Cisco Nexus 7000 Series NX-OS MPLS Configuration Guide
mp_interas_optionb_lite
Downloads: This chapterpdf (PDF - 391.0KB) The complete bookPDF (PDF - 7.58MB) | The complete bookePub (ePub - 1.96MB) | The complete bookMobi (Mobi - 2.83MB) | Feedback

Table of Contents

Configuring InterAS Option B

Finding Feature Information

Information About InterAS

InterAS and ASBRs

Exchanging VPN Routing Information

Packet Forwarding

Licensing Requirements for InterAS Option B

Prerequisites for Configuring InterAS Option B

Guidelines and Limitations for Configuring InterAS Option B

Configuring InterAS Option B

Configuring the Switch for InterAS Option B

Configuring the Interfaces for InterAS Option B

Configuring BGP for InterAS Option B

Verifying Configuring InterAS Option B

Configuration Example for Configuring InterAS Option B

Additional References for Configuring InterAS Option B

Related Documents

MIBs

Feature History for Configuring InterAS Option B

Finding Feature Information

Your software release might not support all the features documented in this module. For the latest caveats and feature information, see the Bug Search Tool at https://tools.cisco.com/bugsearch/ and the release notes for your software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the “New and Changed Information” chapter or the Feature History table below.

Information About InterAS

An autonomous system (ASes) is a single network or group of networks that is controlled by a common system administration group and using a single, clearly defined protocol. In many cases, virtual private networks (VPNs) extend to different ASes in different geographical areas. Some VPNs must extend across multiple service providers; these VPNs are called overlapping VPNs. The connection between ASes must be seamless to the customer, regardless of the complexity or location of the VPNs.

Separate Border Gateway Protocol (BGP) ASes dynamically exchange routing information through External BGP (EBGP) peering sessions. Within the same AS, Internal (IBGP) distributes the routes under the virtual routing and forwarding (VRF) instance. When multiple sites of a VPN are connected to different ASes, inter-autonomous system (interAS) deployments provide VPN services between the different ASes. The two types of InterAS connections, interAS option A and interAS option B, are as follows:

  • InterAS option A—In an interAS option A network, autonomous system border router (ASBR) peers are connected by multiple subinterfaces with at least one interface VPN that spans the two AS. These ASBRs associate each subinterface with a VPN routing and forwarding (VRF) instance and a BGP session to signal unlabeled IP prefixes. As a result, traffic between the back-to-back VRFs is IP. In this scenario, the VPNs are isolated from each other and, because the traffic is IP Quality of Service (QoS) mechanisms that operate on the IP traffic can be maintained. The downside of this configuration is that one BGP session is required for each subinterface (and at least one subinterface is required for each VPN), which causes scalability concerns as the network grows.
  • InterAS option B—In an interAS option B network, ASBR ports are connected by one or more subinterfaces that are enabled to receive MPLS traffic. A Multiprotocol Border Gateway Router (MP-BGP) session distributes labeled VPN prefixes between the ASBRs. As a result, the traffic that flows between the ASBRs is labeled. The downside of this configuration is that, because the traffic is MPLS, QoS mechanisms that are applied only to IP traffic cannot be carried and the VRFs cannot be isolated. InterAS option B provides better scalability than option A because it requires only one BGP session to exchange all VPN prefixes between the ASBRs. Also, this feature provides nonstop forwarding (NSF) and Graceful Restart. The ASBRs must be directly connected in this option.

Note The Cisco Nexus 7000 Series devices support both options for Layer 3 traffic; however, support for option B is restricted.


Cisco NX-OS Release 6.2(2) supports interAS option B, but the aggregation switch supports only local VRFs. Routes that are learned from the IBGP peer are not sent to the EBGP peer. MP-BGP Layer 3 VPN does not work within an AS. The interAS option B with MP-BGP on the eBGP side does not work with MP-BGP on the iBGP side. One interface goes to the core and one interface goes to the Layer 3 VPN.

Figure 26-1 shows a single EBGP connection between ASBRs and it will exchange routes associated with all local VRFs.

Figure 26-1 InterAS Option B Example

This section includes the following topics:

InterAS and ASBRs

Separate ASes from different service providers can communicate by exchanging information in the form of VPN IP addresses. The ASBRs use EBGP to exchange that information. The IBGP distributes the network layer information for IP prefixes throughout each VPN and each AS. The following protocols are used for sharing routing information:

  • Within an AS, routing information is shared using IBGP.
  • Between ASes, routing information is shared using EBGP. EBGP allows service providers to set up an interdomain routing system that guarantees the loop-free exchange of routing information between separate ASes.

The primary function of EBGP is to exchange network reachability information between ASes, including information about the list of AS routes. The ASes use EBGP border edge routers to distribute the routes, which include label-switching information. Each border edge router rewrites the next-hop and MPLS labels.

InterAS configuration supported in this MPLS VPN can include an interprovider VPN, which is MPLS VPNs that include two or more ASes, connected by separate border edge routers. The ASes exchange routes use EBGP, and no IBGP or routing information is exchanged between the ASes.

Exchanging VPN Routing Information

ASes exchange VPN routing information (routes and labels) to establish connections. To control connections between ASes, the PE routers and EBGP border edge routers maintain a label forwarding information base (LFIB). The LFIB manages the labels and routes that the PE routers and EBGP border edge routers receive during the exchange of VPN information.

The ASes use the following guidelines to exchange VPN routing information:

  • Routing information includes:

The destination network

The next-hop field associated with the distributing router

A local MPLS label

  • A route distinguisher (RD1) is part of a destination network address. It makes the VPN IP route globally unique in the VPN service provider environment.
  • The ASBRs are configured to change the next-hop when sending VPN NLRIs to the IBGP neighbors. Therefore, the ASBRs must allocate a new label when they forward the NLRI to the IBGP neighbors.

Packet Forwarding

Figure 26-1 shows how packets are forwarded between ASes in an interprovider network using the following packet method.

Packets are forwarded to their destination through MPLS. Packets use the routing information stored in the LFIB of each PE router and EBGP border edge router.

The service provider VPN backbone uses dynamic label switching to forward labels.

Each AS uses standard multilevel labeling to forward packets between the edges of the AS routers (for example, from CE-5 to PE-3). Between ASes, only a single level of labeling is used, corresponding to the advertised route.

A data packet carries two levels of labels when it traverses the VPN backbone:

  • The first label (IBGP route label) directs the packet to the correct PE router on the EBGP border edge router.
  • The second label (VPN route label) directs the packet to the appropriate PE router or EBGP border edge router.

Licensing Requirements for InterAS Option B

The following table shows the licensing requirements for this feature:

 

Product
License Requirement

Cisco NX-OS

MPLS Layer 3 requires an MPLS license. For a complete explanation of the NX-OS licensing scheme, see the Cisco NX-OS Licensing Guide .

Prerequisites for Configuring InterAS Option B

  • Ensure that your MPLS VPN is configured and working properly.

Guidelines and Limitations for Configuring InterAS Option B

The interAS option B configuration for the Cisco Nexus 7000 Series in Cisco NX-OS Release 6.2(2) has the following guidelines and limitations:

  • The aggregation switch supports only local VRFs.
  • Routes learned from the IBGP peer are not sent to the EBGP peer.
  • Routes learned from an EBGP peer are not sent to IBGP VPNv4/VPNv6 peers.
  • The interAS option B with MP-BGP on the eBGP side does not work with MP-BGP on the iBGP side.

Configuring InterAS Option B

To configure the interAS option B feature, you must directly connect the ASBRs.

This section contains information on the following topics:

Configuring the Switch for InterAS Option B

You enable certain features on the switch to run interAS option B.

Prerequisites

Ensure that you are in the correct VDC (or use the switchto vdc command).

The install feature-set mpls command is available only in the default VDC, and you must enable it in default VDC.

SUMMARY STEPS

1. configure terminal

2. install feature-set mpls

3. feature mpls ldp

4. feature mpls l3vpn

5. feature bgp

6. vrf context vrf-name

7. rd route-distinguisher

8. address-family {ipv4 | ipv6} unicast

9. route-target {import | export} route-target-ext-community

10. route-target {import | export} route-target-ext-community

11. address-family {ipv4 | ipv6} unicast

12. route-target {import | export} route-target-ext-community

13. route-target {import | export} route-target-ext-community

14. (Optional) copy running-config startup-config

DETAILED STEPS

 

Command
Purpose

Step 1

configure terminal

 

Example:

switch# configure terminal

switch(config)#

Enters global configuration mode.

Step 2

install feature-set mpls

 

Example:

switch(config)# install feature-set mpls

Installs the MPLS feature set in the default VDC.

Note You can only install and enable MPLS in the default VDC. Use the no form of this command to uninstall the MPLS feature set.

Step 3

feature mpls ldp

 

Example:

switch(config)# feature mpls ldp

switch(config)#

Enables the MPLS LDP feature on the device.

Note When the MPLS LDP feature is disabled on the device, no LDP commands are available.

Step 4

feature mpls l3vpn

 

Example:

switch(config)# feature mpls l3vpn

Enables the MPLS Layer 3 VPN feature.

Step 5

feature bgp

 

Example:

switch(config)# feature bgp

Enables the BGP feature.

Step 6

vrf-context vrf-name

 

Example:

switch(config)# vrf context VPN1

switch(config-vrf)

Defines the VPN routing instance by assigning a VRF name and enters VRF configuration mode. The vrf-name argument is any case-sensitive, alphanumeric string up to 32 characters.

Step 7

rd route-distinguisher

 

Example:

switch(config-vrf)# rd100:1

switch(config-vrf)

Configures the route distinguisher. The route-distinguisher argument adds an 8-byte value to an IPv4 prefix to create a VPN IPv4 prefix.

Step 8

address-family {ipv4 | ipv6} unicast

 

Example:

switch(config-vrf)# address-family ipv4 unicast

switch(config-vrf-af-ip4)#

Specifies the IPv4 address family type and enters address family configuration mode.

Step 9

route-target {import | export} route-target-ext-community

 

Example:

switch(config-vrf-af-ip4)# route-target import 1:1

switch(config-vrf-af-ip4)

Specifies a route-target extended community for a VRF as follows:

  • The import keyword imports routing information from the target VPN extended community.
  • The export keyword exports routing information to the target VPN extended community.
  • The route-target-ext-community argument adds the route-target extended community attributes to the VRF's list of import or export route-target extended communities.

Step 10

route-target {import | export} route-target-ext-community

 

Example:

switch(config-vrf-af-ip4)# route-target export 1:1

switch(config-vrf-af-ip4)

Specifies a route-target extended community for a VRF as follows:

  • The import keyword imports routing information from the target VPN extended community.
  • The export keyword exports routing information to the target VPN extended community.
  • The route-target-ext-community argument adds the route-target extended community attributes to the VRF's list of import or export route-target extended communities.

Step 11

address-family {ipv4 | ipv6} unicast

 

Example:

switch(config-vrf)# address-family ipv6 unicast

switch(config-vrf-af-ip6)#

Specifies the IPv6 address family type and enters address family configuration mode.

Step 12

route-target {import | export} route-target-ext-community

 

Example:

switch(config-vrf-af-ip6)# route-target import 1:1

switch(config-vrf-af-ip6)

See Step 9.

Step 13

route-target {import | export} route-target-ext-community

 

Example:

switch(config-vrf-af-ip6)# route-target export 1:1

switch(config-vrf-af-ip6)

See Step 10.

Step 14

copy running-config startup-config

 

Example:

switch(config-router-vrf-af)# copy running-config startup-config

(Optional) Copies the running configuration to the startup configuration.

Configuring the Interfaces for InterAS Option B

One interface goes to the core and one interface goes to the Layer 3 VPN.

Prerequisites

Ensure that you are in the correct VDC (or use the switchto vdc command).

SUMMARY STEPS

1. configure terminal

2. interface type number

3. description description

4. mpls ip

5. ip address prefix mask

6. no shutdown

7. interface type number

8. description description

9. vrf member vrf-name

10. ip address prefix mask

11. ipv6 address address

12. no shutdown

13. (Optional) copy running-config startup-config

DETAILED STEPS

 

Command
Purpose

Step 1

configure terminal

 

Example:

switch# configure terminal

switch(config)#

Enters global configuration mode.

Step 2

interface type number

 

Example:

switch(config# interface ethernet 2/1

switch(config-if)

Specifies the interface to configure and enters interface configuration mode.

Step 3

description description

 

Example:

switch(config-if)# description To other ASBR

switch(config-if)

Specifies a description for the interface.

Step 4

mpls ip

 

Example:

switch(config-if)# mpls ip

switch(config-if)

Configures MPLS hop-by-hop forwarding on this interface.

Step 5

ip address prefix mask

 

Example:

switch(config-if)# ip address 10.0.0.1 255.255.255.0

switch(config-if)

Configures IP address for interface.

Step 6

no shutdown

 

Example:

switch(config-if)# no shutdown

switch(config-if)

Enables interface.

Step 7

interface type number

 

Example:

switch(config-vrf-af-ip6)# interface ethernet 2/2

switch(config-if)

See Step 2.

Step 8

description description

 

Example:

switch(config-if)# description To CE

switch(config-if)

See Step 3.

Step 9

vrf member vrf-name

 

Example:

switch(config-if)# vrf member VPN1

switch(config-if)

Associates a VRF with the specified interface or subinterface. The vrf-name argument is the name assigned to a VRF.

Step 10

ip address prefix mask

 

Example:

switch(config-if)# ip address 11.0.0.1 255.255.255.0

switch(config-if)

See Step 5.

Step 11

ipv6 address address

 

Example:

switch(config-if)# ipv6 address 1011::1/112

switch(config-if)

Configures IPv6 address for interface.

Step 12

no shutdown

 

Example:

switch(config-if)# no shutdown

switch(config-if)

See Step 6.

Step 13

copy running-config startup-config

 

Example:

switch(config-if)# copy running-config startup-config

(Optional) Copies the running configuration to the startup configuration.

Configuring BGP for InterAS Option B

You configure BGP for interAS option B.

Prerequisites

Ensure that you are in the correct VDC (or use the switchto vdc command).

SUMMARY STEPS

1. configure terminal

2. router bgp as-number

3. neighbor ip-address

4. remote-as as-number

5. address-family {vpnv4 | vpnv6} unicast

6. send-community {both | extended}

7. address-family {vpnv4 | vpnv6} unicast

8. send-community {both | extended}

9. vrf vrf-name

10. address-family {ipv4 | ipv6} unicast

11. exit

12. address-family {ipv4 | ipv6} unicast

13. (Optional) copy running-config startup-config

DETAILED STEPS

 

Command
Purpose

Step 1

configure terminal

 

Example:

switch# configure terminal

switch(config)#

Enters global configuration mode.

Step 2

router bgp as-number

 

Example:

switch(config)# router bgp 100

switch(config-router)

Enters the router BGP configuration mode and assigns an autonomous system (AS) number to the local BGP speaker device.

Step 3

neighbor ip-address

 

Example:

switch(config-router)# neighbor 10.0.0.2

switch(config-router-neighbor)

Adds an entry to the BGP or multiprotocol BGP neighbor table.

Step 4

remote-as as-number

 

Example:

switch(config-router-neighbor)# remote-as 200

switch(config-router-neighbor)

The as-number argument specifies the autonomous system to which the neighbor belongs.

Step 5

address-family {vpnv4 | vpnv6} unicast

 

Example:

switch(config-router-neighbor)# address-family vpnv4 unicast

switch(config-router-neighbor-af)#

Enters address family configuration mode for configuring IP VPN sessions.

Step 6

send-community {both | extended}

 

Example:

switch(config-router-neighbor-af)# send-community both

switch(config-router-neighbor-af)#

Specifies that a communities attribute should be sent to both BGP neighbors.

Step 7

address-family

{vpnv4 | vpnv6} unicast

 

Example:

switch(config-router-neighbor-af)# address-family vpnv6 unicast

switch(config--router-neighbor-af)#

Enters address family configuration mode for configuring IP VPN sessions.

Step 8

send-community {both | extended}

 

Example:

switch(config-router-neighbor-af)# send-community both

switch(config-router-neighbor-af)#

See Step 6.

Step 9

vrf vrf-name

 

Example:

switch(config-router-neighbor-af)# vrf VPN1

switch(config-router-vrf)#

Associates the BGP process with a VRF.

Step 10

address-family {ipv4 | ipv6} unicast

 

Example:

switch(config-vrf)# address-family ipv4 unicast

switch(config-vrf-af)#

See Step 5.

Step 11

exit

 

Example:

switch(config-router-vrf-af)# exit

switch(config-router-vrf)#

Exits IPv4 address family.

Step 12

address-family {ipv4 | ipv6} unicast

 

Example:

switch(config-vrf)# address-family ipv6 unicast

switch(config-vrf-af)#

See Step 7.

Step 13

copy running-config startup-config

 

Example:

switch(config-router-vrf-af)# copy running-config startup-config

(Optional) Copies the running configuration to the startup configuration.

Verifying Configuring InterAS Option B

To verify InterAS option B configuration information, perform one of the following tasks:

Command
Purpose

show bgp { vpnv4 | vpnv6 } unicast [ ip-prefix/length [ neighbors neighbor ] ] { vrf { vrf-name | all } | rd route-distinguisher }

Displays VPN routes from the BGP table.

show bgp ipv6 unicast [ vrf vrf-name ]

Displays information about BGP on a VRF for 6VPE.

show forwarding { ip | ipv6 } route vrf vrf-name

Displays the IP forwarding table that is associated with a VRF. Check that the loopback addresses of the local and remote CE routers are in the routing table of the PE routers.

show { ip | ipv6 } bgp [ vrf vrf-name ]

Displays information about BGP on a VRF.

show ip route [ ip-address [ mask ]] [ protocol ] vrf vrf-name

Displays the current state of the routing table. Use the ip-address argument to verify that CE1 has a route to CE2. Verify the routes learned by CE1. Make sure that the route for CE2 is listed.

show { ip | ipv6 } route vrf vrf-name

Displays the IP routing table that is associated with a VRF. Check that the loopback addresses of the local and remote CE routers are in the routing table of the PE routers.

show running-config bgp

Displays the running configuration for BGP.

show running-config vrf vrf-name

Displays the running configuration for VRFs.

show vrf vrf-name interface if-type

Verifies the route distinguisher (RD) and interface that are configured for the VRF.

trace destination [ vrf vrf-name ]

Discovers the routes that packets take when traveling to their destination. The trace command can help isolate a problem if two routers cannot communicate.

Configuration Example for Configuring InterAS Option B

configure terminal
install feature-set mpls
feature mpls ldp
feature mpls l3vpn
feature bgp
vrf context VPN1
rd 100:1
address-family ipv4 unicast
route-target import 1:1
route-target export 1:1
address-family ipv6 unicast
route-target import 1:1
route-target export 1:1
interface ethernet 2/1
description To other ASBR
mpls ip
ip address 10.0.0.1 255.255.255.0
no shutdown
interface ethernet 2/2
description To CE
vrf member VPN1
ip address 11.0.0.1 255.255.255.0
ipv6 address 1011::1/112
no shutdown
router bgp 100
neighbor 10.0.0.2
remote-as 200
address-family vpnv4 unicast
send-community both
address-family vpnv6 unicast
send-community both
vrf VPN1
address-family ipv4 unicast
network 11.0.0.0/24
address-family ipv6 unicast
network 1011::/112

Additional References for Configuring InterAS Option B

This section includes the following topics:

Related Documents

Related Topic
Document Title

CLI commands

Cisco Nexus 7000 Series NX-OS MPLS Command Reference

Interface commands

Cisco Nexus 7000 Series NX-OS Interface Command Reference

VRF-aware services

Cisco Nexus 7000 Series NX-OS Unicast Routing Configuration Guide

MIBs

MIBs
MIBs Link
  • MPLS-L3VPN-STD-MIB

To locate and download MIBs, go to the following URL: http://www.cisco.com/dc-os/mibs

Feature History for Configuring InterAS Option B

Table 26-1 lists the release history for this feature.

 

Table 26-1 Feature History for InterAS Option B

Feature Name
Releases
Feature Information

InterAS option B

6.2(2)

This feature was introduced.