Table Of Contents
MPLS VPN Support for EIGRP Between Provider Edge and Customer Edge
Prerequisites for MPLS VPN Support for EIGRP Between PE and CE
Restrictions for MPLS VPN Support for EIGRP Between PE and CE
Information About MPLS VPN Support for EIGRP Between PE and CE
EIGRP Extended Community Attributes
Benefits of MPLS VPN Support for EIGRP
How to Configure an MPLS VPN Using EIGRP
Configuring the VRF for the EIGRP MPLS VPN
Configuring EIGRP Redistribution in the MPLS VPN
Configuring the PE Routers to Support the EIGRP MPLS VPN
Verifying the VPN Configuration
Verifying PE-to-PE Connectivity
Verifying EIGRP VRF Configuration
Configuration Examples for the EIGRP MPLS VPN
EIGRP MPLS VPN Configuration Example
BGP Network Configuration Example
EIGRP MPLS VPN Verification Examples
Verifying Route Distinguisher and MPLS Configuration Example
Verifying PE-to-PE Connectivity Example
Verifying EIGRP VRF Configuration Example
MPLS VPN Support for EIGRP Between Provider Edge and Customer Edge
The MPLS VPN Support for EIGRP Between Provider Edge (PE) and Customer Edge (CE) feature introduces the capability to redistribute Enhanced Interior Gateway Routing Protocol (EIGRP) routes through a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) over a Border Gateway Protocol (BGP) core network. This feature is configured only on PE routers and requires no upgrade or configuration changes to customer equipment. This feature also introduces EIGRP support for MPLS and support for EIGRP extended community attributes.
History for the MPLS VPN Support for EIGRP Between Provider Edge and Customer Edge feature
Finding Support Information for Platforms and Cisco IOS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Contents
•
Prerequisites for MPLS VPN Support for EIGRP Between PE and CE
•
Restrictions for MPLS VPN Support for EIGRP Between PE and CE
•
Information About MPLS VPN Support for EIGRP Between PE and CE
•
How to Configure an MPLS VPN Using EIGRP
•
Configuration Examples for the EIGRP MPLS VPN
Prerequisites for MPLS VPN Support for EIGRP Between PE and CE
In this document, it is assumed that BGP is configured in the network core. You will also need to complete the following tasks before you can configure this feature:
•
MPLS and Cisco Express Forwarding (CEF) must be configured in the BGP core network. EIGRP and multiprotocol BGP (mBGP) must be configured on all PE routers that provide VPN services to the CE routers at the customer sites.
•
The metric must be configured for routes from external EIGRP autonomous systems and non-EIGRP networks before these routes can be redistributed into an EIGRP CE router. The metric can be configured in the redistribute statement using the redistribute (IP) command or configured with the default-metric (EIGRP) command.
Restrictions for MPLS VPN Support for EIGRP Between PE and CE
Metric Must Be Configured for Routes from Other Autonomous Systems and Non-EIGRP Networks
If an external route is received from another EIGRP autonomous system or a non-EIGRP network without a configured metric, the route will not be advertised to the CE router. The metric can be configured in the redistribute statement by use of the redistribute command or configured with the default-metric command.
Native EIGRP VRF to VRF Redistribution Is Not Supported
Redistribution between native EIGRP VRFs is not supported. This is designed behavior.
Information About MPLS VPN Support for EIGRP Between PE and CE
To configure this feature, you must understand the following concepts:
•
EIGRP Extended Community Attributes
•
Benefits of MPLS VPN Support for EIGRP
MPLS VPN Support for EIGRP
The MPLS VPN Support for EIGRP Between Provider Edge and Customer Edge feature provides the capability to transparently connect EIGRP customer networks through an MPLS-enabled BGP core network so that EIGRP routes are redistributed through the VPN across the BGP network as internal BGP (iBGP) routes. The configuration of this feature does not require any customer equipment upgrades or configuration changes; this feature is configured only on PE routers within the service provider network.
Customer networks and remote sites are connected to each other through the MPLS VPN. The configuration of this feature allows several EIGRP sites to connect seamlessly and appear as a single network. This integration is transparent to the customer sites. When this feature is enabled, EIGRP routes are converted to iBGP routes and transported through the BGP core network. EIGRP extended community attributes are used to define EIGRP routes and preserve internal metrics. These attributes are carried across the core network by multiprotocol BGP.
Figure 1 shows 2 customer EIGRP networks that are connected by the VPN over a service provider backbone:"Site1" and "Site 2."
Figure 1
EIGRP Connectivity Between VPN Client Sites over a Service Provider Backbone
In Figure 1, the EIGRP routes in Site 1 are carried through the BGP core network as iBGP routes. The EIGRP routes in "Site 1" and "Site 2" are converted to iBGP routes and EIGRP extended community attributes are appended to the iBGP routes. (See Table 1 for a description of these attributes.) The EIGRP extended community attributes are appended to the EIGRP routes when they are redistributed into BGP as iBGP routes, and VPN routing information is redistributed between the PE routers by multiprotocol BGP.
The routes that originate in "Site 1" travel to the PE router that is connected to the CE router in "Site 2" of the VPN and are then converted back to EIGRP routes using the EIGRP extended community attributes. EIGRP routes are treated the same in "Site 1" and "Site 2." If the route is internal in "Site 1", it will be internal in "Site 2", and if the route is external in "Site 1", it will be external in "Site 2." All EIGRP metrics are preserved, and EIGRP metric information, along with the autonomous system, tag, and external data, is carried across the VPN over the BGP core network.
Note
EIGRP adjacencies, EIGRP updates, and EIGRP queries are not sent across the VPN. If a route is received from another EIGRP autonomous system without a configured metric, the route is not advertised to the CE router.
Each VPN is associated with a single VPN routing or forwarding instance (VRF). A VRF consists of an IP routing table, a CEF table, and a set of interfaces that use the CEF forwarding table. The router maintains a separate routing and CEF table for each VRF, which prevents information being sent outside the VPN and allows the same addresses to be used in several VPNs without causing problems that are associated with duplicate IP addresses.
A single EIGRP routing process can support multiple VRFs. This support is limited only by the available system resources on the router, which are determined by the number of configured VRF instances, running processes, and amount of available memory. However, only a single VRF can be supported by each VPN. Separate VRFs are unique and do not share neighbor, routing, or topology information. Redistribution between native EIGRP VRFs is not supported. An EIGRP process must be created for the default VRF even if it is not used for establishing EIGRP neighbors, and a separate VRF address family must be configured in BGP for each EIGRP VRF.
EIGRP Extended Community Attributes
EIGRP routes are converted to iBGP routes on the PE router by the appending of EIGRP extended community attributes. The PE router uses multiprotocol BGP to distribute the VPN routing information using the these extended community attributes. The BGP routes are converted back to EIGRP routes by use of the extended community attribute information when the iBGP routes reach the PE router that is connected to the destination CE router.
Table 1 describes the extended community attributes that are appended to BGP routes and used to carry EIGRP information across the service provider backbone.
Benefits of MPLS VPN Support for EIGRP
Multiple VRFs Are Supported
A single EIGRP routing process can support multiple VRFs. This support is limited only by the available system resources on the router, which are determined by the number of configured VRF instances, running processes, and amount of available memory. However, only a single VRF can be supported by each VPN.
Seamless Integration of Existing Customer EIGRP Deployments
This feature is configured only on PE routers that provide VPN services across the service provider network. The customer need not upgrade the version of Cisco IOS software being used or make any changes to equipment or configurations.
Secure, Scalable, and Cost-Effective Alternative
Remote sites can be seamlessly and securely connected through VPNs to customer networks. This feature provides a cost-effective alternative to traditional methods, such as WAN leased lines.
How to Configure an MPLS VPN Using EIGRP
This section contains the following procedures:
•
Configuring the VRF for the EIGRP MPLS VPN (required)
•
Configuring EIGRP Redistribution in the MPLS VPN (required)
•
Configuring the PE Routers to Support the EIGRP MPLS VPN (required)
•
Verifying the VPN Configuration, page 13 (optional)
•
Verifying PE-to-PE Connectivity, page 13 (optional)
•
Verifying EIGRP VRF Configuration, page 14 (optional)
Configuring the VRF for the EIGRP MPLS VPN
Creating a VRF
A VRF must be created, and a route distinguisher and route target must be configured in order for the PE routers in the BGP network to carry EIGRP routes to the EIGRP CE site. The VRF must also be associated with an interface in order for the PE router to send routing updates to the CE router. Use the following steps to create and configure the VRF and associate the VRF with an interface.
Prerequisites
Before this feature can be configured, MPLS and CEF must be configured in the BGP network, and multiprotocol BGP and EIGRP must be configured on all PE routers that provide VPN services to CE routers.
Restrictions
Native EIGRP VRF to VRF redistribution is not supported.
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
ip vrf vrf-name
4.
rd route-distinguisher
5.
route-target {import | export | both} route-target-ext-community
6.
exit
7.
interface type number
8.
ip vrf forwarding vrf-name
9.
ip address ip-address subnet-mask
10.
end
DETAILED STEPS
What to Do Next
The next task is to configure the EIGRP redistribution in the MPLS VPN. Use the steps in the following section.
Configuring EIGRP Redistribution in the MPLS VPN
Creating the MPLS VPN
Perform this task to enable EIGRP redistribution in the MPLS VPN. This task should be applied to every PE router that provides VPN services.
Prerequisites
Before EIGRP SoO BGP Cost Community support was introduced, BGP preferred locally sourced routes over routes learned from BGP peers. Backdoor links in an EIGRP MPLS VPN topology are preferred by BGP if the back door link is learned first. (A back door link or a route is a connection that is configured outside of the VPN between a remote and a main site. For example, a WAN leased line that connects a remote site to the corporate network).
The "pre-bestpath" point of insertion (POI) has been introduced in the BGP Cost Community feature to support mixed EIGRP VPN network topologies that contain VPN and backdoor links. This POI is applied automatically to EIGRP routes that are redistributed into BGP. The "pre-best path" POI carries the EIGRP route type and metric. This POI influences the best path calculation process by configuring BGP to consider this POI before any other comparison step. No configuration is required. This feature is enabled automatically for EIGRP VPN sites when Cisco IOS Release 12.0(27)S is installed to a PE, CE, or back door router.
For more information about the BGP Cost Community feature and the absolute value POI, refer to the BGP Cost Community feature documentation in Cisco IOS Release 12.0(27)S.
For more information about the EIGRP MPLS VPN PE-CE Site of Origin (SoO) feature, refer to the EIGRP MPLS VPN PE-CE Site of Origin (SoO) feature documentation in Cisco IOS Release 12.0(27)S.
Restrictions
Metrics must be configured for routes from other EIGRP autonomous systems and non-EIGRP networks. If an external route is received from another EIGRP autonomous system or a non-EIGRP network without a configured metric, the route will not be advertised to the CE router. The metric can be configured in the redistribute statement by means of the redistribute command or the default-metric command.
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
router eigrp autonomous-system-number
4.
address-family ipv4 vrf vrf-name
5.
network ip-address wildcard-mask
6.
redistribute bgp [autonomous-system-number] [metric bandwidth delay reliability load mtu]
7.
autonomous-system autonomous-system-number
8.
exit-address-family
DETAILED STEPS
Troubleshooting Tips
If the MPLS VPN is not working properly:
•
Verify the configurations on each router. Make sure that the VRF and route distinguisher have been correctly configured. Check the VRF routing table and VRF CEF table.
•
Verify that there is connectivity between both PE routers. Check the PE router and other neighbors that carry the VPN. The network operator should be able to ping between the PE routers that carry the VPN to verify the neighbor relationships.
The commands in the following table can also be useful for monitoring and troubleshooting the configuration of this feature.
What to Do Next
The next task is to configure the PE routers to support the EIGRP MPLS VPN. Use the steps in the following section.
Configuring the PE Routers to Support the EIGRP MPLS VPN
Basic BGP Configuration
The BGP configuration provided in this section includes the elements necessary for configuring this feature. Steps 11 through 13 will need to be repeated on a per EIGRP VRF basis if multiple EIGRP VRFs need to be configured.
Prerequisites
Before this feature can be configured, MPLS and CEF must be enabled in the BGP network, and multiprotocol BGP must be enabled on all PE routers that provide VPN services to CE routers.
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
router bgp autonomous-system-number
4.
no synchronization
5.
neighbor ip-address remote-as autonomous-system-number
6.
neighbor ip-address update-source loopback interface-number
7.
address-family vpnv4
8.
neighbor ip-address activate
9.
neighbor ip-address send-community extended
10.
exit-address-family
11.
address-family ipv4 vrf vrf-name
12.
redistribute eigrp autonomous-system-number
13.
no synchronization
14.
exit-address-family
15.
end
DETAILED STEPS
Verifying the VPN Configuration
A route distinguisher must be configured for the VRF, and MPLS must be configured on the interfaces that carry the VRF. Use the show ip vrf command to verify the route distinguisher (RD) and interface that are configured for the VRF.
SUMMARY STEPS
1.
show ip vrf
DETAILED STEPS
Verifying PE-to-PE Connectivity
Perform this task to verify PE-to-PE connectivity in the service provider network.
SUMMARY STEPS
1.
enable
2.
ping ip-address
3.
show ip route vrf vrf-name
4.
show ip cef vrf vrf-name
DETAILED STEPS
Verifying EIGRP VRF Configuration
Use the following steps to verify EIGRP VRF configuration.
SUMMARY STEPS
1.
enable
2.
show ip eigrp vrf vrf-name topology
3.
show ip bgp vpnv4 {all | rd route-distinguisher | vrf vrf-name}
DETAILED STEPS
Configuration Examples for the EIGRP MPLS VPN
•
EIGRP MPLS VPN Configuration Example
•
BGP Network Configuration Example
•
EIGRP MPLS VPN Verification Examples
EIGRP MPLS VPN Configuration Example
The following configuration example in global configuration mode creates a VRF named RED and associates it with an interface:
ip vrf REDrd 100:1route-target both 100:1exitinterface FastEthernet 0/0ip vrf forwarding REDip address 10.0.0.1 255.255.255.0endBGP Network Configuration Example
The following configuration example shows the minimum BGP configuration required on the PE routers to support the EIGRP MPLS VPN:
router bgp 65000no synchronizationneighbor 10.0.0.1 remote-as 65000neighbor 10.0.0.1 update-source loopback 0address-family vpnv4neighbor 10.0.0.1 activateneighbor 10.0.0.1 send-community extendedexit-address-familyaddress-family ipv4 vrf REDredistribute eigrp 101no synchronizationexit-address-familyEIGRP Redistribution Example
The following configuration example shows how to configure EIGRP redistribution through the MPLS VPN over the BGP core network:
router eigrp 1address-family ipv4 vrf REDnetwork 172.16.0.0 0.0.255.255redistribute bgp 10 metric 10000 100 255 1 1500autonomous-system 101exit-address-familyEIGRP MPLS VPN Verification Examples
The examples in the following section show how to verify the configuration of the MPLS VPN Support for EIGRP Between Provider Edge and Customer Edge feature:
•
Verifying Route Distinguisher and MPLS Configuration Example
•
Verifying PE-to-PE Connectivity Example
•
Verifying EIGRP VRF Configuration Example
Verifying Route Distinguisher and MPLS Configuration Example
A route distinguisher must be configured for the VRF, and MPLS must be configured on the interfaces that carry the VRF.
Use the show ip vrf command to verify the route distinguisher (RD) and interface that are configured for the VRF. The VRF name, RD, and configured interface are displayed in the output. The following sample output is similar to the output that will be displayed when the show ip vrf command is issued:
Router# show ip vrfName Default RD InterfacesBLUE 120:1PINK 130:1 Ethernet3/0RED 100:1YELLOW 110:1 Serial12/0Use the show ip eigrp vrf interfaces command to display and verify specific information about VRFs configured under EIGRP. The interface to VRF mapping that is displayed in the output of this command should match the mapping that is displayed for the show ip vrf command. The following sample output is similar to the output that will be displayed when the show ip eigrp vrf interfaces command is issued:
Router# show ip eigrp vrf PINK interfacesIP-EIGRP interfaces for process 1Xmit Queue Mean Pacing Time Multicast PendingInterface Peers Un/Reliable SRTT Un/Reliable Flow Timer RoutesEt3/0 1 0/0 131 0/10 528 0Use the show mpls interfaces command to verify that MPLS is configured for interfaces that need to carry any configured VRFs. The following sample output is similar to the output that will be displayed when the show mpls interfaces command is issued:
Router# show mpls interfacesInterface IP Tunnel OperationalEthernet2/0 Yes (tdp) No YesVerifying PE-to-PE Connectivity Example
The ping command can be used to verify PE-to-PE connectivity within the service provider network. If a PE router cannot be reached with the ping command, use the following steps to isolate the problem:
Step 1
Verify that the VRF is in the routing table with the show ip route vrf vrf-name command.
Router# show ip route vrf PINKRouting Table:PINKCodes:C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS interarea* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is not set172.16.0.0/24 is subnetted, 1 subnetsD 172.16.17.0 [90/409600] via 10.10.10.2, 1d15h, Ethernet3/010.0.0.0/24 is subnetted, 1 subnetsC 10.10.10.0 is directly connected, Ethernet3/010.19.0.0/24 is subnetted, 1 subnetsD 10.19.19.0 [90/409600] via 10.10.10.2, 1d15h, Ethernet3/0192.168.0.0/24 is subnetted, 1 subnetsB 192.168.10.0 [200/0] via 10.14.14.14, 1d15hStep 2
If the VRF is in the routing table but the PE router still cannot be reached with the ping command, verify that the VRF is in the CEF table with the show ip cef vrf vrf-name command.
Router# show ip cef vrf PINKPrefix Next Hop Interface0.0.0.0/0 drop Null0 (default route handlerentry)0.0.0.0/32 receive172.16.17.0/24 10.10.10.2 Ethernet3/010.19.19.0/24 10.10.10.2 Ethernet3/010.10.10.0/24 attached Ethernet3/010.10.10.0/32 receive10.10.10.1/32 receive10.10.10.2/32 10.10.10.2 Ethernet3/010.10.10.255/32 receive172.16.10.0/24 10.22.10.1 Ethernet2/0224.0.0.0/24 receive255.255.255.255/32 receiveStep 3
If the VRF is in the CEF table but the PE router still cannot be reached with the ping command, verify that the interfaces and networks associated with the VRF are not in the global CEF database with the show ip cef command.
Router# show ip cefPrefix Next Hop Interface0.0.0.0/0 drop Null0 (default route handlerentry)0.0.0.0/32 receive10.14.14.14/32 10.22.10.1 Ethernet2/010.15.15.15/32 receive10.16.16.16/32 10.22.10.1 Ethernet2/0172.16.17.17/32 10.22.10.1 Ethernet2/010.22.10.0/24 attached Ethernet2/010.22.10.0/32 receive10.22.10.1/32 10.22.10.1 Ethernet2/010.22.10.2/32 receive10.22.10.255/32 receive10.23.10.0/24 10.22.10.1 Ethernet2/0224.0.0.0/4 drop224.0.0.0/24 receive255.255.255.255/32 receiveIf the VRF route is in the global CEF table, deconfigure and reconfigure CEF.
Verifying EIGRP VRF Configuration Example
To verify EIGRP VRF configuration, perform the following steps:
Step 1
Use the show ip eigrp vrf vrf-name topology command to verify that the correct VRF route is in the EIGRP topology table.
Router# show ip eigrp vrf PINK topologyIP-EIGRP Topology Table for AS(1)/ID(10.10.10.1) Routing Table:PINKCodes:P - Passive, A - Active, U - Update, Q - Query, R - Reply,r - reply Status, s - sia StatusP 172.16.17.0/24, 1 successors, FD is 409600via 10.10.10.2 (409600/128256), Ethernet3/0P 10.19.19.0/24, 1 successors, FD is 409600via 10.10.10.2 (409600/128256), Ethernet3/0P 10.10.10.0/24, 1 successors, FD is 281600via Connected, Ethernet3/0P 172.16.10.0/24, 1 successors, FD is 281600via Redistributed (281600/0)Step 2
If the VRF route is not in the EIGRP topology table, verify that the route is in the BGP VRF table with the show ip bgp vpnv4 vrf vrf-name command.
Router# show ip bgp vpnv4 vrf PINKBGP table version is 17, local router ID is 10.15.15.15Status codes:s suppressed, d damped, h history, * valid, > best, i -internal,r RIB-failure, S StaleOrigin codes:i - IGP, e - EGP, ? - incompleteNetwork Next Hop Metric LocPrf Weight PathRoute Distinguisher:130:1 (default for vrf PINK)*> 172.16.17.0/24 10.10.10.2 409600 32768 ?*> 10.19.19.0/24 10.10.10.2 409600 32768 ?*> 10.10.10.0/24 0.0.0.0 0 32768 ?*>i172.16.10.0/24 10.14.14.14 0 100 0 ?
Where to Go Next
For more information about the BGP Cost Community feature, refer to the BGP Cost Community feature documentation in Cisco IOS Release 12.0(27)S.
For more information about the EIGRP MPLS VPN PE-CE Site of Origin (SoO) feature, refer to the EIGRP MPLS VPN PE-CE Site of Origin (SoO) feature documentation in Cisco IOS Release 12.0(27)S.
Additional References
The following sections provide references related to the MPLS VPN Support for EIGRP Between Provider Edge and Customer feature:
•
MIBs
•
RFCs
Related Documents
Related Topic Document TitleBGP Cost Community
BGP Cost Community, Cisco IOS Release 12.0(27)S
CEF commands
Cisco IOS Switching Services Configuration Guide, Release 12.3
CEF configuration tasks
Cisco IOS Switching Services Command Reference, Release 12.3
EIGRP commands
Cisco IOS IP Command Reference, Volume 2 of 4: Routing Protocols, Release 12.3
EIGRP configuration tasks
Cisco IOS IP Configuration Guide, Release 12.3
EIGRP Site of Origin
EIGRP MPLS VPN PE-CE Site of Origin (SoO), Cisco IOS Release 12.0(27)S.
MPLS VPNs
MPLS Virtual Private Networks, Cisco IOS Release 12.0(5)T
Standards


