Basic MPLS VPN Overview And

Basic MPLS VPN Overview and Configuration

“DATA NETWORK” OF JTOs PH-II : MPLS_L3_VPN

Basic MPLS VPN Overview and Configuration MPLS MPLS techn techn! !" "# # $s %e$n %e$n" " &$'e &$'e!# !# (') (')te' te' %# se*+$ se*+$ce ce )*+ )*+$' $'e* e*ss &*!' &*!'&$ &$'e 'e t $,)!e, $,)!e,ent ent VPNs VPNs t cnnec cnnectt "e"*( "e"*()h$ )h$c(!! c(!!# # se)(*(t se)(*(te' e' cst, cst,e* e* s$tes. s$tes. P*e+$ P*e+$s s ch() ch()te te*s *s $nt* $nt*' 'c cee the the %(s$ %(s$cc cnc cnce) e)ts ts / MPLS MPLS (n' (n' $ts )e* )e*(t$ (t$n n00 (s &e!! &e!! (s cn/$"*$n" MPLS /* '(t( /*&(*'$n". Th$s ch()te* %$!'s n th(t /n'(t$n (n' sh&s h& t se MPLS t )*+$'e VPN se*+$ces t cst,e*s. Th$s ch()te* (!s )*esents the te*,$n!"# te *,$n!"# (n' )e*(t$n / +(*$s 'e+$ces $n (n MPLS net&*1 se' t )*+$'e VPN se*+$ces t cst,e*s. The /!!&$n" t)$cs &$!! %e c+e*e' $n th$s ch()te*: •

O+e*!(# (n' )ee*-t-)ee* VPN ,'e!s

•

O+e*+$e& / MPLS VPN c,)nents (n' (*ch$tect*e

•

VRFs0 *te '$st$n"$she*s0 (n' *te t(*"ets

•

MP-2P )e*(t$n (n' $nte*(ct$n

•

4nt*! )!(ne (n' '(t( )!(ne )e*(t$n $n MPLS VPN

•

4n/$"*(t$n / %(s$c MPLS VPN

VPN Categories VPNs &e*e *$"$n(!!# $nt*'ce' t en(%!e se*+$ce )*+$'e*s t se c,,n )h#s$c(! $n/*(st*ct*e $n/*(st*ct*e t $,)!e,ent $,)!e,ent e,!(te' e,!(te' )$nt-t-) )$nt-t-)$nt $nt !$n1s %et&een cst,e* cst,e* s$tes. A cst,e* net&*1 $,)!e,ente' &$th (n# VPN techn!"# &!' cnt($n '$st$nct *e"$ns n'e* the cst,e*5s cnt*! c(!!e' the customer sites cnnecte' sites cnnecte' t e(ch the* +$( the service the service provider (SP) net&*1. (SP) net&*1. In t*('$t$n(! *te*-%(se' net&*1s0 '$//e*ent s$tes %e!n"$n" t the s(,e cst,e* &e*e cnnecte' t e(ch the* s$n" 'e'$c(te' )$nt-t-)$nt !$n1s. The cst / $,)!e,ent(t$n 'e)en'e' n the n,%e* / cst,e* s$tes t %e cnnecte' &$th these 'e'$c(te' !$n1s. A /!! ,esh / cnnecte' s$tes &!' cnse6ent!# $,)!# (n e7)nent$(! $nc*e(se $n the cst (ssc$(te'. F*(,e Re!(# (n' ATM &e*e the /$*st techn!"$es &$'e!# (')te' t $,)!e,ent VPNs. These net&*1s cns$ste' / +(*$s 'e+$ces0 %e!n"$n" t e$the* the cst,e* * the se*+$ce )*+$'e*0 th(t &e*e c,)nents / the VPN s!t$n. ene*$c(!!#0 the VPN *e(!, &!' cns$st / the /!!&$n" *e"$ns: •

•

Customer network 8 4ns$ste' / the *te*s (t the +(*$s cst,e* s$tes. The *te*s *te*s cnnec cnnect$n t$n" " $n'$+$ $n'$+$'( '(!! cst, cst,e*s5 e*s5 s$tes s$tes t the se*+$ce se*+$ce )*+$' )*+$'e* e* net&*1 &e*e c(!!e' customer edge (CE) *te*s. (CE) *te*s. Provider network 8 9se' %# the se*+$ce )*+$'e* t //e* 'e'$c(te' )$nt-t )$nt !$n1s +e* $n/*(s t*ct*e &ne' %# the se*+$ce )*+$'e*. Se*+$ce )*+$'e* 'e+$ces t &h$ch the 4E *te*s &e*e '$*ect!# (tt(che' &e*e c(!!e' provider c(!!e' provider edge (PE) *te*s. (PE) *te*s. In (''$t$n0 the se*+$ce )*+$'e* net&*1 ,$"ht cns$st / 'e+$ces 'e+$ces se' /* /*&(* /*&(*'$n '$n" " '(t( $n the SP %(c1% %(c1%ne ne c(!!e' c(!!e' provider (P) *te*s.

2R2RAITT: M(*ch-;;<




Basic MPLS VPN Overview and Configuration MPLS MPLS techn techn! !" "# # $s %e$n %e$n" " &$'e &$'e!# !# (') (')te' te' %# se*+$ se*+$ce ce )*+ )*+$' $'e* e*ss &*!' &*!'&$ &$'e 'e t $,)!e, $,)!e,ent ent VPNs VPNs t cnnec cnnectt "e"*( "e"*()h$ )h$c(!! c(!!# # se)(*(t se)(*(te' e' cst, cst,e* e* s$tes. s$tes. P*e+$ P*e+$s s ch() ch()te te*s *s $nt* $nt*' 'c cee the the %(s$ %(s$cc cnc cnce) e)ts ts / MPLS MPLS (n' (n' $ts )e* )e*(t$ (t$n n00 (s &e!! &e!! (s cn/$"*$n" MPLS /* '(t( /*&(*'$n". Th$s ch()te* %$!'s n th(t /n'(t$n (n' sh&s h& t se MPLS t )*+$'e VPN se*+$ces t cst,e*s. Th$s ch()te* (!s )*esents the te*,$n!"# te *,$n!"# (n' )e*(t$n / +(*$s 'e+$ces $n (n MPLS net&*1 se' t )*+$'e VPN se*+$ces t cst,e*s. The /!!&$n" t)$cs &$!! %e c+e*e' $n th$s ch()te*: •

O+e*!(# (n' )ee*-t-)ee* VPN ,'e!s

•

O+e*+$e& / MPLS VPN c,)nents (n' (*ch$tect*e

•

VRFs0 *te '$st$n"$she*s0 (n' *te t(*"ets

•

MP-2P )e*(t$n (n' $nte*(ct$n

•

4nt*! )!(ne (n' '(t( )!(ne )e*(t$n $n MPLS VPN

•

4n/$"*(t$n / %(s$c MPLS VPN

VPN Categories VPNs &e*e *$"$n(!!# $nt*'ce' t en(%!e se*+$ce )*+$'e*s t se c,,n )h#s$c(! $n/*(st*ct*e $n/*(st*ct*e t $,)!e,ent $,)!e,ent e,!(te' e,!(te' )$nt-t-) )$nt-t-)$nt $nt !$n1s %et&een cst,e* cst,e* s$tes. A cst,e* net&*1 $,)!e,ente' &$th (n# VPN techn!"# &!' cnt($n '$st$nct *e"$ns n'e* the cst,e*5s cnt*! c(!!e' the customer sites cnnecte' sites cnnecte' t e(ch the* +$( the service the service provider (SP) net&*1. (SP) net&*1. In t*('$t$n(! *te*-%(se' net&*1s0 '$//e*ent s$tes %e!n"$n" t the s(,e cst,e* &e*e cnnecte' t e(ch the* s$n" 'e'$c(te' )$nt-t-)$nt !$n1s. The cst / $,)!e,ent(t$n 'e)en'e' n the n,%e* / cst,e* s$tes t %e cnnecte' &$th these 'e'$c(te' !$n1s. A /!! ,esh / cnnecte' s$tes &!' cnse6ent!# $,)!# (n e7)nent$(! $nc*e(se $n the cst (ssc$(te'. F*(,e Re!(# (n' ATM &e*e the /$*st techn!"$es &$'e!# (')te' t $,)!e,ent VPNs. These net&*1s cns$ste' / +(*$s 'e+$ces0 %e!n"$n" t e$the* the cst,e* * the se*+$ce )*+$'e*0 th(t &e*e c,)nents / the VPN s!t$n. ene*$c(!!#0 the VPN *e(!, &!' cns$st / the /!!&$n" *e"$ns: •

•

Customer network 8 4ns$ste' / the *te*s (t the +(*$s cst,e* s$tes. The *te*s *te*s cnnec cnnect$n t$n" " $n'$+$ $n'$+$'( '(!! cst, cst,e*s5 e*s5 s$tes s$tes t the se*+$ce se*+$ce )*+$' )*+$'e* e* net&*1 &e*e c(!!e' customer edge (CE) *te*s. (CE) *te*s. Provider network 8 9se' %# the se*+$ce )*+$'e* t //e* 'e'$c(te' )$nt-t )$nt !$n1s +e* $n/*(s t*ct*e &ne' %# the se*+$ce )*+$'e*. Se*+$ce )*+$'e* 'e+$ces t &h$ch the 4E *te*s &e*e '$*ect!# (tt(che' &e*e c(!!e' provider c(!!e' provider edge (PE) *te*s. (PE) *te*s. In (''$t$n0 the se*+$ce )*+$'e* net&*1 ,$"ht cns$st / 'e+$ces 'e+$ces se' /* /*&(* /*&(*'$n '$n" " '(t( $n the SP %(c1% %(c1%ne ne c(!!e' c(!!e' provider (P) *te*s.




“DATA NETWORK” OF JTOs PH-II : MPLS_L3_VPN De)en'$n" n the se*+$ce )*+$'e*5s )(*t$c$)(t$n $n cst,e* *t$n"0 the VPN $,)!e,ent(t$ns c(n %e c!(ss$/$e' %*('!# $nt ne / the /!!&$n": • •

Overlay model Peer-to-peer model

When F*(,e Re!(# (n' ATM ATM )*+$'e' cst,e*s &$th e,!(te' )*$+(te )*$+( te net&*1s0 the )*+$'e* '$' nt )(*t$c$)(te $n cst,e* *t$n". The se*+$ce )*+$'e* &(s n!# *es)ns$%!e /* )*+$'$n" the cst,e* &$th t*(ns)*t / cst,e* '(t( s$n" +$*t(! )$nt-t-)$nt !$n1s. As ( *es!t0 the se*+$ce )*+$'e* &!' n!# )*+$'e cst,e*s &$th +$*t(! c$*c$t cnnect$+$t# (t L(#e* = th$s $,)!e,ent(t$n &(s *e/e**e' t (s the Overlay Overlay model. model. I/ the +$*t(! c$*c$t &(s )e*,(nent * (+($!(%!e /* se %# the cst,e* (t (!! t$,es0 $t &(s c(!!e' ( )e*,(nent +$*t(! c$*c$t >PV4?. I/ the c$*c$t &(s est(%!$she' %# the )*+$'e* n-'e,(n'0 $t &(s c(!!e' ( s&$tche' +$*t(! c$*c$t >SV4?. The )*$,(*# '*(&%(c1 / (n O+e*!(# ,'e! &(s the /!! ,esh / +$*t(! c$*c$ts %et&een (!! cst,e* s$tes /* )t$,(! cnnect$+$t# >e7ce)t $n the c(se / h% (n' s)1e * )(*t$(! h% (n' s)1e 'e)!#,ents?. I/ the n,%e* / cst,e* s$tes &(s N0 N>N-@? &(s the tt(! n,%e* / c$*c$ts th(t &!' %e necess(*# /* )t$,(! *t$n". O+e*!(# VPNs &e*e $n$t$(!!# $,)!e,ente' %# the SP %# )*+$'$n" e$the* L(#e* @ >)h#s$c(! !(#e*? cnnect$+$t# * ( L(#e*  t*(ns)*t c$*c$t %et&een cst,e* s$tes. In the L(#e* L(#e* @ $,)!e, $,)!e,ent ent(t$ (t$n0 n0 the SP &!' &!' )*+$' )*+$'ee )h#s$c )h#s$c(! (! !(#e* !(#e* cnnec cnnect$+ t$+$t# $t# %et&een cst,e* s$tes0 (n' the cst,e* &(s *es)ns$%!e /* (!! the* !(#e*s. In the L(#e* L(#e*  $,)!e, $,)!e,en ent(t t(t$ $n n >'e) >'e)$ct $cte' e' $n F$" F$"*e *e 3-@ 3-@?0 ?0 the the SP &(s &(s *es) *es)n ns$ s$%! %!ee /* /* t*(n t*(ns) s)* *t(t t(t$ $n n / L(#e L(#e**  /*(, /*(,es es >* >* ce!!s ce!!s?? %et&e %et&een en cst cst, ,e* e* s$tes s$tes00 &h$ch &h$ch &(s &(s t*('$t$n(!!# $,)!e,ente' s$n" e$the* F*(,e Re!(# * ATM s&$tches (s PE 'e+$ces. The*e/*e0 the se*+$ce )*+$'e* &(s nt (&(*e / cst,e* *t$n" * *tes. L(te*0 +e*!(# VPNs &e*e (!s $,)!e,ente' s$n" VPN se*+$ces +e* IP >L(#e* 3? &$th tnne!$n" )*tc!s !$1e LTP0 RE0 (n' IPSec t $nte*cnnect cst,e* s$tes. In (!! c(ses0 the SP net&*1 &(s t*(ns)(*ent t the cst,e*0 (n' the *t$n" )*tc!s &e*e *n '$*ect!# %et&een cst,e* *te*s.

Figure 3-1. Overla and Peer-to-Peer Models [View full size image]


3


The peer-to-peer model &(s 'e+e!)e' t +e*c,e the '*(&%(c1s / the O+e*!(# ,'e! (n' )*+$'e cst,e*s &$th )t$,(! '(t( t*(ns)*t +$( the SP %(c1%ne. Hence0 the se*+$ce )*+$'e* &!' (ct$+e!# )(*t$c$)(te $n cst,e* *t$n". In the )ee*-t-)ee* ,'e!0 *t$n" $n/*,(t$n $s e7ch(n"e' %et&een the cst,e* *te*s (n' the se*+$ce )*+$'e* *te*s0 (n' cst,e* '(t( $s t*(ns)*te' (c*ss the se*+$ce )*+$'e*5s c*e0 2R2RAITT: M(*ch-;;<

B

“DATA NETWORK” OF JTOs PH-II : MPLS_L3_VPN )t$,(!!#. 4st,e* *t$n" $n/*,(t$n $s c(**$e' %et&een *te*s $n the )*+$'e* net&*1 >P (n' PE *te*s? (n' cst,e* net&*1 >4E *te*s?. The )ee*-t-)ee* ,'e!0 cnse6ent!#0 'es nt *e6$*e the c*e(t$n / +$*t(! c$*c$ts. As $!!st*(te' $n F$"*e 3-@0 the 4E *te*s e7ch(n"e *tes &$th the cnnecte' PE *te*s $n the SP ',($n. 4st,e* *t$n" $n/*,(t$n $s )*)("(te' (c*ss the SP %(c1%ne %et&een PE (n' P *te*s (n' $'ent$/$es the )t$,(! )(th /*, ne cst,e* s$te t (nthe*. Se)(*(t$n / cst,e*-s)ec$/$c *t$n" $n/*,(t$n $s (ch$e+e' %# $,)!e,ent$n" )(c1et /$!te*s (t the *te*s cnnect$n" t the cst,e* net&*1. A''$t$n(!!#0 IP (''*ess$n" /* the cst,e* $s h(n'!e' %# the se*+$ce )*+$'e*. Th$s )*cess $s (!s *e/e**e' t (s the sh(*e' PE )ee*-t-)ee* $,)!e,ent(t$n. F$"*e 3- 'e)$cts the +(*$s $,)!e,ent(t$ns / the )ee*-t-)ee* ,'e!.

Figure 3-!. Peer-to-Peer Model "#$le#entations [View full size image]

4nt*!!e' *te '$st*$%t$n &(s (nthe* ,eth' / $,)!e,ent$n" the )ee*-t-)ee* ,'e!= *te*s $n the c*e / the se*+$ce )*+$'e*5s net&*1 cnt($ne' net&*1 !(#e* *e(ch(%$!$t# $n/*,(t$n /* (!! cst,e*s5 net&*1s. The PE *te*s >cnnect$n" cst,e* net&*1 t )*+$'e* net&*1? $n the )*+$'e* net&*1 &!' cnt($n n!# $n/*,(t$n )e*t($n$n" t the$* cnnecte' cst,e*s. A dedicated PE *te* &(s *e6$*e' /* e(ch cst,e*5s s$te cnnect$n" t the )*+$'e* net&*10 (n' cnt*!!e' *te '$st*$%t$n &!' cc* %et&een P (n' PE *te*s $n the SP %(c1%ne net&*1. On!# )e*t$nent cst,e* *tes &!' %e )*)("(te' t PE *te*s th(t &e*e cnnecte' t s$tes %e!n"$n" t ( s)ec$/$c cst,e*. 2P &$th c,,n$t$es &(s s(!!# se' $n the SP %(c1%ne %ec(se $t //e*e' the ,st +e*s(t$!e *te-/$!te*$n" t!s. Th$s $,)!e,ent(t$n $s /ten *e/e**e' t (s the dedicated PE peer-to-peer model . Th$s $,)!e,ent(t$n0 h&e+e*0 '$' nt )*+e t %e ( +$(%!e )e*(t$n" %s$ness ,'e! 'e t the h$"he* e6$),ent csts th(t &e*e $nc**e' %# the )*+$'e* t ,($nt($n 'e'$c(te' e'"e *te*s /* cst,e* s$tes cnnect$n" $nt the )*+$'e* %(c1%ne. A nee' (*se /* 'e)!#$n" e//$c$ent VPN (*ch$tect*es th(t c!' $,)!e,ent ( sc(!(%!e )ee*-t-)ee* ,'e!.


C


MPLS VPN %rc&itecture and 'er#inolog In the MPLS VPN (*ch$tect*e0 the e'"e *te*s c(**# cst,e* *t$n" $n/*,(t$n0 )*+$'$n" )t$,(! *t$n" /* t*(//$c %e!n"$n" t the cst,e* /* $nte*-s$te t*(//$c. The MPLS-%(se' VPN ,'e! (!s (cc,,'(tes cst,e*s s$n" +e*!())$n" (''*ess s)(ces0 n!$1e the t*('$t$n(! )ee*-t-)ee* ,'e! $n &h$ch )t$,(! *t$n" / cst,e* t*(//$c *e6$*e' the )*+$'e* t (ss$"n IP (''*esses t e(ch / $ts cst,e*s >* the cst,e* t $,)!e,ent NAT? t (+$' +e*!())$n" (''*ess s)(ces. MPLS VPN $s (n $,)!e,ent(t$n / the )ee*-t-)ee* ,'e!= the MPLS VPN %(c1%ne (n' cst,e* s$tes e7ch(n"e L(#e* 3 cst,e* *t$n" $n/*,(t$n0 (n' '(t( $s /*&(*'e' %et&een cst,e* s$tes s$n" the MPLS-en(%!e' SP IP %(c1%ne. The MPLS VPN ',($n0 !$1e the t*('$t$n(! VPN0 cns$sts / the cst,e* net&*1 (n' the )*+$'e* net&*1. The MPLS VPN ,'e! $s +e*# s$,$!(* t the 'e'$c(te' PE *te* ,'e! $n ( )ee*-t-)ee* VPN $,)!e,ent(t$n. H&e+e*0 $nste(' / 'e)!#$n" ( 'e'$c(te' PE *te* )e* cst,e*0 cst,e* t*(//$c $s $s!(te' n the s(,e PE *te* th(t )*+$'es cnnect$+$t# $nt the se*+$ce )*+$'e*5s net&*1 /* ,!t$)!e cst,e*s. The c,)nents / (n MPLS VPN sh&n $n F$"*e 3-3 (*e h$"h!$"hte' ne7t.

Figure 3-3. MPLS VPN Networ( %rc&itecture [View full size image]

The ,($n c,)nents / MPLS VPN (*ch$tect*e (*e •

•

Customer network 0 &h$ch $s s(!!# ( cst,e*-cnt*!!e' ',($n cns$st$n" / 'e+$ces * *te*s s)(nn$n" ,!t$)!e s$tes %e!n"$n" t the cst,e*. In F$"*e 3-30 the cst,e* net&*1 /* 4st,e* A cns$sts / the *te*s 4E@A (n' 4E-A (!n" &$th 'e+$ces $n the 4st,e* A s$tes @ (n' . CE routers0 &h$ch (*e *te*s $n the cst,e* net&*1 th(t $nte*/(ce &$th the se*+$ce )*+$'e* net&*1. In F$"*e 3-30 the 4E *te*s /* 4st,e* A (*e 4E@-A (n' 4E-A0 (n' the 4E *te*s /* 4st,e* 2 (*e 4E@-2 (n' 4E-2.





•

•

•

Provider network 0 &h$ch $s the )*+$'e*-cnt*!!e' ',($n cns$st$n" / )*+$'e* e'"e (n' )*+$'e* c*e *te*s th(t cnnect s$tes %e!n"$n" t the cst,e* n ( sh(*e' $n/*(st*ct*e. The )*+$'e* net&*1 cnt*!s the t*(//$c *t$n" %et&een s$tes %e!n"$n" t ( cst,e* (!n" &$th cst,e* t*(//$c $s!(t$n. In F$"*e 3-30 the )*+$'e* net&*1 cns$sts / the *te*s PE@0 PE0 P@0 P0 P30 (n' PB. PE routers 0 &h$ch (*e *te*s $n the )*+$'e* net&*1 th(t $nte*/(ce * cnnect t the cst,e* e'"e *te*s $n the cst,e* net&*1. PE@ (n' PE (*e the )*+$'e* e'"e *te*s $n the MPLS VPN ',($n /* cst,e*s A (n' 2 $n F$"*e 3-3. P routers0 &h$ch (*e *te*s $n the c*e / the )*+$'e* net&*1 th(t $nte*/(ce &$th e$the* the* )*+$'e* c*e *te*s * )*+$'e* e'"e *te*s. Rte*s P@0 P0 P30 (n' PB (*e the )*+$'e* *te*s $n F$"*e 3-3.

MPLS VPN )outing Model An MPLS VPN $,)!e,ent(t$n $s +e*# s$,$!(* t ( 'e'$c(te' *te* )ee*-t-)ee* ,'e! $,)!e,ent(t$n. F*, ( 4E *te*5s )e*s)ect$+e0 n!# IP+B )'(tes0 (s &e!! (s '(t(0 (*e /*&(*'e' t the PE *te*. The 4E *te* 'es nt nee' (n# s)ec$/$c cn/$"*(t$n t en(%!e $t t %e ( )(*t / ( MPLS VPN ',($n. The n!# *e6$*e,ent n the 4E *te* $s ( *t$n" )*tc! >* ( st(t$c'e/(!t *te? th(t en(%!es the *te* t e7ch(n"e IP+B *t$n" $n/*,(t$n &$th the cnnecte' PE *te*. In the MPLS VPN $,)!e,ent(t$n0 the PE *te* )e*/*,s ,!t$)!e /nct$ns. The PE *te* ,st /$*st %e c()(%!e / $s!(t$n" cst,e* t*(//$c $/ ,*e th(n ne cst,e* $s cnnecte' t the PE *te*. E(ch cst,e*0 the*e/*e0 $s (ss$"ne' (n $n'e)en'ent *t$n" t(%!e s$,$!(* t ( 'e'$c(te' PE *te* $n the $n$t$(! )ee*-t-)ee* '$scss$n. Rt$n" (c*ss the SP %(c1%ne $s )e*/*,e' s$n" ( *t$n" )*cess $n the "!%(! *t$n" t(%!e. P *te*s )*+$'e !(%e! s&$tch$n" %et&een )*+$'e* e'"e *te*s (n' (*e n(&(*e / VPN *tes. 4E *te*s $n the cst,e* net&*1 (*e nt (&(*e / the P *te*s (n'0 ths0 the $nte*n(! t)!"# / the SP net&*1 $s t*(ns)(*ent t the cst,e*. F$"*e 3-B 'e)$cts the PE *te*5s /nct$n(!$t#.

Figure 3-*. MPLS VPN %rc&itecture [View full size image]


<

“DATA NETWORK” OF JTOs PH-II : MPLS_L3_VPN The P *te*s (*e n!# *es)ns$%!e /* !(%e! s&$tch$n" / )(c1ets. The# ' nt c(**# VPN *tes (n' ' nt )(*t$c$)(te $n MPLS VPN *t$n". The PE *te*s e7ch(n"e IP+B *tes &$th cnnecte' 4E *te*s s$n" $n'$+$'(! *t$n" )*tc! cnte7ts. T en(%!e sc(!$n" the net&*1 t !(*"e n,%e* / cst,e* VPNs0 ,!t$)*tc! 2P $s cn/$"*e' %et&een PE *te*s t c(**# cst,e* *tes.

V)F+ Virtual )outing and Forwarding 'a,le 4st,e* $s!(t$n $s (ch$e+e' n the PE *te* %# the se / +$*t(! *t$n" t(%!es * $nst(nces0 (!s c(!!e' +$*t(! *t$n" (n' /*&(*'$n" t(%!es$nst(nces >VRFs?. In essence0 $t $s s$,$!(* t ,($nt($n$n" ,!t$)!e 'e'$c(te' *te*s /* cst,e*s cnnect$n" $nt the )*+$'e* net&*1. The /nct$n / ( VRF $s s$,$!(* t ( "!%(! *t$n" t(%!e0 e7ce)t th(t $t cnt($ns (!! *tes )e*t($n$n" t ( s)ec$/$c VPN +e*ss the "!%(! *t$n" t(%!e. The VRF (!s cnt($ns ( VRF-s)ec$/$c 4EF /*&(*'$n" t(%!e (n(!"s t the "!%(! 4EF t(%!e (n' 'e/$nes the cnnect$+$t# *e6$*e,ents (n' )*tc!s /* e(ch cst,e* s$te n ( s$n"!e PE *te*. The VRF 'e/$nes *t$n" )*tc! cnte7ts th(t (*e )(*t / ( s)ec$/$c VPN (s &e!! (s the $nte*/(ces n the !c(! PE *te* th(t (*e )(*t / ( s)ec$/$c VPN (n'0 hence0 se the VRF. The $nte*/(ce th(t $s )(*t / the VRF ,st s))*t 4EF s&$tch$n". The n,%e* / $nte*/(ces th(t c(n %e %n' t ( VRF $s n!# !$,$te' %# the n,%e* / $nte*/(ces n the *te*0 (n' ( s$n"!e $nte*/(ce >!"$c(! * )h#s$c(!? c(n %e (ssc$(te' &$th n!# ne VRF. The VRF cnt($ns (n IP *t$n" t(%!e (n(!"s t the "!%(! IP *t$n" t(%!e0 ( 4EF t(%!e0 !$st / $nte*/(ces th(t (*e )(*t / the VRF0 (n' ( set / *!es 'e/$n$n" *t$n" )*tc! e7ch(n"e &$th (tt(che' 4E *te*s >*t$n" )*tc! cnte7ts?. In (''$t$n0 the VRF (!s cnt($ns VPN $'ent$/$e*s (s &e!! (s VPN ,e,%e*sh$) $n/*,(t$n >RD (n' RT (*e c+e*e' $n the ne7t sect$n?. F$"*e 3-C sh&s the /nct$n / ( VRF n ( PE *te* t $,)!e,ent cst,e* *t$n" $s!(t$n.

Figure 3-. V)F "#$le#entation on P )outer





As sh&n $n F$"*e 3-C0 4$sc IOS s))*ts ( +(*$et# / *t$n" )*tc!s (s &e!! (s $n'$+$'(! *t$n" )*cesses >OSPF0 EIRP0 etc.? )e* *te*. H&e+e*0 /* s,e *t$n" )*tc!s0 sch (s RIP (n' 2P0 IOS s))*ts n!# ( s$n"!e $nst(nce / the *t$n" )*tc!. The*e/*e0 t $,)!e,ent )e* VRF *t$n" s$n" these )*tc!s th(t (*e c,)!ete!# $s!(te' /*, the* VRFs0 &h$ch ,$"ht se the s(,e PE-4E *t$n" )*tc!s0 the cnce)t / *t$n" cnte7t &(s 'e+e!)e'. Routing contexts &e*e 'es$"ne' t s))*t $s!(te' c)$es / the s(,e VPN PE-4E *t$n" )*tc!s. These *t$n" cnte7ts c(n %e $,)!e,ente' (s e$the* se)(*(te' )*cesses0 (s $n the c(se / OSPF0 * (s ,!t$)!e $nst(nces / the s(,e *t$n" )*tc! >$n 2P0 RIP0 etc.?. I/ ,!t$)!e $nst(nces / the s(,e *t$n" )*tc! (*e $n se0 e(ch $nst(nce h(s $ts &n set / )(*(,ete*s. 4$sc IOS c**ent!# s))*ts e$the* RIP+ >,!t$)!e cnte7ts?0 EIRP >,!t$)!e cnte7ts?0 OSPF+ >,!t$)!e )*cesses?0 (n' 2P+B >,!t$)!e cnte7ts? (s *t$n" )*tc!s th(t c(n %e se' )e* VRF t e7ch(n"e cst,e* *t$n" $n/*,(t$n %et&een 4E (n' PE. Nte th(t the VRF $nte*/(ces c(n %e e$the* !"$c(! * )h#s$c(!0 %t e(ch $nte*/(ce c(n %e (ss$"ne' t n!# ne VRF.

)oute /istinguis&er0 )oute 'argets0 MP-BP0 and %ddress Fa#ilies In the MPLS VPN *t$n" ,'e!0 the PE *te* )*+$'es $s!(t$n %et&een cst,e*s s$n" VRFs. H&e+e*0 th$s $n/*,(t$n nee's t %e c(**$e' %et&een PE *te*s t en(%!e '(t( t*(ns/e* %et&een cst,e* s$tes +$( the MPLS VPN %(c1%ne. The PE *te* ,st %e c()(%!e / $,)!e,ent$n" )*cesses th(t en(%!e +e*!())$n" (''*ess s)(ces $n cnnecte' cst,e* net&*1s. The PE *te* ,st (!s !e(*n these *tes /*, (tt(che' cst,e* net&*1s (n' )*)("(te th$s $n/*,(t$n s$n" the sh(*e' )*+$'e* %(c1%ne. Th$s $s 'ne %# the (ssc$(t$n / ( *te '$st$n"$she* >RD? )e* +$*t(! *t$n" t(%!e n ( PE *te*. A RD $s ( B-%$t n$6e $'ent$/$e* th(t $s )*e)en'e' t the 3-%$t cst,e* )*e/$7 * *te !e(*ne' /*, ( 4E *te*0 &h$ch ,(1es $t ( n$6e -%$t (''*ess th(t c(n %e t*(ns)*te' %et&een the PE *te*s $n the MPLS ',($n. Ths0 ( n$6e RD $s cn/$"*e' )e* VRF n the PE *te*. The *es!t$n" (''*ess0 &h$ch $s -%$ts tt(! >3-%$t cst,e* )*e/$7 G B-%$t n$6e $'ent$/$e* * RD?0 $s c(!!e' ( VP version ! (VPv!) address. VPN+B (''*esses (*e e7ch(n"e' %et&een PE *te*s $n the )*+$'e* net&*1 $n (''$t$n t IP+B >3-%$t? (''*esses. The /*,(t / (n RD $s sh&n $n F$"*e 3-. As sh&n $n F$"*e 3-0 RD c(n %e / t& /*,(ts. I/ the )*+$'e* 'es nt h(+e ( 2P AS n,%e*0 the IP (''*ess /*,(t c(n %e se'0 (n'0 $/ the )*+$'e* 'es h(+e (n AS n,%e*0 the AS n,%e* /*,(t c(n %e se'. F$"*e 3- (!s sh&s the s(,e IP )*e/$70 @<.@.@;.;B0 *ece$+e' /*, t& '$//e*ent cst,e*s0 $s ,('e n$6e %# )*e)en'$n" '$//e*ent RD +(!es0 @:@;;:@ (n' @:@;@0 )*$* t )*)("(t$n" the (''*esses (s VPN+B (''*esses n the PE *te*.





Figure 3-2. )/ O$eration in MPLS VPN [View full size image]

The )*tc! se' /* e7ch(n"$n" these VPN+B *tes %et&een PE *te*s $s multiprotocol "#P >MP-2P?. 2P c()(%!e / c(**#$n" VPN+B >-%$t? )*e/$7es $n (''$t$n t the* (''*ess /(,$!$es $s c(!!e' MP-2P. The IP *e6$*e,ent t $,)!e,ent $2P >$nte*n(! 2P? st$!! h!'s $n the c(se / (n MPLS VPN $,)!e,ent(t$n. The*e/*e0 the PE *te* ,st *n (n IP th(t )*+$'es NLRI $n/*,(t$n /* $2P $/ %th PE *te*s (*e $n the s(,e AS. 4$sc c**ent!# s))*ts %th OSPF+ (n' ISIS $n the MPLS )*+$'e* net&*1 (s the IP. MP-2P $s (!s *es)ns$%!e /* (ss$"n,ent / ( VPN !(%e!. P(c1et /*&(*'$n" $n (n MPLS VPN ,(n'(tes th(t the *te* s)ec$/$e' (s the ne7t h) $n the $nc,$n" 2P )'(te $s the s(,e *te* th(t (ss$"ns the VPN !(%e!. Sc(!(%$!$t# &(s ( )*$,(*# *e(sn /* the ch$ce / 2P (s the )*tc! t c(**# cst,e* *t$n" $n/*,(t$n. In (''$t$n0 2P en(%!es the se / VPN+B (''*ess $n (n MPLS VPN *te* en+$*n,ent th(t en(%!es +e*!())$n" (''*ess *(n"es &$th ,!t$)!e cst,e*s. An MP-2P sess$n %et&een PE *te*s $n ( s$n"!e 2P AS $s c(!!e' (n MP-$2P sess$n (n' /!!&s *!es (s $n the $,)!e,ent(t$n / $2P &$th *e"(*'s t 2P (tt*$%tes. I/ the VPN e7ten's %e#n' ( s$n"!e AS0 VPN+B *tes &$!! %e e7ch(n"e' %et&een AS (t the AS %n'(*$es s$n" (n MP-e2P sess$n. Route targets >RTs? (*e (''$t$n(! $'ent$/$e*s se' $n the MPLS VPN ',($n $n the 'e)!#,ent / MPLS VPN th(t $'ent$/# the VPN ,e,%e*sh$) / the *tes !e(*ne' /*, th(t )(*t$c!(* s$te. RTs (*e $,)!e,ente' %# the se / e7ten'e' 2P c,,n$t$es $n &h$ch the h$"he* *'e* @ %$ts / the 2P e7ten'e' c,,n$t# >B tt(! %$ts? (*e enc'e' &$th ( +(!e c**es)n'$n" t the VPN ,e,%e*sh$) / the s)ec$/$c s$te. When ( VPN *te !e(*ne' /*, ( 4E *te* $s $necte' $nt VPN+B 2P0 ( !$st / VPN *te t(*"et e7ten'e' c,,n$t# (tt*$%tes $s (ssc$(te' &$th $t. The export route target $s se' $n $'ent$/$c(t$n / VPN ,e,%e*sh$) (n' $s (ssc$(te' t e(ch VRF. Th$s e7)*t *te t(*"et $s ())en'e' t ( cst,e* )*e/$7 &hen $t $s


@;

“DATA NETWORK” OF JTOs PH-II : MPLS_L3_VPN cn+e*te' t ( VPN+B )*e/$7 %# the PE *te* (n' )*)("(te' $n MP-2P )'(tes. The import route target $s (ssc$(te' &$th e(ch VRF (n' $'ent$/$es the VPN+B *tes t %e $,)*te' $nt the VRF /* the s)ec$/$c cst,e*. The /*,(t / ( RT $s the s(,e (s (n RD +(!e. The $nte*(ct$n / RT (n' RD +(!es $n the MPLS VPN ',($n (s the )'(te $s cn+e*te' t (n MP-2P )'(te $s sh&n $n F$"*e 3-<.

Figure 3-. )' and )/ O$eration in an MPLS VPN [View full size image]

When $,)!e,ent$n" c,)!e7 VPN t)!"$es0 sch (s e7t*(net VPN0 Inte*net (ccess VPNs0 net&*1 ,(n("e,ent VPN0 (n' s n0 s$n" MPLS VPN techn!"#0 the RT )!(#s ( )$+t(! *!e. A s$n"!e )*e/$7 c(n %e (ssc$(te' t ,*e th(n ne e7)*t *te t(*"et &hen )*)("(te' (c*ss the MPLS VPN net&*1. The RT c(n0 (s ( *es!t0 %e (ssc$(te' t s$tes th(t ,$"ht %e ( ,e,%e* / ,*e th(n ne VPN. The /!!&$n" )*cesses cc* '*$n" *te )*)("(t$n $n (n MPLS VPN0 (s sh&n $n F$"*e 3-<: 1.

The )*e/$7 @<.@.@;.;B $s *ece$+e' /*, 4E@-A0 &h$ch $s )(*t / VRF 4st,e*A n PE@-AS@.

2.

PE@ (ssc$(te' (n RD +(!e / @:@;; (n' (n e7)*t RT +(!e / @:@;; (s cn/$"*e' $n the VRF 'e/$n$t$n n the PE@-AS@ *te*.

3.

Rtes !e(*ne' /*, cnnecte' 4E *te*s 4E@-A (*e *e'$st*$%te' $nt the MP2P )*cess n PE@-AS@ &he*e the )*e/$7 @<.@.@;.;B $s )*e)en'e' &$th the RD +(!e / @:@;; (n' ())en'e' &$th the *te t(*"et e7ten'e' c,,n$t# +(!e >e7)*t RT? / @:@;; )*$* t sen'$n" the VPN+B )*e/$7 (s )(*t / the MP-$2P )'(te %et&een PE *te*s.


@@

“DATA NETWORK” OF JTOs PH-II : MPLS_L3_VPN The VPN !(%e! ($ %ytes) $s (ss$"ne' /* e(ch )*e/$7 !e(*ne' /*, the cnnecte' 4E *te*5s IP )*cess &$th$n ( VRF %# the PE *te*5s MP-2P )*cess. MP-2P *nn$n" $n the se*+$ce )*+$'e* MPLS ',($n ths c(**$es the VPN+B )*e/$7 >IP+B )*e/$7 G )*e)en'e' RD? $n (''$t$n t the 2P *te t(*"et e7ten'e' c,,n$t#. Nte th(t (!th"h the RT $s ( ,(n'(t*# cn/$"*(t$n $n (n MPLS VPN /* (!! VRFs cn/$"*e' n ( *te*0 the RT +(!es c(n %e se' t $,)!e,ent c,)!e7 VPN t)!"$es $n &h$ch ( s$n"!e s$te c(n %e ( )(*t / ,*e th(n ne VPN. In (''$t$n0 RT +(!es c(n (!s %e se' t )e*/*, se!ect$+e *te $,)*t$n" $nt ( VRF &hen VPN+B *tes (*e !e(*ne' $n MP-$2P )'(tes. The VPN !(%e! $s n!# n'e*st' %# the e"*ess PE >'(t( )!(ne? th(t $s '$*ect!# cnnecte' t the 4E *te* ('+e*t$s$n" the )*e/$7. Nte th(t the ne7t h)s n PE *te*s ,st nt %e ('+e*t$se' $n the 2P )*cess %t ,st %e !e(*ne' /*, the IP /* MPLS VPN $,)!e,ent(t$n. The VPN !(%e! h(s %een 'e)$cte' %# the ent*$es V@ (n' V $n F$"*e 3-<. 4.

The MP-2P )'(te $s *ece$+e' %# the PE *te* PE0 (n' the *te $s st*e' $n the ())*)*$(te VRF t(%!e /* 4st,e* A %(se' n the VPN !(%e!.

5.

The *ece$+e' MP-2P *tes (*e *e'$st*$%te' $nt the VRF PE-4E *t$n" )*cesses0 (n' the *te $s )*)("(te' t 4E-A.

In (''$t$n0 the* 2P e7ten'e' c,,n$t# (tt*$%tes sch (s site o& origin (SoO) c(n (!s %e ())!$e' t the MP-$2P )'(te )*$* t )*)("(t$n. The SO (tt*$%te $s se' t $'ent$/# the s)ec$/$c s$te /*, &h$ch the PE !e(*ns the *te (n' $s se' $n the $'ent$/$c(t$n (n' )*e+ent$n / *t$n" !)s. The SO e7ten'e' c,,n$t# $s ( 2P e7ten'e' c,,n$t# (tt*$%te se' t $'ent$/# *tes th(t h(+e *$"$n(te' /*, ( s$te s th(t the *e-('+e*t$se,ent / th(t )*e/$7 %(c1 t the s*ce s$te c(n %e )*e+ente'0 ths )*e+ent$n" *t$n" !)s. The SO e7ten'e' c,,n$t# n$6e!# $'ent$/$es the s$te /*, &h$ch ( PE *te* h(s !e(*ne' ( *te. SO en(%!es /$!te*$n" / t*(//$c %(se' n the s$te /*, &h$ch $t &(s *$"$n(te'. SO /$!te*$n" ,(n("es MPLS VPN t*(//$c (n' )*e+ents *t$n" !)s /*, cc**$n" $n c,)!e7 (n' ,$7e' net&*1 t)!"$es $n &h$ch the cst,e* s$tes ,$"ht )ssess cnnect$+$t# (c*ss the MPLS VPN %(c1%ne (s &e!! (s )ssess %(c1'* !$n1s %et&een s$tes. The $,)!e,ent(t$n / ( MPLS VPN $n &h$ch (!! VPN s$tes %e!n"$n" t ( cst,e* c(n s)e(1 t (!! the* s$tes $n the s(,e cst,e* ',($n $s c(!!e' ( s$,)!e VPN $,)!e,ent(t$n * intranet VP . As ,ent$ne' e(*!$e*0 RTs c(n %e se' t $,)!e,ent c,)!e7 VPN t)!"$es $n &h$ch ce*t($n s$tes th(t (*e )(*t / ne cst,e*5s ',($n (*e (!s (ccess$%!e %# the* cst,e*s5 VPN s$tes. Th$s $,)!e,ent(t$n $s c(!!e' (n extranet VP . In (''$t$n0 +(*$(nts / e7t*(net VPN0 sch (s net&*1 ,(n("e,ent VPN (s &e!! (s cent*(! se*+$ces VPN (n' Inte*net (ccess VPN0 c(n (!s %e 'e)!#e'. It $s $,)*t(nt t n'e*st(n' the cnce)t / (''*ess /(,$!$es (n' the$* )!(ce $n the )e*(t$n / MP-2P t en(%!e the t*(ns)*t / VPN+B *tes &$th e7ten'e' c,,n$t# (tt*$%tes. P*$* t RF4 30 M!t$)*tc! E7tens$ns /* 2P-B0 2P +e*s$n B &(s c()(%!e / c(**#$n" *t$n" $n/*,(t$n n!# )e*t($n$n" t IP+B. RF4 3 'e/$nes e7tens$ns t 2P-B th(t en(%!e 2P-B t c(**# $n/*,(t$n /* ,!t$)!e net&*1 !(#e* )*tc!s. RF4 3 st(tes th(t t en(%!e 2P-B t s))*t *t$n" /* ,!t$)!e net&*1 !(#e* )*tc!s0 the (''$t$ns t 2P-B ,st (ccnt /*


@

“DATA NETWORK” OF JTOs PH-II : MPLS_L3_VPN the (%$!$t# / ( )(*t$c!(* net&*1 !(#e* )*tc! t %e (ssc$(te' &$th ( ne7t h) (s &e!! (s the NLRI >net&*1 !(#e* *e(ch(%$!$t# $n/*,(t$n?. The t& ne& (tt*$%tes th(t &e*e (''e' t 2P &e*e M!t$)*tc! Re(ch(%!e NLRI >MP_REA4H_NLRI?0 (n' M!t$)*tc! 9n*e(ch(%!e NLRI >MP_9NREA4H_NLRI?. MP_REA4H_NLRI c(**$es the set / *e(ch(%!e 'est$n(t$ns t"ethe* &$th the ne7t-h) $n/*,(t$n t %e se' /* /*&(*'$n" t these 'est$n(t$ns. MP_9NREA4H_NLRI c(**$es the set / n*e(ch(%!e 'est$n(t$ns. 2th / these (tt*$%tes (*e )t$n(! (n' nnt*(ns$t$+e. The*e/*e0 ( 2P s)e(1e* th(t 'es nt s))*t these ,!t$)*tc! c()(%$!$t$es &$!! st $"n*e the $n/*,(t$n c(**$e' $n these (tt*$%tes (n' &$!! nt )(ss $t t the* 2P s)e(1e*s. An address &amily $s ( 'e/$ne' net&*1 !(#e* )*tc!. An (''*ess /(,$!# $'ent$/$e* >AFI? c(**$es (n $'ent$t# / the net&*1 !(#e* )*tc! (ssc$(te' &$th the net&*1 (''*ess $n the ,!t$)*tc! (tt*$%tes $n 2P. >A''*ess /(,$!# $'ent$/$e*s /* net&*1 !(#e* )*tc!s (*e 'e/$ne' $n RF4 @<;;0 Ass$"ne' N,%e*s.? The PE *te*0 $n essence0 $s (n E'"e LSR (n' )e*/*,s (!! the /nct$ns / (n E'"e LSR. The PE *te* *e6$*es LDP /* !(%e! (ss$"n,ent (n' '$st*$%t$n (s &e!! (s /*&(*' !(%e!e' )(c1ets. In (''$t$n t the /nct$ns / (n E'"e LSR0 the PE $,)!e,ents ( *t$n" )*tc! >* st(t$c *tes? &$th cnnecte' 4E *te*s )e* +$*t(! *t$n" t(%!e (n' *e6$*es MP-2P t )*)("(te )*e/$7es !e(*ne' /*, 4E *te*s (s VPN+B )*e/$7es $n MP-$2P )'(tes t the* PE *te*s (!n" &$th the VPN !(%e!. The P *te*5s *e6$*e,ents (*e t *n (n IP >e$the* OSPF * ISIS? (s &e!! (s h(+e MPLS en(%!e' t /*&(*' !(%e!e' )(c1ets >'(t( )!(ne? %et&een PE *te*s. The IP $s se' t )*+$'e0 (s &e!! (s )*)("(te0 NLRI t cnnecte' P (n' PE *te*s t $,)!e,ent (n MP-$2P sess$n %et&een PE *te*s >cnt*! )!(ne?. As e7)!($ne' $n 4h()te*s @ (n' 0 LDP $s *n n the P *te* /* !(%e! (ss$"n,ent (n' '$st*$%t$n.

MPLS VPN Control Plane O$eration The control plane $n MPLS VPN $,)!e,ent(t$n cnt($ns (!! the L(#e* 3 *t$n" $n/*,(t$n (n' the )*cesses &$th$n t e7ch(n"e *e(ch(%$!$t# $n/*,(t$n /* ( s)ec$/$c L(#e* 3 IP )*e/$7 $n (''$t$n t !(%e! (ss$"n,ent (n' '$st*$%t$n s$n" LDP >(s e7)!($ne' $n 4h()te* @?. The data plane )e*/*,s the /nct$ns *e!(t$n" t the /*&(*'$n" / %th !(%e!e' (s &e!! (s IP )(c1ets t the ne7t h) t&(*' ( 'est$n(t$n net&*1. F$"*e 3- t!$nes the $nte*(ct$ns / )*tc!s $n the cnt*! )!(ne $n (n MPLS VPN $,)!e,ent(t$n.

Figure 3-4. Control Plane "nteractions in MPLS VPN [View full size image]


@3


The 4E *te*s (*e cnnecte' t the PE *te*s0 (n' (n IP0 2P0 * st(t$c *te $s *e6$*e' n the 4E *te*s $n cnnct$n &$th (tt(che' PE *te*s t "(the* (n' ('+e*t$se NLRI $n/*,(t$n. In the MPLS VPN %(c1%ne cns$st$n" / P (n' PE *te*s0 (n IP >s(!!# e$the* OSPF * ISIS? $n (''$t$n t LDP $s se' %et&een PE (n' P *te*s. LDP $s se' /* (!!c(t$n (s &e!! (s '$st*$%t$n / !(%e!s $n the MPLS ',($n. The IP $s se' /* NLRI $n/*,(t$n e7ch(n"e (s &e!! (s t ,() th$s NLRI $nt MP-2P. MP-2P sess$ns (*e ,($nt($ne' %et&een PE *te*s $n (n MPLS VPN ',($n (n' e7ch(n"e MP-2P )'(tes cns$st$n" / n$6e VPN+B (''*esses $n (''$t$n t 2P e7ten'e' c,,n$t# (tt*$%tes (ssc$(te' &$th s)ec$/$c VPN+B (''*esses. P(c1ets /*, 4E t PE (*e (!&(#s )*)("(te' (s IP+B )(c1ets. O)e*(t$n / the MPLS VPN cnt*! )!(ne $s sh&n $n F$"*e 3-. F$"*e 3- sh&s ( s$,)!e VPN $,)!e,ent(t$n &$th t& s$tes %e!n"$n" t 4st,e* A cnnecte' t ne (nthe* (c*ss ( se*+$ce )*+$'e*5s MPLS %(c1%ne.

Figure 3-5. Control Plane O$eration [View full size image]


@B


The /!!&$n" (*e the ste)s /* cnt*! )!(ne )e*(t$n $n MPLS VPN. The ste)s (*e t!$ne' /* )*e/$7es ('+e*t$se' %# the 4EA-@ *te* (n' (*e sh&n $n F$"*e 3-: Step 1.

IP+B )'(te /* net&*1 @<.@.@;.; $s *ece$+e' %# the e"*ess PE *te* >'(t( )!(ne?.

Step 2.

PE@-AS@ (cce)ts (n' t*(ns/*,s the IP+B *te0 @<.@.@;.;B0 t ( VPN+B *te %# (ss$"n$n" (n RD @:@;;0 SO0 (n' RT @:@;; %(se' n the VRF cn/$"*(t$n n PE@-AS@. It then (!!c(tes ( VPN+B !(%e! V@ t the @<.@.@;.;B )'(te (n' *e&*$tes the ne7t-h) (tt*$%te t the PE@-AS@ !)%(c1; IP (''*ess @;.@;.@;.@;@. PE@-AS@ !)%(c1 @;.@;.@;.@;@ $s *e(ch(%!e +$( IP >OSPF? (n' LDP. F$"*e 3- sh&s the cnt*! )!(ne )e*(t$n (n' the !(%e! )*)("(t$n /* )*e/$7 @;.@;.@;.@;@3 /*, PE@AS@ t PE-AS@ $ns$'e the )*+$'e* net&*1. Th$s )*)("(t$n t(1es )!(ce (s sn (s the MPLS VPN )*+$'e* net&*1 $s est(%!$she' (n' $s (!&(#s $n )!(ce )*$* t (n# VPN+B )*e/$7 %e$n" )*)("(te' (c*ss the MPLS VPN )*+$'e* net&*1. The /!!&$n" ste)s (*e )e*/*,e' $n the !(%e! )*)("(t$n )*cess /* )*e/$7 @;.@;.@;.@;@3. Th$s )e*(t$n $s sh&n /* c!(*$t#: (. (: In F$"*e 3-0 E'"e LSR PE-AS@ *e6ests ( !(%e! /* the @;.@;.@;.@;@3 )*e/$7 s$n" the LDP !(%e! ,())$n" *e6est /*, $ts '&nst*e(, ne$"h%*0 LSR P-AS@. P-AS@ *e6ests ( !(%e! /* the @;.@;.@;.@;@3 )*e/$7 s$n" the LDP !(%e! ,())$n" *e6est /*, $ts '&nst*e(, ne$"h%* LSR P@-AS@. P@-AS@0 $n t*n0 *e6ests ( !(%e! /* the @;.@;.@;.@;@3 )*e/$7 s$n" the LDP !(%e! ,())$n" *e6est /*, $ts '&nst*e(, ne$"h%*0 E'"e LSR PE@AS@. E'"e LSR PE@-AS@ (!!c(tes ( !(%e! / $,)!$c$t-n!! >)en!t$,(te h) )))$n"? t @;.@;.@;.@;@30 ,'$/$es the ent*# $n the LFI2 c**es)n'$n" t @;.@;.@;.@;@30 (n' sen's $t t P@-AS@ s$n" (n LDP *e)!#. %. %: P@-AS@ ses the $,)!$c$t-n!! !(%e! *ece$+e' /*, PE@-AS@ (s $ts t%n' !(%e! +(!e0 (!!c(tes ( !(%e! >L@? t )*e/$7 @;.@;.@;.@;@30 (n' ,'$/$es the LFI2 ent*# /* @;.@;.@;.@;@3. P@-AS@ then sen's th$s !(%e! +(!e t P-AS@ +$( (n LDP *e)!#.

Step 3.

c. c: P-AS@ ses the !(%e! >L@? *ece$+e' /*, P@-AS@ (s $ts t%n' !(%e! +(!e0 (!!c(tes ( !(%e! >L? t )*e/$7 @;.@;.@;.@;@30 (n' ,'$/$es the LFI2 ent*# /* @;.@;.@;.@;@3. P-AS@ then sen's th$s !(%e! +(!e t PE-AS@ +$( (n LDP *e)!#. PE@-AS@ h(s the VRF cn/$"*e' t (cce)t *tes &$th RT @:@;; (n' the*e/*e t*(ns!(tes the VPN+B )'(te t IP+B (n' $nse*ts the *te $n VRF /* 4st,e* A. It then )*)("(tes th$s *te t the 4E-A.


@C


MPLS VPN /ata Plane O$eration The )*$* sect$n '$scsse' )'(te )*)("(t$n (!n" &$th the !(%e! (ss$"n,ent (n' '$st*$%t$n0 %th /* MPLS )(c1et /*&(*'$n" (s &e!! (s the VPN !(%e!. MPLS VPN '(t( )!(ne )e*(t$n $n+!+es the s("e / the !(%e! st(c1 $n &h$ch the t) !(%e! $n the !(%e! st(c1 $s the !(%e! (ss$"ne' /* the e"*ess PE *te*s >'(t( )!(ne? ne7t-h) (''*ess0 (n' the secn' !(%e! $n the !(%e! st(c1 $s the VPN !(%e! (s (ss$"ne' %# the e"*ess PE *te* cnnecte' t the 4E *te* ('+e*t$s$n" the )*e/$7. When s$n" the !(%e! st(c1 $n (n MPLS VPN $,)!e,ent(t$n0 the $n"*ess)st*e(, PE *te* ths !(%e!s the $nc,$n" IP )(c1et /* ( *e,te VPN 'est$n(t$n &$th t& !(%e!s. The secn' !(%e! $n the st(c1 )$nts t&(*' (n t"$n" $nte*/(ce &hene+e* the 4E *te* $s the ne7t h) / the VPN *te. The secn' !(%e! $n the st(c1 )$nts t the VRF t(%!e /* (""*e"(te VPN *tes0 VPN *tes )$nt$n" t n!! $nte*/(ce0 (n' *tes /* '$*ect!# cnnecte' VPN $nte*/(ces. Th$s &$!! %e e7)!($ne' $n ,*e 'et($! $n the sect$n MPLS VPN 2(s$c 4n/$"*(t$n. P *te*s )e*/*, !(%e! s&$tch$n" n the LDP-(ss$"ne' !(%e! t&(*' the e"*ess PE *te*. The e"*ess PE *te* $'ent$/$es the VPN !(%e! (ss$"ne' &$th ( VRF >th(t $t h(s )*e+$s!# (ss$"ne'? (n' e$the* /*&(*'s the IP )(c1et t&(*' the 4E *te* * )e*/*,s (nthe* IP !1) $n the VRF t(%!e t $'ent$/# the ne7t h) t&(*' the 'est$n(t$n. F$"*e 3-@; 'e)$cts the +(*$s ste)s $n the '(t( )!(ne /*&(*'$n" / cst,e* '(t( /*, ne cst,e* s$te 4E-A t 4E@-A cnnecte' s$n" the SP5s $n/*(st*ct*e.

Figure 3-16. MPLS VPN /ata Plane O$eration [View full size image]

When '(t( $s /*&(*'e' t ( s)ec$/$c )*e/$7 %e!n"$n" t ( VPN (c*ss the MPLSen(%!e' c*e0 the t) !(%e! $n the !(%e! st(c1 $s the n!# ne s&())e' (s the )(c1et t*(+e*ses the %(c1%ne. The VPN !(%e! $s 1e)t $nt(ct (n' $s *e,+e' n!# $n the e"*ess'&nst*e(, PE *te*. The *es!t$n" )*e/$7 $s (ssc$(te' &$th (n t"$n" $nte*/(ce %e!n"$n" t ( s)ec$/$c VRF n the *te* 'e)en'$n" n the +(!e $n the VPN !(%e!.


@


He*e (*e the ste)s $n the '(t( )!(ne /*&(*'$n" sh&n $n F$"*e 3-@;: Step 1.

4E-A *$"$n(tes ( '(t( )(c1et &$th the s*ce (''*ess / @<.@.;.@ (n' 'est$n(t$n / @<.@.@;.@.

Step 2.

PE-AS@ *ece$+es the '(t( )(c1et (n' ())en's the VPN !(%e! V@ (n' LDP !(%e! L (n' /*&(*'s the )(c1et t P-AS@.

Step 3.

P-AS@ *ece$+es the '(t( )(c1et 'est$ne' t @<.@.@;.@ (n' s&()s LDP !(%e! L &$th L@.

Step 4.

P@-AS@ *ece$+es the '(t( )(c1et 'est$ne' t @<.@.@;.@ (n' ))s the t) !(%e! %ec(se $t *ece$+es (n $,)!$c$t-n!! !(%e! ,())$n" /* @;.@;.@;.@;@3 /*, PE@-AS@. The *es!t$n" !(%e!e' )(c1et >&$th VPN L(%e! V@? $s /*&(*'e' t PE@-AS@.

Step 5.

PE@-AS@ ))s the VPN !(%e! (n' /*&(*'s the '(t( )(c1et t 4E@-A &he*e the @<.@.@;.; net&*1 $s !c(te'.

The 1e# t n'e*st(n'$n" the )e*(t$n / MPLS VPN $s th(t the VPN !(%e! $s ne+e* tche' nt$! $t *e(ches the e"*ess PE *te* t&(*' the FE4. A!! the /*&(*'$n" / t*(//$c $s 'ne (s e7)!($ne' $n 4h()te* @= the ne7t-h) !(%e! ,())$n" t the '&nst*e(, PE *te*5s !)%(c1 $s se' t /*&(*' the )(c1et >$n th$s c(se0 !(%e!e' IP %ec(se / the )*esence / ( VPN !(%e!? th*"h the MPLS ',($n.

MPLS VPN Basic Configuration Th$s sect$n t!$nes the "ene*$c cn/$"*(t$ns *e6$*e' n the *te*s $n the se*+$ce )*+$'e* ',($n t $,)!e,ent MPLS VPN. The cn/$"*(t$ns / the PE (n' P *te*s &$!! %e c+e*e' $n th$s sect$n. The s%se6ent sect$ns $n th$s ch()te* 'e!+e $nt e(ch / the cn/$"*(t$n %!c1s n the PE (n' P *te*s (!ne. The cn/$"*(t$ns *e6$*e' t $,)!e,ent PE-4E *t$n" sess$ns (*e '$scsse' $n 4h()te*s B th*"h 0 'e)en'$n" n the PE-4E )*tc! $n se. A!! cn/$"*(t$ns t!$ne' $n the /!!&$n" sect$ns (*e )e*/*,e' $n the net&*1 sh&n $n F$"*e 3-@@. F* s$,)!$c$t#0 n!# cnnecte' net&*1s th(t (*e )(*t / the VRF &$!! %e *e'$st*$%te' $nt the MP-2P )*cesses.


@<


Figure 3-11. Networ( 'o$olog+ MPLS VPN P and P Configuration [View full size image]

The t)!"# $n F$"*e 3-@@ (tte,)ts t $,)!e,ent ( s$,)!e $nt*(net VPN %et&een t& s$tes %e!n"$n" t 4st,e* A0 s$te @ (n' s$te . The cst,e* net&*1 cns$sts / the 4E *te*s 4E@-A (n' 4E-A. In (''$t$n0 t& !)%(c1s >!)%(c1 @? n PE@AS@ (n' PE-AS@ &$!! %e cn/$"*e' (s )(*t / the VRF Customer' (n' %e *e'$st*$%te' $nt the MP-2P *t$n" cnte7ts.

Configuration of C )outers The cn/$"*(t$n / *te e7ch(n"e %et&een PE (n' 4E *te*s $n+!+es the $,)!e,ent(t$n / ( *t$n" )*tc! >* st(t$c'e/(!t *tes? n the 4E *te*s. N s)ec$/$c cn/$"*(t$n the* th(n the *e"!(* *t$n" )*tc! cn/$"*(t$n $s *e6$*e' n the 4E *te*s. On the PE *te*0 VRF *t$n" cnte7ts >* (''*ess /(,$!# cnte7ts? (*e *e6$*e' /* *te e7ch(n"e %et&een the PE (n' 4E. These *tes (*e then ,t(!!# *e'$st*$%te' &$th the MP-2P )*cess )e* VRF. 4n/$"*(t$ns /* the (%+e %(se' n )*tc! ch$ce %et&een PE (n' 4E &$!! %e c+e*e' $n 4h()te*s B th*"h .

Configuring MPLS Forwarding and V)F /efinition on P )outers 4n/$"*$n" MPLS /*&(*'$n" $s the /$*st ste) t )*+$s$n the se*+$ce )*+$'e*5s MPLS VPN %(c1%ne. Th$s ste) ens*es the se*+$ce )*+$'e*5s *e('$ness t )*+$'e MPLS-*e!(te' se*+$ces t )*s)ect$+e cst,e*s. At ( ,$n$,,0 the ste)s t cn/$"*e MPLS /*&(*'$n" n PE *te*s (*e


@


Step 1.

En(%!e 4EF.

Step 2.

4n/$"*e IP *t$n" )*tc! n the PE *te*.

Step 3.

4n/$"*e MPLS * !(%e! /*&(*'$n" n the PE $nte*/(ces cnnecte' t P.

These ste)s h(+e (!*e('# %een '$scsse' $n 4h()te*s @ (n'  (n' ths h(+e nt %een sh&n. In th$s sect$n0 &e cn/$"*e VRFs n the PE *te*s. F$"*e 3-@ sh&s the cn/$"*(t$n ste)s n the PE *te*s t cn/$"*e VRF 'e/$n$t$n.

Figure 3-1!. V)F /efinition on P )outers+ Configuration Ste$s [View full size image]

Step 1.

Confiure !"# on PE router 84n/$"*e the VRF Customer$ n PE@ (n' PE-AS@ *te*. Th$s *es!ts $n the c*e(t$n / ( VRF *t$n" t(%!e (n' ( 4$sc E7)*ess F*&(*'$n" >4EF? t(%!e /* Customer$. E7(,)!e 3-@ sh&s Customer$ VRF %e$n" cn/$"*e' n PE@-AS@ *te*. Nte the VRF n(,e $s c(se sens$t$+e.

7a#$le 3-1. V)F /efinition

PE1-AS1(config)#ip vrf CustomerA Nte th(t c*e(t$n * 'e!et$n / ( VRF *es!ts $n *e,+(! / the IP (''*ess /*, the $nte*/(ce. E7(,)!e 3- $!!st*(tes the ,ess("e th(t cc*s n VRF


@

“DATA NETWORK” OF JTOs PH-II : MPLS_L3_VPN 'e!et$n.

7a#$le 3-!. V)F /eletion

PE1-AS1(config-vrf)#no ip vrf CustomerA % IP addresses from all interfaces in VRF CstomerA !ave "een removed Step 2.

Confiure t%e "& 8The RD c*e(tes *t$n" (n' /*&(*'$n" t(%!es. The RD $s (''e' t the %e"$nn$n" / the cst,e*5s IP+B )*e/$7es t cn+e*t the, $nt "!%(!!# n$6e VPN+B )*e/$7es. E7(,)!e 3-3 sh&s the cn/$"*(t$n /* 'e/$n$n" the RD n'e* the VRF.

7a#$le 3-3. Configuring V)F Para#eters+ )/

PE1-AS1(config-vrf)#rd 1:100 The RD c(n %e se' $n e$the* / these /*,(ts: - @-%$t AS n,%e*: * 3-%$t n,%e* >/* e7(,)!e0 @:@;;? - 3-%$t IP (''*ess: * @-%$t n,%e* >/* e7(,)!e0 @;.@;.@;.@;@:@? RD /* (n e7$st$n" VRF c(n %e ch(n"e' n!# (/te* 'e!et$n / th(t VRF. E7(,)!e 3-B $!!st*(tes the cnce)t.

7a#$le 3-*. )edefining V)F )/ Value

PE1-AS1(config)#ip vrf CustomerA PE1-AS1(config-vrf)#rd 1:100 % o $no i vrf $ "efore redefining t!e VRF RD h(s t %e n$6e /* th(t )(*t$c!(* VRF. N t& VRFs n the s(,e *te* c(n h(+e s$,$!(* RD. T*#$n" t set the s(,e RD n the VRF n the s(,e *te* *es!ts $n the ,ess("e sh&n $n E7(,)!e 3-C.

7a#$le 3-. )/ 8ni9ueness

PE1-AS1(config)#ip vrf CustomerA PE1-AS1(config-vrf)#rd 1:100 % Cannot set R& c!ec' if its nie Step 3.

Confiure t%e import and e'port poli(y 84n/$"*e the $,)*t (n' e7)*t )!$c# /* the MP-2P e7ten'e' c,,n$t$es. The )!$c# $s se'


;

“DATA NETWORK” OF JTOs PH-II : MPLS_L3_VPN /* /$!te*$n" *tes /* th(t )(*t$c!(* RT. E7(,)!e 3- )*+$'es the *e!e+(nt cn/$"*(t$n /* 'e/$n$n" $,)*t (n' e7)*t )!$c#.

7a#$le 3-2. Configuring V)F Para#eters+ )'

PE1-AS1(config-vrf)#route-target both 1:100 The )ot% 1e#&*' $n the )*e+$s c,,(n' *es!ts $n the cn/$"*(t$n / $,)*t (n' e7)*t )!$c#0 (n' the cn/$"*(t$n t)t $s sh&n $n E7(,)!e 3-<.

7a#$le 3-. )' Configuration O$tions

PE1-AS1#sh run *ilding configration+++ i vrf CstomerA rd 1,1 rote-target e.ort 1,1 rote-target imort 1,1 Step 4.

$sso(iate !"# wit% t%e interfa(e 8Assc$(te +$*t(! *t$n"/*&(*'$n" $nst(nce >VRF? &$th (n $nte*/(ce * s%$nte*/(ce $n th$s 4st,e*A.

Assc$(t$n" the VRF t (n $nte*/(ce *es!ts $n *e,+(! / the IP (''*ess /*, th(t $nte*/(ce. Th$s $s n!# $/ VRF &(s (ssc$(te' t (n $nte*/(ce th(t h(' the IP (''*ess (!*e('# cn/$"*e'. Th$s ,e(ns th(t the IP (''*ess &$!! h(+e t %e *ecn/$"*e' (/te* the VRF $s (ssc$(te' &$th th(t $nte*/(ce. E7(,)!e 3- sh&s the cn/$"*(t$n /* (ssc$(t$n" the VRF t (n $nte*/(ce. E7(,)!e 3- sh&s the *e,+(! / the IP (''*ess &hen no ip vrf forwardin vr&name $s cn/$"*e' n the $nte*/(ce.

7a#$le 3-4. %ssociating V)F wit& "nterface

PE1-AS1(config)#interface serial4/0 PE1-AS1(config-if)#ip add 172.1.1.1 2!!.2!!.2!!.2!2 PE1-AS1(config-if)# ip vrf for"arding CustomerA % Interface Serial/0 IP address 12+13+1+1 removed de to ena"ling VRF CstomerA PE1-AS1(config-if)#ip add 172.1.1.1 2!!.2!!.2!!.2!2


@


7a#$le 3-5. V)F %ssociation to "nterface "P %ddress

PE1-AS1(config-if)#no ip vrf for"arding CustomerA % Interface Serial/0 IP address 12+13+1+1 removed de to disa"ling VRF CstomerA

Final V)F Configuration on P1-%S1 )outer E7(,)!e 3-@; sh&s the VRF cn/$"*(t$n n the PE@-AS@ *te*.

7a#$le 3-16. V)F Configuration of P1-%S1 ip vrf CustomerA rd 1:100 route-target e#port 1:100 route-target import 1:100 $ interface %erial1/0 description &'-C' lin( to C'1-A ip vrf for"arding CustomerA ip address 172.1.1.1 2!!.2!!.2!!.0 $ )nterface *oopbac(1 ip vrf for"arding CustomerA ip address 172.1.100.1 2!!.2!!.2!!.2!!

Verification of V)F Configuration on P )outers The s%ow ip vrf c,,(n' $s se' t +e*$/# $/ the c**ect VRF e7$sts n the $nte*/(ce. E7(,)!e 3-@@ $n'$c(tes th(t the c**ect VRF 4st,e*A $s cn/$"*e' n the Se*$(!@; $nte*/(ce n the PE@ *te*.

7a#$le 3-11. show ip vrf on P1-%S1





PE1-AS1#sho" ip vrf 4ame CstomerA

efalt R 1,1

Interfaces Se10 5o1

The s%ow ip vrf interfa(es c,,(n' )*+$'es the !$st$n" / $nte*/(ces th(t (*e (ct$+(te' /* ( )(*t$c!(* VRF. E7(,)!e 3-@ sh&s th(t Se*$(!@; $s (ct$+e /* VRF VRF-St(t$c.

7a#$le 3-1!. show ip vrf interfaces on P1-%S1

PE1-AS1#sho" ip vrf interfaces Interface Protocol

IP-Address

VRF

Serial10 

12+13+1+1

CstomerA

5o1 

12+13+1+1

CstomerA

Configuration of BP P-P )outing on P )outers 4n/$"*$n" 2P PE-PE *t$n" %et&een the PE *te*s $s the ne7t ste) $n (n MPLS VPN 'e)!#,ent. The )*)se / th$s ste) $s t ens*e th(t VPN+B *tes c(n %e t*(ns)*te' (c*ss the se*+$ce )*+$'e* %(c1%ne s$n" MP-$2P. The P *te* $s t*(ns)(*ent t th$s ent$*e )*cess (n'0 the*e/*e0 'es nt c(**# (n# cst,e* *tes. F$"*e 3-@3 $!!st*(tes the ste)s /* cn/$"*$n" 2P PE-PE *t$n" sess$ns %et&een the PE *te*s.


3


Figure 3-13. BP P-P )outing Configuration Ste$s [View full size image]

Step 1. Confiure *+P routin on PE routers 8En(%!e 2P *t$n" (n' $'ent$/# the AS n the PE AS@ *te*s. E7(,)!e 3-@3 h$"h!$"hts the cn/$"*(t$n.

7a#$le 3-13. Configuring BP )outing on P )outers

PE1-AS1(config)#router bgp 1 66666666666666666666666666666666666666666666666666666666666666 PE2-AS1(config)#router bgp 1 Step 2. Confiure t%e ,P-i*+P nei%)ors 84n/$"*e the *e,te MP-$2P ne$"h%* (n'  $nte*/(ce (s the s*ce / 2P ,ess("es (n' )'(tes. Nte th(t # h(+e t se the update-s n!# &hen the ne$"h%* $s )ee*$n" t #* !)%(c1 (''*ess. Th$s $s $**es)ect$+e / &hethe* e2P ne$"h%*. E7(,)!e 3-@B sh&s the cn/$"*(t$n /* the PE@-AS@ (n' PE-AS@ *te*

7a#$le 3-1*. Configuring MP-iBP Neig&,ors

PE1-AS1(config-roter)#neighbor 10.10.10.102 remote-as 1 PE1-AS1(config-roter)#neighbor 10.10.10.102 update-source loo 66666666666666666666666666666666666666666666666666666666666666 PE2-AS1(config-roter)#neighbor 10.10.10.101 remote-as 1 PE2-AS1(config-roter)#neighbor 10.10.10.101 update-source loo


B

“DATA NETWORK” OF JTOs PH-II : MPLS_L3_VPN Step 3. Confiure t%e !Pv4 address family 84n/$"*e the (''*ess /(,$!# /* VPN+B cn/$"*(t$n )*cess. Th$s ste) (!!&s # t ente* the VPN+B (''*ess /(,$!# t (ct$ ne$"h%*s. Act$+(te the $2P ne$"h%*0 &h$ch $s essent$(! /* t*(ns)*t$n" VPN+B )*e/$7es ( )*+$'e* %(c1%ne. 9s$n" ne7t-h)-se!/ $s )t$n(! (n' $s )*$,(*$!# se' &hen the se*+$ce e2P PE-4E *t$n" &$th the cst,e*s0 %ec(se $nte*n(! 2P >$2P? sess$ns )*ese* (tt*$%te !e(*ne' /*, e2P )ee*s0 &h$ch $s &h# $t $s $,)*t(nt t h(+e (n $nte*n(! *te Othe*&$se0 the 2P *te $s n*e(ch(%!e. T ,(1e s*e # c(n *e(ch the e2P ne7t net&*1 th(t the ne7t h) %e!n"s t $n the IP * se the ne't-%op-self nei%)or c, *te* t ('+e*t$se $tse!/0 *(the* th(n the e7te*n(! )ee*0 (s the

In (''$t$n0 cn/$"*e the )*)("(t$n / the e7ten'e' c,,n$t$es &$th 2P *tes s )*)("(t$n0 &h$ch $'ent$/$es the VPNs th(t the *tes h(+e t %e $,)*te' $nt. The cn VPN+B (''*ess /(,$!# /* PE@-AS@ (n' PE-AS@ $s sh&n $n E7(,)!e 3-@C. Nte th(t n IOS0 (''$n" the ne$"h%* /* VPN+B *te e7ch(n"e s$n" the nei%)or ip-address a(tivat (t,(t$c(!!# (''s the nei%)or ip-address send-(ommunity e'tended c,,(n'. I/ the n %e cn/$"*e' /* %th st(n'(*' (n' e7ten'e' c,,n$t# e7ch(n"e0 # &$!! e7)!$c$t!# h(+e nei%)or ip-address send-(ommunity )ot% c,,(n' n'e* the VPN+B (''*ess /(,$!#.

7a#$le 3-1. Configuring BP VPNv* %ddress Fa#il

PE1-AS1(config-roter)#address-famil+ vpnv4 PE1-AS1(config-roter-af)# neighbor 10.10.10.102 activate PE1-AS1(config-roter-af)# neighbor 10.10.10.102 send-communit 66666666666666666666666666666666666666666666666666666666666666 PE2-AS1(config-roter)#address-famil+ vpnv4 PE2-AS1(config-roter-af)# neighbor 10.10.10.101 activate PE2-AS1(config-roter-af)# neighbor 10.10.10.101 send-communit Step 4. Confiure t%e Pv4 address family 84n/$"*e the )ee* VRF IP+B (''*ess /(,$!# cn/$"*(t$n )*cess. Th$s ste) (!!&s # t ente* the IP+B net&*1s th(t &$!! %e cn+e*te' $n MP-2P )'(tes. In 4h()te*s B0 C0 (n' 0 the $n'$+$'(! PE-4E *t$n" )*tc! $nte*(ct$ $n+!+$n" *e'$st*$%t$n / PE-4E *t$n" )*tc! cnte7ts * $nst(nces &$!! %e cn/$" (''*ess /(,$!# )e* VRF n'e* the 2P )*cess. F* s$,)!$c$t#0 *e'$st*$%t$n / (!! cnne cn/$"*e' $nt the MP-2P )*cess. E7(,)!e 3-@ sh&s the cn/$"*(t$n n PE@-AS *te*s.

7a#$le 3-12. Configuring BP $er V)F "Pv* %ddress Fa#il :)outing Conte7

PE1-AS1(config-roter)#address-famil+ ipv4 vrf CustomerA PE1-AS1(config-roter-af)# redistribute connected PE1-AS1(config-roter-af)# e#it-address-famil+


C


66666666666666666666666666666666666666666666666666666666666666 PE2-AS1(config-roter)#address-famil+ ipv4 vrf CustomerA PE2-AS1(config-roter-af)# redistribute connected PE2-AS1(config-roter-af)# e#it-address-famil+

BP P-P )outing Final Configuration on P1-%S1 and P!%S1 )outer E7(,)!e 3-@< sh&s the /$n(! 2P PE-PE *t$n" cn/$"*(t$n n the PE@-AS@ (n' PE-AS@ *te*.

7a#$le 3-1. BP P-P Configurations of P1-%S1 and P!-%S1 )outers $&'1-A%1 ,outer: router bgp 1 no s+nchroniation neighbor 10.10.10.102 remote-as 1 no auto-summar+ $ address-famil+ vpnv4 neighbor 10.10.10.102 activate neighbor 10.10.10.102 send-communit+ e#tended e#it-address-famil+ $ address-famil+ ipv4 vrf CustomerA redistribute connected no auto-summar+ no s+nchroniation e#it-address-famil+





666666666666666666666666666666666666666666666666666666666 66666666666666666 $&'2-A%1 ,outer: router bgp 1 no s+nchroniation bgp log-neighbor-changes neighbor 10.10.10.101 remote-as 1 neighbor 10.10.10.101 update-source *oopbac(0 no auto-summar+ $ address-famil+ vpnv4 neighbor 10.10.10.101 activate neighbor 10.10.10.101 send-communit+ e#tended e#it-address-famil+ $ address-famil+ ipv4 vrf CustomerA redistribute connected no auto-summar+ no s+nchroniation e#it-address-famil+

Verification and Monitoring of BP P-P )outing on P )outers A/te* cn/$"*$n" 2P PE-PE *t$n" %et&een the PE *te*s0 # c(n +e*$/# th(t the MP-$2P ne$"h%*s (*e )e*(t$n(! %# $ss$n" (n# / the /!!&$n" c,,(n's: •

s%ow ip )p vpnv4 / summary

•

s%ow P )p vpnv4 all

•

s%ow ip )p summary


<


•

s%ow ip )p nei%)or ip-address

E7(,)!e 3-@ sh&s th(t the VPN+B ne$"h%* *e!(t$nsh$) $s /*,e'.

7a#$le 3-14. VPN Neig&,or )elations&i$ Verification

PE1#sho" ip bgp vpnv4 all summar+ *7P roter identifier 1+1+1+11& local AS nm"er 1 *7P ta"le version is & main roting ta"le version 

4eig!"or ;t: <0o=n 1+1+1+12  ,,>?

V AS 8sgRcvd 8sgSent State0Pf.Rcd /

1

22

2

9"lVer

In:







666666666666666666666666666666666666666666666666666666666 6666666666666666666666666 PE2#sho" ip bgp vpnv4 all summar+ *7P roter identifier 1+1+1+12& local AS nm"er 1 *7P ta"le version is 1& main roting ta"le version 1

4eig!"or ;t: <0o=n 1+1+1+11  ,,13

V AS 8sgRcvd 8sgSent State0Pf.Rcd /

1

11

11

9"lVer

In:

1





Configuration of P )outer N s)ec$(! cn/$"*(t$ns nee' t %e )e*/*,e' n the P *te*s P@-AS@ (n' P@-AS /* MPLS VPN s))*t. 2ec(se the P *te*s n!# )(*t$c$)(te $n MPLS !(%e!e' )(c1et /*&(*'$n"0 the n!# *e6$*e,ents (*e thse / (n LSR $n (n MPLS net&*10 n(,e!#0 IP /* NLRI e7ch(n"e (n' LDP /* !(%e! (ss$"n,ent (n' '$st*$%t$n. As (!&(#s0 4EF nee's t %e en(%!e' n (!! $nte*/(ces cn/$"*e' /* MPLS /*&(*'$n". 4n/$"*(t$n / the P@-AS@ *te* $s sh&n $n E7(,)!e 3-@.

7a#$le 3-15. P1-%S1 Configuration mpls ldp router-id loopbac(0





$ interface %erial0/0 ip address 10.10.10.2 2!!.2!!.2!!.2!2 mpls ip $ interface %erial1/0 ip address 10.10.10.! 2!!.2!!.2!!.2!2 mpls ip $ )nterface loopbac(0 ip address 10.10.10.200 2!!.2!!.2!!.2!! $ router ospf 1 net"or( 10.0.0.0 0.2!!.2!!.2!! area 0 $

La,el Verification and Control and /ata Plane O$eration A/te* cn/$"*$n" 'e+$ces $n the net&*1 (s )e* the )*e+$s ste)s0 the +e*$/$c(t$n / !(%e! (!!c(t$n (n' )*)("(t$n c(n %e )e*/*,e' n the PE (n' P *te*s s$n" the c,,(n's 'esc*$%e' $n F$"*e 3-@B.

Figure 3-1*. La,el %llocation Verification and Control




The cnt*! )!(ne (n' '(t( )!(ne )e*(t$n /* net&*1 @<.@.@;;.@ (s )(*t / VRF 4st,e*A $s 'e)$cte' $n F$"*e 3-@B. Nte th(t the t"$n" !(%e! ,())e' t )*e/$7 @<.@.@;;.@ n PE@-AS@ $s (""*e"(te (n' nt nt(""e'. F* (!! net&*1s th(t (*e '$*ect!# cnnecte' t the PE *te* >!$1e !)%(c1s * $nte*/(ce IP net&*1s? th(t (*e )(*t / ( VRF0 the t"$n" !(%e! ,())e' $n the LFI2 $s the (""*e"(te !(%e!. I/0 h&e+e*0 the $nc,$n" VPN )(c1et $s t %e /*&(*'e' t ( ne7t-h) (''*ess >!$1e th(t / ( cnnecte' 4E *te*?0 the t"$n" !(%e! ,())$n" $s nt(""e'. Ths0 (""*e"(te (n' nt(""e' !(%e!s th(t &e*e e7)!($ne' $n 4h()te* @ (*e encnte*e' $n MPLS VPN $,)!e,ent(t$ns.

Out,ound )oute Filters When $,)!e,ent$n" !(*"e-sc(!e MPLS VPN net&*1s0 s$tes %e!n"$n" t '$//e*ent cst,e*s ,$"ht nt %e cnnecte' t (!! the PE *te*s $n the MPLS VPN ',($n. The PE *te* $n the MPLS VPN net&*1 c(n0 the*e/*e0 cnse*+e *es*ces %# $,)*t$n" n!# VPN+B *tes th(t (*e t %e $,)*te' $nt VRF $nst(nces cn/$"*e' n the PE *te*. T en(%!e sch /$!te*$n" / VPN+B *te $n/*,(t$n0 the PE *te* ,st %e c()(%!e / /$!te*$n" MP-$2P )'(tes s th(t $n/*,(t$n )e*t($n$n" t these s)e*/!s *tes $s nt *ece$+e'. The )*ce'*e /* /$!te*$n" *tes %(se' n the VRF cn/$"*(t$n n the PE *te*s $s c(!!e' (t,(t$c *te /$!te*$n". At,(t$c *te /$!te*$n" $s en(%!e' %# 'e/(!t n (!! 4$sc *te*s th(t (*e cn/$"*e' (s PE *te*s. The e7ce)t$n $s $n the c(se / ( PE *te* (!s )e*/*,$n" the /nct$ns / ( *te-*e/!ect*. The *te-*e/!ect* ,st %e c()(%!e / *ece$+$n" *tes th(t ,$"ht nt %e (ssc$(te' t (n# !c(!!# cn/$"*e' VRFs (n' *e/!ect the, t c!$ents. The*e/*e0


3;

“DATA NETWORK” OF JTOs PH-II : MPLS_L3_VPN n ( PE *te* /nct$n$n" (s ( *te-*e/!ect*0 the (t,(t$c *te /$!te*$n" )*cess $s '$s(%!e' t en(%!e )*)("(t$n / VPN+B *tes %et&een *te-*e/!ect* c!$ents. At,(t$c *te /$!te*$n" en(%!es the PE *te* t *e'ce *es*ce cns,)t$n %# *eect$n" $n/*,(t$n nt )e*t($n$n" t the VRFs cn/$"*e' n the *te*. At,(t$c *te /$!te*$n"0 h&e+e*0 'es nt (+$' the s)e*/!s *tes /*, %e$n" *ece$+e' %# the PE *te*s. Ot%n' *te /$!te*$n" >ORF? en(%!es ( PE *te* t ('+e*t$se t $ts )ee*s0 t%n' *te /$!te*s th(t )ee*$n" PE *te*s c(n se &h$!e sen'$n" $n/*,(t$n t ( PE *te*. The ORF /e(t*e n PE *te*s &*1s $n cnnct$n &$th the *te-*e/*esh 2P c()(%$!$t#. The *te-*e/*esh 2P c()(%$!$t# en(%!es the PE *te* t *e6est *t$n" )'(tes /*, $ts MP-$2P )ee*s (/te* n'e*"$n" ( cn/$"*(t$n ch(n"e. In the e+ent / (n (''$t$n0 'e!et$n0 * ,'$/$c(t$n / VRFs * the$* (ssc$(te' cn/$"*(t$ns n ( PE *te*0 the *te-*e/*esh c()(%$!$t# en(%!es the PE *te* t )'(te $ts *t$n" t(%!es. The *te-*e/*esh /e(t*e $s en(%!e' %# 'e/(!t n (!! 4$sc *te*s cn/$"*e' /* PE /nct$n(!$t#. The ORF ent*$es (*e e7ch(n"e' '*$n" sess$n est(%!$sh,ent %et&een t& PE *te*s th*"h the se / the 2P OPEN ,ess("e (s )(*t / the *te-*e/*esh ,ess("e. The /*,(t / ( *te-*e/*esh ,ess("e $s sh&n $n F$"*e 3-@C.

Figure 3-1. )oute-)efres& Message and =or(ing of O)F

In !(*"e net&*1s0 the PE *te* ,$"ht *ece$+e )'(tes (n' then /$!te* ( !$st / n&(nte' *tes %(se' n $ts !c(! $n%n' *te /$!te*. The ORF /e(t*e en(%!es ( PE *te* t )sh $ts $n%n' *te /$!te* t ( *e,te )ee* (n' ())!# ( /$!te* /*, ( *e,te )ee* (s $ts t%n' *te /$!te*. ORFs c(n %e e$the* )*e/$7-%(se' * e7ten'e'c,,n$t# %(se' $n VPN+B *te /$!te*$n". The )*e/$7-%(se' ORF (!!&s ( PE t e7)*t (n'* *ece$+e the $n%n' *te /$!te* $n/*,(t$n &$th ( )ee* %(se' n the )*e/$7 (ssc$(te' &$th the *te. In the e7ten'e'-c,,n$t# %(se' ORF0 the PE c(n e7)*t*ece$+e $n%n' *te /$!te* %(se' n the e7ten'e' c,,n$t# (tt*$%tes (ssc$(te' &$th ( VPN+B *te. 2ec(se the RT +(!es (*e c'e' (s )(*t / the e7ten'e'-c,,n$t# (tt*$%tes $n VPN+B *tes0 the ORF /e(t*e c(n %e se' t ('+e*t$se ( s%set / RTs /* &h$ch the PE *te* c(n *ece$+e VPN+B *t$n"


3@

“DATA NETWORK” OF JTOs PH-II : MPLS_L3_VPN $n/*,(t$n. Th$s )*cess essent$(!!# *e'ces the %*'en / s)e*/!s *t$n" $n/*,(t$n %e$n" )*)("(te' $n the MP-$2P %(c1%ne (s the )ee*$n" PE *te* 'es nt sen' VPN+B *tes )e*t($n$n" t the s%set / RTs cn/$"*e' (s )(*t / the ORF. F$"*e 3-@ sh&s the )e*(t$n (n' s(,)!e cn/$"*(t$n /* $,)!e,ent(t$n / ( )*e/$7-%(se' ORF. PE@-AS@ $s cn/$"*e' &$th (n $n%n' )*e/$7-!$st th(t $s )*)("(te' s$n" the ORF c()(%$!$t# cn/$"*(t$n t PE-AS@. PE-AS@ &$!! nt (cce)t th$s /$!te* $/ the c,,(n' nei%)or 10.10.10.1 (apa)ility orf prefi'-list re(eive $s cn/$"*e' n'e* the VPN+B (''*ess-/(,$!#. The +e*$/$c(t$n / the ORF ())!$c(t$n n PE-AS@ $s (!s $!!st*(te' $n F$"*e 3-@ &$th the t)t / the s%ow ip )p nei%)or c,,(n'. The t)t / th$s c,,(n' 'e)$cts the ORF h(s %een *ece$+e' &$th t& ent*$es. Nte th(t %ec(se th$s ORF ())!$es n!# t VPN+B *tes !e(*ne' /*, PE-AS@0 th$s &$!! nt (//ect *e"!(* IP+B *te e7ch(n"es %et&een PE@-AS@ (n' PE-AS@.

Figure 3-12. O)F O$eration and Configuration [View full size image]


3


Co##and )eference 4,,(n'

Desc*$)t$n

Rte*>cn/$"?router )p as-num%er

4n/$"*es the 2P *t$n" )*cess.

Rte*>cn/$"-*te*?nei%)or ip-address  peer-group-name remote-as as-num%er

S)ec$/$es ( *e,te 2P ne$"h%* t est(%!$sh ( 2P sess$n.

Rte*>cn/$"-*te*?nei%)or ip-address  A!!&s the 2P sess$ns t se (n# ipv-address  )ee*-"*)-n(,e update-sour(e )e*(t$n(! $nte*/(ce /* T4P inter&ace-type inter&ace-num%er cnnect$ns. The !)%(c1 $nte*/(ce $s se' /*e6ent!#. Rte*>cn/$"-*te*?address-family vpnv4 uni(ast 

P!(ces the *te* $n (''*ess /(,$!# cn/$"*(t$n ,'e0 /*, &h$ch # c(n cn/$"*e *t$n" sess$ns th(t se VPN Ve*s$n B (''*ess )*e/$7es.

Rte*>cn/$"-*te*-(/?nei%)or ip-address  En(%!es the e7ch(n"e / $n/*,(t$n peer-group-name  ipv-address a(tivate &$th ( 2P ne$"h%*$n" *te*. Rte*>cn/$"?nei%)or ip-address  peer group-name ne't-%op-self

4n/$"*es the *te* (s the ne7t h) /* ( 2P-s)e(1$n" ne$"h%* * )ee* "*).

Rte*s%ow ip )p nei%)ors neig%orD$s)!(#s $n/*,(t$n (%t the T4P address re(eived-routes  routes  advertised- (n' 2P cnnect$ns t ne$"h%*s. routes  pat%s regexp  dampened-routes  re(eived prefi'-filter  Rte*s%ow ip )p summary

D$s)!(#s the st(ts / (!! 2P cnnect$ns.

Rte*>cn/$"?ip vrf vr&-name

4n/$"*es ( VPN *t$n"/*&(*'$n" $nst(nce >VRF? *t$n" t(%!e.

Rte*>cn/$"-+*/?rd route-distinguiser

4*e(tes *t$n" (n' /*&(*'$n" t(%!es /* ( VPN VRF.

Rte*>cn/$"-+*/?route-taret import  e'port  )ot% route-target-ext-community

4*e(tes ( *te t(*"et e7ten'e' c,,n$t# /* ( VPN VRF. routetarget-ext-community (''s the *te t(*"et e7ten'e' c,,n$t# (tt*$%tes t the VRF5s !$st / $,)*t0 e7)*t0 * %th >$,)*t (n' e7)*t? *te t(*"et e7ten'e' c,,n$t$es.

Rte*>cn/$"-$/?ip vrf forwardin vr&-name

Assc$(tes ( VRF &$th (n $nte*/(ce * s%$nte*/(ce.

Rte*s%ow ip vrf )rief  detail  interfa(es 

D$s)!(#s the set / 'e/$ne' VPN


33

Basic MPLS VPN Overview And

Recommend Documents