Escolar Documentos
Profissional Documentos
Cultura Documentos
85
Section 8
Basic Services
Module 5
VPRN Configuration
TOS36013-0807 Issue 1.0
5620 SAM
5620 SAM (Service Aware Manager) R7.0 Operator
TOS36010 Issue 1.0
Document History
Switch to notes view!
852
Document History
Edition
Date
Author
Remarks
01
2009-08-14
First edition
Module Objectives
853
MP-IBGP Route
Exchange
For all Services
RI-1
PE B
RI-2
RI-1
CE C
PE C
PE A
RI-2
CE A
IP / MPLS
Network
RI-1
VPRN Service
Red
RI-2
VPRN Service
Green
PE D
RI-1
CE D
RI-2
In Feb. 2006, Internet Draft RFC2547bis was moved to standard status, as RFC 4364.
854
A Virtual Private Routed Network (VPRN) service allows service providers to use their IP backbone to
provide a Layer 3 VPN service to their customers. VPRNs are also known as BGP/MPLS VPNs because
BGP is used to distribute VPN routing information across the provider's backbone and MPLS is used
to forward VPN traffic from one VPN site to another.
From the customers perspective it looks as if all sites are connected to a routed domain
Service provider can reuse the IP/MPLS infrastructure to offer multiple services
Each VPRN appears like an additional routing instance, routes for a service between the various
Each CE router becomes a peer of the PE router that it is directly connected to, not a peer to the
other CE routers. A CE router provides the PE router with route information for the private
customer network. Each associated PE router maintains a separate IP forwarding table for each
VPRN. Additionally, the PE routers exchange the routing information configured or learned from
all customer sites via MP-BGP peering. Each route exchanged via the MP-BGP protocol includes a
Route Distinguisher (RD), which makes the router unique and a Route Target, which identifies the
VPRN association.
MPLS handles the forwarding between the PE routers. This means that the routers in the core of the
network need not know about the routes connecting the private networks. A VPRN service uses a
two-level label stack the ingress PE router pushes both an inner VC label and an outer tunnel
label onto a packet. After reaching the egress PE router via one or more MPLS Label Switched
Paths (LSPs), the PE router pops the MPLS headers and delivers a normal IP packet to the
customer.
VPRN Features
855
Highly scalable:
Total routes
BGP Peerings
IP Interfaces
Static Routes
BGP
RIP
OSPF
Current routes
Current routes per protocol source (Static, Local, BGP (PE-CE or Network), OSPF
Packets (In/Out)
Bytes (In/Out)
Errors In/Out
PE
CE
Tunneling Mechanisms:
RSVP-TE
LDP
GRE
PE
CE
CE
Customer 1
VPN
CE
CE
PE
CE
Customer 2
VPN
PE
CE
Core Network
CE
CE
CE to PE Routing:
BGP
RIP
Static
OSPF
856
VPN Instance #1
VPN Instance #2
In a Virtual Private Routed Network (VPRN) the service provider network distributes its customers routing
information using MP-BGP and forwards their data packets using MPLS or GRE tunnels.
The routers in the service providers network perform one of two possible roles:
Provider (P) routers in the core. These routers simply support the switching of LSPs. They do not have any
knowledge of the existence of the VPRNs.
Provider Edge (PE) routers at the edge of the service providers network. These devices provide the MPLS
signaling and forwarding and partitioned IP routing and forwarding capabilities to partition customer data
flows received from or destined to the various customer sites.
The routers in the customers network which connect to the PEs are known as CE (Customer Edge) devices and
are simple IP routers that forward and receive IP packets and distribute routing information using standard
IP routing protocols or configured static routes and
are VPRN unaware. The architecture of the VPRN service is shown on the above diagram.
The components of a VPRN VPN are:
1. MP-BGP sessions between PEs to distribute customer routes across the service providers backbone.
2. Virtual Routing and Forwarding (VRF) tables on PEs specifying the import and export rules for customer
routes advertised between PEs.
3. Configured or learned VPRN routes from the customer sites.
4. MPLS or GRE tunnels between PEs for transporting customers traffic across the service providers
backbone.
VPRN Functions
Learning
SwitchRoutes
to notes
from
view!
Local CEs
A PE learns the routes from a CE through static routes or a dynamic routing protocol such as BGP. Locally
reachable IPv4 addresses as well as remote routes learned from other PEs are stored in the appropriate VRF.
Distributing Routes
The PEs establish MP-BGP sessions with each other to distribute the routes they have learned from locally
connected CEs. The PEs maintain one or more VRF for each VPRN it is involved with, depending on the VPN
topology (mesh or hub and spoke, intranet or extranet).
The PEs forward customer traffic across the service providers network via GRE or LSP tunnels (outer label).
LSPs can be established using LDP or RSVP-TE signaling.
When the destination PE receives a data packet it determines the appropriate VRF to use to forward the
packet onward to the correct CE based on the inner label associated to a given VRF. The inner label is
allocated by the local PE and advertised to the peer PE as part of a VPN-IPv4 route update.
Transport Tunnels
Each PE involved in a given VPRN service must be configured with a tunnel to every other PE participating in
Switch to notes view!
the same VPRN service to transport a customers VPN traffic from one site to another.
The tunnel is created either through the configuration of a SDP or using the auto-bind option when creating a
VPRN service instance. For VPRN services, SDP tunnels can be created using MPLS with RSVP-TE or GRE
encapsulation. The auto-bind method for creating tunnels can be used with LDP or GRE.
If SDP tunnels are used, they must be created prior to the creation of the VPRN services. The configuration of
a SDP includes specifying the far-end PE and the type of encapsulation used, GRE or MPLS with RSVP-TE.
When RSVP-TE signaling is used, the outer LSP tunnels must be explicitly configured in addition to the
creation of the SDPs. When the outer tunnels are created using auto-bind with LDP there is no need to
explicitly configure the LSP tunnels. It is only necessary to enable LDP signaling on the appropriate
interfaces and once the MP-BGP sessions have been established, the LSP is automatically established.
Similarly, outer tunnels created using auto-bind with GRE do not require any preliminary configuration the
VPRN service only needs to be auto-bound to GRE.
When the auto-bind option is used traffic from all VPRN services (configured with the auto-bind option)
traverse the same LSPs. In this case it is not possible to have alternate tunneling mechanisms (like GRE) or
the ability to configure sets of LSP's with bandwidth reservations for specific customers as is available with
explicit SDPs for the service. If LSPs with reserved bandwidth are needed then SDPs with RSVP-TE signaling
should be used for the outer tunnels.
If distinct tunnels per VPRN service are desired, then SDPs with GRE or RSVP-TE signaling should be used so
that VPRN instances can be explicitly bound to specific SDPs.
858
Outer Label
Each PE in the VPRN connected by a tunnel
Tunnels created by:
Creating an SDP (RSVP-TE or GRE)
Auto-bind (LDP or GRE)
859
Each PE involved in a given VPRN service must be configured with a tunnel to every other PE participating in
the same VPRN service to transport a customers VPN traffic from one site to another.
The tunnel is created either through the configuration of a SDP or using the auto-bind option when creating a
VPRN service instance. For VPRN services, SDP tunnels can be created using MPLS with RSVP-TE or GRE
encapsulation. The auto-bind method for creating tunnels can be used with LDP or GRE.
If SDP tunnels are used, they must be created prior to the creation of the VPRN services. The configuration of
a SDP includes specifying the far-end PE and the type of encapsulation used, GRE or MPLS with RSVP-TE.
When RSVP-TE signaling is used, the outer LSP tunnels must be explicitly configured in addition to the
creation of the SDPs. When the outer tunnels are created using auto-bind with LDP there is no need to
explicitly configure the LSP tunnels. It is only necessary to enable LDP signaling on the appropriate
interfaces and once the MP-BGP sessions have been established, the LSP is automatically established.
Similarly, outer tunnels created using auto-bind with GRE do not require any preliminary configuration the
VPRN service only needs to be auto-bound to GRE.
When the auto-bind option is used traffic from all VPRN services (configured with the auto-bind option)
traverse the same LSPs. In this case it is not possible to have alternate tunneling mechanisms (like GRE) or
the ability to configure sets of LSP's with bandwidth reservations for specific customers as is available with
explicit SDPs for the service. If LSPs with reserved bandwidth are needed then SDPs with RSVP-TE signaling
should be used for the outer tunnels.
If distinct tunnels per VPRN service are desired, then SDPs with GRE or RSVP-TE signaling should be used so
that VPRN instances can be explicitly bound to specific SDPs.
PE to CE Route Distribution
Static
Switch
Routes
to notes view!
All routes to be advertised by the CE to other CEs belonging to the VPRN are configured as static routes in the
VPRN service instance.
eBGP Routing
eBGP is configured between the PE and each attached CE belonging to the same VPRN in the VPRN service
instance.
The explicit configuration of the autonomous system number and router-id is optional. If omitted, these
values simply inherit the routers global AS number and router-id. The local address is also an optional
parameter. When it is not specified, it inherits the system IP address when communicating with IBGP peers
and the interface address for directly connected eBGP peers.
If no import route policy is specified, then all BGP routes advertised by the CE are accepted by the PE.
An export policy is needed for the PE to advertise the routes learned from other PE sites in the VPRN instance
via MP-BGP to the CE router via eBGP.
RIP Routing
When RIP is used as the PE-CE routing protocol, a RIP instance must be enabled on the PE router in the router
context. Subsequently RIP can be configured on the PE-CE interface during the configuration of the VPRN
service. RIP is configured between the PE and each attached CE belonging to the same VPN in the VPRN
service
All Rights Reserved Alcatel-Lucent 2009
8 5 10instance.
Basic Services VPRN Configuration
OSPF Routing
As of R4.0 of the 7X50 routers, OSPF can be used at the PE-CE routing protocol. This provides a way for a
network to continue using a single protocol as it is migrated to an IP-VPN backbone.
OSPF LSA information is not transmitted natively across the IP-VPN. The OSPF routes are imported into MPBGP as AS externals. As a result, other OSPF-attached VPRN sites on remote PEs will receive these via type
5 LSA. This process is not automatic and requires the configuration of (existing) Route Policies.
Stub areas, OSPF-TE and sham links are not currently supported.
Create
Create aa
Customer
Customer
Create a Customer
Create
Create Service
Service
Create
Create SAPs
SAPs
Manage
Manage Service
Service
8 5 11
Customer - must be assigned to the service. Though the service can have only one Customer,
that customer may be assigned to more than one service.
Create Service - specify the service type (VPRN) and add the appropriate service sites.
Create Service Access Points Add a Layer 3 Access Interface to each site. Configure the port
Mode for Access, define the Encapsulation Type, specify the Encapsulation ID (as required) and
specify the service MTU size.
Bind Service Tunnels to create the SDPs. It is possible to use Auto-Bind, when using LDP, or
manually assign Spoke SDPs, if RSVP is to be used for tunnel transport.
Manage Service through the Properties window and/ or by using the Service Topology View.
3. Select Routing
4. Enter the AS Number as 100
5. Select Protocols
6. Verify that BGP is enabled
8 5 12
The following steps will cover the configuration of an iBGP mesh, which will be used for the
advertisement of VPRN routes from each customers VRFs.
An BGP mesh will be required among all participating sites in the VPRN service.
Configure BGP AS
Select the the Routing view in the tree window
Select each Router in turn where a VPRN site is required
Select the Routing tab, and enter the Autonomous System Number; 100 is used here as an
example.
Enable BGP
Check
that BGP is enabled; if not, select the BGP Enabled check box, select OK or Apply.
Configure BGP AS
1. Select the BGP Routing Instance
2. Select Properties
8 5 13
Select the BGP routing instance for your router from the Navigation Tree Routing view, right
click and select Properties.
In
the General tab, verify the Site ID is the system interface IP address.
8 5 14
Select the AS properties tab, and verify that the AS number is 100; 100 is used here as an
example.
the VPN tab, enable Family: VPN-IPV4 and IPv4.
It is essential that you enable the VPN-IPV4 family as this is required to carry VPRN routes. Click
Apply or OK.
In
8 5 15
Select the Group tab. Select Add. Specify the Name. Click Apply and OK.
Select the AS Properties tab and set the Peer AS to 100. Other parameters will be inherited
from the global configuration. Select OK, OK, Apply and Yes.
8 5 16
Select the Peer tab, and create a BGP peer to one of the PE routers.
Select
Add, and enter the system ID for the other router in the Peer Address field.
Under
8 5 17
8 5 18
Repeat the steps on the previous two pages for all PE routers in your network.
Your
peering relationships will be up when all objects and aggregated alarms have cleared.
Double
click on each peer and check that the connection state is Established.
Configure a Customer
1.Select ManageCustomers
2.Select
Create
3.Define the
Customer
Attributes
8 5 19
Services must be associated with a customer. Though a service may only have one customer, that
customer may have more than one associated to them.
To create a Customer using the 5620 SAM, the network administrator or operator will use the
following sequence:
From the Main Menu, select Manage Customers
In the new window, click on the Create button
Complete the customers details as provided in the configuration window
Click on the OK button.
To verify that the customer was created, or edit any detail:
Manage Customers from the Main Menu
Click on the Search button
Double-click on the appropriate entry or, select the appropriate customer and click on the Edit
button.
Review or modify the details, as required.
Click OK or Apply to save the changes or Cancel to disregard any modifications and close the
window.
Select
8 5 20
Create a VPRN
2.Choose Select
Service Name
Description (optional)
8 5 21
To create a service, select the service type and assign the managed devices upon which the
service will terminate, referred to as the Service Sites.
To create a VPRN:
Select
Click
Select
a customer from the list that appears and click the OK button
Complete
the remaining parameters, as required. Though optional, providing a service name and
relevant description will enable the network administrator or operator to find the service using the
Search filter.
Click
Apply
8 5 22
Click OK
1.
2.
8 5 23
8 5 24
Click on the Routing tab. This enables us to configure the virtual router instance. Configure the
following properties:
AS number = 100
Type 0 Assigned Value = a unique identifier in order to make the network address unique to
this VPRN; 60 is used as an example.
8 5 25
Click on the VRF-Target sub tab and set the VRF route target properties as follows:
Target Format = AS
Target Extended Community Value = unique value, which must match each distant end Route
Target Value of the other sites participating in the service in order to allow the population of
network addresses in the VRF; 95 is used as an example.
8 5 26
Click on the Auto-Bind tab and set the Transport to MPLS:LDP. This will enable the use of LDP
signaled LSPs to reach each remote site, rather than SDPs.
Click OK and OK.
8 5 27
Right click and select on the Create L3 Access Interface. This will add a Layer 3 customer facing
interface to the virtual router on this site for this VPRN instance.
1.Choose Select
2.Click OK
3.Click Search
4. Select a Port
5. Click OK
8 5 28
Port Selection
In the Port tab, Choose Select in the Terminating Port Region. Click OK.
8 5 29
In the Port tab, assign the port an Outer Encapsulation Value or use the Auto-Assign ID
feature.
Configure the IP
address for a specific
site as shown.
8 5 30
IP Address Assignment
Select the Address tab. Click Add. Configure an address on the interface of the specific router.
Note: Unlike IES, it does not matter if customer address spaces overlap on each VPRN service as
the route distinguisher keeps them unique.
In the IP Address window, type in the IP Address and Prefix Length, and click OK, OK, OK, OK.
Repeat all of the previous steps, starting with assigning a Name and Description for the other
site(s) participating in the service. In this example, the other site is node 146.
Final Steps
8 5 31
Final Steps
In the Components window, select Apply, Yes and then Topology View to view the newly
created VPRN.
8 5 32
Having selected Topology View, the Service Topology window above will appear.
An alternative is to elect Manage Services, search for your VPRN service, select it.
Questions
?
8 5 33
1. What method does a VPRN service use to differentiate overlapping customer address space?
a. Router target
b. Policies
c. Route Distinguisher
d. Filters
2. Select all CE to PE routing methods or protocols supported on the SR:
a. Static Routes
b. RIP
c. OSPF
d. IS-IS
e. BGP
Answers
1. What method does a VPRN service use to differentiate overlapping customer address space?
a. Router target
b. Policies
c. Route Distinguisher
d. Filters
Basic Services
VPRN Configuration
4. What
method
is used to exchange routes between PEs?
5620 SAM 5620 SAM (Service Aware Manager) R7.0 Operator
a. OSPF
b. RIP
c. Static
d. MP-BGP
End of Module
VPRN Configuration
8 5 35
8 5 36
Basic Services VPRN Configuration
5620 SAM 5620 SAM (Service Aware Manager) R7.0 Operator