Rate and give feedback:
Feedback Received. Thank You!
Interprovider VPN Example—MP-EBGP Between ISP Peer Routers
In this example, all routes
learned from the CE routers are sent over both service provider networks
as VPN-IPv4 routes. The routes are initially learned by the PE routers
(Router B and Router E) from the CE routers (Router A and
Router F) and are announced by the PE routers to the AS border routers
(Router C and Router D). The AS border routers are then configured
with an MP-EBGP session, enabling them to pass the VPN-IPv4 routes
with each other. When an AS border router—Router C for example—learns
VPN-IPv4 routes from an IBGP PE, the following events occur:
- Router C sets itself as the next hop for the route and
creates a label for that route.
- Router C advertises the VPN-IPv4 route to PE Router D
in AS 10045.
- Router D sets the next hop to itself, creates another
label, and then forwards the label and the route to its IBGP PE router
(Router E).
This example has scaling limitations because of restrictions
on the number of labels each PE router needs to allocate at the
AS border.
Figure 1 illustrates the network topology
used in this VPN example.
Figure 1: Network Topology for the Interprovider
VPN Example
For configuration
information see the following sections:
Configuration for Router A
Configure a family inet EBGP session with Router B
and export the direct routes:
[edit]protocols {bgp {group to-provider {export attached;peer-as 10023;neighbor 192.168.198.2;}}}policy-options {policy-statement attached {from protocol direct;then accept;}}
Configuration for Router B
Router A is configured as a CE router (using the routing-instances statement) in the configuration for Router B. Because they exchange
VPN-IPv4 routes, Router D and Router C are configured as PE routers.
Configure Router B:
[edit]protocols {rsvp {interface t3-0/0/0.0;}mpls {label-switched-path to-routerC {to 10.255.14.171;description "to-routerC for use with VPNs";}interface t3-0/0/0.0;interface so-1/2/0.0;}bgp {group to-ibgp {type internal;local-address 10.255.14.175;family inet-vpn {unicast;}neighbor 10.255.14.171;}}ospf {traffic-engineering;reference-bandwidth 4g;area 0.0.0.0 {interface t3-0/0/0.0;interface lo0.0 {passive;}}}}routing-instances {vpna {instance-type vrf;interface so-1/2/0.0;route-distinguisher 10.255.14.175:9;vrf-import vpna-import;vrf-export vpna-export;protocols {bgp {group to-ce {peer-as 9;neighbor 192.168.198.1;}}}}}policy-options {policy-statement vpna-import {term 1 {from {protocol bgp;community vpna-comm;}then accept;}term 2 {then reject;}}policy-statement vpna-export {term 1 {from protocol bgp;then {community add vpna-comm;accept;}}term 2 {then reject;}}community vpna-comm members target:100:1001;}
Configuration for Router C
In the BGP protocol configuration for Router C, include the keep all statement. When this statement is included, BGP must
store every route learned through BGP. Configure two BGP sessions
(configure family inet-vpn on both sessions):
- IBGP session to Router B (group to-ibgp in this
example)
- EBGP session to Router D (group to-ebgp-pe in
this example)
Interface t3-0/2/0 is added at the [edit protocols mpls] hierarchy level, allowing BGP to announce routes with labels
over the EBGP session.
Configure Router C:
[edit]protocols {rsvp {interface t3-0/2/0.0;}mpls {label-switched-path to-routerB {to 10.255.14.175;description "to-routerB for use with vpns";}interface t3-0/2/0.0;interface so-0/0/0.0;}bgp {keep all;group to-ibgp {type internal;local-address 10.255.14.171;family inet-vpn {unicast;}neighbor 10.255.14.175;}group to-ebgp-pe {type external;family inet-vpn {unicast;}neighbor 192.168.197.22 {peer-as 10045;}}}ospf {traffic-engineering;reference-bandwidth 4g;area 0.0.0.0 {interface t3-0/2/0.0;interface lo0.0 {passive;}}}}
Configuration for Router D
The configuration for Router D is almost identical to that of
Router C:
[edit]protocols {rsvp {interface fe-1/1/0.0;}mpls {label-switched-path to-E {to 10.255.14.177;description "to-routerE for vpna";}interface fe-1/1/0.0;interface so-0/1/0.0;}bgp {keep all;group to-ibgp-pe {type internal;family inet-vpn {unicast;}neighbor 10.255.14.177;}group to-ebgp-pe {type external;family inet-vpn {unicast;}peer-as 10023;neighbor 192.168.197.21;}}ospf {traffic-engineering;reference-bandwidth 4g;area 0.0.0.0 {interface fe-1/1/0.0;interface lo0.0 {passive;}}}}
Configuration for Router E
The configuration for Router E is very similar to the configuration
for Router B:
[edit]protocols {rsvp {interface fe-1/1/2.0;}mpls {label-switched-path to-routerD {to 10.255.14.173;description "to-routerD for use with VPNa";}interface fe-1/1/2.0;interface so-1/2/0.0;}bgp {group to-ibgp-pe {type internal;local-address 10.255.14.177;family inet-vpn {unicast;}neighbor 10.255.14.173;}}ospf {traffic-engineering;reference-bandwidth 4g;area 0.0.0.0 {interface fe-1/1/2.0;interface lo0.0 {passive;}}}}routing-instances {vpna {instance-type vrf;interface so-1/2/0.0;route-distinguisher 10.255.14.177:11;vrf-import vpna-import;vrf-export vpna-export;protocols {bgp {group to-routerF-ce {neighbor 192.168.198.14 {peer-as 11;}}}}}}policy-options {policy-statement vpna-import {term 1 {from {protocol bgp;community vpna-comm;}then accept;}term 2 {then reject;}}policy-statement vpna-export {term 1 {from protocol bgp;then {community add vpna-comm;accept;}}term 2 {then reject;}}community vpna-comm members target:100:1001;}
Configuration for Router F
Configure Router F as a CE router; the configuration is similar
to that for Router A:
[edit]protocols {bgp {group to-provider {type external;export attached;neighbor 192.168.198.13 {peer-as 10045;}}}}policy-options {policy-statement attached {from protocol direct;then accept;}}
}
Published: 2012-11-29
