1 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 INTER-AUTONOMOUS SYSTEM MPLS VPN December 2003

1© 2003 Cisco Systems, Inc. All rights reserved.

MPLS VPN Inter-AS, 12/03

INTER-AUTONOMOUS SYSTEM MPLS VPNDecember 2003



• Inter-Autonomous System (Inter-AS) Multiprotocol Label Switching (MPLS) VPN Overview

• Inter-AS Control Plane

• Inter-AS Forwarding Plane

• Inter-AS Connectivity Models

• Inter-AS Summary

Agenda



Inter-AS MPLS VPN is a scalable mechanism for exchanging prefix and label information between

two Service Provider networks. It is an extension of the basic MPLS VPN architecture (RFC 2547bis).



• Enables communication between networks under separate autonomous systems

• Provides traffic separation and maintain end-to-end privacy while traffic traverses multiple MPLS VPN backbones in a scalable manner

• Allows VPN information to pass between MPLS VPN Service Providers so that they can successfully route traffic for a particular VPN

• Extends MPLS VPN services across geographical boundaries, so Service Providers can support their customer base in geographical locations that do not have POPs

• Allows a single Service Provider to partition its network into multiple domains for scalability and inter-departmental privacy

• Uses MPLS to forward the traffic end-to-end and across the systems

Why Inter-AS?



• More than ten Service Providers globally

• Hardware

Cisco 7200 and 7500 Series Routers

Cisco 10000 and 12000 Series Internet Routers

• Popular Inter-AS connectivity models

Back-to-Back VRF

MP-eBGP between ASBRs

eBGP between ASBRs and MP-eBGP between RRs

Inter-AS Deployment



VPN-B-1

PE-1

VPN-B-2

PE-2

CE-4

VPN-G-1

CE-B2CE-B1

CE-3

VPN-G-2

PE-ASBR-1

PE-ASBR-2

AS #100 AS #200

VPN-R-1HUBv

CE-R1

VPN-R-2Spoke

VPN-R-3Spoke

Internet

Interne-GWInterne-GW

Shared Services for VPNsShared Services for VPNsShared Services for VPNsShared Services for VPNs

Shared Services for VPNsShared Services for VPNs Shared Services for VPNsShared Services for VPNs

Inter-AS Topology Overview



Inter-AS Functionality

• MPLS VPN providers exchange routes across VRF interfaces

• Each PE-ASBR router treats the other as a CE

• Provider edge routers are gateways used for VPNv4 route exchange

• PE-ASBR to PE-ASBR link may use any supported PE-CE routing protocol



• Each AS operates under different administrative control and runs different IGP

• No IGP routing information exchange between the domains

• All routing information exchange between the domains is via Exterior Routing Protocol

• Routing policies may differ between the exchange points

• Customer VPN routes are distributed into VRFs at the ingress PE of the ISP

• Each PE assigns labels for the routes to establish connections

Routing For Each Service Provider Domain



INTER-AS CONTROL PLANE



• Establishes EBGP session between the PE-ASBRs

• Distribute IPv4 routes for the VPNs in the form of VPNv4 addresses

• PE-ASBRs re-write Next-hop and labels when a route is distributed to a neighbor

• PE-ASBRs store ALL VPN routes that need to be exchanged

• Routes are in the MP-BGP table but not in any other routing tables

PE-ASBRs do not have any VRF

MP-eBGP labels are used in LFIB

Inter-AS Control Plane



CE-B-1

IBGPRoute=Site2Next hop=ASBR-SP2Label=L’

CE-B-2

SP1MPLS Core

SP2MPLS Core

PE1-SP1ASBR-SP2ASBR-SP1

EBGPRoute=Site2Next hop=ASBR-SP2Label=L’

IBGPRoute=Site2Next hop=PE1-SP2Label=L’

PE1-SP2

Route=VPN Blue Site1Via:StaticEBGPOSPFEIGRPRIPv2

Route=VPN Blue Site1Via:StaticEBGPOSPFEIGRPRIPv2

Inter-AS Control Plane Route Exchange



PE-1

PE-ASBR1

CE-2

PE-ASBR2

PE-3

CE-1

PE-2

CE-5

CE-4

CE-3

RR-1

Core of P LSRs

RR-2 Core of P LSRs

Network=RD1:NNext-hop=PE1Label=L1

Network=RD1:NNext-hop=PE-ASBR1Label=L2

Network=RD1:NNext-hop=PE1Label=L1 Network=RD1:N

Next-hop=PE-ASBR2Label=L3

Network=RD1:NNext-hop=PE-ASBR2Label=L3

Network=NNext-hop=CE2

Network=NNext-hop=PE3

SP1SP2

Inter-AS Control Plane



INTER-AS FORWARDING PLANE



PE-1PE-2

VPN-B-1

CE-2 CE-3

VPN-B-2

PE-ASBR-1 PE-ASBR-2

152.12.4.0/24

152.12.4.1

LDP PE-ASBR-2 Label L3

152.12.4.1

152.12.4.1L3

L2 152.12.4.1

LDP PE-1 Label L1 152.12.4.1

152.12.4.1 L1

152.12.4.1

External MP-BGP for VPNv4 Forwarding Plane



PE-1

PE-ASBR1

CE-2

PE-ASBR2

PE-3

CE-1

PE-2

CE-5

CE-4

CE-3

RR-1

Core of P LSRs

RR-2 Core of P LSRs

SP1 SP2

152.12.4.1

152.12.4.1L3

L2 152.12.4.1

152.12.4.1L1

152.12.4.1

Inter-As Forwarding Plane



• A VPNv4 TFIB entry corresponds to VPNv4RD+Prefix

Inter-AS VPNv4 TFIB Entries



• Create a loopback address on participating ASBRs

• Setup ASBRs for VPNv4 route distribution

• Setup ASBRs for IPV4 route distribution

• Disable automatic route filtering feature

• Set ASBR as Next-Hop-Self

Inter-AS Basic Configuration



Inter-AS Memory and Performance Impact

• Similar to that of basic VPNv4 for the same number of VRFs and router per VRF



VPN Client Connectivity

VPN-A-1VPN-A-2

PE-1

PE2

CE2

Edge Router1 Edge Router2

CE-1

VPN Sites attached to different MPLS VPN Service Providers

AS #100 AS #200

149.27.2.0/24

VPN-v4 update:RD:1:27:149.27.2.0/24,

NH=PE-1RT=1:231, Label=(28)

VPN-v4 update:RD:1:27:149.27.2.0/24,


BGP, OSPF, RIPv2 149.27.2.0/24,NH=CE-1


VPN-A VRFImport routes with route-target 1:231

How to distribute routes between

SPs ?



VPNv4 Distribution Options in Inter-AS

VPN-A-1

PE-1

VPN-A-2

PE-2

CE-2

Back-to-back VRFs

MP-eBGP for VPNv4

Multihop MP-eBGP between RRs

Non-VPN Transit Provider

Several options available for distribution of VPNv4 prefix information

AS #100 AS #200

PE-ASBR-1 PE-ASBR-2

CE-1

Multihop MP-eBGP



INTER-AS CONNECTIVITY MODELS



• Back-to-back VRFs

• External MP-eBGP for VPNv4

• Multihop MP-eBGP

• Multihop MP-eBGP between RRs

• Non-VPN Transit Provider

Inter-AS Connectivity Models



Option 1: Back-to-Back VRF Connectivity

• Recommended for fewer VRFs requiring simpler connectivity when ASBRs are directly connected over a physical interface

• ASBRs are directly connected over a physical interface

• Sub-interface per VRF is created and mapped

• Packet is forwarded as an IP packet between the ASBRs

• Each PE-ASBR router treats the other as a CE

• PE-ASBR to PE-ASBR link may use any supported PE-CE routing protocol

• Scalability issues if need to support large numbers of VRFs



Back-to-Back VRF Connectivity

VPN-A-1

PE-1

VPN-A-2

PE-2

CE-4

VPN-B-1

CE-2CE-1 CE-3

VPN-B-2

VRF to VRF Connectivity between PE-ASBRs

One logical interface & VRF per

VPN client

PE-ASBR-1 PE-ASBR-2

AS #100 AS #200



Back-to-Back VRF Connectivity Control Plane

PE-1 PE-2

VPN-B-1

CE-2 CE-3

VPN-B-2


PE-ASBR-1 PE-ASBR-2

152.12.4.0/24



VPN-v4 update:RD:1:27:152.12.4.0/24,


VPN-v4 update:RD:1:27:152.12.4.0/24,


VPN-B VRFImport routes with route-target 1:222

BGP, OSPF, RIPv2 152.12.4.0/24

NH=PE-ASBR1

BGP, OSPF, RIPv2 152.12.4.0/24

NH=PE-ASBR1

VPN-v4 update:RD:1:27:152.12.4.0/24,

NH=PE-ASBR-2RT=1:222, Label=(92)

VPN-v4 update:RD:1:27:152.12.4.0/24,

NH=PE-ASBR-2RT=1:222, Label=(92)

VPN-B VRFImport routes with route-target 1:222

BGP, OSPF, RIPv2 152.12.4.0/24,NH=PE-2




Back-to-Back VRF Connectivity Forwarding Plane

PE-1 PE-2

VPN-B-1

CE-2 CE-3

VPN-B-2


PE-ASBR-1 PE-ASBR-2

152.12.4.0/24

152.12.4.1

LDP PE-ASBR-2 Label 92

152.12.4.1152.12.4.1

LDP PE-1 Label 29 152.12.4.1

152.12.4.1



Option 2: External MP-BGP for VPNv4 Prefix Exchange

• Recommended when a larger number of VRFs need to be supported

• ASBRs are directly connected and belong to only couple service providers

• Traffic will be crossing only single hop network



External MP-BGP for VPNv4 Prefix Exchange (Cont.)

• Gateway PE-ASBRs exchange routes directly using BGP

External MP-BGP for VPNv4 prefix exchange

No LDP or IGP

• MP-BGP session with next-hop set to advertising PE-ASBR

Next-hop and labels are rewritten when advertised across the Inter-Provider MP-BGP session

• PE-ASBR stores all VPN routes that need to be exchanged

Only within the BGP table (no VRFs)

Labels are populated into the LFIB of the PE-ASBR



• Receiving Gateway PE-ASBRs may allocate new label if desired

Controlled by configuration of next-hop-self (default is off)

• Receiving PE-ASBR will automatically create a /32 host route for its PE-ASBR neighbor

Which must be advertised into receiving IGP if next-hop-self is NOT in operation to maintain the LSP;

• PE-ASBRs need to hold all Inter-AS VPN routes

External MP-BGP for VPNv4



External MP-BGP for VPNv4

VPN-A-1

PE-1

VPN-A-2

PE-2

CE-4

VPN-B-1

CE-2CE-1 CE-3

VPN-B-2

MP-BGP VPNv4 prefix exchange between Gateway PE-ASBRs

PE-ASBR-1PE-ASBR-2

AS #100 AS #200

MP-eBGP for VPNv4

Label exchange between Gateway PE-ASBR routers using

MP-eBGP



External MP-BGP for VPNv4 Control Plane

PE-1 PE-2

VPN-B-1

CE-2 CE-3

VPN-B-2

PE-ASBR-1 PE-ASBR-2

152.12.4.0/24



VPN-v4 update:RD:1:27:152.12.4.0/24,

NH=PE-1RT=1:222, Label=(L1)

VPN-v4 update:RD:1:27:152.12.4.0/24,


VPN-v4 update:RD:1:27:152.12.4.0/24,

NH=PE-ASBR-2RT=1:222, Label=(L3)

VPN-v4 update:RD:1:27:152.12.4.0/24,




VPN-v4 update:RD:1:27:152.12.4.0/24,


VPN-v4 update:RD:1:27:152.12.4.0/24,




External MP-BGP for VPNv4 Forwarding Plane

PE-1PE-2

VPN-B-1

CE-2 CE-3

VPN-B-2

PE-ASBR-1 PE-ASBR-2

152.12.4.0/24

152.12.4.1


152.12.4.1

152.12.4.1L3

L2 152.12.4.1

LDP PE-1 Label L1 152.12.4.1

152.12.4.1 L1

152.12.4.1



• Useful for exchanging a large number of routes with the same or multiple service providers; traffic crosses more than one hop

• External MP-BGP between PE-ASBR routers (Option 2)

• PE-ASBR routers exchange routes across a Multi-hop BGP session

External MP-BGP for VPNv4 prefix exchange

• IGP and LDP required between PE-ASBR routers to maintain the end-to-end internal LSP

Can use static routing to interface addresses

• No /32 host route created for adjacent PE-ASBR routers

Option 3: Multi-Hop External MP-BGP for VPNv4



VPN-A-1

PE-1

VPN-A-2

PE-2

CE-4 CE-1

Multi-Hop session between Gateway PE-ASBRs

PE-ASBR-1PE-ASBR-2

AS #1 AS #2

Multi-Hop MP-eBGP for VPNv4

IGP & LDP

Multi-Hop External MP-BGP for VPNv4



PE-1 PE-2

VPN-B-1

CE-2 CE-3

VPN-B-2

PE-ASBR-1 PE-ASBR-2

152.12.4.0/24



VPN-v4 update:RD:1:27:152.12.4.0/24,


VPN-v4 update:RD:1:27:152.12.4.0/24,


VPN-v4 update:RD:1:27:152.12.4.0/24,


VPN-v4 update:RD:1:27:152.12.4.0/24,




VPN-v4 update:RD:1:27:152.12.4.0/24,


VPN-v4 update:RD:1:27:152.12.4.0/24,


IGP & LDP exchange of PE-ASBR-1

IGP & LDP exchange of PE-ASBR-1

Multi-Hop External MP-BGP for VPNv4 Control Plane



PE-1 PE-2

VPN-B-1

CE-2 CE-3

VPN-B-2

PE-ASBR-1 PE-ASBR-2

152.12.4.0/24

152.12.4.1


152.12.4.1

152.12.4.1L3

LDP PE-1 Label L1 152.12.4.1

152.12.4.1L1

152.12.4.1


152.12.4.1

Multi-Hop External MP-BGP for VPNv4 Forwarding Plane



• Multi-Hop MP-eBGP with RR is useful for off-loading VPNv4 routes to RR for scalability purpose. ASBRs will not need to maintain VPNv4 routes.

• MPLS VPN providers exchange VPNv4 prefixes via their Route Reflectors

Requires Multihop MP-eBGP (VPNv4 routes)

• Next-hop-self MUST be disabled on Route Reflector

Preserves next-hop and label as allocated by the originating PE router

• Providers exchange IPv4 routes with labels between directly connected ASBRs using eBGP

Only PE loopback addresses exchanged as these are BGP next-hop addresses

Option 4: Multihop MP-eBGP for VPNv4 between RRs: Application Note



Multihop MP-eBGP for VPNv4 between RRs

VPN-A-1

PE-1

VPN-A-2

PE-2

CE-4

VPN-B-1

CE-2CE-1 CE-3

VPN-B-2

Multihop MP-eBGP VPNv4 prefix exchange between Route Reflectors

ASBR-1

RR-2

AS #100 AS #200

Multihop MP-eBGP for VPNv4 with no

next-hop-self

ASBRs exchange BGP next-hop addresses

with labels

ASBR-2

RR-1

eBGP IPv4 + Labels



Multihop MP-eBGP for VPNv4 between RRs: Control Plane

PE-1 PE-2

VPN-B-1

CE-2 CE-3

VPN-B-2

ASBR-1

RR-2

SP #2

ASBR-2

RR-1

Network=PE-1 NH=ASBR-1Label=(L2)




152.12.4.0/24

VPN-v4 update:RD:1:27:152.12.4.0/24,


VPN-v4 update:RD:1:27:152.12.4.0/24,


VPN-v4 update:RD:1:27:152.12.4.0/24,


VPN-v4 update:RD:1:27:152.12.4.0/24,


VPN-v4 update:RD:1:27:152.12.4.0/24,


VPN-v4 update:RD:1:27:152.12.4.0/24,








Multihop MP-eBGP for VPNv4 between RRs: Forwarding Plane

PE-1PE-2

VPN-B-1

CE-2 CE-3

VPN-B-2

ASBR-1

RR-2

ASBR-2

RR-1

152.12.4.0/24

152.12.4.1

L1LDP PE-ASBR-2 Label

L3 L1 152.12.4.1

152.12.4.1L3

L2 L1 152.12.4.1

LDP PE-1 Label L1

152.12.4.1

152.12.4.1L1

152.12.4.1



Option 5: Non-VPN Transit Provider

• Two MPLS VPN providers may exchange routes via third parties (non-VPN transit backbones running MPLS)

• Multihop MP-eBGP deployed between edge providersWith the exchange of BGP next-hops via the transit provider

• Providers may change the AS# within each regionTransit network is not part of the AS path

• Requirement to propagate BGP next-hops and also build end-to-end LSPs

• Options for end-to-end LSP creationMerge IGPs of all AS’s including the transit network

Redistribute PE host routes between AS’s

Use static routes across boundaries; redistribute to IGP

Use IPv4 + labels



Non-VPN Transit Provider

PE-1

PE-2VPN-B-1

CE-2

CE-3

VPN-B-2

ASBR-1

RR-2

Non-VPN MPLS Transit Backbone

Multihop MP-eBGP or MP-iBGP for VPNv4

ASBR-2

RR-1

ASBR-3

ASBR-4NO next-hop-self

eBGP IPv4 + Labels

eBGP IPv4 + Labels

MPLS VPN Provider #100


eBGP IPv4 + Labels

eBGP IPv4 + Labels eBGP IPv4 + Labels



Non-VPN Transit ProviderControl Plane

PE1

PE2VPN-B-1

CE-2

CE-3

VPN-B-2

ASBR-1

RR-2


ASBR-2

RR-1

ASBR-3

ASBR-4


152.12.4.0/24



152.12.4.0/24, NH=PE-1

RT=1:222, Label=(L1)

152.12.4.0/24, NH=PE-1




152.12.4.0/24, NH=PE-1


152.12.4.0/24, NH=PE-1


152.12.4.0/24, NH=PE-1


152.12.4.0/24, NH=PE-1








End-to-End LSP(Forwarding

Path)

Inner Label Exchange



Non-VPN Transit ProviderForwarding Plane

PE1

VPN-B-1

CE-2

CE-3

VPN-B-2

ASBR-1

RR-2


ASBR-2

RR-1

ASBR-3

ASBR-4

152.12.4.0/24



152.12.4.1

LDP PE-ASBR-4 Label L5 L1

152.12.4.1

152.12.4.1L1L4

LDP PE-ASBR-2 Label L3 L1

152.12.4.1

L1L2 152.12.4.1

LDP PE-1 Label L1 152.12.4.1

L1 152.12.4.1

PE2



Why IPV4 BGP Label Distribution?

• Allows a VPN service provider network to exchange IPv4 routes with MPLS labels

• Use BGP to distribute labels associated with the routes at the same time it distributes the routes

ASBR-1

AS #100 AS #200

ASBR-2

eBGP IPv4 + Labels AS2_PE1AS1_PE1

Benefits:

• Eliminate the need for any other Label distribution protocol between the two ASBRs

• Allow a non-VPN core network to act as a transit network for VPN traffic



IPV4 BGP Label Distribution Architecture

• Subsequent Address Family Identifier (value 4) field is used to indicate that the NLRI contains a label

• If a BGP peer indicates, through BGP Capability Advertisement, that it can process Update messages with the specified SAFI field, a BGP speaker can use BGP to send labels

• No specific procedures are enforced in RFC when the BGP peers are non-adjacent

• Accept labels from only trusted source to assure proper security



IPV4 BGP Label Distribution Configuration

• ASBRs (and RR if in use)

address-family ipv4 ! Redistributing IGP into BGP

neighbor <neighbors loopback add> send-label

• AS1_PE1

neighbor <RR> send-label

neighbor <ASBR-1> send-label

• RR

neighbor <ASBR-1> send-label

neighbor <AS1_PE1> send-label



Summary: Back-to-back VRF Connectivity

• Scalability is an issue with many VPNs

One VRF & logical interface required per VPN client;

Gateway PE-ASBR must hold ALL routing information

• PE-ASBR must filter & store VPNv4 prefixes

Plus import into VRFs thus increasing MPLS, CEF & routing table memory

• No MPLS label switching required between providers

Standard IP between gateway PE-ASBRs;

No exchange of routes using MP-eBGP;

Simple solution, works today but limited in deployment scope



Summary: MP-eBGP for VPNv4 Prefix Exchange

• Scalability less of an issue when compared to back-to-back VRF connectivity

Only one interface required between PE-ASBR routers;

No VRF requirement on any PE-ASBR router interfaces

• Automatic Route Filtering must be disabled

Hence filtering on RT values essential, and good filtering policy must be applied on EVERY PE-ASBR;

Import of routes into VRFs is not required which reduces the memory impact on PE-ASBR routers

• MPLS label switching required between providers

Routes exchanged using MP-eBGP;

Still simple, more scalable & works today



Summary: Multi-hop MP-eBGP for VPNv4

• More scalable than back-to-back VRF or MP-eBGP for VPNv4

As ALL VPNv4 routes held on route reflectors and NOT PE-ASBR routers

• Route Reflectors hold VPNv4 information

Each provider utilizes route reflectors locally for VPNv4 prefix distribution;

eBGP connection added for exchange with external peer

• BGP next-hop addresses exchanged between providers across PE-ASBR links using IPv4 + labels

Separation of forwarding & control planes;

IPv4 + labels



INTER-AS SAMPLE CONFIGURATIONS

515151© 2003 Cisco Systems, Inc. All rights reserved.Presentation_ID



Multihop and Label Distribution with RR: Network Topology

PE-1 PE-2

ASBR-1

RR-2

AS #100 AS #200

Multihop MP-eBGP for VPNv4 with no

next-hop-self

ASBRs exchange BGP next-hop addresses

with labels

ASBR-2

RR-1

eBGP IPv4 + Labels

aa.aa bb.bb

ee.ee ff.ff

ww.ww xx.xx

Goal: distribute the VPNv4 and IPv4 routes, and the MPLS labels of remote PEs/RRs to local PEs and RRs



Network Specifications and Requirements

• AS 100 uses the route reflectors to distribute the IPv4/VPNv4 routes and MPLS labels from the ASBR to the PE

• In AS 200, the IPv4 routes that ASBR2 learned are redistributed into IGP

• IP Addressing:

RR1: aa.aa

RR2: bb.bb

ASBR-1: ww.ww

ASBR-2: xx.xx

PE1: ee.ee

PE2: ff.ff



Network Specifications and Requirements

• RR1 exchanges VPNv4 routes with RR2, using multiprotocol, multihop EBGP

• VPNv4 next hop information and VPN label are preserved across the autonomous systems

• RR1 reflects to PE1 the VPNv4 routes learned from RR2 and the IPv4 routes and MPLS labels learned from ASBR1



ip subnet-zero ip cef ! interface Loopback0 ip address aa.aa.aa.aa 255.255.255.255 no ip directed-broadcast

router bgp 100 bgp cluster-id 1 bgp log-neighbor-changes timers bgp 10 30 neighbor ee.ee.ee.ee remote-as 100 neighbor ee.ee.ee.ee update-source Loopback0 neighbor ww.ww.ww.ww remote-as 100 neighbor ww.ww.ww.ww update-source Loopback0 neighbor bb.bb.bb.bb remote-as 200 neighbor bb.bb.bb.bb ebgp-multihop 255 neighbor bb.bb.bb.bb update-source Loopback0 no auto-summary !

! address-family ipv4 neighbor ee.ee.ee.ee activate neighbor ee.ee.ee.ee route-reflector-client !IPv4+labels session to PE1 neighbor ee.ee.ee.ee send-label neighbor ww.ww.ww.ww activate neighbor ww.ww.ww.ww route-reflector-client !IPv4+labels session to ASBR1 neighbor ww.ww.ww.ww send-label no neighbor bb.bb.bb.bb activate no auto-summary no synchronization exit-address-family ! address-family vpnv4 neighbor ee.ee.ee.ee activate neighbor ee.ee.ee.ee route-reflector-client !VPNv4 session with PE1 neighbor ee.ee.ee.ee send-community extended neighbor bb.bb.bb.bb activate neighbor bb.bb.bb.bb next-hop-unchanged !MH-VPNv4 session with RR2 neighbor bb.bb.bb.bb send-community extended next-hop-unchanged exit-address-family !

Route Reflector 1 Configuration (Cont.)



ip subnet-zero ip cef ! interface Loopback0 ip address bb.bb.bb.bb 255.255.255.255 no ip directed-broadcast ! router bgp 200 bgp cluster-id 1 bgp log-neighbor-changes timers bgp 10 30 neighbor aa.aa.aa.aa remote-as 100 neighbor aa.aa.aa.aa ebgp-multihop 255 neighbor aa.aa.aa.aa update-source Loopback0 neighbor ff.ff.ff.ff remote-as 200 neighbor ff.ff.ff.ff update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor aa.aa.aa.aa activate neighbor aa.aa.aa.aa next-hop-unchanged !Multihop VPNv4 session with RR1 neighbor aa.aa.aa.aa send-community extended next-hop-unchanged neighbor ff.ff.ff.ff activate neighbor ff.ff.ff.ff route-reflector-client !VPNv4 session with PE2 neighbor ff.ff.ff.ff send-community extended exit-address-family !

• RR2 exchanges VPNv4 routes with RR1 through multihop, multiprotocol EBGP

• Next-hop and the VPN label are preserved across the autonomous systems

Route Reflector 2 Configuration (Cont.)



ip subnet-zero mpls label protocol tdp ! interface Loopback0 ip address ww.ww.ww.ww 255.255.255.255 no ip directed-broadcast no ip route-cache no ip mroute-cache

address-family ipv4 ! Redistributing IGP into BGP redistribute ospf 10 ! so that PE1 & RR1 loopbacks neighbor aa.aa.aa.aa activate ! get into the BGP table neighbor aa.aa.aa.aa send-label neighbor hh.0.0.1 activate neighbor hh.0.0.1 advertisement-interval 5 neighbor hh.0.0.1 send-label neighbor hh.0.0.1 route-map IN in !accepting routes from route-map IN. neighbor hh.0.0.1 route-map OUT out !distributing routes from route-map OUT. no auto-summary no synchronization exit-address-family ! address-family vpnv4 neighbor aa.aa.aa.aa activate neighbor aa.aa.aa.aa send-community extended exit-address-family

ASBR1 exchanges IPv4 routes and MPLS labels with ASBR2

! access-list 1 permit ee.ee.ee.ee log !Set up the access lists. access-list 2 permit ff.ff.ff.ff log access-list 3 permit aa.aa.aa.aa log access-list 4 permit bb.bb.bb.bb log route-map IN permit 10 !Setting up the route maps. match ip address 2 match mpls-label

!ASBR1 should accept PE2's route (ff.ff) with labels and !RR2's route (bb.bb) without labels.

route-map IN permit 11 match ip address 4

!ASBR1 should distribute PE1's route (ee.ee) with labels and !RR1's route (aa.aa) without labels.

route-map OUT permit 12 match ip address 3 ! route-map OUT permit 13 match ip address 1 set mpls-label

ASBR-1 Configuration



• ASBR2 and ASBR1 exchange IPv4 routes and MPLS labels

• ASBR2 does not use the RR to reflect IPv4 routes and MPLS labels to PE2

• ASBR2 redistributes the IPv4 routes and MPLS labels learned from ASBR1 into IGP

• PE2 can now reach the prefixes

ASBR-2 Configuration



ip subnet-zero ip cef ! interface Loopback0 ip address xx.xx.xx.xx 255.255.255.255 no ip directed-broadcast !router bgp 200 bgp log-neighbor-changes timers bgp 10 30 neighbor bb.bb.bb.bb remote-as 200 neighbor bb.bb.bb.bb update-source Loopback0 neighbor hh.0.0.2 remote-as 100 no auto-summary ! address-family ipv4 redistribute ospf 20 !Redistributing IGP into BGP neighbor hh.0.0.2 activate !so that PE2 & RR2 loopbacks neighbor hh.0.0.2 advertisement-interval 5 !will get into the BGP-4 table. neighbor hh.0.0.2 route-map IN in neighbor hh.0.0.2 route-map OUT out neighbor hh.0.0.2 send-label no auto-summary no synchronization exit-address-family ! address-family vpnv4 neighbor bb.bb.bb.bb activate neighbor bb.bb.bb.bb send-community extended exit-address-family

! access-list 1 permit ff.ff.ff.ff log !Setting up the access lists. access-list 2 permit ee.ee.ee.ee log access-list 3 permit bb.bb.bb.bb log access-list 4 permit aa.aa.aa.aa log route-map IN permit 11 !Setting up the route maps. match ip address 2 match mpls-label !

! route-map IN permit 12 match ip address 4 ! route-map OUT permit 10 match ip address 1 set mpls-label ! route-map OUT permit 13 match ip address 3 !

ASBR-2 Configuration (Cont.)



INTER-AS SUMMARY



• Service Providers have deployed Inter-AS for:

Scalability purposes

Partitioning the network based on services or management boundaries

• Some contract work is in progress amongst Service Providers to establish partnership and offer end-end VPN services to the common customer base

• Service Provider networks are completely separate

Do not need to exchange internal prefix or label information

• Each Service Provider establishes a direct MP-eBGP session with the others to exchange VPN-IPv4 addresses with labels

• /32 route to reach the ASBR is created by default so ASBRs can communicate without a need for IGP

Must be redistributed in the receiving Service Provider’s IGP

Inter-AS Summary



• IGP or LDP across ASBR links is not required

Labels are already assigned to the routes when exchanged via MP-eBGP

Interface used to establish MP-eBGP session does not need to be associated with a VRF

• Direct eBGP routes and labels can be exchanged.

• Next-Hop self can be turned on on ASBRs, enabling the ASBR to use its own address for next-hop

• Using the next-hop self requires an additional entry in the TFIB for each VPNv4 route (about 180) bytes

• If the Service Provider wishes to hide the Inter-AS link then use the next-hop-self method otherwise use the redistribute connected subnets method

Inter-AS Summary (Cont.)



• Multi-hop MP-eBGP sessions can be passed between Service Providers without conversions to VPNv4 routes

• Configuration of VRFs is not required on the ASBRs because bgp default route-target filter (automatic route filtering feature) has been disabled

• To conserve memory on both sides of the boundary and implement a simple form of security, always configure inbound route-maps to filter only routes that need to be passed to the other AS

Inter-AS Summary (Cont.)



References

• Inter-AS for MPLS VPNs CCO Documentation:

www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t5/interas.htm

• MPLS and VPN architectures Jim Guichard/Ivan Pepelnjak ISBN 1-58705-002-1:

www.ciscopress.com/book.cfm?book=168

• Support for Inter-provider MPLS VPN ENG-48803 Dan Tappan, (internal only)

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/%0B121newft/121t/121t5/interas.htm

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/%0B121newft/121t/121t5/interas.htm

http://www.ciscopress.com/book.cfm?book=168







Documents

1 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 INTER-AUTONOMOUS SYSTEM MPLS VPN December 2003