Rate and give feedback:
Feedback Received. Thank You!
Carrier-of-Carriers VPN Example—Customer Provides VPN
Service
In this example, the carrier
customer must run some form of MPLS (Resource
Reservation Protocol [RSVP] or LDP) on its network to provide VPN
services to the end customer. In the example below, Router B and Router
I act as PE routers, and a functioning MPLS path is required between
these routers if they exchange VPN-IPv4 routes.
For configuration information see the following sections:
Configuration for Router A
In this example, Router A acts as the CE router for the end
customer. Configure a default family inet BGP session on
Router A:
[edit]protocols {bgp {group to-routerB {export attached;peer-as 21;neighbor 192.168.197.169;}}}policy-options {policy-statement attached {from protocol direct;then accept;}}
Configuration for Router B
Because Router B is the PE router for the end customer CE router
(Router A), you need to configure a routing instance (vpna). Configure the labeled-unicast statement on the IBGP session
to Router D, and configure family-inet-vpn for the IBGP session
to the other side of the network (see Carrier-of-Carriers VPN Examples) with
Router I:
[edit]protocols {mpls {interface fe-1/0/2.0;interface fe-1/0/3.0;}bgp {group int {type internal;local-address 10.255.14.179;neighbor 10.255.14.175 {family inet {labeled-unicast {resolve-vpn;}}}}neighbor 10.255.14.181 {family inet-vpn {any;}}}ospf {area 0.0.0.0 {interface lo0.0 {passive;}interface fe-1/0/3.0;}}ldp {interface fe-1/0/3.0;}}routing-instances {vpna {instance-type vrf;interface fe-1/0/2.0;route-distinguisher 10.255.14.179:21;vrf-import vpna-import;vrf-export vpna-export;protocols {bgp {group vpna-06 {peer-as 1;neighbor 192.168.197.170;}}}}}policy-options {policy-statement vpna-import {term a {from {protocol bgp;community vpna-comm;}then accept;}term b {then reject;}}policy-statement vpna-export {term a {from protocol bgp;then {community add vpna-comm;accept;}}term b {then reject;}}community vpna-comm members target:100:1001;}
Configuration for Router C
Configure Router C as a label-swapping router within the local
AS:
[edit]protocols {mpls {traffic-engineering bgp-igp;}ospf {area 0.0.0.0 {interface lo0.0 {passive;}interface fe-0/3/3.0;interface fe-0/3/0.0;}}ldp {interface fe-0/3/0.0;interface fe-0/3/3.0;}}
Configuration for Router D
Router D acts as the CE router for the VPN services provided
by the AS 10023 network. In the BGP group configuration for group int, which handles traffic to Router B (10.255.14.179),
you include the labeled-unicast statement. You also need
to configure the BGP group to-isp-red to send labeled internal
routes to the PE router (Router E).
[edit]protocols {mpls {traffic-engineering bgp-igp;interface fe-0/3/0.0;interface t3-0/0/0.0;}bgp {group int {type internal;local-address 10.255.14.175;neighbor 10.255.14.179 {family inet {labeled-unicast;}}}group to-isp-red {export internal;peer-as 10023;neighbor 192.168.197.13 {family inet {labeled-unicast;}}}}ospf {area 0.0.0.0 {interface lo0.0 {passive;}interface fe-0/3/0.0;}}ldp {interface fe-0/3/0.0;}}policy-options {policy-statement internal {term a {from protocol [ ospf direct ];then accept;}term b {then reject;}}}
Configuration for Router E
Router E and Router H are PE routers. Configure a PE-router-to-PE-router
BGP session to allow VPN-IPv4 routes to pass between these two PE
routers. Configure the routing instance on Router E to send labeled
routes to the CE router (Router D).
Configure Router E:
[edit]protocols {mpls {interface t3-0/2/0.0;interface at-0/1/0.0;}bgp {group pe-pe {type internal;local-address 10.255.14.171;family inet-vpn {any;}neighbor 10.255.14.173;}}isis {interface at-0/1/0.0;interface lo0.0 {passive;}}ldp {interface at-0/1/0.0;}}policy-options {policy-statement vpn-isp1-import {term a {from {protocol bgp;community vpn-isp1-comm;}then accept;}term b {then reject;}}policy-statement vpn-isp1-export {term a {from protocol bgp;then {community add vpn-isp1-comm;accept;}}term b {then reject;}}community vpn-isp1-comm members target:69:21;}routing-instances {vpn-isp1 {instance-type vrf;interface t3-0/2/0.0;route-distinguisher 10.255.14.171:21;vrf-import vpn-isp1-import;vrf-export vpn-isp1-export;protocols {bgp {group to-isp1 {peer-as 21;neighbor 192.168.197.14 {as-override;family inet {labeled-unicast;}}}}}}}
Configuration for Router F
Configure Router F to swap labels for routes running through
its interfaces:
[edit]protocols {isis {interface so-0/2/0.0;interface at-0/3/0.0;interface lo0.0 {passive;}}ldp {interface so-0/2/0.0;interface at-0/3/0.0;}}
Configuration for Router G
Configure Router G:
[edit]protocols {isis {interface so-0/0/0.0;interface so-1/0/0.0;interface lo0.0 {passive;}}ldp {interface so-0/0/0.0;interface so-1/0/0.0;}}
Configuration for Router H
The configuration for Router H is similar to the configuration
for Router E:
[edit]protocols {mpls {interface fe-1/1/0.0;interface so-1/0/0.0;}bgp {group pe-pe {type internal;local-address 10.255.14.173;family inet-vpn {any;}neighbor 10.255.14.171;}}isis {interface so-1/0/0.0;interface lo0.0 {passive;}}ldp {interface so-1/0/0.0;}}routing-instances {vpn-isp1 {instance-type vrf;interface fe-1/1/0.0;route-distinguisher 10.255.14.173:21;vrf-import vpn-isp1-import;vrf-export vpn-isp1-export;protocols {bgp {group to-isp1 {peer-as 21;neighbor 192.168.197.94 {as-override;family inet {labeled-unicast;}}}}}}}policy-options {policy-statement vpn-isp1-import {term a {from {protocol bgp;community vpn-isp1-comm;}then accept;}term b {then reject;}}policy-statement vpn-isp1-export {term a {from protocol bgp;then {community add vpn-isp1-comm;accept;}}term b {then reject;}}community vpn-isp1-comm members target:69:21;}
Configuration for Router I
Router I acts as the PE router for the end customer. The configuration
that follows is similar to the configuration for Router B:
[edit]protocols {mpls {interface fe-1/0/1.0;interface fe-1/1/3.0;}bgp {group int {type internal;local-address 10.255.14.181;neighbor 10.255.14.177 {family inet {labeled-unicast {resolve-vpn;}}}neighbor 10.255.14.179 {family inet-vpn {any;}}}}ospf {area 0.0.0.0 {interface lo0.0 {passive;}interface fe-1/1/3.0;}}ldp {interface fe-1/1/3.0;}}routing-instances {vpna {instance-type vrf;interface fe-1/0/1.0;route-distinguisher 10.255.14.181:21;vrf-import vpna-import;vrf-export vpna-export;protocols {bgp {group vpna-0 {peer-as 1;neighbor 192.168.197.198;}}}}}policy-options {policy-statement vpna-import {term a {from {protocol bgp;community vpna-comm;}then accept;}term b {then reject;}}policy-statement vpna-export {term a {from protocol bgp;then {community add vpna-comm;accept;}}term b {then reject;}}community vpna-comm members target:100:1001;}
Configuration for Router J
Configure Router J to swap labels for routes running through
its interfaces:
[edit]protocols {mpls {traffic-engineering bgp-igp;}ospf {area 0.0.0.0 {interface lo0.0 {passive;}interface fe-1/0/2.0;interface fe-1/0/3.0;}}ldp {interface fe-1/0/2.0;interface fe-1/0/3.0;}}
Configuration for Router K
The configuration for Router K is similar to the configuration
for Router D:
[edit]protocols {mpls {traffic-engineering bgp-igp;interface fe-1/1/2.0;interface fe-1/0/2.0;}bgp {group int {type internal;local-address 10.255.14.177;neighbor 10.255.14.181 {family inet {labeled-unicast;}}}group to-isp-red {export internal;peer-as 10023;neighbor 192.168.197.93 {family inet {labeled-unicast;}}}}ospf {area 0.0.0.0 {interface lo0.0 {passive;}interface fe-1/0/2.0;}}ldp {interface fe-1/0/2.0;}}policy-options {policy-statement internal {term a {from protocol [ ospf direct ];then accept;}term b {then reject;}}}
Configuration for Router L
In this example, Router L is the end customer’s CE router.
Configure a default family inet BGP session on Router L:
[edit]protocols {bgp {group to-I {export attached;peer-as 21;neighbor 192.168.197.197;}}}policy-options {policy-statement attached {from protocol direct;then accept;}}
Published: 2012-11-29
