Inter-AS MPLS VPN Option A
Good time of day.
I work in a small provider company. Despite the fact that the company is small, it uses MPLS technology to its fullest extent, including AToM and cross-operator VPN connections. There has already been an article about EoMPLS, so I want to tell you about the possibilities of creating client MPLS VPN through networks of several providers.
The first option is Inter-AS MPLS Option A.
This kind of connection involves several physical interfaces or logical subinterfaces between ASBR providers' routers, one for each client VRF.
On the ASBRs, client-side VRFs are configured and each of the subinterfaces is placed in the desired VRF. For each of the ASBRs, the neighbor will be a CE router, and the exchange of routing information between them will be similar to the operation of PE-CE routers. LSP paths will be built from PE to ASBR inside the autonomous system, then the outer and inner tags are removed, and between ASBRs of different autonomous systems there is a bare IP inside a specific VLAN or via separate physical interfaces.
Configuration example:
')
ASBR1:
ASBR2:
Interfaces Fa0 / 1 - trunk interface between providers. VLAN 10 and VLAN 20 carry pure IP traffic. In this example, we excluded the exchange of routing information between ASBRs in the global, thus the joint was made only for connecting client VPNs. If the second provider is transit for, say, Internet traffic, and most often it happens, the configuration will be a little more complicated.
Voila! We have an opportunity to provide a VPN service to a client, including through another provider.
The disadvantages of Inter-AS under option A are:
The advantage is the ability to use the same QoS policies as with normal IP traffic.
In further series, if you are interested, let's talk about Inter-AS Option B.
I work in a small provider company. Despite the fact that the company is small, it uses MPLS technology to its fullest extent, including AToM and cross-operator VPN connections. There has already been an article about EoMPLS, so I want to tell you about the possibilities of creating client MPLS VPN through networks of several providers.
The first option is Inter-AS MPLS Option A.
This kind of connection involves several physical interfaces or logical subinterfaces between ASBR providers' routers, one for each client VRF.
On the ASBRs, client-side VRFs are configured and each of the subinterfaces is placed in the desired VRF. For each of the ASBRs, the neighbor will be a CE router, and the exchange of routing information between them will be similar to the operation of PE-CE routers. LSP paths will be built from PE to ASBR inside the autonomous system, then the outer and inner tags are removed, and between ASBRs of different autonomous systems there is a bare IP inside a specific VLAN or via separate physical interfaces.
Configuration example:
')
ASBR1:
ip vrf test1
rd 1:1
route-target import 1:1
route-target export 1:1
!
ip vrf test2
rd 1:2
route-target import 1:2
route-target export 1:2
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
description Connection to PE1
ip address 10.1.1.1 255.255.255.0
mpls ip
!
interface FastEthernet0/1
description Connection to ASBR2
no ip address
!
interface FastEthernet0/1.10
encapsulation dot1q 10
ip vrf forwarding test1
ip address 172.17.1.1 255.255.255.0
!
interface FastEthernet0/1.20
encapsulation dot1q 20
ip vrf forwarding test2
ip address 172.16.2.1 255.255.255.0
!
router ospf 1
network 10.1.1.0 0.0.0.255 area 0
network 1.1.1.1 0.0.0.0 area 0
!
router bgp 1
no synchronization
bgp log-neighbor-changes
bgp router-id 1.1.1.1
no auto-summary
neighbor 1.1.1.2 remote-as 1
neighbor 1.1.1.2 update-source Loopback0
!
address-family vpnv4
neighbor 1.1.1.2 activate
exit-address-family
!
address-family ipv4 vrf test1
neighbor 172.17.1.2 remote-as 2
neighbor 172.17.1.2 activate
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf test2
neighbor 172.16.2.2 remote-as 2
neighbor 2172.16.2.2 activate
no auto-summary
no synchronization
exit-address-family
!
ASBR2:
ip vrf test1
rd 2:1
route-target import 2:1
route-target export 2:1
!
ip vrf test2
rd 2:2
route-target import 2:2
route-target export 2:2
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
description Connection to PE2
ip address 10.1.1.1 255.255.255.0
mpls ip
!
interface FastEthernet0/1
description Connection to ASBR2
no ip address
!
interface FastEthernet0/1.10
encapsulation dot1q 10
ip vrf forwarding test1
ip address 172.17.1.2 255.255.255.0
!
interface FastEthernet0/1.20
encapsulation dot1q 20
ip vrf forwarding test2
ip address 172.16.2.2 255.255.255.0
!
router ospf 1
passive-interface FastEthernet0/1
network 10.1.1.0 0.0.0.255 area 0
network 2.2.2.2 0.0.0.0 area 0
!
router bgp 1
no synchronization
bgp log-neighbor-changes
bgp router-id 2.2.2.2
neighbor 2.2.2.3 remote-as 1
neighbor 2.2.2.3 update-source Loopback0
!
address-family vpnv4
neighbor 2.2.2.3 activate
exit-address-family
!
address-family ipv4 vrf test1
neighbor 172.17.1.2 remote-as 2
neighbor 172.17.1.2 activate
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf test2
neighbor 172.16.2.2 remote-as 2
neighbor 172.16.2.2 activate
no auto-summary
no synchronization
exit-address-family
!
Interfaces Fa0 / 1 - trunk interface between providers. VLAN 10 and VLAN 20 carry pure IP traffic. In this example, we excluded the exchange of routing information between ASBRs in the global, thus the joint was made only for connecting client VPNs. If the second provider is transit for, say, Internet traffic, and most often it happens, the configuration will be a little more complicated.
Voila! We have an opportunity to provide a VPN service to a client, including through another provider.
The disadvantages of Inter-AS under option A are:
- the need for a physical or logical link between routers for each client VPN
- on ASBR, you need to configure VRF for each client VPN
- ASBR should process routing information for each VRF and support different neighbor BGP relationships
The advantage is the ability to use the same QoS policies as with normal IP traffic.
In further series, if you are interested, let's talk about Inter-AS Option B.
Source: https://habr.com/ru/post/74556/
All Articles