Você está na página 1de 29

Complex MPLS Layer 3 VPNs

© 2012 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—3-1
• Describe MPLS interdomain solutions
• Describe the CSC feature
• Describe inter-AS MPLS models

© 2012 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—3-2
MPLS Interdomain Solutions

© 2012 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—3-3
• Companies need MPLS service delivered all over the world.
• Support for VPNs that cross AS boundaries
• Two basic types of service provider design:
- CSC
• Hierarchical MPLS VPN design
• Using other service providers for MPLS backbone
- Inter-AS
• Peer-to-peer type model
• Peering with neighboring service providers

© 2012 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—3-4
Access
Aggregation
IP Edge
Core
Residential

Mobile Users

Business

IP Infrastructure Layer

Access Aggregation IP Edge Core

• MPLS interdomain solutions are part of the Cisco IP NGN infrastructure


layer.
• IP edge devices run MPLS, BGP, or IGP.
• IP core devices run MPLS.
© 2012 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—3-5
• Hierarchical MPLS VPN:
- Backbone provider–first-level service provider
- Customer carrier–second-level service provider
• CSC provides MPLS VPN service to other service providers.
• A large service provider acts as the backbone for smaller service
providers.
• The customer carrier can be an ISP or MPLS VPN provider.
P

PE1 PE2
Backbone
Carrier
Customer Customer

Customer Customer
Carrier Carrier
Customer Customer
POP site CSC-CE1 CSC-CE2 POP site

Customer Customer

© 2012 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—3-6
• Multiple customer carriers can be connected to a single CSC backbone.
• Both VPN and Internet services can be provided.
• Customer carriers do not have to operate their own long-distance
network.
• Different addressing schemes can be used by different carriers.
• Any link type supported by MPLS can be used.
• There are no end-user routes in the CSC backbone.

© 2012 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—3-7
• Packets from POP1 to POP2 are propagated along a label-switched
path from CE1 to CE2.
• PE and CSC-CE routers must exchange route or label information.
• Backbone carrier does not carry routing information of end customers.

PE1 PE2
Backbone
Carrier

Route
information
Customer Customer
Customer Carrier Carrier Customer
A A
CE1 CSC-PE1 POP1 CSC-CE1 CSC-CE2 POP2 CSC-PE2

© 2012 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—3-8
• CSC backbone carrier must support MPLS VPNs.
• CSC customer carrier can exchange labels:
- Using IGP and LDP:
• MPLS is enabled on link between backbone carrier and customer carrier.
• IGP is used for route exchange.
- Using MP-BGP:
• MP-BGP is used for label and route distribution.

© 2012 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—3-9
• Most MPLS VPN systems are deployed in one AS.
• Inter-AS introduces techniques to establish MPLS VPNs across multiple
autonomous systems.
• There are many options for:
- Exchanging VPN information
- Building VPN tunnels

© 2012 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—3-10
• An MPLS VPN tunnel is established across two service providers.

Customer A Customer B
Site 1 Site 1
CE1 RR1 CE2

SP1
AS X
PE2

ASBR1

ASBR2

SP2
AS Y

PE3 RR2 PE4


Customer A Customer B
Site 2 Site 2
CE3 CE4

© 2012 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—3-11
• There are three options for configuring inter-AS:
- Option A: back-to-back VRF
- Option B: single-hop MP-EBGP method
- Option C: multihop MP-EBGP between route reflectors
• Option A is the simplest method.
• Option C is the most scalable method.

© 2012 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—3-12
CSC Models

© 2012 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—3-13
• MPLS VPN is configured in backbone carrier.
• Customer carrier POP sites:
- Connected using Layer 3 MPLS VPN
- Run IGP and LDP with backbone carrier

Backbone
Carrier

MP-IBGP MPLS VPN MP-IBGP

RR1 ASBR1 ASBR2 RR2


POP1 POP2

MPLS VPN

Customer Customer
Site 1 Site 2

© 2012 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—3-14
interface GigabitEthernet0/0/0/1
description Link PE-ASBR
vrf Customer_carrier
ipv4 address 10.10.10.1 255.255.255.252
!
mpls ldp
...
!
interface GigabitEthernet0/0/0/1
!
router ospf 1 Backbone
address-family ipv4 unicast PE1 Carrier PE2
vrf Customer_carrier
area 0
interface GigabitEthernet0/0/0/1
!

RR1 ASBR1 ASBR2


POP1 POP2
interface GigabitEthernet0/0/0/1 RR2
description Link PE-ASBR
ipv4 address 10.10.10.2 255.255.255.252
!
mpls ldp
...
!
interface GigabitEthernet0/0/0/1
!
Customer Customer
router ospf 1
Site 1 Site 2
address-family ipv4 unicast
area 0
interface GigabitEthernet0/0/0/1
!

© 2012 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—3-15
• Backbone carrier establishes MPLS VPN for customer carrier.
• Customer carrier establishes MPLS VPN for end customers.

Configure an MP-IBGP session between


Backbone
route reflector routers:
PE1 Carrier PE2
- Session between loopback interfaces

MP-BGP

MP-BGP MP-BGP

RR1 ASBR1 ASBR2 RR2


POP1 POP2
AS 64500 AS 64500
RR
Configure an MP-IBGP session between PE routers: Client
- Session between loopback interfaces
- Send labels with customer carrier routes
- Override customer carrier AS number in AS path

Customer Customer
Site 1 Site 2

© 2012 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—3-16
• When an IP packet enters the customer carrier VPN, an LDP label is
attached to it.
• When the packet arrives at the backbone carrier, another VPN label is
attached to it.
P

PE1 PE2
Backbone
Carrier

Customer Customer
Customer Customer
Carrier Carrier
A A
CSC-PE1 POP1 Site CSC-CE1 POP2 Site
CSC-PE2
CSC-CE2

LDP3
LDP1 LDP2 VPN1 LDP4 LDP5
VPN VPN VPN VPN VPN
IP IP IP IP IP IP IP

© 2012 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—3-17
• MPLS VPN is configured in backbone carrier.
• Customer carrier POP sites:
- Connected using Layer 3 MPLS VPN
- Run MP-EBGP with backbone carrier ASBR
- Use /32 loopback address for MP-IBGP sessions between route reflectors.
- On Cisco IOS XR routers, a static route should be configured on the backbone
carrier PE router pointing to the carrier ASBR router.
Backbone
Carrier

MP-IBGP MPLS VPN MP-IBGP

RR1 ASBR1 ASBR2 RR2


POP1 POP2

MPLS VPN

Customer Customer
Site 1 Site 2
© 2012 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—3-18
interface GigabitEthernet0/0/0/1
description Link PE-ASBR
vrf Customer_carrier
ipv4 address 10.10.10.1 255.255.255.252
!
router static
vrf Customer_carrier
address-family ipv4 unicast
10.10.10.2/32 GigabitEthernet0/0/0/1
!
router bgp 64500 Backbone
vrf Customer_carrier PE1 Carrier PE2
rd 1:220
address-family ipv4 unicast
redistribute connected
allocate-label all
!
neighbor 10.10.10.2
remote-as 64512
update-source GigabitEthernet0/0/0/1
RR1 ASBR1 ASBR2
address-family ipv4 unicast POP1
route-policy pass in
route-policy pass out
as-override
next-hop-self
!
address-family ipv4 labeled-unicast
route-policy pass in
route-policy pass out
as-override Customer Customer
next-hop-self
Site 1 Site 2
!

© 2012 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—3-19
• When an IP packet enters the customer carrier VPN, an LDP label is
attached to it.
• When the packet arrives at the backbone carrier, another VPN label is
attached to it.
P

PE1 PE2
Backbone
Carrier

Customer Customer
Customer Customer
Carrier Carrier
A POP1 Site POP2 Site
A
CE1 CE2

LDP
LDP LDP VPN1 LDP LDP
VPN VPN VPN VPN VPN
IP IP IP IP IP IP IP

© 2012 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—3-20
Inter-AS

© 2012 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—3-21
• ASBR routers are connected over multiple subinterfaces.
• IGP runs between ASBR routers.

Customer A Customer B
Site 1 Site 1
CE1 RR1 CE2

SP1
AS X PE2
PE1

MP-BGP MP-BGP
ASBR1
Multiple
IGP
subinterfaces
ASBR2

MP-BGP MP-BGP

SP2
AS Y

PE3 RR2 PE4


Customer A Customer B
Site 2 Site 2
CE3 CE4

© 2012 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—3-22
• ASBR needs to allocate a physical or logical link for each VPN.
• Suitable when the number of VPNs is small
• Not scalable
• Each AS constructs its own VPN tunnel.
• ASBRs act as CE routers for customers in an AS:
- ASBR needs to process routes of all VPN customers.

© 2012 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—3-23
• BGP is used to signal VPN labels between the AS boundary routers.
• Higher scalability

Customer A Customer B
Site 1 Site 1
CE1 RR1 CE2

SP1
AS X PE2
PE1

MP-IBGP MP-IBGP
ASBR1

MP-EBGP

ASBR2

MP-IBGP MP-IBGP

SP2
AS Y

PE3 RR2 PE4


Customer A Customer B
Site 2 Site 2
CE3 CE4

© 2012 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—3-24
• Only one link is used between ASBRs.
• Inter-AS link in the global table
• Labels are exchanged between directly attached ASBRs.
• Provides greater scalability
• LSP tunnel construction:
- Next-hop-self method
• ASBR announces itself as the next hop to the BGP neighbor.
• New label is allocated
- Redistribute method
• Routes to BGP peers are redistributed into IGP.

© 2012 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—3-25
• Labeled IPv4 routes are redistributed by EBGP between neighboring
autonomous systems.
• BGP is used for label distribution.

Customer A Customer B
Site 1 Site 1
CE1 RR1 CE2

SP1
AS X PE2
PE1

ASBR1

MP-EBGP MP-EBGP

ASBR2

MP-IBGP

SP2
AS Y

PE3 RR2 PE4


Customer A Customer B
Site 2 Site 2
CE3 CE4

© 2012 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—3-26
• ASBRs do not have VPNv4 routes and label information.
• MP-EBGP peering between route reflectors in different autonomous
systems.
• BGP is used for label distribution between ASBRs.
• End-to-end LSP is required from ingress PE to egress PE.
• You can use a route map or route policy to filter the distribution of MPLS
labels between routers.

© 2012 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—3-27
• The two basic MPLS interdomain solutions are CSC and inter-AS.
• CSC is a hierarchical method for interconnecting service providers.
• Inter-AS is a peer-to-peer method for interconnecting service providers.

© 2012 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—3-28
© 2012 Cisco and/or its affiliates. All rights reserved. SPEDGE v1.0—3-29

Você também pode gostar