the troubleshooting process was possible seen two LSPs one on each Service Provider and unlabelled packets between them. With Option B looks like an end-to-end LSP although it in fact are three LSPs that are stitched together.
The link between ASBRs have no any IGP or LDP configured. So, BGP will be used to generate labels that’s means an eBGP VPNv4 session must be configured between the ASBRs. The next-hop sent in the update to the other ASBR will be the local ASBR. Each ASBR needs to generate a label for the next-hop when BGP updates are sent to each other.
There are two different ways to deploy an Option B:
-
ASBR be the next-hop: This means that the
next-hop-selfparameter must be set on both ASBRs. Thus, any PE within the Service Provider will have the local ASBR as the next-hop with a transport label through the IGP + LDP. When this way is used, there are three LSPs. One between the PE and the ASBR on the first Service Provider, another one between ASBRs, and the last one between the ASBR and the PE on the remote Service Provider. -
Redistribute eBGP link into the IGP of each Service Provider: This means have the next-hop remain unchanged when VPNv4 updates are sent between the ASBRs. Thus, any PE within the Service Provider receives the update next-hop that will be the remote ASBR, to solve this, the link that connects both ASBRs must be redistributed into the IGP used on each Service Provider and LDP will be the responsible to generate the label. BGP will use connected routes with netmask /32 for the eBGP peer on the ASBR. When this way is used, there are two LSPs. One between the PE on the first Service Provider and the ASBR on the remote Service Provider, the last one between the ASBR and the PE on the remote Service Provider.
Demonstrating: Inter-AS L3VPN Option B
The following set of commands will be used to demonstrate the basic configuration to establish an Inter-AS L3VPN Option B with ASBR as the next-hop, and assuming that the two MPLS backbones of each Service Providers are already configured.
PEs in both Service Providers are configured with the same Route Distinguisher (RD) and Route Target (RT) for the customer FARMA.
On AS8048
hostname PE1
!
vrf definition FARMA
rd 6306:8048
!
address-family ipv4
route-target export 6306:8048
route-target import 6306:8048
exit-address-family
!
!
interface Ethernet0/3
vrf forwarding FARMA
description PE-CE1
ip address 192.168.57.1 255.255.255.252
!
!
router eigrp AS8048
!
address-family ipv4 unicast vrf FARMA autonomous-system 101
!
topology base
redistribute bgp 8048 metric 1000 10 255 1 1500
exit-af-topology
network 192.168.57.0 0.0.0.3
exit-address-family
!
router bgp 8048
!
address-family ipv4 vrf FARMA
redistribute eigrp 101
exit-address-family
!
hostname ASBR
!
interface Ethernet0/3
description ASBR8048-ASBR6306
ip address 190.40.14.1 255.255.255.252
mpls bgp forwarding
!
!
router bgp 8048
bgp log-neighbor-changes
no bgp default ipv4-unicast
no bgp default route-target filter
neighbor 1.1.1.1 remote-as 8048
neighbor 1.1.1.1 update-source Loopback0
neighbor 190.40.14.2 remote-as 6306
!
address-family ipv4
exit-address-family
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community both
neighbor 1.1.1.1 next-hop-self
neighbor 190.40.14.2 activate
neighbor 190.40.14.2 send-community both
exit-address-family
!
hostname CE1
!
interface Loopback0
ip address 7.7.7.7 255.255.255.255
!
interface Ethernet0/3
description CE-PE
ip address 192.168.57.2 255.255.255.252
!
!
router eigrp 101
network 0.0.0.0
eigrp router-id 7.7.7.7
!
On AS6306
hostname PE2
!
vrf definition FARMA
rd 6306:8048
!
address-family ipv4
route-target export 6306:8048
route-target import 6306:8048
exit-address-family
!
!
interface Ethernet0/1
vrf forwarding FARMA
description PE-CE2
ip address 192.168.167.1 255.255.255.0
!
!
router eigrp AS6306
!
address-family ipv4 unicast vrf FARMA autonomous-system 101
!
topology base
redistribute bgp 6306 metric 1000 10 255 1 1500
exit-af-topology
network 192.168.167.0
exit-address-family
!
router bgp 6306
!
address-family ipv4 vrf FARMA
redistribute eigrp 101
exit-address-family
!
hostname ASBR
!
interface Ethernet0/3
description AS6306-AS8048
ip address 190.40.14.2 255.255.255.252
mpls bgp forwarding
!
router bgp 6306
bgp log-neighbor-changes
no bgp default ipv4-unicast
no bgp default route-target filter
neighbor 11.11.11.11 remote-as 6306
neighbor 11.11.11.11 update-source Loopback0
neighbor 190.40.14.1 remote-as 8048
!
address-family ipv4
exit-address-family
!
address-family vpnv4
neighbor 11.11.11.11 activate
neighbor 11.11.11.11 send-community both
neighbor 11.11.11.11 next-hop-self
neighbor 190.40.14.1 activate
neighbor 190.40.14.1 send-community both
exit-address-family
!
hostname CE2
!
interface Loopback0
ip address 17.17.17.17 255.255.255.255
!
interface Ethernet0/1
description CE-PE
ip address 192.168.167.2 255.255.255.0
!
!
router eigrp 101
network 0.0.0.0
eigrp router-id 17.17.17.17
!
Verifying end-to-end reachability between CEs
CE1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is not set
7.0.0.0/32 is subnetted, 1 subnets
C 7.7.7.7 is directly connected, Loopback0
17.0.0.0/32 is subnetted, 1 subnets
D 17.17.17.17 [90/435200] via 192.168.57.1, 00:23:51, Ethernet0/3
192.168.57.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.57.0/30 is directly connected, Ethernet0/3
L 192.168.57.2/32 is directly connected, Ethernet0/3
D 192.168.167.0/24 [90/307200] via 192.168.57.1, 00:23:51, Ethernet0/3
CE1#ping 17.17.17.17 source 7.7.7.7
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 17.17.17.17, timeout is 2 seconds:
Packet sent with a source address of 7.7.7.7
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/7 ms
CE1#traceroute 17.17.17.17 source 7.7.7.7
Type escape sequence to abort.
Tracing the route to 17.17.17.17
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.57.1 2 msec 1 msec 0 msec
2 10.3.5.3 [MPLS: Labels 16/33 Exp 0] 5 msec 4 msec 9 msec
3 10.2.3.2 [MPLS: Labels 16/33 Exp 0] 12 msec 5 msec 9 msec
4 10.2.4.4 [MPLS: Label 33 Exp 0] 7 msec 4 msec 4 msec
5 190.40.14.2 [MPLS: Label 31 Exp 0] 4 msec 5 msec 6 msec
6 10.11.14.11 [MPLS: Labels 25/31 Exp 0] 3 msec 4 msec 6 msec
7 10.11.13.13 [MPLS: Labels 22/31 Exp 0] 5 msec 4 msec 5 msec
8 192.168.167.1 [MPLS: Label 31 Exp 0] 7 msec 4 msec 4 msec
9 192.168.167.2 12 msec * 7 msec
With a simple traceroute between CEs we can see there are three different LSP (Label Switched Path) are being used to provide end-to-end reachability, where the first LSP is using the label 33, the second one the label 31, and the last one the label 31.
Verifying LSP-1 from PE1 to ASBR within AS8048 using label 33
PE1# show ip bgp vpnv4 vrf FARMA 17.17.17.17
BGP routing table entry for 6306:8048:17.17.17.17/32, version 28
Paths: (1 available, best #1, table FARMA)
Not advertised to any peer
Refresh Epoch 5
6306
4.4.4.4 (metric 31) from 1.1.1.1 (1.1.1.1)
Origin incomplete, metric 0, localpref 100, valid, internal, best
Extended Community: RT:6306:8048 0x8800:32768:0 0x8801:8048:153600
0x8802:65281:256000 0x8803:65281:1500 0x8806:0:286331153
Originator: 4.4.4.4, Cluster list: 1.1.1.1
mpls labels in/out nolabel/33
rx pathid: 0, tx pathid: 0x0
PE1# show ip route vrf FARMA 17.17.17.17
Routing Table: FARMA
Routing entry for 17.17.17.17/32
Known via "bgp 8048", distance 200, metric 0
Tag 6306, type internal
Redistributing via eigrp 101
Advertised by eigrp 101 metric 1000 10 255 1 1500
Last update from 4.4.4.4 01:17:50 ago
Routing Descriptor Blocks:
* 4.4.4.4 (default), from 1.1.1.1, 01:17:50 ago
Route metric is 0, traffic share count is 1
AS Hops 1
Route tag 6306
MPLS label: 33
MPLS Flags: MPLS Required
Verifying LSP-2 between ASBRs using label 31
ASBR8048# show ip bgp vpnv4 all 17.17.17.17
BGP routing table entry for 6306:8048:17.17.17.17/32, version 16
Paths: (1 available, best #1, no table)
Advertised to update-groups:
2
Refresh Epoch 1
6306
190.40.14.2 from 190.40.14.2 (14.14.14.14)
Origin incomplete, localpref 100, valid, external, best
Extended Community: RT:6306:8048 0x8800:32768:0 0x8801:8048:153600
0x8802:65281:256000 0x8803:65281:1500 0x8806:0:286331153
mpls labels in/out 33/31
rx pathid: 0, tx pathid: 0x0
Verifying LSP-3 from ASBR to PE2 within AS6306 using label 31
ASBR6306# show ip bgp vpnv4 all 17.17.17.17
BGP routing table entry for 6306:8048:17.17.17.17/32, version 16
Paths: (1 available, best #1, no table)
Advertised to update-groups:
2
Refresh Epoch 1
Local
16.16.16.16 (metric 20) from 11.11.11.11 (11.11.11.11)
Origin incomplete, metric 3584000, localpref 100, valid, internal, best
Extended Community: RT:6306:8048
Cost:pre-bestpath:128:3584000 (default-2143899647) 0x8800:32768:0
0x8801:8048:153600 0x8802:65281:256000 0x8803:65281:1500
0x8806:0:286331153
Originator: 16.16.16.16, Cluster list: 11.11.11.11
mpls labels in/out 31/31
rx pathid: 0, tx pathid: 0x0
Verifying unlabelled traffic from PE2 to CE2 within AS6306
PE2# show ip bgp vpnv4 vrf FARMA 17.17.17.17
BGP routing table entry for 6306:8048:17.17.17.17/32, version 17
Paths: (1 available, best #1, table FARMA)
Advertised to update-groups:
1
Refresh Epoch 1
Local
192.168.167.2 from 0.0.0.0 (16.16.16.16)
Origin incomplete, metric 3584000, localpref 100, weight 32768, valid, sourced, best
Extended Community: RT:6306:8048
Cost:pre-bestpath:128:3584000 (default-2143899647) 0x8800:32768:0
0x8801:8048:153600 0x8802:65281:256000 0x8803:65281:1500
0x8806:0:286331153
mpls labels in/out 31/nolabel
rx pathid: 0, tx pathid: 0x0
__
References