Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

Supported Platforms

Interprovider VPN Example—Multihop MP-EBGP with P Routers

In this example, labeled IPv4 (not VPN-IPv4), routes are exchanged by the AS border routers (Router C and Router D) to provide MPLS connectivity between the PE routers. Router G and H are provider routers.

Figure 1 illustrates the network topology used in this VPN example.

Figure 1: Network Topology of Interprovider VPN Example—Multihop MP-EBGP

Network Topology of Interprovider VPN Example—Multihop MP-EBGP

Only routes internal to the service provider networks should be announced between Router C and Router D. Configure this by including the family inet labeled-unicast statement in the IBGP and EBGP configuration on the PE routers. When you set
family inet labeled-unicast, the local router announces internal routes from inet.0 in the following manner:

  • If a label exists for the route, the local router creates a label, performs a swap, and announces the route from inet.0 with the label.
  • If a label does not exist for the route, the local router creates a label, performs a pop, and announces the route from inet.0 with the label.

Routes learned from the labeled-unicast session are placed into the inet.0 routing table.

In addition, you configure a multihop MP-EBGP session between the end PE routers (Router B and Router E). This additional MP-EBGP session allows the announcement of VPN-IPv4 routes, and allows you to maintain VPN connectivity while keeping VPN-IPv4 routes out of the core of the network.

For configuration information, see the following sections:

Configuration for Router A

The configuration for Router A in this example is identical to the configuration for Router A in Interprovider VPN Example—MP-EBGP Between ISP Peer Routers. See Interprovider VPN Example—MP-EBGP Between ISP Peer Routers

Configuration for Router B

Router A is configured as a CE router (using the routing-instances statement) in the configuration for Router B. Because they exchange VPN-IPv4 routes, Router C and Router D are configured as PE routers.

In the BGP group to-ibgp, include the family inet labeled-unicast statement to pass labeled IPv4 routes, and configure an EBGP multihop session to pass VPN-IPv4 routes:

[edit]protocols {bgp {group to-ibgp {type internal;local-address 10.255.14.175;family inet {labeled-unicast {resolve-vpn;}}neighbor 10.255.14.171;}group to-remote-pe {multihop {ttl 10;}family inet-vpn {unicast;}neighbor 10.255.14.177 {peer-as 10045;}}mpls {label-switched-path to-routerC {to 10.255.14.171;description "to-routerC for use with VPNs";}interface t3-0/0/0.0;interface so-1/2/0.0;}ospf {traffic-engineering;reference-bandwidth 4g;area 0.0.0.0 {interface t3-0/0/0.0;interface lo0.0 {passive;}}}rsvp {interface t3-0/0/0.0;}}routing-instances {vpna {instance-type vrf;interface so-1/2/0.0;route-distinguisher 10.255.14.175:9;vrf-import vpna-import;vrf-export vpna-export;protocols {bgp {group to-ce {peer-as 9;neighbor 192.168.198.1;}}}}}policy-options {policy-statement vpna-import {term 1 {from {protocol bgp;community vpna-comm;}then accept;}term 2 {then reject;}}policy-statement vpna-export {term 1 {from protocol bgp;then {community add vpna-comm;accept;}}term 2 {then reject;}}community vpna-comm members target:100:1001;}}

Configuration for Router C

Configure two BGP sessions (configure family inet-vpn on both sessions):

  • IBGP session to Router B (group to-ibgp in this example)
  • EBGP session to Router D (group to-ebgp-pe in this example)

Interface t3-0/2/0 is added at the [edit protocols mpls] hierarchy level, allowing BGP to announce routes with labels over the EBGP session.

Configure Router C:

[edit]protocols {bgp {group to-ibgp {type internal;local-address 10.255.14.171;family inet {labeled-unicast;}neighbor 10.255.14.175;}group to-ebgp-pe {type external;family inet {labeled-unicast;}export internal;neighbor 192.168.197.22 {peer-as 10045;}}mpls {label-switched-path to-routerB {to 10.255.14.175;description "to-routerB for use with vpns";}interface t3-0/2/0.0;interface so-0/0/0.0;traffic-engineering bgp-igp;}rsvp {interface t3-0/2/0.0;}ospf {traffic-engineering;reference-bandwidth 4g;area 0.0.0.0 {interface t3-0/2/0.0;interface lo0.0 {passive;}}}}policy-options {policy-statement internal {term 1 {from protocol [ospf direct ldp];then accept;}term 2 {then reject;}}}}

Configuration for Router D

Configure Router D:

[edit]protocols {bgp {group to-ibgp-pe {type internal;family inet {labeled-unicast;}neighbor 10.255.14.177;}group to-ebgp-pe {type external;family inet {labeled-unicast;}export internal;peer-as 10023;neighbor 192.168.197.21;}mpls {label-switched-path to-E {to 10.255.14.177;description "to-routerE for vpna";}interface fe-1/1/0.0;interface so-0/1/0.0;traffic-engineering bgp-igp;}ospf {traffic-engineering;reference-bandwidth 4g;area 0.0.0.0 {interface fe-1/1/0.0;interface lo0.0 {passive;}}}rsvp {interface fe-1/1/0.0;}}policy-options {policy-statement internal {term 1 {from protocol [ospf direct ldp];then accept;}term 2 {then reject;}}}}

Configuration for Router E

The configuration for Router E is very similar to the configuration for Router B:

[edit]protocols {bgp {group to-ibgp-pe {type internal;local-address 10.255.14.177;family inet {labeled-unicast;}neighbor 10.255.14.173;}group to-remote-pe {multihop {ttl 10;}family inet-vpn {unicast;}neighbor 10.255.14.175 {peer-as 10023;}}mpls {label-switched-path to-routerD {to 10.255.14.173;description "to-routerD for use with VPNa";}interface fe-1/1/2.0;interface so-1/2/0.0;}ospf {traffic-engineering;reference-bandwidth 4g;area 0.0.0.0 {interface fe-1/1/2.0;interface lo0.0 {passive;}}}rsvp {interface fe-1/1/2.0;}}routing-instances {vpna {instance-type vrf;interface so-1/2/0.0;route-distinguisher 10.255.14.177:11;vrf-import vpna-import;vrf-export vpna-export;protocols {bgp {group to-routerF-ce {neighbor 192.168.198.14 {peer-as 11;}}}}}}policy-options {policy-statement vpna-import {term 1 {from {protocol bgp;community vpna-comm;}then accept;}term 2 {then reject;}}policy-statement vpna-export {term 1 {from protocol bgp;then {community add vpna-comm;accept;}}term 2 {then reject;}}community vpna-comm members target:100:1001;}}

Configuration for Router F

The configuration for Router F in this example is identical to the configuration for Router F in Interprovider VPN Example—MP-EBGP Between ISP Peer Routers. See Interprovider VPN Example—MP-EBGP Between ISP Peer Routers.

Published: 2012-11-29

Supported Platforms

Published: 2012-11-29

Previous Page Next Page