Multi-Protocol Label Switching (MPLS) Support

Similar documents
BGP MPLS VPNs. Introduction

InterAS Option B. Information About InterAS. InterAS and ASBR

BGP mvpn BGP safi IPv4

MPLS VPN--Inter-AS Option AB

Implementing MPLS Layer 3 VPNs

MPLS VPN Inter-AS Option AB

MPLS VPN Carrier Supporting Carrier Using LDP and an IGP

MPLS VPN Multipath Support for Inter-AS VPNs

MPLS VPN Explicit Null Label Support with BGP. BGP IPv4 Label Session

ibgp Multipath Load Sharing

MPLS VPN Carrier Supporting Carrier Using LDP and an IGP

Configuring MPLS and EoMPLS

MPLS VPN Carrier Supporting Carrier IPv4 BGP Label Distribution

Configuring BGP: RT Constrained Route Distribution

MPLS VPN Carrier Supporting Carrier IPv4 BGP Label Distribution

Implementing MPLS VPNs over IP Tunnels

BGP-VPN Distinguisher Attribute

MPLS VPN Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses

MPLS VPN Carrier Supporting Carrier

Configuring multicast VPN

MPLS VPN Half-Duplex VRF

IPv6 Switching: Provider Edge Router over MPLS

MPLS VPN Inter-AS IPv4 BGP Label Distribution

Multi-VRF Support. Finding Feature Information. Prerequisites for Multi-VRF Support

MPLS VPN Route Target Rewrite

Alcatel-Lucent 4A Alcatel-Lucent Virtual Private Routed Networks. Download Full version :

MPLS VPN C H A P T E R S U P P L E M E N T. BGP Advertising IPv4 Prefixes with a Label

IPv6 Switching: Provider Edge Router over MPLS

Configuring MPLS L3VPN

BGP-MVPN SAFI 129 IPv6

MPLS VPN over mgre. Finding Feature Information. Last Updated: November 1, 2012

What You Will Learn By the end of this appendix, you should know and be able to explain the following:


Configuring Multicast VPN Inter-AS Support

CCIE R&S Techtorial MPLS

UniNets MPLS LAB MANUAL MPLS. UNiNets Multiprotocol label Switching MPLS LAB MANUAL. UniNets MPLS LAB MANUAL

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

This document is not restricted to specific software and hardware versions.

BGP Event-Based VPN Import

BGP Next Hop Unchanged

MPLS over GRE. Finding Feature Information. Prerequisites for MPLS VPN L3VPN over GRE

Internet Engineering Task Force (IETF) Category: Standards Track. T. Morin France Telecom - Orange Y. Rekhter. Juniper Networks.

Configuring MPLS L3VPN

Configuring MPLS, MPLS VPN, MPLS OAM, and EoMPLS

Configuring Scalable Hub-and-Spoke MPLS VPNs

Table of Contents 1 Multicast VPN Configuration 1-1

Operation Manual MCE H3C S3610&S5510 Series Ethernet Switches. Table of Contents

HP FlexFabric 5930 Switch Series

Multiprotocol Label Switching Virtual Private Network

MPLS: Layer 3 VPNs: Inter-AS and CSC Configuration Guide, Cisco IOS Release 15SY

Table of Contents Chapter 1 MPLS L3VPN Configuration

Contents. Introduction. Prerequisites. Configure. Requirements. Components Used

MPLS Layer 3 VPNs Configuration Guide, Cisco IOS Release 12.4T

BGP Best External. Finding Feature Information

HP FlexFabric 7900 Switch Series

BGP Graceful Shutdown

HP 5920 & 5900 Switch Series

MPLS L3VPN. The MPLS L3VPN model consists of three kinds of devices: PE CE Site 2. Figure 1 Network diagram for MPLS L3VPN model

Computer Network Architectures and Multimedia. Guy Leduc. Chapter 2 MPLS networks. Chapter 2: MPLS

Introduction to External Connectivity

Configuring VRF-lite CHAPTER

Cisco Training - HD Telepresence MPLS: Implementing Cisco MPLS V3.0. Upcoming Dates. Course Description. Course Outline

BGP Cost Community. Prerequisites for the BGP Cost Community Feature

Remote Access MPLS-VPNs

MPLS design. Massimiliano Sbaraglia

Securizarea Calculatoarelor și a Rețelelor 32. Tehnologia MPLS VPN

Deploy MPLS L3 VPN. APNIC Technical Workshop October 23 to 25, Selangor, Malaysia Hosted by:

IOS Implementation of the ibgp PE CE Feature

BGP-RT and VPN Distinguisher Attribute Rewrite Wildcard

Multi Protocol Label Switching (an introduction) Karst Koymans. Thursday, March 12, 2015

Cisco. Maintaining Cisco Service Provider VPNs and MPLS Networks (MSPVM)

MPLS Intro. Cosmin Dumitru March 14, University of Amsterdam System and Network Engineering Research Group ...

Egress Protection (draft-shen-mpls-egress-protection-framework) Presented by Krzysztof G. Szarkowicz NANOG71 October 4, 2017

Next Generation MULTICAST In-band Signaling (VRF MLDP: Profile 6)

ibgp Multipath Load Sharing

Implementing MPLS Layer 3 VPNs

HP A5820X & A5800 Switch Series MPLS. Configuration Guide. Abstract

Implementing MPLS Forwarding

Multiprotocol BGP Extensions for IP Multicast Commands

BGP Event-Based VPN Import

Vendor: Juniper. Exam Code: JN Exam Name: Service Provider Routing and Switching Support, Professional. Version: Demo

OSPF Sham-Link Support for MPLS VPN

IBGP internals. BGP Advanced Topics. Agenda. BGP Continuity 1. L49 - BGP Advanced Topics. L49 - BGP Advanced Topics

Configuring IPv6 Provider Edge over MPLS (6PE)

BGP Diverse Path Using a Diverse-Path Route Reflector

HP Routing Switch Series

Multiprotocol Label Switching (MPLS)

Network Configuration Example

LARGE SCALE IP ROUTING LECTURE BY SEBASTIAN GRAF

WAN Edge MPLSoL2 Service

AToM (Any Transport over MPLS)

Deploying MPLS-based IP VPNs

Configuring the DHCP Server On-Demand Address Pool Manager

Protecting an EBGP peer when memory usage reaches level 2 threshold 66 Configuring a large-scale BGP network 67 Configuring BGP community 67

Connecting to a Service Provider Using External BGP

MPLS VPN. 5 ian 2010

Configuring BGP community 43 Configuring a BGP route reflector 44 Configuring a BGP confederation 44 Configuring BGP GR 45 Enabling Guard route

BGP Address-Family (IPv4/IPv6) Configuration Mode Commands

Vendor: HP. Exam Code: HP0-Y36. Exam Name: Deploying HP Enterprise Networks. Version: Demo

HPE FlexFabric 5940 Switch Series

Transcription:

This chapter describes the system's support for BGP/MPLS VPN and explains how it is d. The product administration guides provide examples and procedures for configuration of basic services on specific systems. It is recommed that you select the configuration example that best meets your service model and the required elements for that model, as described in the respective product administration guide, before using the procedures in this chapter. When enabled through a feature license key, the system supports MPLS to provide a VPN connectivity from the system to the corporate's network. This release provides BGP/MPLS VPN for directly connected PE routers only. MP-BGP is used to negotiate the routes and segregate the traffic for the VPNs. The network node learns the VPN routes from the connected Provider Edge (PE), while the PE populates its routing table with the routes provided by the network functions. Overview, page 1 Supported Standards, page 3 Supported Networks and Platforms, page 4 Licenses, page 4 Benefits, page 4 Configuring BGP/MPLS VPN with Static Labels, page 4 Configuring BGP/MPLS VPN with Dynamic Labels, page 7 Overview As seen in the following scenario, the chassis can be deployed as a router while supporting BGP/MPLS-VPN in a network. Chassis as MPLS-Customer Edge (MPLS-CE) connecting to Provider Edge (PE) Chassis as MPLS-Customer Edge (MPLS-CE) connecting to Autonomous System Border Router (ASBR) 1

Chassis as MPLS-CE Connecting to PE Chassis as MPLS-CE Connecting to PE Figure 1: Chassis as MPLS-CE Connected to PE The system in this scenario uses static/dynamic MPLS labels for ingress and egress traffic. For configuration information on static label, refer to the Configuring BGP/MPLS VPN with Static Labels, on page 4 section and refer to Configuring BGP/MPLS VPN with Static Labels, on page 4 for dynamic label configuration. The system is in a separate autonomous system (AS) from the Provider Edge (PE). It communicates with the PE and all VPN routes are exchanged over MP-BGP. Routes belonging to different VPNs are logically separated, using separate virtual route forwarding tables (VRFs). Routes for each VPN are advertised as VPN-IPv4 routes, where route distinguishers are preped to regular IPv4 routes to allow them to be unique within the routing table. Route targets added to the BGP exted community attributes identify different VPN address spaces. The particular upstream BGP peer routing domain (VPN), from which a route is to be imported by the downstream peer into an appropriate VRF, is identified with an exted community in the advertised NLRI. A unique label is also received or advertised for every VPN route. The Customer Edge (CE) also advertises routes to the PE using NLRIs that include route distinguishers to differentiate VPNs, an exted community to identify VRFs, and a MPLS-label, which will later be used to forward data traffic. There is a single MPLS-capable link between the CE and the PE. MP-BGP communicates across this link as a TCP session over IP. Data packets are sent bidirectionally as MPLS encapsulated packets. This solution does not use any MPLS protocols. The MPLS label corresponding to the immediate upstream neighbor can be statically d on the downstream router, and similarly in the reverse direction. When forwarding subscriber packets in the upstream direction to the PE, the CE encapsulates packets with MPLS headers that identify the upstream VRF (the label sent with the NLRI) and the immediate next hop. When the PE receives a packet it swaps the label and forward. The CE does not run any MPLS protocol (LDP or RSVP-TE). When receiving data packets in the downstream direction from the PE, the label is checked to identify the destination VRF. Then the packet is de-encapsulated into an IP packet and sent to the session subsystem for processing. MPLS ping/trace route debugging facilities are not supported. 2

Chassis as MPLS-CE Connected to ASBR Chassis as MPLS-CE Connected to ASBR Figure 2: Chassis as MPLS-CE Connected to ASBR The system in this scenario uses static/dynamic MPLS labels for ingress and egress traffic. For configuration information on static label, refer to Configuring BGP/MPLS VPN with Static Labels, on page 4 and refer to Configuring BGP/MPLS VPN with Dynamic Labels, on page 7 for dynamic label configuration. This scenario differs from the MPLS-CE with PE scenario in terms of peer functionality even though MPLS-CE functionality does not change. Like the MPLS-CE with PE scenario, MPLS-CE system maintains VRF routes in various VRFs and exchanges route information with peer over MP-eBGP session. The peer in this scenario is not a PE router but an Autonomous System Border Router (ASBR). The ASBR does not need to maintain any VRF configuration. The PE routers use IBGP to redistribute labeled VPN-IPv4 routes either to an ASBR or to a route reflector (of which the ASBR is a client). The ASBR then uses the ebgp to redistribute those labeled VPN-IPv4 routes to an MPLS-CE in another AS. Because of the ebgp connection, the ASBR changes the next-hop and labels the routes learned from the ibgp peers before advertising to the MPLS-CE. The MPLS-CE is directly connected to the ebgp peering and uses only the MP-eBGP to advertise and learn routes. The MPLS-CE pushes/pops a single label to/from the ASBR, which is learned over the MP-eBGP connection. This scenario avoids the configuration of VRFs on the PE, which have already been d on the MPLS-CE. Engineering Rules Up to 5,000 "host routes" spread across multiple VRFs per BGP process. Limited to 6,000 pool routes per chassis. Up to 2,048 VRFs per chassis. Supported Standards Support for the following standards and requests for comments (RFCs) have been added with this interface support: RFC 4364, BGP/MPLS IP VPNs RFC 3032, MPLS Label Stack Encoding 3

Supported Networks and Platforms One or more sections of above mentioned IETF are partially supported for this feature. For more information on Statement of Compliance, contact your Cisco account representative. Supported Networks and Platforms This feature supports all ASR5500 platforms with StarOS Release 9.0 or later running with network function services. Licenses Benefits Multi-protocol label switching (MPLS) is a licensed Cisco feature. A separate feature license may be required. Contact your Cisco account representative for detailed information on specific licensing requirements. For information on installing and verifying licenses, refer to the Managing License Keys section of the Software Management Operations chapter in the System Administration Guide. MPLS provides networks with a more efficient way to manage applications and move information between locations. MPLS prioritizes network traffic, so administrators can specify which applications should move across the network ahead of others. Configuring BGP/MPLS VPN with Static Labels This section describes the procedures required to the system as an MPLS-CE to interact with a PE with static MPLS label support. The base configuration, as described in the Routing chapter in this guide, must be completed prior to attempt the configuration procedure described below. The feature described in this chapter is a licensed Cisco feature. A separate feature license may be required. Contact your Cisco account representative for detailed information on specific licensing requirements. Commands used in the configuration samples in this section provide base functionality to the extent that the most common or likely commands and/or keyword options are presented. In many cases, other optional commands and/or keyword options are available. Refer to the Command Line Interface Reference for complete information regarding all commands. 4

Create VRF with Route-distinguisher and Route-target To the system for BGP/MPLS VPN: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Create a VRF on the router and assign a VRF name by applying the example configuration in Create VRF with Route-distinguisher and Route-target, on page 5. Set the neighbors and address family to exchange routing information and establish BGP peering with a peer router by applying the example configuration in Set Neighbors and Enable VPNv4 Route Exchange, on page 5. Configure the address family and redistribute the connected routes domains into BGP by applying the example configuration in Configure Address Family and Redistributed Connected Routes, on page 6. This takes any routes from another protocol and redistributes them to BGP neighbors using the BGP protocol. Configure IP Pools with MPLS labels for input and output by applying the example configuration in Configure IP Pools with MPLS Labels, on page 6. Optional. Bind DHCP service to work with MPLS labels for input and output in corporate networks by applying the example configuration in Bind DHCP Service for Corporate Servers, on page 6. Optional. Bind AAA/RADIUS server group in corporate network to work with MPLS labels for input and output by applying the example configuration in Bind AAA Group for Corporate Servers, on page 7. Save your configuration as described in the System Administration Guide. Create VRF with Route-distinguisher and Route-target Use this example to first create a VRF on the router and assign a VRF name. The second ip vrf command creates the route-distinguisher and route-target. context <context_name> -noconfirm ip vrf <vrf_name> ip vrf <vrf_name> route-distinguisher {<as_value> <ip_address>} <rt_value> route-target export {<as_value> <ip_address>} <rt_value> Set Neighbors and Enable VPNv4 Route Exchange Use this example to set the neighbors and address family to exchange VPNv4 routing information with a peer router. context <context_name> neighbor <ip_address> remote-as <AS_num> address-family vpnv4 neighbor <ip_address> activate neighbor <ip_address> s-community both exit interface <bind_intfc_name> 5

Configure Address Family and Redistributed Connected Routes ip address <ip_addr_mask_combo> Configure Address Family and Redistributed Connected Routes Use this example to the address-family and to redistribute the connected routes or IP pools into BGP. This takes any routes from another protocol and redistributes them using the BGP protocol. context <context_name> address-family ipv4 <type> vrf <vrf_name> redistribute connected Configure IP Pools with MPLS Labels Use this example to IP Pools with MPLS labels for input and output. context <context_name> -noconfirm ip pool <name> <ip_addr_mask_combo> private vrf <vrf_name> mpls-label input <in_label_value> output <out_label_value1> nexthop-forwarding-address <ip_addr_bgp_neighbor> Bind DHCP Service for Corporate Servers Use this example to bind DHCP service with MPLS labels for input and output in Corporate network. context <dest_ctxt_name> interface <intfc_name> loopback ip vrf forwarding <vrf_name> ip address <bind_ip_address subnet_mask> exit dhcp-service <dhcp_svc_name> dhcp ip vrf <vrf_name> bind address <bind_ip_address> [ nexthop-forwarding-address <nexthop_ip_address> [ mpls-label input <in_mpls_label_value> output <out_mpls_label_value1> [ <out_mpls_label_value2> ]]] dhcp server <ip_address> Notes: To ensure proper operation, DHCP functionality should be d within a destination context. Optional keyword nexthop-forwarding-address <ip_address> mpls-label input <in_mpls_label_value> output < <out_mpls_label_value1> applies DHCP over MPLS traffic. 6

Bind AAA Group for Corporate Servers Bind AAA Group for Corporate Servers Use this example to bind AAA server groups with MPLS labels for input and output in Corporate network. context <dest_ctxt_name> aaa group <aaa_grp_name> radius ip vrf <vrf_name> radius attribute nas-ip-address address <nas_address> nexthop-forwarding-address <ip_address> mpls-label input <in_mpls_label_value> output < <out_mpls_label_value1> radius server <ip_address> encrypted key <encrypt_string> port <iport_num> Notes: aaa_grp_name is a pre-d AAA server group d in Context Configuration mode. Refer AAA Interface Administration Reference for more information on AAA group configuration. Optional keyword nexthop-forwarding-address <ip_address> mpls-label input <in_mpls_label_value> output < <out_mpls_label_value1> associates AAA group for MPLS traffic. Configuring BGP/MPLS VPN with Dynamic Labels This section describes the procedures required to the system as an MPLS-CE to interact with a PE with dynamic MPLS label support. The base configuration, as described in the Routing chapter in this guide, must be completed prior to attempt the configuration procedure described below. The features described in this chapter is an enhanced feature and need enhanced feature license. This support is only available if you have purchased and installed particular feature support license on your chassis. Commands used in the configuration samples in this section provide base functionality to the extent that the most common or likely commands and/or keyword options are presented. In many cases, other optional commands and/or keyword options are available. Refer to the Command Line Interface Reference for complete information regarding all commands. 7

Create VRF with Route-distinguisher and Route-target To the system for BGP/MPLS VPN: Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Step 7 Step 8 Create a VRF on the router and assign a VRF name by applying the example configuration in Create VRF with Route-distinguisher and Route-target, on page 8. Set the neighbors and address family to exchange routing information and establish BGP peering with a peer router by applying the example configuration in Set Neighbors and Enable VPNv4 Route Exchange, on page 9. Configure the address family and redistribute the connected routes domains into BGP by applying the example configuration in Configure Address Family and Redistributed Connected Routes, on page 9. This takes any routes from another protocol and redistributes them to BGP neighbors using the BGP protocol. Configure IP Pools with dynamic MPLS labels by applying the example configuration in Configure IP Pools with MPLS Labels, on page 9. Optional. Bind DHCP service to work with dynamic MPLS labels in corporate networks by applying the example configuration in Bind DHCP Service for Corporate Servers, on page 9. Optional. Bind AAA/RADIUS server group in corporate network to work with dynamic MPLS labels by applying the example configuration in Bind AAA Group for Corporate Servers, on page 10. Optional. Modify the d IP VRF, which is d to support basic MPLS functionality, for mapping between DSCP bit value and experimental (EXP) bit value in MPLS header for ingress and egress traffic by applying the example configuration in DSCP and EXP Bit Mapping, on page 10. Save your configuration as described in the System Administration Guide. Create VRF with Route-distinguisher and Route-target Use this example to first create a VRF on the router and assign a VRF name. The second ip vrf command creates the route-distinguisher and route-target. context <context_name> -noconfirm ip vrf <vrf_name> ip vrf <vrf_name> route-distinguisher {<as_value> <ip_address>} <rt_value> route-target export {<as_value> <ip_address>} <rt_value> route-target import {<as_value> <ip_address>} <rt_value> Notes: If export and import route targets are the same, alternate command route-target both {<as_value> <ip_address> } <rt_value> can be used in place of route-target import and route-target export commands. 8

Set Neighbors and Enable VPNv4 Route Exchange Set Neighbors and Enable VPNv4 Route Exchange Use this example to set the neighbors and address family to exchange VPNv4 routing information with a peer router. context <context_name> mpls bgp forwarding neighbor <ip_address> remote-as <AS_num> address-family vpnv4 neighbor <ip_address> activate neighbor <ip_address> s-community both exit interface <bind_intfc_name> ip address <ip_addr_mask_combo> Configure Address Family and Redistributed Connected Routes Use this example to the address-family and to redistribute the connected routes or IP pools into BGP. This takes any routes from another protocol and redistributes them using the BGP protocol. context <context_name> address-family ipv4 <type> vrf <vrf_name> redistribute connected Configure IP Pools with MPLS Labels Use this example to IP Pools with dynamic MPLS labels. context <context_name> -noconfirm ip pool <name> <ip_addr_mask_combo> private vrf <vrf_name> Bind DHCP Service for Corporate Servers Use this example to bind DHCP service with dynamic MPLS labels in Corporate network. context <dest_ctxt_name> interface <intfc_name> loopback ip vrf forwarding <vrf_name> ip address <bind_ip_address subnet_mask> exit dhcp-service <dhcp_svc_name> dhcp ip vrf <vrf_name> bind address <bind_ip_address> 9

Bind AAA Group for Corporate Servers Notes: dhcp server <ip_address> To ensure proper operation, DHCP functionality should be d within a destination context. Bind AAA Group for Corporate Servers Use this example to bind AAA server groups with dynamic MPLS labels in Corporate network. context <dest_ctxt_name> aaa group <aaa_grp_name> radius ip vrf <vrf_name> radius attribute nas-ip-address address <nas_address> radius server <ip_address> encrypted key <encrypt_string> port <iport_num> Notes: aaa_grp_name is a pre-d AAA server group d in Context Configuration mode. Refer AAA Interface Administration Reference for more information on AAA group configuration. DSCP and EXP Bit Mapping Use this example to modify the d IP VRF to support QoS mapping. context <context_name> ip vrf <vrf_name> mpls map-dscp-to-exp dscp <dscp_bit_value> exp <exp_bit_value> mpls map-exp-to-dscp exp <exp_bit_value> dscp <dscp_bit_value> 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback