MPLS L3VPN: Inter-AS - Option A
Beyond the scope of the CCIE R&S, when you are studying the topic of L3VPN, you perceive that the entire establishment of the L3VPNs happened within the same AS, in other words, Intra-AS L3VPN. At that moment you think … How does a customer to establish a L3VPN between two locations where the same Service Provider has no presence?
Yes, this type of situation can occur when a customer wants to have a L3VPN from a Service Provider in a certain location to another Service Provider in another location. The two Service Providers would have to agree to exchange traffic at some point in common, being through a public peering, such as an IX or a private interconnection, and thus make possible the establishment of the L3VPN end-to-end.
There are three options to establish an Inter-AS L3VPN:
- Option A: Back-to-Back VRFs
- Option B: MP-eBGP for VPNv4
- Option C: Multihop MP-eBGP between RR + Labels
I will use this post to explain all related with an Inter-AS L3VPN using the Option A, also known as, Back-to-Back VRF for being the most simple of the options to interconnect the ASBRs. Option A has some characteristics that define it:
- A logical interface per VPN.
- Each ASBR thinks the other is a CE.
- Packets are sent unlabelled between the ASBRs.
- Any supported PE-CE routing protocol.
- Doesn’t have scalability to a large number of VPNs.
- The Service Providers don’t need to use the same Route-Target values, because VPNv4 updates are not exchanged.
The customer between the two locations is the same in this case FARMA (our customer that appear on the scenario) on PE1 and PE2, the LSP is between the PE and the ASBR on each Service Provider, there is no end-to-end LSP. Packets are sent unlabelled between LSPs. The ASBRs considers the other one to be a CE, meaning that any routing protocol is supported such as static routes, IGPs or BGP.
Note: If BGP is used, the updates are sent as IPv4 updates and not as VPNv4.
Option A is simple to deploy and requires the least amount of trust between the Service Providers. It works OK when providing L3VPNs to another Service Provider but in certain cases. Suppose that two Service Providers have an agreement to exchange traffic for big number of VPNs maybe hundreds between them, that will be a problem. Each ASBR will generate a VPNv4 update to its local AS, there is no need to manipulate the next-hop. Each ASBR will have to install all the routes into RIB/FIB which can also be a factor with the number of BGP sessions.
Demonstrating: Inter-AS L3VPN Option A
The following set of commands will be used to demonstrate the basic configuration to establish an Inter-AS L3VPN Option A, and assuming that the two MPLS backbones of each Service Providers are already configured.
On AS8048
hostname PE1
!
vrf definition FARMA
rd 8048:1
!
address-family ipv4
route-target export 8048:100
route-target import 8048:100
exit-address-family
!
!
interface Ethernet0/3
vrf forwarding FARMA
description PE-CE1
ip address 192.168.57.1 255.255.255.252
!
!
router eigrp AS8048
!
address-family ipv4 unicast vrf FARMA autonomous-system 101
!
topology base
redistribute bgp 8048 metric 1000 10 255 1 1500
exit-af-topology
network 192.168.57.0 0.0.0.3
!
router bgp 8048
!
address-family ipv4 vrf FARMA
redistribute eigrp 101
exit-address-family
!
hostname ASBR
!
vrf definition FARMA
rd 8048:1
!
address-family ipv4
route-target export 8048:100
route-target import 8048:100
exit-address-family
!
!
interface Ethernet0/3
vrf forwarding FARMA
description AS8048-AS6306
ip address 192.168.144.4 255.255.255.0
!
router eigrp AS8048
!
address-family ipv4 unicast vrf FARMA autonomous-system 101
!
topology base
redistribute bgp 8048 metric 1000 10 255 1 1500
exit-af-topology
network 192.168.144.0
!
router bgp 8048
!
address-family ipv4 vrf FARMA
redistribute eigrp 101
exit-address-family
!
hostname CE1
!
interface Loopback0
ip address 7.7.7.7 255.255.255.255
!
interface Ethernet0/3
description CE-PE
ip address 192.168.57.2 255.255.255.252
!
!
router eigrp 101
network 0.0.0.0
eigrp router-id 7.7.7.7
!
On AS6306
hostname PE2
!
vrf definition FARMA
rd 6306:1
!
address-family ipv4
route-target export 6306:100
route-target import 6306:100
exit-address-family
!
!
interface Ethernet0/1
vrf forwarding FARMA
description PE-CE2
ip address 192.168.167.1 255.255.255.0
!
router bgp 6306
!
address-family ipv4 vrf FARMA
redistribute eigrp 101
exit-address-family
!
router eigrp AS6306
!
address-family ipv4 unicast vrf FARMA autonomous-system 101
!
topology base
redistribute bgp 6306 metric 1000 10 255 1 1500
exit-af-topology
network 192.168.167.0
exit-address-family
!
hostname ASBR
!
vrf definition FARMA
rd 6306:1
!
address-family ipv4
route-target export 6306:100
route-target import 6306:100
exit-address-family
!
!
interface Ethernet0/3
vrf forwarding FARMA
description AS6306-AS8048
ip address 192.168.144.14 255.255.255.0
!
router bgp 6306
!
address-family ipv4 vrf FARMA
redistribute eigrp 101
exit-address-family
!
router eigrp AS6306
!
address-family ipv4 unicast vrf FARMA autonomous-system 101
!
topology base
redistribute bgp 6306 metric 1000 10 255 1 1500
exit-af-topology
network 192.168.144.0
exit-address-family
!
hostname CE2
!
interface Loopback0
ip address 17.17.17.17 255.255.255.255
!
interface Ethernet0/1
description CE-PE
ip address 192.168.167.2 255.255.255.0
!
!
router eigrp 101
network 0.0.0.0
eigrp router-id 17.17.17.17
!
Verifying end-to-end reachability between CEs
CE1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is not set
7.0.0.0/32 is subnetted, 1 subnets
C 7.7.7.7 is directly connected, Loopback0
17.0.0.0/32 is subnetted, 1 subnets
D 17.17.17.17 [90/460800] via 192.168.57.1, 00:38:46, Ethernet0/3
192.168.57.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.57.0/30 is directly connected, Ethernet0/3
L 192.168.57.2/32 is directly connected, Ethernet0/3
D 192.168.144.0/24 [90/307200] via 192.168.57.1, 00:38:46, Ethernet0/3
D 192.168.167.0/24 [90/332800] via 192.168.57.1, 00:38:46, Ethernet0/3
CE1#ping 17.17.17.17 source 7.7.7.7
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 17.17.17.17, timeout is 2 seconds:
Packet sent with a source address of 7.7.7.7
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms
CE1#traceroute 17.17.17.17 source 7.7.7.7
Type escape sequence to abort.
Tracing the route to 17.17.17.17
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.57.1 1 msec 1 msec 2 msec
2 10.3.5.3 [MPLS: Labels 16/28 Exp 0] 3 msec 4 msec 2 msec
3 10.1.3.1 [MPLS: Labels 16/28 Exp 0] 3 msec 2 msec 1 msec
4 192.168.144.4 [MPLS: Label 28 Exp 0] 2 msec 2 msec 3 msec
5 192.168.144.14 4 msec 4 msec 2 msec
6 10.11.14.11 [MPLS: Labels 25/29 Exp 0] 2 msec 2 msec 4 msec
7 10.11.13.13 [MPLS: Labels 23/29 Exp 0] 5 msec 3 msec 3 msec
8 192.168.167.1 [MPLS: Label 29 Exp 0] 3 msec 5 msec 2 msec
9 192.168.167.2 2 msec * 7 msec
With a simple traceroute between CEs we can see there are two different LSP (Label Switched Path) are being used to provide end-to-end reachability, where the first LSP is using the label 28 and the second one the label 29. Also, the traffic between ASBRs is unlabelled IPv4.
Verifying LSP-1 from PE1 to ASBR within AS8048 using label 28
PE1# show ip bgp vpnv4 all 17.17.17.17/32
BGP routing table entry for 8048:1:17.17.17.17/32, version 23
Paths: (1 available, best #1, table FARMA)
Not advertised to any peer
Refresh Epoch 1
Local
4.4.4.4 (metric 31) from 1.1.1.1 (1.1.1.1)
Origin incomplete, metric 435200, localpref 100, valid, internal, best
Extended Community: RT:8048:100 Cost:pre-bestpath:128:435200
0x8800:32768:0 0x8801:8048:179200 0x8802:65282:256000
0x8803:65281:1500 0x8806:0:286331153
Originator: 4.4.4.4, Cluster list: 1.1.1.1
mpls labels in/out nolabel/28
rx pathid: 0, tx pathid: 0x0
ASBR# show ip bgp vpnv4 vrf FARMA 17.17.17.17/32
BGP routing table entry for 8048:1:17.17.17.17/32, version 20
Paths: (1 available, best #1, table FARMA)
Advertised to update-groups:
1
Refresh Epoch 1
Local
192.168.144.14 from 0.0.0.0 (4.4.4.4)
Origin incomplete, metric 435200, localpref 100, weight 32768, valid, sourced, best
Extended Community: RT:8048:100 Cost:pre-bestpath:128:435200
0x8800:32768:0 0x8801:8048:179200 0x8802:65282:256000
0x8803:65281:1500 0x8806:0:286331153
mpls labels in/out 28/nolabel
rx pathid: 0, tx pathid: 0x0
Verifying LSP-2 from PE2 to ASBR within AS6306 using label 29
PE2# show ip bgp vpnv4 all 17.17.17.17/32
BGP routing table entry for 6306:1:17.17.17.17/32, version 27
Paths: (1 available, best #1, table FARMA)
Advertised to update-groups:
1
Refresh Epoch 1
Local
192.168.167.2 from 0.0.0.0 (16.16.16.16)
Origin incomplete, metric 3584000, localpref 100, weight 32768, valid, sourced, best
Extended Community: RT:6306:100
Cost:pre-bestpath:128:3584000 (default-2143899647) 0x8800:32768:0
0x8801:8048:153600 0x8802:65281:256000 0x8803:65281:1500
0x8806:0:286331153
mpls labels in/out 29/nolabel
rx pathid: 0, tx pathid: 0x0
ASBR# show ip bgp vpnv4 all 17.17.17.17/32
BGP routing table entry for 6306:1:17.17.17.17/32, version 28
Paths: (1 available, best #1, table FARMA)
Not advertised to any peer
Refresh Epoch 2
Local
16.16.16.16 (metric 20) from 11.11.11.11 (11.11.11.11)
Origin incomplete, metric 3584000, localpref 100, valid, internal, best
Extended Community: RT:6306:100
Cost:pre-bestpath:128:3584000 (default-2143899647) 0x8800:32768:0
0x8801:8048:153600 0x8802:65281:256000 0x8803:65281:1500
0x8806:0:286331153
Originator: 16.16.16.16, Cluster list: 11.11.11.11
mpls labels in/out nolabel/29
rx pathid: 0, tx pathid: 0x0
MPLS Inter-AS L3VPN with Option B and C will discuss it later.
__
References