Information About MPLS VPN InterAS Options
The MPLS VPN InterAS Options provide various ways of interconnecting VPNs between different MPLS VPN service providers. This allows sites of a customer to exist on several carrier networks (autonomous systems) and have seamless VPN connectivity between these sites.
ASes and ASBRs
An autonomous system (AS) is a single network or group of networks that is controlled by a common system administration group and using a single, clearly defined protocol. In many cases, VPNs extend to different ASes in different geographical areas. Some VPNs must extend across multiple service providers; these VPNs are called overlapping VPNs. The connection between ASes must be seamless to the customer, regardless of the complexity or location of the VPNs.
An AS boundary router (ASBR) is a device in an AS that is connected by using more than one routing protocol, and exchanges routing information with other ASBRs by using an exterior routing protocol (for example, eBGP), or use static routes, or both.
Separate ASes from different service providers communicate by exchanging information in the form of VPN IP addresses and they use the following protocols to share routing information:
-
Within an AS, routing information is shared using iBGP.
iBGP distributes network layer information for IP prefixes within each VPN and each AS.
-
Between ASes, routing information is shared using eBGP.
eBGP allows service providers to set up an interdomain routing system that guarantees loop-free exchange of routing information between separate ASes. The primary function of eBGP is to exchange network reachability information between ASes, including information about the list of AS routes. The ASes use eBGP border edge routers to distribute the routes, which includes label-switching information. Each border edge router rewrites the next-hop and MPLS labels.
MPLS VPN InterAS Options configuration is supported and can include an inter provider VPN, which is MPLS VPNs that include two or more ASes, connected by separate border edge routers. The ASes exchange routes using eBGP, and no iBGP or routing information is exchanged between the ASes.
MPLS VPN InterAS Options
The following options defined in RFC4364 provide MPLS VPN connectivity between different ASes:
-
InterAS Option A – This option provides back-to-back virtual routing and forwarding (VRF) connectivity. Here, MPLS VPN providers exchange routes across VRF interfaces.
-
InterAS Option B – This option provides VPNv4 route distribution between ASBRs.
InterAS Option A
In terms of configuration, interAS Option A is the simplest of all available options.
A typical AS consists of these devices – Provider Edge(PE), Customer Edge(CE) and an Autonomous System Boundary Router(ASBR). The target is to enable VRF connectivity between CE devices (also referred to as VPN sites) in a network. In order to facilitate interAS option A, you have to perform the following for each VPN site:
-
Assign a VRF interface to each VPN site
-
Define an interface or sub-interface for each VRF interface. (If multiple VPN sites are involved, they cannot all be associated with a single interface, and therefore, a sub-interface must be configured for each VRF). Optionally, a dedicated QoS policy may be applied to each subinterface.
-
Create a BGP (or other routing protocol) session for each VRF.
With the above configuration in place, traffic flow with option A is as follows: Within the AS, data packets travel like regular Layer 3 VPN traffic. Traffic flow between ASBRs when traversing ASes is in the form of unlabeled IP packets on a VRF interface. Any routing protocol may be used to exchange routing information between the ASBRs in the different ASes.
While this option provides certain advantages (flexibility in terms of the routing protocol that can be used within an AS and between ASBRs, and security by means of a QoS policy on a subinterface), the scale for interAS option A is limited by the scale numbers for subinterfaces and VRFs. This option is therefore suited only to scenarios where the number of VPNs and the number of routes to transfer, is limited (and not likely to increase).
The figure below shows the data packet flow from CE 1, CE 2, CE 3 to CE 4, CE 5, CE 6 respectively. The explanation below takes the instance of the route advertisement and data packet flow from CE1 in AS-65001 to CE 4 in AS-65002.
The IP traffic between CE 1 and PE 1 is sent over a VRF sub-interface by using eBGP. Once the packet reaches PE 1 it is sent to ASBR 1 as a two-label MPLS stack. The outermost label is the Interior Gateway protocol (IGP) label and the inner label is the VPN label. Layer 3 VPN traffic is sent from PE 1 to ASBR 1 in AS-65001 and from ASBR 2 to PE 3 in AS-65002 over a MPLS cloud. At ASBR 1, both the labels (IGP and VPN) are popped (removed). From ASBR 1 to ASBR 2 traffic flows as an unlabelled IP packet on a VRF interface. In this example, the routing protocol used between the two ASBRs is eBGP. The two label MPLS stack is pushed once the IP packet reaches ASBR 2. After the packet reaches PE 3, the VPN label is removed. The IGP label is also popped in case of explicit NULL IGP. The VPN packet is sent to CE4 through a VRF interface.
InterAS Option B
Two methods are supported to distribute the next hop for VPNv4 routes between ASBRs. There is no requirement for LDP or any IGP to be enabled on the link connecting the two ASBRs. The MP-eBGP session between directly connected interfaces on the ASBRs enables the interfaces to forward labeled packets. To ensure this MPLS forwarding for directly connected BGP peers, you must configure mpls bgp forwarding command on the interface connecting to ASBR. This command is implemented in the IOS for directly connected interfaces. Upto 200 BGP neighbors can be configured.
-
Next-hop-self Method: Changing next-hop to that of the local ASBR for all VPNv4 routes learnt from the other ASBR.
-
Redistribute Connected Subnets Method: Redistributing the next hop address of the remote ASBR into the local IGP using redistribute connected subnets command , i.e., the next hop is not changed when the VPNv4 routes are redistributed into the local AS.
Note |
In case of multiple equal paths - ECMP towards remote AS, you have to configure MPLS static label bindings towards remote Loopback on ASBR. Otherwise, you may experience packet loss. |
The label switch path forwarding sections described below has AS200 configured with the Next-hop-self method and the AS300 is configured with Redistribute-subnet method.
Next-Hop Self Method
The following figure shows the label forwarding path for next-hop-self method. The labels get pushed, swapped and popped on the stack as packet makes its way from PE-200 in AS 200 to PE-300 in AS 300. In step 5, ASBR-A300 receives labeled frame, replaces label 164 with label 161 pushes IGP label 162 onto the label stack.
Redistribute Connected Subnet Method
The following figure shows the label forwarding path for Redistribute connected subnets method. The labels get pushed, swapped and popped on the stack as packet travels from PE- 300 in AS 300 to PE-200 in AS 200. In step 5, ASBR-A200 receives frame with BGP label 20, swaps it with label 29 and pushes label 17.