Cisco IOS XR Multiprotocol Label Switching Configuration Guide, Release 3.3
Implementing MPLS Layer 3 VPNs
Downloads: This chapterpdf (PDF - 654.0KB) The complete bookPDF (PDF - 2.59MB) | Feedback

Implementing MPLS Layer 3 VPNs

Table Of Contents

Implementing MPLS Layer 3 VPNs

Contents

Prerequisites for Implementing MPLS Layer 3 VPN on Cisco IOS XR Software

Restrictions for Implementing MPLS Layer 3 VPNs on Cisco IOS XR Software

Information About Implementing MPLS Layer 3 VPN on Cisco IOS XR Software

MPLS VPN Definition

How an MPLS VPN Works

How Virtual Routing and Forwarding Tables Work in an MPLS VPN

How VPN Routing Information Is Distributed in an MPLS VPN

BGP Distribution of VPN Routing Information

MPLS Forwarding

Automatic Route Distinguisher Assignment

Major Components of MPLS VPNs

Benefits of an MPLS VPN

Information About MPLS VPN Inter-AS with ASBRs

MPLS VPN Inter-AS Introduction

Benefits of MPLS VPN Inter-AS

Information About Using Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses

How Information Is Exchanged in an MPLS VPN Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses

Transmitting Information in an MPLS VPN Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses

Exchanging VPN Routing Information in an MPLS VPN Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses

Packet Forwarding Between MPLS VPN Inter-AS Systems with ASBRs Exchanging VPN-IPv4 Addresses

Using a Confederation for MPLS VPN Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses

Information About Using Inter-AS with ASBRs Exchanging IPv4 Routes and MPLS Labels

Benefits of MPLS VPN Inter-AS Using ASBRs to Exchange IPv4 Routes and MPLS Labels

How the Inter-AS Works When ASBRs Exchange IPv4 Routes with MPLS Labels

BGP Routing Information

Types of BGP Messages and MPLS Labels

How BGP Sends MPLS Labels with Routes

How to Implement MPLS Layer 3 VPNs on Cisco IOS XR Software

Configuring the Core Network

Assessing the Needs of MPLS VPN Customers

Configuring Routing Protocols in the Core

Configuring MPLS in the Core

Determining if FIB Is Enabled in the Core

Configuring Multiprotocol BGP on the PE Routers and Route Reflectors

Connecting MPLS VPN Customers

Defining VRFs on the PE Routers to Enable Customer Connectivity

Configuring VRF Interfaces on PE Routers for Each VPN Customer

Configuring BGP as the Routing Protocol Between the PE and CE Routers

Configuring RIPv2 as the Routing Protocol Between the PE and CE Routers

Configuring Static Routes Between the PE and CE Routers

Configuring OSPF as the Routing Protocol Between the PE and CE Routers

Configuring EIGRP as the Routing Protocol Between the PE and CE Routers

Configuring EIGRP Redistribution in the MPLS VPN

Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS VPN Inter-AS with ASBRs Exchanging IPv4 Routes and MPLS Labels

Configuring the ASBRs to Exchange IPv4 Routes and MPLS Labels

Configuring the Route Reflectors to Exchange VPN-IPv4 Routes

Configuring the Route Reflector to Reflect Remote Routes in Its AS

Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS VPN Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses

Configuring the ASBRs to Exchange VPN-IPv4 Addresses

Configuring EBGP Routing to Exchange VPN Routes Between Subautonomous Systems in a Confederation

Verifying the MPLS Layer 3 VPN Configuration

Configuration Examples for Implementing MPLS Layer 3 VPNs

Configuring an MPLS VPN Using BGP: Example

Configuring the Routing Information Protocol on the PE Router: Example

Configuring the PE Router Using EIGRP: Example

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance


Implementing MPLS Layer 3 VPNs


A Multiprotocol Label Switching (MPLS) Layer 3 Virtual Private Network (VPN) consists of a set of sites that are interconnected by means of an MPLS provider core network. At each customer site, one or more customer edge (CE) routers attach to one or more provider edge (PE) routers.

This module provides the conceptual and configuration information for MPLS Layer 3 VPNs on Cisco IOS XR software.


Note For more information about MPLS Layer 3 VPN on the Cisco IOS XR software and complete descriptions of the commands listed in this module, see the "Related Documents" section of this module. To locate documentation for other commands that might appear while executing a configuration task, search online in the Cisco IOS XR software master command index.


Feature History for Implementing MPLS Layer 3 VPN on Cisco IOS XR Configuration Module

Release
Modification

Release 3.3.0

This feature was introduced on the Cisco CRS-1 router and Cisco XR 12000 Series Router.


Contents

Prerequisites for Implementing MPLS Layer 3 VPN on Cisco IOS XR Software

Restrictions for Implementing MPLS Layer 3 VPNs on Cisco IOS XR Software

Information About Implementing MPLS Layer 3 VPN on Cisco IOS XR Software

Information About MPLS VPN Inter-AS with ASBRs

How to Implement MPLS Layer 3 VPNs on Cisco IOS XR Software

Configuration Examples for Implementing MPLS Layer 3 VPNs

Additional References

Prerequisites for Implementing MPLS Layer 3 VPN on Cisco IOS XR Software

The following prerequisites are required for configuring MPLS Layer 3 VPN on your network:

You must be in a user group associated with a task group that includes the proper task IDs for MPLS Layer 3 VPN commands.

For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of Cisco IOS XR System Security Configuration Guide.

The following prerequisites are required for configuring MPLS VPN Inter-AS with autonomous system boundary routers (ASBRs) exchanging VPN-IPV4 addresses or IPv4 routes and MPLS labels (supported on the Cisco XR 12000 Series Router):

Before configuring external Border Gateway Protocol (eBGP) routing between autonomous systems or subautonomous systems in an MPLS VPN, ensure that all MPLS VPN routing instances and sessions are properly configured. See How to Implement MPLS Layer 3 VPNs on Cisco IOS XR Software for procedures. The following tasks must be performed:

Define VPN routing instances

Configure BGP routing sessions in the MPLS core

Configure PE-to-PE routing sessions in the MPLS core

Configure BGP PE-to-CE routing sessions

Configure a VPN-IPv4 eBGP session between directly connected ASBRs

Restrictions for Implementing MPLS Layer 3 VPNs on Cisco IOS XR Software

To configure MPLS Layer 3 VPNs, routers must support MPLS forwarding and Forwarding Information Base (FIB).

The following are restrictions for implementing MPLS Layer 3 VPNs:

Multihop VPN-IPv4 eBGP is not supported for configuring eBGP routing between autonomous systems or subautonomous systems in an MPLS VPN.

MPLS VPN Inter-AS is supported only on the Cisco XR 12000 Series Router.

MPLS VPN supports only IPv4 address families.

CE to CE MPLS is not supported.

The following restrictions apply when configuring MPLS VPN Inter-AS with ASBRs exchanging IPv4 routes and MPLS labels (supported on the Cisco XR 12000 Series Router):

For networks configured with eBGP multihop, a label switched path (LSP) must be configured between nonadjacent routers.

The physical interfaces that connect the BGP speakers must support FIB and MPLS.

Information About Implementing MPLS Layer 3 VPN on Cisco IOS XR Software

To implement MPLS Layer 3 VPNs, you need to understand the following concepts:

MPLS VPN Definition

How an MPLS VPN Works

Major Components of MPLS VPNs

Benefits of an MPLS VPN

MPLS VPN Definition

Before defining an MPLS VPN, VPN in general must be defined. A VPN is:

An IP-based network delivering private network services over a public infrastructure

A set of sites that are allowed to communicate with each other privately over the Internet or other public or private networks

Conventional VPNs are created by configuring a full mesh of tunnels or permanent virtual circuits (PVCs) to all sites in a VPN. This type of VPN is not easy to maintain or expand because adding a new site requires changing each edge device in the VPN.

MPLS-based VPNs are created in Layer 3 and are based on the peer model. The peer model enables the service provider and the customer to exchange Layer 3 routing information. The service provider relays the data between the customer sites without customer involvement.

MPLS VPNs are easier to manage and expand than conventional VPNs. When a new site is added to an MPLS VPN, only the edge router of the service provider that provides services to the customer site needs to be updated.

The components of the MPLS VPN are described as follows:

Provider (P) router—Router in the core of the provider network. P routers run MPLS switching and do not attach VPN labels (MPLS label in each route assigned be the PE router) to routed packets. VPN labels are used to direct data packets to the correct egress router.

PE router—Router that attaches the VPN label to incoming packets based on the interface or subinterface on which they are received, and also attaches the MPLS core labels. A PE router attaches directly to a CE router.

Customer (C) router—Router in the Internet service provider (ISP) or enterprise network.

Customer edge (CE) router—Edge router on the network of the ISP that connects to the PE router on the network. A CE router must interface with a PE router.

Figure 11 shows a basic MPLS VPN topology.

Figure 11 Basic MPLS VPN Topology

How an MPLS VPN Works

MPLS VPN functionality is enabled at the edge of an MPLS network. The PE router performs the following tasks:

Exchanges routing updates with the CE router

Translates the CE routing information into VPN version 4 (VPNv4) routes

Exchanges VPNv4 routes with other PE routers through the Multiprotocol Border Gateway Protocol (MP-BGP)

How Virtual Routing and Forwarding Tables Work in an MPLS VPN

Each VPN is associated with one or more VPN routing and forwarding (VRF) instances. A VRF defines the VPN membership of a customer site attached to a PE router. A VRF consists of the following components:

An IP version 4 (IPv4) unicast routing table

A derived FIB table

A set of interfaces that use the forwarding table

A set of rules and routing protocol parameters that control the information that is included in the routing table

These components are collectively called a VRF instance.

A one-to-one relationship does not necessarily exist between customer sites and VPNs. A site can be a member of multiple VPNs. However, a site can associate with only one VRF. A VRF contains all the routes available to the site from the VPNs of which it is a member.

Packet forwarding information is stored in the IP routing table and the FIB table for each VRF. A separate set of routing and FIB tables is maintained for each VRF. These tables prevent information from being forwarded outside a VPN and also prevent packets that are outside a VPN from being forwarded to a router within the VPN.

How VPN Routing Information Is Distributed in an MPLS VPN

The distribution of VPN routing information is controlled through the use of VPN route target communities, implemented by BGP extended communities. VPN routing information is distributed as follows:

When a VPN route that is learned from a CE router is injected into a BGP, a list of VPN route target extended community attributes is associated with it. Typically, the list of route target community extended values is set from an export list of route targets associated with the VRF from which the route was learned.

An import list of route target extended communities is associated with each VRF. The import list defines route target extended community attributes that a route must have for the route to be imported into the VRF. For example, if the import list for a particular VRF includes route target extended communities A, B, and C, then any VPN route that carries any of those route target extended communities—A, B, or C—is imported into the VRF.

BGP Distribution of VPN Routing Information

A PE router can learn an IP prefix from the following sources:

A CE router by static configuration

An eBGP session with the CE router

A Routing Information Protocol (RIP) exchange with the CE router

Open Shortest Path First (OSPF), Enhanced Interior Gateway Routing Protocol (EIGRP), and RIP as Interior Gateway Protocols (IGPs)

The IP prefix is a member of the IPv4 address family. After the PE router learns the IP prefix, the PE converts it into the VPN-IPv4 prefix by combining it with a 64-bit route distinguisher (RD). The generated prefix is a member of the VPN-IPv4 address family. It uniquely identifies the customer address, even if the customer site is using globally nonunique (unregistered private) IP addresses. The route distinguisher used to generate the VPN-IPv4 prefix is specified by the rd command associated with the VRF on the PE router.

BGP distributes reachability information for VPN-IPv4 prefixes for each VPN. BGP communication takes place at two levels:

Within the IP domain, known as an autonomous system (interior BGP [iBGP])

Between autonomous systems (external BGP [eBGP]) (Cisco XR 12000 Series Router only)

PE to PE or PE to route reflector (RR) sessions are iBGP sessions, and PE to CE sessions are eBGP sessions. PE to CE eBGP sessions can be directly or indirectly connected (eBGP multihop).

BGP propagates reachability information for VPN-IPv4 prefixes among PE routers by the BGP protocol extensions (see RFC 2283, Multiprotocol Extensions for BGP-4), which define support for address families other than IPv4. Using the extensions ensures that the routes for a given VPN are learned only by other members of that VPN, enabling members of the VPN to communicate with each other.

MPLS Forwarding

Based on routing information stored in the VRF IP routing table and the VRF FIB table, packets are forwarded to their destination using MPLS.

A PE router binds a label to each customer prefix learned from a CE router and includes the label in the network reachability information for the prefix that it advertises to other PE routers. When a PE router forwards a packet received from a CE router across the provider network, it labels the packet with the label learned from the destination PE router. When the destination PE router receives the labeled packet, it pops the label and uses it to direct the packet to the correct CE router. Label forwarding across the provider backbone is based on either dynamic label switching or traffic engineered paths. A customer data packet carries two levels of labels when traversing the backbone:

The top label directs the packet to the correct PE router.

The second label indicates how that PE router should forward the packet to the CE router.

More labels can be stacked if other features are enabled. For example, if traffic engineering (TE) tunnels with fast reroute (FRR) are enabled, the total number of labels imposed in the PE is four (Layer 3 VPN, Label Distribution Protocol (LDP), TE, and FRR).

Automatic Route Distinguisher Assignment

To take advantage of iBGP load balancing, every network VRF must be assigned a unique route distinguisher. VRFs require a route distinguisher for BGP to distinguish between potentially identical prefixes received from different VPNs.

With thousands of routers in a network each supporting multiple VRFs, configuration and management of route distinguishers across the network can present a problem. Cisco IOS XR simplifies this process by assigning unique route distinguisher to VRFs using the rd auto command.

To assign a unique route distinguisher for each router, you must ensure that each router has a unique BGP router-id. If so, the rd auto command assigns a Type 1 route distinguisher to the VRF using the following format: ip-address:number. The IP address is specified by the BGP router-id statement and the number (which is derived as an unused index in the 0 - 65535 range) is unique across the VRFs.

Finally, route distinguisher values are checkpointed so that route distinguisher assignment to VRF is persistent across failover or process restart. If an route distinguisher is explicitely configured for a VRF, this value is not overridden by the autoroute distinguisher.

Major Components of MPLS VPNs

An MPLS-based VPN network has three major components:

VPN route target communities—A VPN route target community is a list of all members of a VPN community. VPN route targets need to be configured for each VPN community member.

Multiprotocol BGP (MP-BGP) peering of the VPN community PE routers—MP-BGP propagates VRF reachability information to all members of a VPN community. MP-BGP peering needs to be configured in all PE routers within a VPN community.

MPLS forwarding—MPLS transports all traffic between all VPN community members across a VPN service-provider network.

A one-to-one relationship does not necessarily exist between customer sites and VPNs. A given site can be a member of multiple VPNs. However, a site can associate with only one VRF. A customer-site VRF contains all the routes available to the site from the VPNs of which it is a member.

Benefits of an MPLS VPN

MPLS VPNs allow service providers to deploy scalable VPNs and build the foundation to deliver value-added services, including:

Connectionless Service—A significant technical advantage of MPLS VPNs is that they are connectionless. The Internet owes its success to its basic technology, TCP/IP. TCP/IP is built on a packet-based, connectionless network paradigm. This connectionless network means that no prior action is necessary to establish communication between hosts, making it easy for two parties to communicate. To establish privacy in a connectionless IP environment, current VPN solutions impose a connection-oriented, point-to-point overlay on the network. Even if it runs over a connectionless network, a VPN cannot take advantage of the ease of connectivity and multiple services available in connectionless networks. When you create a connectionless VPN, you do not need tunnels and encryption for network privacy, eliminating significant complexity.

Centralized Service—Building VPNs in Layer 3 allows delivery of targeted services to a group of users represented by a VPN. A VPN must give service providers more than a mechanism for privately connecting users to intranet services. It must also provide a way to flexibly deliver value-added services to targeted customers. Scalability is critical because customers want to use services privately in their intranets and extranets. Because MPLS VPNs are seen as private intranets, you may use new IP services such as:

Multicast

Quality of service (QoS)

Telephony support within a VPN

Centralized services including content and web hosting to a VPN

You can customize several combinations of specialized services for individual customers. For example, a service that combines IP multicast with a low-latency service class enables video conferencing within an intranet.

Scalability—If you create a VPN using connection-oriented, point-to-point overlays, Frame Relay, or ATM virtual connections (VCs), the key deficiency of the VPN is scalability. Specifically, connection-oriented VPNs without fully meshed connections between customer sites are not optimal. MPLS-based VPNs use the peer model and Layer 3 connectionless architecture to leverage a highly scalable VPN solution. The peer model requires a customer site to peer with only one PE router as opposed to all other customer edge (CE) routers that are members of the VPN. The connectionless architecture allows the creation of VPNs in Layer 3, eliminating the need for tunnels or VCs.

Other scalability issues of MPLS VPNs are due to the partitioning of VPN routes between PE routers and the further partitioning of VPN and Interior Gateway Protocol (IGP) routes between PE routers and provider (P) routers in a core network.

PE routers must maintain VPN routes for those VPNs who are members.

P routers do not maintain any VPN routes.

The requirements of the PE and P routers increase the scalability of the provider core and ensure that no one device is a scalability bottleneck.

Security—MPLS VPNs offer the same level of security as connection-oriented VPNs. Packets from one VPN do not inadvertently go to another VPN.

Security is provided in the following areas:

At the edge of a provider network, ensuring packets received from a customer are placed on the correct VPN.

At the backbone, VPN traffic is kept separate. Malicious spoofing (an attempt to gain access to a PE router) is nearly impossible because the packets received from customers are IP packets. These IP packets must be received on a particular interface or subinterface to be uniquely identified with a VPN label.

Easy to Create—To take full advantage of VPNs, customers must be able to easily create new VPNs and user communities. Because MPLS VPNs are connectionless, no specific point-to-point connection maps or topologies are required. You can add sites to intranets and extranets and form closed user groups. Managing VPNs in this manner enables membership of any given site in multiple VPNs, maximizing flexibility in building materials and extranets.

Flexible Addressing—To make a VPN service more accessible, customers of a service provider can design their own addressing plan, independent of addressing plans for other service provider customers. Many customers use private address spaces, as defined in RFC 1918, and do not want to invest the time and expense of converting to public IP addresses to enable intranet connectivity. MPLS VPNs allow customers to continue to use their present address spaces without network address translations (NAT) by providing a public and private view of the address. A NAT is required only if two VPNs with overlapping address spaces want to communicate. A NAT enables customers to use their own unregistered private addresses and communicate freely across a public IP network.

Integrated Quality of Service (QoS) Support—QoS is an important requirement for many IP VPN customers. It provides the ability to address two fundamental VPN requirements:

Predictable performance and policy implementation

Support for multiple levels of service in an MPLS VPN

Network traffic is classified and labeled at the edge of the network before traffic is aggregated according to policies defined by subscribers and implemented by the provider and transported across the provider core. Traffic at the edge and core of the network can then be differentiated into different classes by drop probability or delay.

Straightforward Migration—For service providers to quickly deploy VPN services, use a straightforward migration path. MPLS VPNs are unique because you can build them over multiple network architectures, including IP, ATM, Frame Relay, and hybrid networks.

Migration for the end customer is simplified because there is no requirement to support MPLS on the CE router and no modifications are required for a customer intranet.

Information About MPLS VPN Inter-AS with ASBRs

Before configuring this feature, you need to understand the following concepts:

MPLS VPN Inter-AS Introduction

Benefits of MPLS VPN Inter-AS

Information About Using Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses

How Information Is Exchanged in an MPLS VPN Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses

Information About Using Inter-AS with ASBRs Exchanging IPv4 Routes and MPLS Labels

Benefits of MPLS VPN Inter-AS Using ASBRs to Exchange IPv4 Routes and MPLS Labels

How the Inter-AS Works When ASBRs Exchange IPv4 Routes with MPLS Labels

MPLS VPN Inter-AS Introduction

An autonomous system (AS) is a single network or group of networks that is controlled by a common system administration group and uses a single, clearly defined routing protocol. MPLS VPN Inter-AS is supported on Cisco XR 12000 Series Routers.

As VPNs grow, their requirements expand. In some cases, VPNs need to reside on different autonomous systems in different geographic areas. In addition, some VPNs need to extend across multiple service providers (overlapping VPNs). Regardless of the complexity and location of the VPNs, the connection between autonomous systems must be seamless to the customer.

Benefits of MPLS VPN Inter-AS

An MPLS VPN Inter-AS provides the following benefits:

Allows a VPN to cross more than one service provider backbone

Service providers, running separate autonomous systems, can jointly offer MPLS VPN services to the same end customer. A VPN can begin at one customer site and traverse different VPN service provider backbones before arriving at another site of the same customer. Previously, MPLS VPN could only traverse a single BGP autonomous system service provider backbone. This feature allows multiple autonomous systems to form a continuous (and seamless) network between customer sites of a service provider.

Allows a VPN to exist in different areas

A service provider can create a VPN in different geographic areas. Having all VPN traffic flow through one point (between the areas) allows for better rate control of network traffic between the areas.

Allows confederations to optimize iBGP meshing

Internal Border Gateway Protocol (iBGP) meshing in an autonomous system is more organized and manageable. You can divide an autonomous system into multiple, separate subautonomous systems and then classify them into a single confederation (even though the entire VPN backbone appears as a single autonomous system). This capability allows a service provider to offer MPLS VPNs across the confederation because it supports the exchange of labeled VPN-IPv4 Network Layer Reachability Information (NLRI) between the subautonomous systems that form the confederation.

Information About Using Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses

Separate autonomous systems from different service providers can communicate by exchanging IPv4 NLRI in the form of VPN-IPv4 addresses. The ASBRs use eBGP to exchange that information. Then an Interior Gateway Protocol (IGP) distributes the network layer information for VPN-IPV4 prefixes throughout each VPN and each autonomous system. The following protocols are used for sharing routing information:

Within an autonomous system, routing information is shared using an IGP.

Between autonomous systems, routing information is shared using an eBGP. An eBGP allows a service provider to set up an interdomain routing system that guarantees the loop-free exchange of routing information between separate autonomous systems.

The primary function of an eBGP is to exchange network reachability information between autonomous systems, including information about the list of autonomous system routes. The autonomous systems use eBGP border edge routers to distribute the routes, which include label switching information. Each border edge router rewrites the next-hop and MPLS labels. See How Information Is Exchanged in an MPLS VPN Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses for more information.

Inter-AS configurations supported in an MPLS VPN can include:

Interprovider VPN—MPLS VPNs that include two or more autonomous systems, connected by separate border edge routers. The autonomous systems exchange routes using eBGP. No IGP or routing information is exchanged between the autonomous systems.

BGP Confederations—MPLS VPNs that divide a single autonomous system into multiple subautonomous systems and classify them as a single, designated confederation. The network recognizes the confederation as a single autonomous system. The peers in the different autonomous systems communicate over eBGP sessions; however, they can exchange route information as if they were iBGP peers.

How Information Is Exchanged in an MPLS VPN Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses

This section contains the following topics:

Transmitting Information in an MPLS VPN Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses

Exchanging VPN Routing Information in an MPLS VPN Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses

Packet Forwarding Between MPLS VPN Inter-AS Systems with ASBRs Exchanging VPN-IPv4 Addresses

Using a Confederation for MPLS VPN Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses

Transmitting Information in an MPLS VPN Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses

Figure 12 illustrates one MPLS VPN consisting of two separate autonomous systems. Each autonomous system operates under different administrative control and runs a different IGP. Service providers exchange routing information through eBGP border edge routers (ABSR1 and ASBR2).

Figure 12 eBGP Connection Between Two MPLS VPN Inter-AS Systems with ASBRs Exchanging VPN-IPv4 Addresses

This configuration uses the following process to transmit information:


Step 1 The provider edge router (PE-1) assigns a label for a route before distributing that route. The PE router uses the multiprotocol extensions of BGP to transmit label mapping information. The PE router distributes the route as a VPN-IPv4 address. The address label and the VPN identifier are encoded as part of the NLRI.

Step 2 The two route reflectors (RR-1 and RR-2) reflect VPN-IPv4 internal routes within the autonomous system. The border edge routers of the autonomous system (ASBR1 and ASBR2) advertise the VPN-IPv4 external routes.

Step 3 The eBGP border edge router (ASBR1) redistributes the route to the next autonomous system (ASBR2). ASBR1 specifies its own address as the value of the eBGP next-hop attribute and assigns a new label. The address ensures:

That the next-hop router is always reachable in the service provider (P) backbone network.

That the label assigned by the distributing router is properly interpreted. (The label associated with a route must be assigned by the corresponding next-hop router.)

Step 4 The eBGP border edge router (ASBR2) redistributes the route in one of the following ways, depending on the configuration:

If the iBGP neighbors are configured with the next-hop-self command, ASBR2 changes the next-hop address of updates received from the eBGP peer, then forwards it.

If the iBGP neighbors are not configured with the next-hop-self command, the next-hop address does not get changed. ASBR2 must propagate a host route for the eBGP peer through the IGP. To propagate the eBGP VPN-IPv4 neighbor host route, use the redistribute command with the connected keyword. The eBGP VPN-IPv4 neighbor host route is automatically installed in the routing table when the neighbor comes up. This automatic installation is essential to establish the label-switched path between PE routers in different autonomous systems.


Exchanging VPN Routing Information in an MPLS VPN Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses

Autonomous systems exchange VPN routing information (routes and labels) to establish connections. To control connections between autonomous systems, the PE routers and eBGP border edge routers maintain a label forwarding information base (LFIB). The LFIB manages the labels and routes that the PE routers and eBGP border edge routers receive during the exchange of VPN information.

Figure 13 illustrates the exchange of VPN route and label information between autonomous systems. The autonomous systems use the following guidelines to exchange VPN routing information:

Routing information includes:

The destination network (N)

The next-hop field associated with the distributing router

A local MPLS label (L)

A route distinguisher (RD1). A route distinguisher is part of a destination network address. It makes the VPN-IPv4 route globally unique in the VPN service provider environment.

The ASBRs are configured to change the next-hop when sending VPN-IPv4 NLRIs to the iBGP neighbors. Therefore, the ASBRs must allocate a new label when they forward the NLRI to the iBGP neighbors.

Figure 13 Exchanging Routes and Labels Between MPLS VPN Inter-AS Systems with ASBRs Exchanging VPN-IPv4 Address

Figure 14 illustrates the exchange of VPN route and label information between autonomous systems. The only difference is that ASBR2 is configured with the redistribute command with the connected keyword, which propagates the host routes to all PEs. The command is necessary because ASBR2 is not configured to change the next-hop address.

Figure 14 Exchanging Routes and Labels with the redistributed Command in an MPLS VPN Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses

Packet Forwarding Between MPLS VPN Inter-AS Systems with ASBRs Exchanging VPN-IPv4 Addresses

Figure 15 illustrates how packets are forwarded between autonomous systems in an interprovider network using the following packet method.

Packets are forwarded to their destination by means of MPLS. Packets use the routing information stored in the LFIB of each PE router and eBGP border edge router.

The service provider VPN backbone uses dynamic label switching to forward labels.

Each autonomous system uses standard multilevel labeling to forward packets between the edges of the autonomous system routers (for example, from CE-5 to PE-3). Between autonomous systems, only a single level of labeling is used, corresponding to the advertised route.

A data packet carries two levels of labels when traversing the VPN backbone:

The first label (IGP route label) directs the packet to the correct PE router on the eBGP border edge router. (For example, the IGP label of ASBR2 points to the ASBR2 border edge router.)

The second label (VPN route label) directs the packet to the appropriate PE router or eBGP border edge router.

Figure 15 Forwarding Packets Between MPLS VPN Inter-AS Systems with ASBRs Exchanging VPN-IPv4 Addresses

Figure 16 shows the same packet forwarding method, except the eBGP router (ASBR1) forwards the packet without reassigning a new label to it.

Figure 16 Forwarding Packets Without a New Label Assignment Between MPLS VPN Inter-AS System with ASBRs Exchanging VPN-IPv4 Addresses

Using a Confederation for MPLS VPN Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses

A confederation is multiple subautonomous systems grouped together. A confederation reduces the total number of peer devices in an autonomous system. A confederation divides an autonomous system into subautonomous systems and assigns a confederation identifier to the autonomous systems. A VPN can span service providers running in separate autonomous systems or multiple subautonomous systems that form a confederation.

In a confederation, each subautonomous system is fully meshed with other subautonomous systems. The subautonomous systems communicate using an IGP, such as Open Shortest Path First (OSPF) or Intermediate System-to-Intermediate System (IS-IS). Each subautonomous system also has an eBGP connection to the other subautonomous systems. The confederation eBGP (CEBGP) border edge routers forward next-hop-self addresses between the specified subautonomous systems. The next-hop-self address forces the BGP to use a specified address as the next hop rather than letting the protocol choose the next hop.

You can configure a confederation with separate subautonomous systems two ways:

Configure a router to forward next-hop-self addresses between only the CEBGP border edge routers (both directions). The subautonomous systems (iBGP peers) at the subautonomous system border do not forward the next-hop-self address. Each subautonomous system runs as a single IGP domain. However, the CEBGP border edge router addresses are known in the IGP domains.

Configure a router to forward next-hop-self addresses between the CEBGP border edge routers (both directions) and within the iBGP peers at the subautonomous system border. Each subautonomous system runs as a single IGP domain but also forwards next-hop-self addresses between the PE routers in the domain. The CEBGP border edge router addresses are known in the IGP domains.


Note Figure 12 and Figure 13 illustrate how two autonomous systems exchange routes and forward packets. Subautonomous systems in a confederation use a similar method of exchanging routes and forwarding packets.


Figure 17 illustrates a typical MPLS VPN confederation configuration. In this configuration:

The two CEBGP border edge routers exchange VPN-IPv4 addresses with labels between the two autonomous systems.

The distributing router changes the next-hop addresses and labels and uses a next-hop-self address.

IGP-1 and IGP-2 know the addresses of CEBGP-1 and CEBGP-2.

Figure 17 EBGP Connection Between Two Subautonomous Systems in a Confederation

In this confederation configuration:

CEBGP border edge routers function as neighboring peers between the subautonomous systems. The subautonomous systems use eBGP to exchange route information.

Each CEBGP border edge router (CEBGP-1 and CEBGP-2) assigns a label for the router before distributing the route to the next subautonomous system. The CEBGP border edge router distributes the route as a VPN-IPv4 address by using the multiprotocol extensions of BGP. The label and the VPN identifier are encoded as part of the NLRI.

Each PE and CEBGP border edge router assigns its own label to each VPN-IPv4 address prefix before redistributing the routes. The CEBGP border edge routers exchange IPV-IPv4 addresses with the labels. The next-hop-self address is included in the label (as the value of the eBGP next-hop attribute). Within the subautonomous systems, the CEBGP border edge router address is distributed throughout the iBGP neighbors, and the two CEBGP border edge routers are known to both confederations.

Information About Using Inter-AS with ASBRs Exchanging IPv4 Routes and MPLS Labels

You can set up the MPLS VPN Inter-AS network so that the ASBRs exchange IPv4 routes with MPLS labels of the provider edge (PE) routers. Route reflectors (RRs) exchange VPN-IPv4 routes by using multihop, multiprotocol external Border Gateway Protocol (eBGP). This method of configuring the Inter-AS system is often called MPLS VPN Inter-AS BGP Label Distribution.

Benefits of MPLS VPN Inter-AS Using ASBRs to Exchange IPv4 Routes and MPLS Labels

Configuring the Inter-AS system so that the ASBRs exchange the IPv4 routes and MPLS labels has the following benefits:

Saves the ASBRs from having to store all the VPN-IPv4 routes. Using the route reflectors to store the VPN-IPv4 routes and forward them to the PE routers results in improved scalability compared with configurations in which the ASBR holds all the VPN-IPv4 routes and forwards the routes based on VPN-IPv4 labels.

Having the route reflectors hold the VPN-IPv4 routes also simplifies the configuration at the border of the network.

Enables a non-VPN core network to act as a transit network for VPN traffic. You can transport IPv4 routes with MPLS labels over a non-MPLS VPN service provider.

Eliminates the need for any other label distribution protocol between adjacent label switch routers (LSRs). If two adjacent LSRs are also BGP peers, BGP can handle the distribution of the MPLS labels. No other label distribution protocol is needed between the two LSRs.

How the Inter-AS Works When ASBRs Exchange IPv4 Routes with MPLS Labels

This section contains the following topics:

BGP Routing Information

Types of BGP Messages and MPLS Labels

How BGP Sends MPLS Labels with Routes

You can set up a VPN service provider network to exchange IPv4 routes with MPLS labels. You can configure the VPN service provider network as follows:

Route reflectors exchange VPN-IPv4 routes by using multihop, multiprotocol eBGP. This configuration also preserves the next-hop information and the VPN labels across the autonomous systems.

A local PE router (for example, PE1 in Figure 18) needs to know the routes and label information for the remote PE router (PE2). This information can be exchanged between the PE routers and ASBRs in one of two ways:

Internal Gateway Protocol (IGP) and Label Distribution Protocol (LDP): The ASBR can redistribute the IPv4 routes and MPLS labels it learned from eBGP into IGP and LDP and from IGP and LDP into eBGP.

Internal Border Gateway Protocol (iBGP) IPv4 label distribution: The ASBR and PE router can use direct iBGP sessions to exchange VPN-IPv4 and IPv4 routes and MPLS labels.

Alternatively, the route reflector can reflect the IPv4 routes and MPLS labels learned from the ASBR to the PE routers in the VPN. This reflecting of learned IPv4 routes and MPLS labels is accomplished by enabling the ASBR to exchange IPv4 routes and MPLS labels with the route reflector. The route reflector also reflects the VPN-IPv4 routes to the PE routers in the VPN. For example, in VPN1, RR1 reflects to PE1 the VPN-IPv4 routes it learned and IPv4 routes and MPLS labels learned from ASBR1. Using the route reflectors to store the VPN-IPv4 routes and forward them through the PE routers and ASBRs allows for a scalable configuration.

Figure 18 VPNs Using eBGP and iBGP to Distribute Routes and MPLS Labels

BGP Routing Information

BGP routing information includes the following items:

Network number (prefix), which is the IP address of the destination.

Autonomous system (AS) path, which is a list of the other ASs through which a route passes on the way to the local router. The first AS in the list is closest to the local router; the last AS in the list is farthest from the local router and usually the AS where the route began.

Path attributes, which provide other information about the AS path, for example, the next hop.

Types of BGP Messages and MPLS Labels

MPLS labels are included in the update messages that a router sends. Routers exchange the following types of BGP messages:

Open messages—After a router establishes a TCP connection with a neighboring router, the routers exchange open messages. This message contains the number of the autonomous system to which the router belongs and the IP address of the router that sent the message.

Update messages—When a router has a new, changed, or broken route, it sends an update message to the neighboring router. This message contains the NLRI, which lists the IP addresses of the usable routes. The update message includes any routes that are no longer usable. The update message also includes path attributes and the lengths of both the usable and unusable paths. Labels for VPN-IPv4 routes are encoded in the update message, as specified in RFC 2858. The labels for the IPv4 routes are encoded in the update message, as specified in RFC 3107.

Keepalive messages—Routers exchange keepalive messages to determine if a neighboring router is still available to exchange routing information. The router sends these messages at regular intervals. (Sixty seconds is the default for Cisco routers.) The keepalive message does not contain routing data; it contains only a message header.

Notification messages—When a router detects an error, it sends a notification message.

How BGP Sends MPLS Labels with Routes

When BGP (eBGP and iBGP) distributes a route, it can also distribute an MPLS label that is mapped to that route. The MPLS label mapping information for the route is carried in the BGP update message that contains the information about the route. If the next hop is not changed, the label is preserved.

When you issue the show bgp neighbors ip-address command on both BGP routers, the routers advertise to each other that they can then send MPLS labels with the routes. If the routers successfully negotiate their ability to send MPLS labels, the routers add MPLS labels to all outgoing BGP updates.

How to Implement MPLS Layer 3 VPNs on Cisco IOS XR Software

This section contains instructions for the following tasks:

Configuring the Core Network (required)

Connecting MPLS VPN Customers (required)

Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS VPN Inter-AS with ASBRs Exchanging IPv4 Routes and MPLS Labels (optional)

Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS VPN Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses (optional)

Verifying the MPLS Layer 3 VPN Configuration

Configuring the Core Network

Configuring the core network includes the following tasks:

Assessing the Needs of MPLS VPN Customers (required)

Configuring Routing Protocols in the Core (required)

Configuring MPLS in the Core (required)

Determining if FIB Is Enabled in the Core (required)

Configuring Multiprotocol BGP on the PE Routers and Route Reflectors (required)

Assessing the Needs of MPLS VPN Customers

Before configuring an MPLS VPN, the core network topology must be identified so that it can best serve MPLS VPN customers. Perform this task to identify the core network topology.

SUMMARY STEPS

1. Identify the size of the network.

2. Identify the routing protocols in the core.

3. Determine if MPLS High Availability support is required.

4. Determine if BGP load sharing and redundant paths are required.

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

Identify the size of the network.

Identify the following to determine the number of routers and ports required:

How many customers will be supported?

How many VPNs are required for each customer?

How many virtual routing and forwarding (VRF) instances are there for each VPN?

Step 2 

Identify the routing protocols in the core.

Determine which routing protocols are required in the core network.

Step 3 

Determine if MPLS High Availability support is required.

MPLS VPN nonstop forwarding and graceful restart are supported on select routers and Cisco IOS XR software releases.

Step 4 

Determine if BGP load sharing and redundant paths are required.

Determine if BGP load sharing and redundant paths in the MPLS VPN core are required.

Configuring Routing Protocols in the Core

To configure a routing protocol, see Cisco IOS XR Routing Configuration Guide.

Configuring MPLS in the Core

To enable MPLS on all routers in the core, you must configure a Label Distribution Protocol (LDP). You can use either of the following as an LDP:

MPLS LDP. See Implementing MPLS Label Distribution Protocol on Cisco IOS XR Software for configuration information.

MPLS Traffic Engineering Resource Reservation Protocol (RSVP). See Implementing RSVP for MPLS-TE and MPLS O-UNI on Cisco IOS XR Software for configuration information.

Determining if FIB Is Enabled in the Core

Forwarding Information Base (FIB) must be enabled on all routers in the core, including the provider edge (PE) routers. For information on how to determine if FIB is enabled, see Implementing Cisco Express Forwarding on Cisco IOS XR Software module in Cisco IOS XR IP Addresses and Services Configuration Guide.

Configuring Multiprotocol BGP on the PE Routers and Route Reflectors

Perform this task to configure multiprotocol BGP (MP-BGP) connectivity on the PE routers and route reflectors.

SUMMARY STEPS

1. configure

2. router bgp autonomous-system-number

3. address-family vpnv4 unicast

4. neighbor ip-address remote-as autonomous-system-number

5. address-family vpnv4 unicast

6. end
or
commit

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

configure

Example:

RP/0/RP0/CPU0:router# configure

Enters global configuration mode.

Step 2 

router bgp autonomous-system-number

Example:

RP/0/RP0/CPU0:router(config)# router bgp 120

Enters BGP configuration mode allowing you to configure the BGP routing process.

Step 3 

address-family vpnv4 unicast

Example:

RP/0/RP0/CPU0:router(config-bgp)# address-family vpnv4 unicast

Enters VPNv4 address family configuration mode for the VPNv4 address family.

Step 4 

end

or

commit

Example:

RP/0/RP0/CPU0:router(config-bgp-af)# end

or

RP/0/RP0/CPU0:router(config-bgp-af)# commit

Saves configuration changes.

When you issue the end command, the system prompts you to commit changes:

Uncommitted changes found, commit them before 
exiting (yes/no/cancel)? 
[cancel]:
 
        

Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.

Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.

Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Step 5 

neighbor ip-address remote-as autonomous-system-number

Example:

RP/0/RP0/CPU0:router(config-bgp)# neighbor 172.168.40.24 remote-as 2002

Creates a neighbor and assigns it a remote autonomous system number of 2002.

Step 6 

address-family vpnv4 unicast

Example:

RP/0/RP0/CPU0:router(config-bgp-nbr)# address-family vpnv4 unicast

Enters VPNv4 address family configuration mode for the VPNv4 address family.

Step 7 

end

or

commit

Example:

RP/0/RP0/CPU0:router(config-bgp-nbr-af)# end

or

RP/0/RP0/CPU0:router(config-bgp-nbr-af)# commit

Saves configuration changes.

When you issue the end command, the system prompts you to commit changes:

Uncommitted changes found, commit them before 
exiting (yes/no/cancel)? 
[cancel]:
 
        

Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.

Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.

Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Connecting MPLS VPN Customers

To connect MPLS VPN customers to the VPN, perform the following tasks:

Defining VRFs on the PE Routers to Enable Customer Connectivity (required)

Configuring VRF Interfaces on PE Routers for Each VPN Customer (required)

Configuring BGP as the Routing Protocol Between the PE and CE Routers (optional)

Configuring RIPv2 as the Routing Protocol Between the PE and CE Routers (optional)

Configuring Static Routes Between the PE and CE Routers (optional)

Configuring OSPF as the Routing Protocol Between the PE and CE Routers (optional)

Configuring EIGRP as the Routing Protocol Between the PE and CE Routers (optional)

Configuring EIGRP Redistribution in the MPLS VPN (optional)

Defining VRFs on the PE Routers to Enable Customer Connectivity

Perform this task to define VPN routing and forwarding (VRF) instances.

SUMMARY STEPS

1. configure

2. vrf vrf-name

3. address-family ipv4 unicast

4. import route-policy policy-name

5. import route-target [as-number:nn | ip-address:nn]

6. export route-policy policy-name

7. export route-target [as-number:nn | ip-address:nn]

8. exit

9. exit

10. router bgp autonomous-system-number

11. vrf vrf-name

12. rd {as-number | ip-address | auto}

13. end
or
commit

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

configure

Example:

RP/0/RP0/CPU0:router# configure

Enters global configuration mode.

Step 2 

vrf vrf-name

Example:

RP/0/RP0/CPU0:router(config)# vrf vrf_1

Configures a VRF instance and enters VRF configuration mode.

Step 3 

address-family ipv4 unicast

Example:

RP/0/RP0/CPU0:router(config-vrf)# address-family ipv4 unicast

Enters VRF address family configuration mode for the IPv4 address family.

Step 4 

import route-policy policy-name

Example:

RP/0/RP0/CPU0:router(config-vrf-af)# import route-policy policy_A

Specifies a route policy that can be imported into the local VPN.

Step 5 

import route-target [as-number:nn | ip-address:nn]

Example:

RP/0/RP0/CPU0:router(config-vrf-af)# import route-target 120:1

Allows exported VPN routes to be imported into the VPN if one of the route targets of the exported route matches one of the local VPN import route targets.

Step 6 

export route-policy policy-name

Example:

RP/0/RP0/CPU0:router(config-vrf-af)# export route-policy policy_B

Specifies a route policy that can be exported from the local VPN.

Step 7 

export route-target [as-number:nn | ip-address:nn]

Example:

RP/0/RP0/CPU0:router(config-vrf-af)# export route-target 120:2

Associates the local VPN with a route target. When the route is advertised to other provider edge (PE) routers, the export route target is sent along with the route as an extended community.

Step 8 

exit

Example:

RP/0/RP0/CPU0:router(config-vrf-af)# exit

Exits VRF address family configuration mode and returns the router to VRF configuration mode.

Step 9 

exit

Example:

RP/0/RP0/CPU0:router(config-vrf)# exit

Exits VRF configuration mode and returns the router to global configuration mode.

Step 10 

router bgp autonomous-system-number

Example:

RP/0/RP0/CPU0:router(config)# router bgp 120

Enters BGP configuration mode allowing you to configure the BGP routing process.

Step 11 

vrf vrf-name

Example:

RP/0/RP0/CPU0:router(config-bgp)# vrf vrf_1

Configures a VRF instance and enters VRF configuration mode for BGP routing.

Step 12 

rd {as-number | ip-address | auto}

Example:

RP/0/RP0/CPU0:router(config-bgp-vrf)# rd auto

Automatically assigns a unique route distinguisher (RD) to vrf_1.

Step 13 

end

or

commit

Example:

RP/0/RP0/CPU0:router(config-bgp-vrf)# end

or

RP/0/RP0/CPU0:router(config-bgp-vrf)# commit

Saves configuration changes.

When you issue the end command, the system prompts you to commit changes:

Uncommitted changes found, commit them before 
exiting(yes/no/cancel)? 
[cancel]:
 
        

Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.

Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.

Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Configuring VRF Interfaces on PE Routers for Each VPN Customer

Perform this task to associate a VPN routing and forwarding (VRF) instance with an interface or a subinterface on the PE routers.


Note You must remove IPv4/IPv6 addresses from an interface prior to assigning, removing, or changing an interface's VRF. If this is not done in advance, any attempt to change the VRF on an IP interface is rejected.


SUMMARY STEPS

1. configure

2. interface type instance

3. vrf vrf-name

4. ipv4 address ipv4-address mask

5. end
or
commit

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

configure

Example:

RP/0/RP0/CPU0:router# configure

Enters global configuration mode.

Step 2 

interface type instance

Example:

RP/0/RP0/CPU0:router(config)# interface pos 0/3/0/0

Enters interface configuration mode.

Step 3 

vrf vrf-name

Example:

RP/0/RP0/CPU0:router(config-if)# vrf vrf_A

Configures a VRF instance and enters VRF configuration mode.

Step 4 

ipv4 address ipv4-address mask

Example:

RP/0/RP0/CPU0:router(config-if)# ipv4 address 192.168.1.27 255.255.255.0

Configures a primary IPv4 address for the specified interface.

Step 5 

end

or

commit

Example:

RP/0/RP0/CPU0:router(config-if)# end

or

RP/0/RP0/CPU0:router(config-if)# commit

Saves configuration changes.

When you issue the end command, the system prompts you to commit changes:

Uncommitted changes found, commit them before 
exiting(yes/no/cancel)? 
[cancel]:
 
        

Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.

Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.

Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Configuring BGP as the Routing Protocol Between the PE and CE Routers

Perform this task to configure PE-to-CE routing sessions using BGP.

SUMMARY STEPS

1. configure

2. router bgp autonomous-system-number

3. bgp router-id {ip-address}

4. vrf vrf-name

5. label-allocation-mode per-ce

6. address-family ipv4 unicast

7. redistribute connected [metric metric-value] [route-policy route-policy-name]
or
redistribute isis process-id [level {1 | 1-inter-area | 2}] [metric metric-value] [route-policy route-policy-name]
or
redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric metric-value] [route-policy route-policy-name]
or
redistribute ospfv3 process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric metric-value] [route-policy route-policy-name]
or
redistribute static [metric metric-value] [route-policy route-policy-name]

8. aggregate-address address/mask-length [as-set] [as-confed-set] [summary-only] [route-policy route-policy-name]

9. network {ip-address/prefix-length | ip-address mask} [route-policy route-policy-name]

10. exit

11. neighbor ip-address

12. remote-as autonomous-system-number

13. password {clear | encrypted} password

14. ebgp-multihop [ttl-value]

15. address-family ipv4 unicast

16. allowas-in [as-occurrence-number]

17. route-policy route-policy-name in

18. route-policy route-policy-name out

19. end
or
commit

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

configure

Example:

RP/0/RP0/CPU0:router# configure

Enters global configuration mode.

Step 2 

router bgp autonomous-system-number

Example:

RP/0/RP0/CPU0:router(config)# router bgp 120

Enters Border Gateway Protocol (BGP) configuration mode allowing you to configure the BGP routing process.

Step 3 

bgp router-id {ip-address}

Example:

RP/0/RP0/CPU0:router(config-bgp)# bgp router-id 192.168.70.24

Configures the local router with a router id of 192.168.70.24.

Step 4 

vrf vrf-name

Example:

RP/0/RP0/CPU0:router(config-bgp)# vrf vrf_1

Configures a VPN routing and forwarding (VRF) instance and enters VRF configuration mode for BGP routing.

Step 5 

label-allocation-mode per-ce

Example:

RP/0/RP0/CPU0:router(config-bgp-vrf)# label-allocation-mode per-ce

Sets the MPLS VPN label allocation mode for each customer edge (CE) label mode allowing the provider edge (PE) router to allocate one label for every immediate next-hop.

Step 6 

address-family ipv4 unicast

Example:

RP/0/RP0/CPU0:router(config-bgp-vrf)# address-family ipv4 unicast

Enters VRF address family configuration mode for the IPv4 address family.

Step 7 

redistribute connected [metric metric-value] [route-policy route-policy-name]

or

redistribute isis process-id [level {1 | 1-inter-area | 2}] [metric metric-value] [route-policy route-policy-name]

or

redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric metric-value] [route-policy route-policy-name]

or

redistribute ospfv3 process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric metric-value] [route-policy route-policy-name]

or

redistribute static [metric metric-value] [route-policy route-policy-name]

Example:

RP/0/RP0/CPU0:router(config-bgp-vrf-af)# redistribute connected

Causes routes to be redistributed into BGP. The routes that can be redistributed into BGP are:

connected

Intermediate System-to-Intermediate System (IS-IS)

Open Shortest Path First (OSPF)

OSPFv3

static

Step 8 

aggregate-address address/mask-length [as-set] [as-confed-set] [summary-only] [route-policy route-policy-name]

Example:

RP/0/RP0/CPU0:router(config-bgp-vrf-af)# aggregate-address 10.0.0.0/8 as-set

Creates an aggregate address. The path advertised for this route is an autonomous system set consisting of all elements contained in all paths that are being summarized.

The as-set keyword generates autonomous system set path information and community information from contributing paths.

The as-confed-set keyword generates autonomous system confederation set path information from contributing paths.

The summary-only keyword filters all more specific routes from updates.

The route-policy route-policy-name keyword and argument specify the route policy used to set the attributes of the aggregate route.

Step 9 

network {ip-address/prefix-length | ip-address mask} [route-policy route-policy-name]

Example:

RP/0/RP0/CPU0:router(config-bgp-vrf-af)# network 172.20.0.0/16

Configures the local router to originate and advertise the specified network.

Step 10 

exit

Example:

RP/0/RP0/CPU0:router(config-bgp-vrf-af)# exit

Exits VRF address family configuration mode and returns the router to VRF configuration mode for BGP routing.

Step 11 

neighbor ip-address

Example:

RP/0/RP0/CPU0:router(config-bgp-vrf)# neighbor 172.168.40.24

Places the router in VRF neighbor configuration mode for BGP routing and configures the neighbor IP address 172.168.40.24 as a BGP peer.

Step 12 

remote-as autonomous-system-number

Example:

RP/0/RP0/CPU0:router(config-bgp-vrf-nbr)# remote-as 2002

Creates a neighbor and assigns a remote autonomous system number of 2002 to it.

Step 13 

password {clear | encrypted} password

Example:

RP/0/RP0/CPU0:router(config-bgp-vrf-nbr)# password clear pswd123

Configures neighbor 172.168.40.24 to use MD5 authentication with the password pswd123.

Step 14 

ebgp-multihop [ttl-value]

Example:

RP/0/RP0/CPU0:router(config-bgp-vrf-nbr)# ebgp-multihop

Allows a BGP connection to neighbor 172.168.40.24.

Step 15 

address-family ipv4 unicast

Example:

RP/0/RP0/CPU0:router(config-bgp-vrf-nbr)# address-family ipv4 unicast

Enters VRF neighbor address family configuration mode for BGP routing.

Step 16 

allowas-in [as-occurrence-number]

Example:

RP/0/RP0/CPU0:router(config-bgp-vrf-nbr-af)# allowas-in 3

Replaces the neighbor autonomous system number (ASN) with the PE ASN in the AS path three times.

Step 17 

route-policy route-policy-name in

Example:

RP/0/RP0/CPU0:router(config-bgp-vrf-nbr-af)# route-policy In-Ipv4 in

Applies the In-Ipv4 policy to inbound IPv4 unicast routes.

Step 18 

route-policy route-policy-name out

Example:

RP/0/RP0/CPU0:router(config-bgp-vrf-nbr-af)# route-policy In-Ipv4 in

Applies the In-Ipv4 policy to outbound IPv4 unicast routes.

Step 19 

end

or

commit

Example:

RP/0/RP0/CPU0:router(config-bgp-vrf-nbr-af)# end

or

RP/0/RP0/CPU0:router(config-bgp-vrf-nbr-af)# commit

Saves configuration changes.

When you issue the end command, the system prompts you to commit changes:

Uncommitted changes found, commit them before 
exiting(yes/no/cancel)? 
[cancel]:
 
        

Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.

Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.

Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Configuring RIPv2 as the Routing Protocol Between the PE and CE Routers

Perform this task to configure provider edge (PE)-to-customer edge (CE) routing sessions using Routing Information Protocol version 2 (RIPv2).

SUMMARY STEPS

1. configure

2. router rip

3. vrf vrf-name

4. interface type instance

5. site-of-origin {as-number:number | ip-address:number}

6. exit

7. redistribute bgp as-number [[external | internal | local] [route-policy name]
or
redistribute connected [route-policy name]
or
redistribute isis process-id [level-1 | level-1-2 | level-2] [route-policy name]
or
redistribute eigrp as-number [route-policy name]
or
redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [route-policy name]
or
redistribute static [route-policy name]

8. end
or
commit

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

configure

Example:

RP/0/RP0/CPU0:router# configure

Enters global configuration mode.

Step 2 

router rip

Example:

RP/0/RP0/CPU0:router(config)# router rip

Enters the Routing Information Protocol (RIP) configuration mode allowing you to configure the RIP routing process.

Step 3 

vrf vrf-name

Example:

RP/0/RP0/CPU0:router(config-rip)# vrf vrf_1

Configures a VPN routing and forwarding (VRF) instance and enters VRF configuration mode for RIP routing.

Step 4 

interface type instance

Example:

RP/0/RP0/CPU0:router(config-rip-vrf)# interface pos 0/3/0/0

Enters VRF interface configuration mode.

Step 5 

site-of-origin {as-number:number | ip-address:number}

Example:

RP/0/RP0/CPU0:router(config-rip-vrf-if)# site-of-origin 200:1

Identifies routes that have originated from a site so that the re-advertisement of that prefix back to the source site can be prevented. Uniquely identifies the site from which a PE router has learned a route.

Step 6 

exit

Example:

RP/0/RP0/CPU0:router(config-rip-vrf-if)# exit

Exits VRF interface configuration mode, and returns the router to VRF configuration mode for RIP routing.

Step 7 

redistribute bgp as-number [[external | internal | local] [route-policy name]

or

redistribute connected [route-policy name]

or

redistribute eigrp as-number [route-policy name]

or

redistribute isis process-id [level-1 | level-1-2 | level-2] [route-policy name]

or

redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [route-policy name]

or

redistribute static [route-policy name]

Example:

RP/0/RP0/CPU0:router(config-rip-vrf)# redistribute connected

Causes routes to be redistributed into RIP. The routes that can be redistributed into RIP are:

Border Gateway Protocol (BGP)

connected

Enhanced Interior Gateway Routing Protocol (EIGRP)

Open Shortest Path First (OSPF)

static

Step 8 

end

or

commit

Example:

RP/0/RP0/CPU0:router(config-rip-vrf)# end

or

RP/0/RP0/CPU0:router(config-rip-vrf)# commit

Saves configuration changes.

When you issue the end command, the system prompts you to commit changes:

Uncommitted changes found, commit them before 
exiting(yes/no/cancel)? 
[cancel]:
 
        

Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.

Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.

Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Configuring Static Routes Between the PE and CE Routers

Perform this task to configure provider edge (PE)-to-customer edge (CE) routing sessions that use static routes.


Note You must remove IPv4/IPv6 addresses from an interface prior to assigning, removing, or changing an interface's VRF. If this is not done in advance, any attempt to change the VRF on an IP interface is rejected.


SUMMARY STEPS

1. configure

2. router static

3. vrf vrf-name

4. address-family ipv4 unicast

5. prefix/mask [vrf vrf-name] {ip-address | interface-type interface-instance}

6. prefix/mask [vrf vrf-name] bfd fast-detect

7. end
or
commit

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

configure

Example:

RP/0/RP0/CPU0:router# configure

Enters global configuration mode.

Step 2 

router static

Example:

RP/0/RP0/CPU0:router(config)# router static

Enters static routing configuration mode allowing you to configure the static routing process.

Step 3 

vrf vrf-name

Example:

RP/0/RP0/CPU0:router(config-static)# vrf vrf_1

Configures a VPN routing and forwarding (VRF) instance and enters VRF configuration mode for static routing.

Step 4 

address-family ipv4 unicast

Example:

RP/0/RP0/CPU0:router(config-static-vrf)# address-family ipv4 unicast

Enters VRF address family configuration mode for the IPv4 address family.

Step 5 

prefix/mask [vrf vrf-name] {ip-address | interface-type interface-instance}

Example:

RP/0/RP0/CPU0:router(config-static-vrf-afi)# 172.168.40.24/24 vrf vrf_1 10.1.1.1

Assigns the static route to vrf_1.

Step 6 

prefix/mask [vrf vrf-name] bfd fast-detect

Example:

RP/0/RP0/CPU0:router(config-static-vrf-afi)# 172.168.40.24/24 vrf vrf_1 bfd fast-detect

Enables bidirectional forwarding detection (BFD) to detect failures in the path between adjacent forwarding engines.

This option is available is when the forwarding router address is specified in Step 5.

Step 7 

end

or

commit

Example:

RP/0/RP0/CPU0:router(config-static-vrf-afi)# end

or

RP/0/RP0/CPU0:router(config-static-vrf-afi)# commit

Saves configuration changes.

When you issue the end command, the system prompts you to commit changes:

Uncommitted changes found, commit them before 
exiting(yes/no/cancel)? 
[cancel]:
 
        

Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.

Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.

Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Configuring OSPF as the Routing Protocol Between the PE and CE Routers

Perform this task to configure provider edge (PE)-to-customer edge (CE) routing sessions that use Open Shortest Path First (OSPF).

SUMMARY STEPS

1. configure

2. router ospf process-name

3. vrf vrf-name

4. router-id {router-id | interface-type interface-instance}

5. redistribute bgp process-id [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value]
or
redistribute connected [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value]
or
redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value]
or
redistribute static [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value]
or
redistribute eigrp process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value]
or
redistribute rip [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value]

6. area area-id

7. interface type instance

8. end
or
commit

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

configure

Example:

RP/0/RP0/CPU0:router# configure

Enters global configuration mode.

Step 2 

router ospf process-name

Example:

RP/0/RP0/CPU0:router(config)# router ospf 109

Enters OSPF configuration mode allowing you to configure the OSPF routing process.

Step 3 

vrf vrf-name

Example:

RP/0/RP0/CPU0:router(config-ospf)# vrf vrf_1

Configures a VPN routing and forwarding (VRF) instance and enters VRF configuration mode for OSPF routing.

Step 4 

router-id {router-id | interface-type interface-instance}

Example:

RP/0/RP0/CPU0:router(config-ospf-vrf)# router-id 172.20.10.10

Configures the router ID for the OSPF routing process.

Step 5 

redistribute bgp process-id [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value]

or

redistribute connected [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value]

or

redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value]

or

redistribute static [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value]

or

redistribute eigrp process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]]}[metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value]

or

redistribute rip [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value]

Example:

RP/0/RP0/CPU0:router(config-ospf-vrf)# redistribute connected

Causes routes to be redistributed into OSPF. The routes that can be redistributed into OSPF are:

Border Gateway Protocol (BGP)

connected

Enhanced Interior Gateway Routing Protocol (EIGRP)

OSPF

static

Routing Information Protocol (RIP)

Step 6 

area area-id

Example:

RP/0/RP0/CPU0:router(config-ospf-vrf)# area 0

Configures the OSPF area as area 0.

Step 7 

interface type instance

Example:

RP/0/RP0/CPU0:router(config-ospf-vrf-ar)# interface pos 0/3/0/0

Associates interface POS 0/3/0/0 with area 0.

Step 8 

end

or

commit

Example:

RP/0/RP0/CPU0:router(config-ospf-vrf-ar-if)# end

or

RP/0/RP0/CPU0:router(config-ospf-vrf-ar-if)# commit

Saves configuration changes.

When you issue the end command, the system prompts you to commit changes:

Uncommitted changes found, commit them before 
exiting(yes/no/cancel)? 
[cancel]:
 
        

Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.

Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.

Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Configuring EIGRP as the Routing Protocol Between the PE and CE Routers

Perform this task to configure provider edge (PE)-to-customer edge (CE) routing sessions that use Enhanced Interior Gateway Routing Protocol (EIGRP).

Using EIGRP between the PE and CE routers allows you to transparently connect EIGRP customer networks through an MPLS-enable Border Gateway Protocol (BGP) core network so that EIGRP routes are redistributed through the VPN across the BGP network as internal BGP (iBGP) routes.

Prerequisites

BGP must configured in the network. See Implementing BGP on Cisco IOS XR Software module in Cisco IOS XR Routing Configuration Guide.


Note You must remove IPv4/IPv6 addresses from an interface prior to assigning, removing, or changing an interface's VRF. If this is not done in advance, any attempt to change the VRF on an IP interface is rejected.


SUMMARY STEPS

1. configure

2. router eigrp as-number

3. vrf vrf-name

4. address-family ipv4

5. router-id router-id

6. autonomous-system as-number

7. default-metric bandwidth delay reliability loading mtu

8. redistribute {{bgp | connected | isis | ospf| rip | static} [as-number | instance-name]} [route-policy name]

9. interface type instance

10. site-of-origin {as-number:number | ip-address:number}

11. end
or
commit

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

configure

Example:

RP/0/RP0/CPU0:router# configure

Enters global configuration mode.

Step 2 

router eigrp as-number

Example:

RP/0/RP0/CPU0:router(config)# router eigrp 24

Enters EIGRP configuration mode allowing you to configure the EIGRP routing process.

Step 3 

vrf vrf-name

Example:

RP/0/RP0/CPU0:router(config-eigrp)# vrf vrf_1

Configures a VPN routing and forwarding (VRF) instance and enters VRF configuration mode for EIGRP routing.

Step 4 

address-family ipv4

Example:

RP/0/RP0/CPU0:router(config-eigrp-vrf)# address family ipv4

Enters VRF address family configuration mode for the IPv4 address family.

Step 5 

router-id router-id

Example:

RP/0/RP0/CPU0:router(config-eigrp-vrf-af)# router-id 172.20.0.0

Configures the router ID for the EIGRP routing process.

Step 6 

autonomous-system as-number

Example:

RP/0/RP0/CPU0:router(config-eigrp-vrf-af)# autonomous-system 6

Configures the EIGRP routing process to run within a VRF.

Step 7 

default-metric bandwidth delay reliability loading mtu

Example:

RP/0/RP0/CPU0:router(config-eigrp-vrf-af)# default-metric 100000 4000 200 45 4470

 

Step 8 

redistribute {{bgp | connected | isis | ospf| rip | static} [as-number | instance-name]} [route-policy name]

Example:

RP/0/RP0/CPU0:router(config-eigrp-vrf-af)# redistribute connected

Causes connected routes to be redistributed into EIGRP.

Step 9 

interface type instance

Example:

RP/0/RP0/CPU0:router(config-eigrp-vrf-af)# interface pos 0/3/0/0

Associates interface POS 0/3/0/0 with the EIGRP routing process.

Step 10 

site-of-origin {as-number:number | ip-address:number}

Example:

RP/0/RP0/CPU0:router(config-eigrp-vrf-af-if)# site-of-origin 201:1

Configures site of origin (SoO) on interface POS 0/3/0/0.

Step 11 

end

or

commit

Example:

RP/0/RP0/CPU0:router(config-eigrp-vrf-af-if)# end

or

RP/0/RP0/CPU0:router(config-eigrp-vrf-af-if)# commit

Saves configuration changes.

When you issue the end command, the system prompts you to commit changes:

Uncommitted changes found, commit them before 
exiting(yes/no/cancel)? 
[cancel]:
 
        

Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.

Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.

Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Configuring EIGRP Redistribution in the MPLS VPN

Perform this task for every provider edge (PE) router that provides VPN services to enable Enhanced Interior Gateway Routing Protocol (EIGRP) redistribution in the MPLS VPN.

Prerequisites

The metric can be configured in the route-policy configuring using the redistribute command (or configured with the default-metric command). If an external route is received from another EIGRP autonomous system or a non-EIGRP network without a configured metric, the route is not installed in the EIGRP database. If an external route is received from another EIGRP autonomous system or a non-EIGRP network without a configured metric, the route is not advertised to the CE router. See Implementing EIGRP on Cisco IOS XR Software module in Cisco IOS XR Routing Configuration Guide.

Restrictions

Redistribution between native EIGRP VPN routing and forwarding (VRF) instances is not supported. This behavior is designed.

SUMMARY STEPS

1. configure

2. router eigrp as-number

3. vrf vrf-name

4. address-family ipv4

5. redistribute bgp [as-number] [route-policy policy-name]

6. end
or
commit

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

configure

Example:

RP/0/RP0/CPU0:router# configure

Enters global configuration mode.

Step 2 

router eigrp as-number

Example:

RP/0/RP0/CPU0:router(config)# router eigrp 24

Enters EIGRP configuration mode allowing you to configure the EIGRP routing process.

Step 3 

vrf vrf-name

Example:

RP/0/RP0/CPU0:router(config-eigrp)# vrf vrf_1

Configures a VRF instance and enters VRF configuration mode for EIGRP routing.

Step 4 

address-family ipv4

Example:

RP/0/RP0/CPU0:router(config-eigrp-vrf)# address family ipv4

Enters VRF address family configuration mode for the IPv4 address family.

Step 5 

redistribute bgp [as-number] [route-policy policy-name]

Example:

RP/0/RP0/CPU0:router(config-eigrp-vrf-af)# redistribute bgp 24 route-policy policy_A

Causes Border Gateway Protocol (BGP) routes to be redistributed into EIGRP.

Step 6 

end

or

commit

Example:

RP/0/RP0/CPU0:router(config-eigrp-vrf-af-if)# end

or

RP/0/RP0/CPU0:router(config-eigrp-vrf-af-if)# commit

Saves configuration changes.

When you issue the end command, the system prompts you to commit changes:

Uncommitted changes found, commit them before 
exiting(yes/no/cancel)? 
[cancel]:
 
        

Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.

Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.

Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS VPN Inter-AS with ASBRs Exchanging IPv4 Routes and MPLS Labels

This section contains instructions for the following tasks:

Configuring the ASBRs to Exchange IPv4 Routes and MPLS Labels (required)

Configuring the Route Reflectors to Exchange VPN-IPv4 Routes (required)

Configuring the Route Reflector to Reflect Remote Routes in Its AS (required)

These procedures are supported on the Cisco XR 12000 Series Router.

Configuring the ASBRs to Exchange IPv4 Routes and MPLS Labels

Perform this task to configure the autonomous system boundary routers (ASBRs) to exchange IPv4 routes and MPLS labels.

This procedure is supported on the Cisco XR 12000 Series Router.

SUMMARY STEPS

1. configure

2. router bgp autonomous-system-number

3. neighbor ip-address

4. remote-as autonomous-system-number

5. address-family {ipv4 unicast | vpnv4 unicast}

6. end
or
commit

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

configure

Example:

RP/0/0/CPU0:router# configure

Enters global configuration mode.

Step 2 

router bgp autonomous-system-number

Example:

RP/0/0/CPU0:router(config)# router bgp 120

Enters Border Gateway Protocol (BGP) configuration mode allowing you to configure the BGP routing process.

Step 3 

neighbor ip-address

Example:

RP/0/0/CPU0:router(config-bgp)# neighbor 172.168.40.24

Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address 172.168.40.24 as a BGP peer.

Step 4 

remote-as autonomous-system-number

Example:

RP/0/0/CPU0:router(config-bgp-nbr)# remote-as 2002

Creates a neighbor and assigns a remote autonomous system number of 2002 to it.

Step 5 

address-family {ipv4 unicast | vpnv4 unicast}

Example:

RP/0/0/CPU0:router(config-bgp-nbr)# address-family ipv4 unicast

Enters neighbor address family configuration mode for the IPv4 unicast address family.

Step 6 

end

or

commit

Example:

RP/0/0/CPU0:router(config-bgp-nbr-af)# end

or

RP/0/0/CPU0:router(config-bgp-nbr-af)# commit

Saves configuration changes.

When you issue the end command, the system prompts you to commit changes:

Uncommitted changes found, commit them before 
exiting(yes/no/cancel)? 
[cancel]:
 
        

Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.

Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.

Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Configuring the Route Reflectors to Exchange VPN-IPv4 Routes

Perform this task to enable the route reflectors to exchange VPN-IPv4 routes by using multihop. This task specifies that the next-hop information and the VPN label are to be preserved across the autonomous system.

This procedure is supported on the Cisco XR 12000 Series Router.

SUMMARY STEPS

1. configure

2. router bgp autonomous-system-number

3. neighbor ip-address

4. remote-as autonomous-system-number

5. ebgp-multihop [ttl-value]

6. end
or
commit

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

configure

Example:

RP/0/0/CPU0:router# configure

Enters global configuration mode.

Step 2 

router bgp autonomous-system-number

Example:

RP/0/0/CPU0:router(config)# router bgp 120

Enters Border Gateway Protocol (BGP) configuration mode allowing you to configure the BGP routing process.

Step 3 

neighbor ip-address

Example:

RP/0/0/CPU0:router(config-bgp)# neighbor 172.168.40.24

Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address 172.168.40.24 as a BGP peer.

Step 4 

remote-as autonomous-system-number

Example:

RP/0/0/CPU0:router(config-bgp-nbr)# remote-as 2002

Creates a neighbor and assigns a remote autonomous system number of 2002 to it.

Step 5 

ebgp-multihop [ttl-value]

Example:

RP/0/0/CPU0:router(config-bgp-nbr)# ebgp-multihop

Allows a BGP connection to neighbor 172.168.40.24.

Step 6 

end

or

commit

Example:

RP/0/0/CPU0:router(config-bgp-nbr)# end

or

RP/0/0/CPU0:router(config-bgp-nbr)# commit

Saves configuration changes.

When you issue the end command, the system prompts you to commit changes:

Uncommitted changes found, commit them before 
exiting(yes/no/cancel)? 
[cancel]:
 
        

Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.

Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.

Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Configuring the Route Reflector to Reflect Remote Routes in Its AS

Perform this task to enable the route reflector (RR) to reflect the IPv4 routes and labels learned by the autonomous system boundary router (ASBR) to the provider edge (PE) routers in the autonomous system. This task is accomplished by making the ASBR and PE route reflector clients of the RR.

This procedure is supported on the Cisco XR 12000 Series Router.

SUMMARY STEPS

1. configure

2. router bgp autonomous-system-number

3. neighbor ip-address

4. remote-as autonomous-system-number

5. address-family {ipv4 unicast | vpnv4 unicast}

6. route-reflector-client

7. exit

8. exit

9. neighbor ip-address

10. remote-as autonomous-system-number

11. address-family {ipv4 unicast | vpnv4 unicast}

12. route-reflector-client

13. end
or
commit

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

configure

Example:

RP/0/0/CPU0:router# configure

Enters global configuration mode.

Step 2 

router bgp autonomous-system-number

Example:

RP/0/0/CPU0:router(config)# router bgp 120

Enters Border Gateway Protocol (BGP) configuration mode allowing you to configure the BGP routing process.

Step 3 

neighbor ip-address

Example:

RP/0/0/CPU0:router(config-bgp)# neighbor 172.168.40.24

Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address 172.168.40.24 as a BGP peer.

Step 4 

remote-as autonomous-system-number

Example:

RP/0/0/CPU0:router(config-bgp-nbr)# remote-as 2002

Creates a neighbor and assigns a remote autonomous system number of 2002 to it.

Step 5 

address-family {ipv4 unicast | vpnv4 unicast}

Example:

RP/0/0/CPU0:router(config-bgp-nbr)# address-family ipv4 unicast

Enters neighbor address family configuration mode for the IPv4 unicast address family.

Step 6 

route-reflector-client

Example:

RP/0/0/CPU0:router(config-bgp-nbr-af)# route-reflector-client

Configures the router as a BGP route reflector and neighbor 172.168.40.24 as its client.

Step 7 

exit

Example:

RP/0/0/CPU0:router(config-bgp-nbr-af)# exit

Exits BGP neighbor address family configuration mode and returns the router to BGP neighbor configuration mode.

Step 8 

exit

Example:

RP/0/0/CPU0:router(config-bgp-nbr)# exit

Exits BGP neighbor configuration mode and returns the router to BGP configuration mode.

Step 9 

neighbor ip-address

Example:

RP/0/0/CPU0:router(config-bgp)# neighbor 172.168.40.25

Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address 172.168.40.25 as a BGP peer.

Step 10 

remote-as autonomous-system-number

Example:

RP/0/0/CPU0:router(config-bgp-nbr)# remote-as 2002

Creates a neighbor and assigns a remote autonomous system number of 2002 to it.

Step 11 

address-family {ipv4 unicast | vpnv4 unicast}

Example:

RP/0/0/CPU0:router(config-bgp-nbr)# address-family ipv4 unicast

Enters neighbor address family configuration mode for the IPv4 unicast address family.

Step 12 

route-reflector-client

Example:

RP/0/0/CPU0:router(config-bgp-nbr-af)# route-reflector-client

Configures the router as a BGP route reflector and neighbor 172.168.40.25 as its client.

Step 13 

end

or

commit

Example:

RP/0/0/CPU0:router(config-bgp-nbr-af)# end

or

RP/0/0/CPU0:router(config-bgp-nbr-af)# commit

Saves configuration changes.

When you issue the end command, the system prompts you to commit changes:

Uncommitted changes found, commit them before 
exiting(yes/no/cancel)? 
[cancel]:
 
        

Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.

Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.

Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS VPN Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses

This section contains instructions for the following tasks:

Configuring the ASBRs to Exchange VPN-IPv4 Addresses (required)

Configuring EBGP Routing to Exchange VPN Routes Between Subautonomous Systems in a Confederation (required)

These procedures are supported on the Cisco XR 12000 Series Router.

Configuring the ASBRs to Exchange VPN-IPv4 Addresses

Perform this task to configure an external Border Gateway Protocol (eBGP) autonomous system boundary router (ASBR) to exchange VPN-IPv4 routes with another autonomous system.

This procedure is supported on the Cisco XR 12000 Series Router.

SUMMARY STEPS

1. configure

2. router bgp autonomous-system-number

3. end
or
commit

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

configure

Example:

RP/0/0/CPU0:router# configure

Enters global configuration mode.

Step 2 

router bgp autonomous-system-number

Example:

RP/0/0/CPU0:router(config)# router bgp 120

Enters Border Gateway Protocol (BGP) configuration mode allowing you to configure the BGP routing process.

Step 3 

end

or

commit

Example:

RP/0/0/CPU0:router(config-bgp)# end

or

RP/0/0/CPU0:router(config-bgp)# commit

Saves configuration changes.

When you issue the end command, the system prompts you to commit changes:

Uncommitted changes found, commit them before 
exiting(yes/no/cancel)? 
[cancel]:
 
        

Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.

Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.

Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Configuring EBGP Routing to Exchange VPN Routes Between Subautonomous Systems in a Confederation

Perform this task to configure external Border Gateway Protocol (eBGP) routing to exchange VPN routes between subautonomous systems in a confederation.

This procedure is supported on the Cisco XR 12000 Series Router.


Note To ensure that host routes for VPN-IPv4 eBGP neighbors are propagated (by means of the Interior Gateway Protocol [IGP]) to other routers and PE routers, specify the redistribute connected command in the IGP configuration portion of the confederation eBGP (CEBGP) router. If you are using Open Shortest Path First (OSPF), make sure that the OSPF process is not enabled on the CEBGP interface in which the "redistribute connected" subnet exists.


SUMMARY STEPS

1. configure

2. router bgp autonomous-system-number

3. bgp confederation peers autonomous-system-number

4. bgp confederation identifier autonomous-system-number

5. address-family {ipv4 unicast | vpnv4 unicast}

6. neighbor ip-address

7. remote-as autonomous-system-number

8. address-family {ipv4 unicast | vpnv4 unicast}

9. route-policy route-policy-name in

10. route-policy route-policy-name out

11. next-hop-self

12. end
or
commit

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

configure

Example:

RP/0/0/CPU0:router# configure

Enters global configuration mode.

Step 2 

router bgp autonomous-system-number

Example:

RP/0/0/CPU0:router(config)# router bgp 120

Enters BGP configuration mode allowing you to configure the BGP routing process.

Step 3 

bgp confederation peers autonomous-system-number

Example:

RP/0/0/CPU0:router(config-bgp)# bgp confederation peers 5

Configures the autonomous system that belongs to the confederation.

Step 4 

bgp confederation identifier autonomous-system-number

Example:

RP/0/0/CPU0:router(config-bgp)# bgp confederation identifier 5

Specifies the autonomous system number for the confederation.

Step 5 

address-family {ipv4 unicast | vpnv4 unicast}

Example:

RP/0/0/CPU0:router(config-bgp)# address-family ipv4 unicast

Enters neighbor address family configuration mode for the IPv4 unicast address family.

Step 6 

neighbor ip-address

Example:

RP/0/0/CPU0:router(config-bgp-af)# neighbor 172.168.40.24

Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address 172.168.40.24 as a BGP peer.

Step 7 

remote-as autonomous-system-number

Example:

RP/0/0/CPU0:router(config-bgp-nbr)# remote-as 2002

Creates a neighbor and assigns a remote autonomous system number of 2002 to it.

Step 8 

address-family {ipv4 unicast | vpnv4 unicast}

Example:

RP/0/0/CPU0:router(config-bgp-nbr)# address-family ipv4 unicast

Enters neighbor address family configuration mode for the IPv4 unicast address family.

Step 9 

route-policy route-policy-name in

Example:

RP/0/0/CPU0:router(config-bgp-nbr-af)# route-policy In-Ipv4 in

Applies a routing policy to updates received from a BGP neighbor.

Step 10 

route-policy route-policy-name out

Example:

RP/0/0/CPU0:router(config-bgp-nbr-af)# route-policy Out-Ipv4 out

Applies a routing policy to updates advertised to a BGP neighbor.

Step 11 

next-hop-self

Example:

RP/0/0/CPU0:router(config-bgp-nbr-af)# next-hop-self

Disables next-hop calculation and let you insert your own address in the next-hop field of BGP updates.

Step 12 

end

or

commit

Example:

RP/0/0/CPU0:router(config-bgp-nbr-af)# end

or

RP/0/0/CPU0:router(config-bgp-nbr-af)# commit

Saves configuration changes.

When you issue the end command, the system prompts you to commit changes:

Uncommitted changes found, commit them before 
exiting(yes/no/cancel)? 
[cancel]:
 
        

Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.

Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.

Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Verifying the MPLS Layer 3 VPN Configuration

Perform this task to verify the MPLS Layer 3 VPN configuration.

SUMMARY STEPS

1. show running-config router bgp autonomous-system-number vrf vrf-name

2. show running-config routes

3. show ospf vrf vrf-name database

4. show running-config router bgp autonomous-system-number vrf vrf-name neighbor ip-address

5. show bgp vrf vrf-name summary

6. show bgp vrf vrf-name neighbors ip-address

7. show bgp vrf vrf-name

8. show route vrf vrf-name ip-address

9. show bgp vpn unicast summary

10. show running-config router isis

11. show running-config mpls

12. show isis adjacency

13. show mpls ldp forwarding

14. show bgp vpnv4 unicast

15. show bgp vrf vrf-name

16. show bgp vrf vrf-name imported-routes

17. show route vrf vrf-name ip-address

18. show cef vrf vrf-name ip-address

19. show cef vrf vrf-name ip-address location node-id

20. show bgp vrf vrf-name ip-address

21. show ospf vrf vrf-name database

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

show running-config router bgp autonomous-system-number vrf vrf-name

Example:

RP/0/RP0/CPU0:router# show running-config router bgp 3 vrf vrf_A

Displays the specified VPN routing and forwarding (VRF) content of the currently running configuration.

Step 2 

show running-config routes

Example:

RP/0/RP0/CPU0:router# show running-config routes

Displays the Open Shortest Path First (OSPF) routes table in the currently running configuration.

Step 3 

show ospf vrf vrf-name database

Example:

RP/0/RP0/CPU0:router# show ospf vrf vrf_A database

Displays lists of information related to the OSPF database for a specified VRF.

Step 4 

show running-config router bgp autonomous-system-number vrf vrf-name neighbor ip-address

Example:

RP/0/RP0/CPU0:router# show running-config router bgp 3 vrf vrf_A neighbor 172.168.40.24

Displays the Border Gateway Protocol (BGP) VRF neighbor content of the currently running configuration.

Step 5 

show bgp vrf vrf-name summary

Example:

RP/0/RP0/CPU0:router# show bgp vrf vrf_A summary

Displays the status of the specified BGP VRF connections.

Step 6 

show bgp vrf vrf-name neighbors ip-address

Example:

RP/0/RP0/CPU0:router# show bgp vrf vrf_A neighbors 172.168.40.24

Displays information about BGP VRF connections to the specified neighbors.

Step 7 

show bgp vrf vrf-name

Example:

RP/0/RP0/CPU0:router# show bgp vrf vrf_A

Displays information about a specified BGP VRF.

Step 8 

show route vrf vrf-name ip-address

Example:

RP/0/RP0/CPU0:router# show route vrf vrf_A 10.0.0.0

Displays the current routes in the Routing Information Base (RIB) for a specified VRF.

Step 9 

show bgp vpn unicast summary

Example:

RP/0/RP0/CPU0:router# show bgp vpn unicast summary

Displays the status of all BGP VPN unicast connections.

Step 10 

show running-config router isis

Example:

RP/0/RP0/CPU0:router# show running-config router isis

Displays the Intermediate System-to-Intermediate System (IS-IS) content of the currently running configuration.

Step 11 

show running-config mpls

Example:

RP/0/RP0/CPU0:router# show running-config mpls

Displays the MPLS content of the currently running-configuration.

Step 12 

show isis adjacency

Example:

RP/0/RP0/CPU0:router# show isis adjacency

Displays IS-IS adjacency information.

Step 13 

show mpls ldp forwarding

Example:

RP/0/RP0/CPU0:router# show mpls ldp forwarding

Displays the Label Distribution Protocol (LDP) forwarding state installed in MPLS forwarding.

Step 14 

show bgp vpnv4 unicast

Example:

RP/0/RP0/CPU0:router# show bgp vpnv4 unicast

Displays entries in the BGP routing table for VPNv4 unicast addresses.

Step 15 

show bgp vrf vrf-name

Example:

RP/0/RP0/CPU0:router# show bgp vrf vrf_A

Displays entries in the BGP routing table for VRF vrf_A.

Step 16 

show bgp vrf vrf-name imported-routes

Example:

RP/0/RP0/CPU0:router# show bgp vrf vrf_A imported-routes

Displays BGP information for routes imported into specified VRF instances.

Step 17 

show route vrf vrf-name ip-address

Example:

RP/0/RP0/CPU0:router# show route vrf vrf_A 10.0.0.0

Displays the current specified VRF routes in the RIB.

Step 18 

show cef vrf vrf-name ip-address

Example:

RP/0/RP0/CPU0:router# show cef vrf vrf_A 10.0.0.1

Displays the IPv4 Cisco Express Forwarding (CEF) table for a specified VRF.

Step 19 

show cef vrf vrf-name ip-address location node-id

Example:

RP/0/RP0/CPU0:router# show cef vrf vrf_A 10.0.0.1 location 0/1/cpu0

Displays the IPv4 CEF table for a specified VRF and location.

Step 20 

show bgp vrf vrf-name ip-address

Example:

RP/0/RP0/CPU0:router# show bgp vrf vrf_A 10.0.0.0

Displays entries in the BGP routing table for VRF vrf_A.

Step 21 

show ospf vrf vrf-name database

Example:

RP/0/RP0/CPU0:router# show ospf vrf vrf_A database

Displays lists of information related to the OSPF database for a specified VRF.

Configuration Examples for Implementing MPLS Layer 3 VPNs

The following section provides sample configurations for MPLS L3VPN features, including:

Configuring an MPLS VPN Using BGP: Example

Configuring the Routing Information Protocol on the PE Router: Example

Configuring the PE Router Using EIGRP: Example

Configuring an MPLS VPN Using BGP: Example

The following example shows the configuration for an MPLS VPN using BGP on "vrf vpn1":

  address-family ipv4 unicast
    import route-target 
      100:1
    !
    export route-target 
      100:1
    !
  !
!
route-policy pass-all
  pass
end-policy
!
interface Loopback0
  ipv4 address 10.0.0.1 255.255.255.255
!
interface gigabitEthernet 0/1/0/0
  vrf vpn1
  ipv4 address 34.0.0.2 255.0.0.0
!
interface gigabitEthernet 0/1/0/1
  ipv4 address 30.0.0.1 255.0.0.0
!
router ospf 100
  area 100
    interface loopback0
    interface gigabitEthernet 0/1/0/1
  !
!
router bgp 100
  address-family vpnv4 unicast
  neighbor 10.0.0.3
    remote-as 100
    update-source Loopback0
    address-family vpnv4 unicast
  !        
  vrf vpn1
    rd 100:1
    address-family ipv4 unicast
      redistribute connected
    ! 
    neighbor 34.0.0.1 
      remote-as 200
      address-family ipv4 unicast
        as-override
        route-policy pass-all in
        route-policy pass-all out
      !
      advertisement-interval 5
    !
  !
!
mpls ldp
  route-id looback0
  interface gigabitEthernet 0/1/0/1
!

Configuring the Routing Information Protocol on the PE Router: Example

The following example shows the configuration for the RIP on the PE router:

vrf vpn1
  address-family ipv4 unicast
    import route-target 
      100:1
    !
    export route-target 
      100:1
    !
  !
!
route-policy pass-all
  pass
end-policy
!
 
   
interface gigabitEthernet 0/1/0/0
  vrf vpn1
  ipv4 address 34.0.0.2 255.0.0.0
!
 
   
router rip
 vrf vpn1
  interface GigabitEthernet0/1/0/0
  !
  timers basic 30 90 90 120
  redistribute bgp 100
  default-metric 3
  route-policy pass-all in
 !
!

Configuring the PE Router Using EIGRP: Example

The following example shows the configuration for the Enhanced Interior Gateway Routing Protocol (EIGRP) on the PE router:

Router eigrp 10
 vrf VRF1
  address-family ipv4
   router-id 40.1.1.2
   default-metric 100000 2000 255 1 1500
   autonomous-system 62
   redistribute bgp 2000
   interface Loopback0
   !
   interface GigabitEthernet0/6/0/0

Additional References

The following sections provide references related to MPLS Layer 3 VPNs.

Related Documents

Related Topic
Document Title

Routing (BGP, EIGRP, OSPF, and RIP) commands: complete command syntax, command modes, command history, defaults, usage guidelines, and examples

Cisco IOS XR Routing Command Reference, Release 3.3.0

Routing (BGP, EIGRP, OSPF, and RIP) configuration

Cisco IOS XR Routing Configuration Guide, Release 3.3.0

MPLS LDP configuration: configuration concepts, task, and examples

Implementing MPLS Label Distribution Protocol on Cisco IOS XR Software, Release 3.3.0

MPLS Traffic Engineering Resource Reservation Protocol configuration: configuration concepts, task, and examples

Implementing RSVP for MPLS-TE and MPLS O-UNI on Cisco IOS XR Software, Release 3.3.0


Standards

Standards
Title

No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.


MIBs

MIBs
MIBs Link

There are no applicable MIBs for this module.

To locate and download MIBs for selected platforms using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL:

http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml


RFCs

RFCs
Title

RFC 1700

Assigned Numbers

RFC 1918

Address Allocation for Private Internets

RFC 1966

BGP Route Reflectors: An Alternative to Full Mesh iBGP

RFC 2283

Multiprotocol Extensions for BGP-4

RFC 2547

BGP/MPLS VPNs

RFC 2842

Capabilities Advertisement with BGP-4

RFC 2858

Multiprotocol Extensions for BGP-4

RFC 3107

Carrying Label Information in BGP-4


Technical Assistance

Description
Link

The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.

http://www.cisco.com/techsupport