Configuring MPLS L3 VPN EcoRouter Documentation / Configuring MPLS L3 VPN
- Requirements
- MPLS VPN Terminology
- The VPN Routing Process
- Configure MPLS Layer-3 VPN
- MPLS Layer-3 eBGP VPN Configuration
The MPLS Layer-3 VPN solution provides address space and routing separation via the use of per-VPN Routing and Forwarding tables (VRFs), and MPLS switching in the core and at the edge of the network. VPN customer routing data is imported into the VRFs utilizing the Route Target BGP extended community. This routing data is identified by a Route Distinguisher (RD) and is distributed among Provider Edge (PE) routers using Multi-Protocol BGP extensions.
Requirements
To fully implement the EcoRouterOS MPLS Layer-3 VPN solution, the following protocols are used:
- MP-BGP
- LDP
- MPLS
- OSPFv2
- RIP
MPLS VPN Terminology
The following illustrates a Virtual Private Network in a Connector Service Provider Network with the private virtual subnets ComA and ComB. This illustration corresponds to the terms defined in this subsection.
Service Provider. The organization that owns the infrastructure that provides leased lines to customers, offering them.
a Virtual Private Network Service. In the above illustration, CConnect is the service provider providing services to clients ComA and ComB.
Customer Edge (CE) Router. A router at a customer's site connected to the Service Provider network. The CE1, CE2, CE3 and CE4 are such CE routers (see the figure).
Provider Edge (PE) Router. A provider's router which CE router is connected to. In the illustration above, PE1 and PE2 are the PE routers, they link the customer equipment to the Connector network.
Provider Core Router (P). All the Connector network routers which are not PE routers. In the above illustration, the P router which is a part of the Connector network and is not connected to any customer, is the Provider Core Router.
Customer Router (R). All the customer network routers which are not CE routers. In the illustration above, R1 and R2 are the Customer routers, and are not directly connected to the Connector network.
Site. A contiguous part of the customer network. A site connects to the provider network through transmission lines, . using a CE and PE router. In the above illustration, R1, R2 and CE3 comprise a Customer network, and are seen as a single site by the CConnect network.
The VPN Routing Process
The EcoRouterOS MPLS-VPN Routing process follows these steps:
- Service Providers provide VPN services from PE routers that communicate directly with CE routers via an Ethernet Link.
- Each PE router maintains a Routing and Forwarding table (VRF) for each customer. This guarantees isolation, and allows the usage of uncoordinated private addresses. When a packet is received from the CE, the VRF that is mapped to that site is used to determine the routing for the data. If a PE has multiple connections to the same site, a single VRF is mapped to all of those connections.
- After the PE router learns of the IP prefix, it converts it into a VPN-IPv4 prefix by prepending it with an 8-byte Route Distinguisher (RD). The RD ensures that even if two customers have the same address, two separate routes to that address can be maintained. These VPN-IPv4 addresses are exchanged between the PE routers through MP-BGP.
- A unique Router ID (usually the loopback address) is used to allocate a label, and enable VPN packet forwarding across the backbone.
- Based on routing information stored in the VRF table, packets are forwarded to their destination using MPLS. Each PE router allocates a unique label to every route in each VRF (even if they have the same next hop), and propagates these labels, together with 12-byte VPN-IPv4 addresses, through Multi-Protocol BGP.
- Ingress PE routers prepend a two-level label stack to the VPN packet, which is forwarded across the Provider network. This label stack contains a BGP-specific label from the VRF table (associated with the incoming interface), specifying the BGP next hop (so called service label) and an LDP-specific label from the global FTN table, specifying the IP next hop (so called transport label).
- The Provider router in the network switches the VPN packet, based on the top label or the LDP-specific label in the stack (transport level). This top label is used as the key to lookup in the incoming interface's Incoming Labels Mapping table (ILM). If there is an outbound label, the label is swapped, and the packet is forwarded to the next hop; if not, the router is the penultimate router, and it pops the LDP-specific label, and forwards the packet with only the BGP-specific label to the egress PE router. In case the mpls explicit-null option is enabled, the penultimate router forwards the packet with the both labels but the top label value set to 0.
- The egress PE router pops the BGP-specific label, performs a single label lookup in the outbound interface, and sends the packet to the appropriate CE router.
Configure MPLS Layer-3 VPN
The MPLS Layer-3 VPN configuration process can be divided into the following steps.
- Establish connection between PE routers.
- Configure PE1 and PE2 as iBGP neighbors.
- Create VRF.
- Associate interfaces to VRFs.
- Configure VRF Route Destination and Route Targets.
- Configure CE neighbor for the VPN.
- Verify the MPLS to VPN configuration.
Topology
In this example, the Connector MPLS-VPN backbone has two customers — ComA and ComB. Both customers have sites in Moscow and Saint Petersburg. The following topology shows BGP4 address assignment between PE and CE routers. The steps that follow provision a customer VPN service across the MPLS-VPN backbone.
To establish this connection involves three steps:
Enable Label Switching
This is a sample configuration to enable label switching for the Labeled Switched Path (LSP) between PE1 and PE2.
PE1
PE1(config)#interface e1
PE1(config-if)#ip address 10.10.12.10/24
PE1(config-if)#label-switching
PE1(config-if)#ex
PE1(config)#port te1
PE1(config-port)#service-instance se1
PE1(config-service-instance)#encapsulation untagged
PE1(config-service-instance)#connect ip interface e1
P
P(config)#interface e1
P(config-if)#ip address 10.10.12.50/24
P(config-if)#label-switching
P(config-if)#ex
P(config)#port te1
P(config-port)#service-instance se1
P(config-service-instance)#encapsulation untagged
P(config-service-instance)#connect ip interface e1
P(config-service-instance)#ex
P(config-port)#ex
P(config)#interface e2
P(config-if)#ip address 10.10.13.50/24
P(config-if)#label-switching
P(config-if)#ex
P(config)#port te2
P(config-port)#service-instance se2
P(config-service-instance)#encapsulation untagged
P(config-service-instance)#connect ip interface e2
PE2
PE2(config)#interface e2
PE2(config-if)#ip address 10.10.13.10/24
PE2(config-if)#label-switching
PE2(config-if)#ex
PE2(config)#port te2
PE2(config-port)#service-instance se2
PE2(config-service-instance)#encapsulation untagged
PE2(config-service-instance)#connect ip interface e2
Enable IGP
What follows is a sample configuration to establish connections between the two Provider Edge routers PE1 and PE2.
Note: For details about OSPF commands, refer to the Open Shortest Path First Command Reference.
PE1
PE1(config)#router ospf 100
PE1(config-router)#network 10.10.12.0/24 area 0
P
P(config)#router ospf 100
P(config-router)#network 10.10.12.0/24 area 0
P(config-router)#network 10.10.13.0/24 area 0
PE2
PE2(config)#router ospf 100
PE2(config-router)#network 10.10.13.0/24 area 0
Enable Label Switching Protocol
Label switching protocols are used to set up a Label-Switched Path (LSP) between PE routers. EcoRouterOS supports LDP for label switching.
The example of configuration for LSP enabling on the whole path between PE1 and PE2 is shown below.
Note: For details about the commands, see the Label Distribution Protocol Command Reference.
PE1
PE1(config)#interface loopback.0
PE1(config-lo)#ip address 2.2.2.2/32
PE1(config-lo)#ex
PE1(config)#router ldp
PE1(config-router)#exit
PE1(config)#interface e1
PE1(config-if)#ldp enable ipv4
PE1(config-if)#ex
PE1(config)#router ldp
PE1(config-router)#advertisement-mode downstream-on-demand
PE1(config-router)#multicast-hellos
P
P(config)#interface e1
P(config-if)#ldp enable ipv4
P(config-if)#ex
P(config)#interface e2
P(config-if)#ldp enable ipv4
P(config-if)#ex
P(config)#router ldp
P(config-router)#advertisement-mode downstream-on-demand
P(config-router)#multicast-hellos
PE2
PE2(config)#interface loopback.0
PE2(config-lo)#ip address 3.3.3.3/32
PE2(config-lo)#ex
PE2(config)#router ldp
PE2(config-router)#exit
PE2(config)#interface e2
PE2(config-if)#ldp enable ipv4
PE2(config-if)#ex
PE2(config)#router ldp
PE2(config-router)#advertisement-mode downstream-on-demand
PE2(config-router)#multicast-hellos
Configure PEs as BGP Neighbors
BGP is the preferred protocol to transport VPN routes because of its multiprotocol capability and its scalability. Its ability to exchange information between indirectly connected routers supports keeping VPN routing information out of the Provider (P) routers. The P routers carry information as an optional BGP attribute. Additional attributes are transparently forwarded by any P router. The MPLS-VPN forwarding model does not require the P routers to make routing decisions based on VPN addressesю They forward packets based on the label value attached to the packet. The P routers do not require a VPN configuration in order to carry this information.
Note:For details about BGP commands, refer to the Border Gateway Protocol Command Reference.
PE1
PE1(config)#router bgp 100
PE1(config-router)#neighbor 3.3.3.3 remote-as 100
PE1(config-router)#neighbor 3.3.3.3 update-source 2.2.2.2
PE1(config-router)#address-family vpnv4 unicast
PE1(config-router-af)#neighbor 3.3.3.3 activate
PE2
P2(config)#router bgp 100
P2(config-router)#neighbor 2.2.2.2 remote-as 100
P2(config-router)#neighbor 2.2.2.2 update-source 3.3.3.3
P2(config-router)#address-family vpnv4 unicast
P2(config-router-af)#neighbor 2.2.2.2 activate
Create VRF
Each PE router in the MPLS-VPN backbone is connected to sites that are part of the virtual private networks of the customers. For each site, the routes of the corresponding VPN network are used. Therefore, the PE router must contain VRF tables for those VPN networks to which it is connected. In this example, these are both VPN networks.
Use the ip vrf <VRF_NAME> command in configuration mode to create the VRF table. On each PE router, VRF tables named ComA and ComB must be created. When this command is executed, a VRF RIB (Routing Information Base) routing table is created, VRF-ID assigned and the console switches to the context VRF configuration mode.
PE1(config)#ip vrf ComB
PE1(config-vrf)#
Associate Interfaces to VRFs
After the VRFs are defined on the PE router, the PE router needs to recognize which interfaces belong to which VRF. The VRF is populated with routes from connected sites. More than one interface can belong to the same VRF. To associate the interfaces (connected to the CE routers) to the VRFs, use the ip vrf forwarding <VRF_NAME> command in the context interface configuration mode.
In the following example, interface e2 of the PE1 router is associated with the VRF named ComB.
PE1(config)#interface e2
PE1(config-if)#ip vrf forwarding ComB
Configure VRF-RD and Route Targets
After the VRF is created, configure Router Distinguishers and Route Targets.
Configure Route Distinguishers
Route Distinguishers (RDs) make all customer routes unique. Thus, in the case of identical routes in different VPN networks, MP-BGP will perceive them as unique. For this, a prefix of 64 bits (RD) length is added to each IPv4 address from the virtual network, converting it into the VPN-IPv4 format. BGP considers two IPv4 addresses with different RD to be unique (incomparable), even if they have the same address and mask.
RD consists of the autonomous system serial number and the assigned number (ASN:nn), or the IP address and the assigned number (IP:nn), separated by the colon symbol ':'.
Use the <ASN:nn | IP:nn> command in context VRF configuration mode to specify RD for each VRF table on the PE-router.
In the example below the RD is specified for VRF ComB on the PE1 router.
PE1(config)#ip vrf ComB
PE1(config-vrf)#rd 168.12.2.1:1
Use the show ip route vrf <VRF_NAME> command in administration mode to display routing table for specific VRF or the how ip route vrf all command in administration mode to display routing table for all VRF.
Configure Route Targets
Any routes learned from customers are advertised across the network through Multi-Protocol BGP, and any routes learned through Multi-Protocol BGP are added into the appropriate VRFs. The route target helps PE routers identify which VRFs should receive the routes. Use the route-target {both | export | import} <ASN:nn | IP:nn> command in the context VRF configuration mode to assign RT for each VRF on PE-router.
The route-target command creates the import and export lists of extended community attributes (including RT) for VRF. RT identifies the target VPN network. This command must be entered separately for each community. All routes with the specified extended community attributes are imported into all VRFs belonging to the same communities as the destination import route.
The policy of route announcement export is configured by the route-target command:
- export - add RT to export VRF route information;
- import - import route information with specified RT;
- both - specify both import and export.
These policies are specified depending on the planned network topology. For example, setting the same value for an export and import policy for all VRF tables of a particular VPN leads to a fully-connected topology - each site can send packets directly to the site in which the destination network is located.
The example below demostrate an RT assignement for VRF ComB on the PE1 router. For other routers and networks, the same export policy value is specified.
PE1(config)#ip vrf ComB
PE1(config-vrf)#route-target both 100:1
Configure CE Neighbor for the VPN (Using BGP / OSPF / RIP)
To provide a VPN service, the PE-routers must be configured so that any routing information learned from a VPN customer interface can be associated with a particular VRF. This is achieved using any standard routing protocol process (RIP, OSPF, BGP or static routes etc). Use the appropriate of the following configurations (BGP, OSPF or RIP) to configure the CE neighbor.
BGP
The BGP sessions between PE and CE routers can carry different types of routes (VPN-IPv4, IPv4 routes). Address families are used to control the type of BGP session. Configure a BGP address family for each VRF on the PE-router, and a separate address family to carry VPN-IPv4 routes between PE routers. All non-VPN BGP neighbors are defined using the IPv4 address mode. Each VPN BGP neighbor is defined under its associated Address Family mode. Use the address-family ipv4 vrf <VRF_NAME> command in context BGP configuration mode to specify the address family. A separate address family entry is used for every VRF, and each address family entry can have multiple CE routers within the VRF.
The PE and CE routers must be directly connected for BGP4 sessions; BGP multihop is not supported between PE and CE routers.
The following example places the router in address family mode, and specifies customer company names, ComA and ComB, as the names of the VRF instance to associate with subsequent IPv4 address family configuration mode commands. This configuration is used when BGP is used for PE and CE.
PE1
PE1(config)#router bgp 100
PE1(config-router)#address-family ipv4 vrf ComA
PE1(config-router-af)#neighbor 192.16.3.3 remote-as 65001
PE1(config-router-af)#exit
PE1(config-router)#address-family ipv4 vrf ComB
PE1(config-router-af)#neighbor 168.12.0.2 remote-as 65003
OSPF
Unlike BGP and RIP, OSPF does not run different routing contexts within one process. Thus, for running OSPF between the PE and CE routers, configure a separate OSPF process for each VRF that receives VPN routes through OSPF. The PE router distinguishes routers belonging to a specific VRF, by associating a particular customer interface to a specific VRF and to a particular OSPF process.
To redistribute VRF OSPF routes into BGP, redistribute OSPF under the BGP VRF address family submode.
PE1
PE1(config)#router ospf 101 ComA
PE1(config-router)#network 192.16.3.0/24 area 0
PE1(config-router)#redistribute bgp
PE1(config-router)#ex
PE1(config)#router ospf 102 ComB
PE1(config-router)#network 192.12.0.0/24 area 0
PE1(config-router)#redistribute bgp
PE1
PE1(config)#router bgp 100
PE1(config-router)#address-family ipv4 vrf ComA
PE1(config-router-af)#redistribute ospf
PE1(config-router-af)#ex
PE1(config-router)#address-family ipv4 vrf ComB
PE1(config-router-af)#redistribute ospf
Verify the MPLS-VPN Configuration
Use the show ip bgp neighbor command in administration mode to validate the neighbor session between the CE and the PE routers. Use the show ip bgp vpnv4 all command to display all the VRFs and the routes associated with them. The following is sample output for the show running-config command for the PE1, CE1 and P routers displaying the complete configuration (based on the topology in the diagram above).
Note: In this example, OSPF was used to configure the PE to CE link.
PE1
PE1#show running-config
!
hostname PE1
!
ip vrf management
!
ip vrf ComA
rd 168.12.2.1:1
route-target both 100:1
!
ip vrf ComB
rd 192.16.2.1:1
route-target both 100:1
!
mpls propagate-ttl
!
!
ip pim register-rp-reachability
!
router ldp
targeted-peer ipv4 10.10.21.50
exit-targeted-peer-mode
advertisement-mode downstream-on-demand
!
router ospf 100
network 10.10.12.0/24 area 0.0.0.0
!
router ospf 101 ComA
redistribute bgp
network 192.16.3.0/24 area 0.0.0.0
!
router ospf 102 ComB
redistribute bgp
network 192.12.0.0/24 area 0.0.0.0
!
router bgp 100
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source 2.2.2.2
address-family vpnv4 unicast
neighbor 3.3.3.3 activate
exit-address-family
!
address-family ipv4 vrf ComA
redistribute ospf
exit-address-family
!
address-family ipv4 vrf ComB
redistribute ospf
exit-address-family
!
interface loopback.0
ip mtu 1500
ip address 2.2.2.2/32
!
interface e1
ip mtu 1500
label-switching connect port te1 service-instance se1
ip address 10.10.21.10/24
ldp enable ipv4
!
interface e2
ip mtu 1500
ip vrf forwarding ComB
!
interface e3
ip mtu 1500
ip vrf forwarding ComA
!
P
!
hostname P
!
ip vrf management
!
mpls propagate-ttl
!
!
ip pim register-rp-reachability
!
router ldp
pw-status-tlv
advertisement-mode downstream-on-demand
!
interface e1
ip mtu 1500
label-switching
connect port te1 service-instance se1
ip address 10.10.21.50/24
enable-ldp ipv4
!
interface e2
ip mtu 1500
label-switching
connect port te1 service-instance se1
ip address 10.10.13.50/24
enable-ldp ipv4
!
end
MPLS Layer-3 eBGP VPN Configuration
This chapter contains configuration examples to support Virtual Private Networks (VPN) between Provider-Edge (PE) routers when they are in different Autonomous Systems (AS) using an eBGP connection.
VPN capability is extended to incorporate scenarios in which the PE routers are in different Autonomous Systems. In all cases, the connection between the PE routers is maintained using eBGP connection. EBGP-VPNs are not allowed by default.
PE to ASBR to ASBRs Using eBGP
In this example, eBGP is configured between Customer Edge (CE) and PE routers. The PE routers have an iBGP connection with Autonomous System Border Routers (ASBRs). The ASBRs are connected to each other using eBGP.
Topology
Configure other CE routers, PE routers, and ASBR according to the topology.
CEs
| Command | Description |
|---|---|
#configure terminal | Enter Configure mode. |
(config)#interface eth1 | Enter interface mode |
(config-if)#ip address 172.6.7.117/24 | Assign the IP address. |
(config-if)#exit | Exit interface mode. |
(config)#router bgp 65001 | Define the BGP routing process with AS number 65001. |
(config-router)#neighbor 172.6.7.116 remote- | Define the PE router as the neighbor. In this case, |
Validation show ip bgp neighbors, show ip bgp
PEs
| Command | Description |
|---|---|
#configure terminal | Enter Configure mode. |
(config)#ip vrf IPI | Создание VRF под названием IPI |
(config-vrf)#rd 1:100 | Assign the route distinguisher (RD) value as 1:100. |
(config-vrf)#route-target both 100:200 | Import routes between route target (RT) ext-communities 100 and 200. |
(config-vrf)#exit | Exit VRF mode. |
(config)#interface eth3 | Enter interface mode. |
(config-if)#ip vrf forwarding IPI | Bind the interface connected to the CE router with VRF IPI. |
(config-if)#ip address 172.6.7.116/24 | Assign an IP address for the interface. |
(config-if)#exit | Exit interface mode. |
(config)#router bgp 1 | Define the BGP routing process with AS number 1. |
(config-router)#neighbor 172.5.6.115 remote- | Add the ASBR as an iBGP peer: 172.5.6.115 is the ASBR IP address, and 1 is the AS number. |
(config-router)#address-family vpnv4 unicast | Enter VPNv4 Address Family mode. |
(config-router-af)#neighbor 172.5.6.115 | Activate the ASBR neighbor so that it can accept VPN routes. |
(config-router-af)#exit-address-family | Exit VPNv4 Address Family mode. |
(config-router)#address-family ipv4 vrf IPI | Enter the IPv4 address family for VRF IPI. |
(config-router-af)#neighbor 172.6.7.117 | Add the CE router as an eBGP peer: 172.6.7.117 is the |
(config-router-af)#exit-address-family | Exit IPv4 Address Family mode. |
(config-router)#exit | Exit Router mode. |
Validation show ip bgp neighbors, show ip bgp vpnv4 all
ABSR1 and ASBR2
| Command | Description |
|---|---|
#configure terminal | Enter Configure mode. |
(config)#ip vrf IPI | Создание VRF под названием IPI. |
(config-vrf)#rd 1:100 | Assign the RD value as 1:100. |
(config-vrf)#route-target both 100:200 | Import routes between RT ext-communities 100 and 200. |
(config-vrf)#exit | Exit VRF mode. |
(config)#interface eth1 | Enter interface mode. |
(config-if)#ip address 172.5.6.115/24 | Assign an IP address for the interface. |
(config-if)#exit | Exit interface mode. |
(config)#router bgp 1 | Define the BGP routing process with AS number 1. |
(config-router)#neighbor 172.5.6.116 remote- | Add the PE router as an iBGP peer: 172.5.6.116 is the PE router IP address, and 1 is the AS number. |
(config-router)#neighbor 172.4.5.114 remote- | Add the remote ASBR as an eBGP peer: 172.4.5.114 is the remote ASBR IP address, and 2 is the AS number. |
(config-router)#address-family vpnv4 unicast | Enter VPNv4 Address Family mode. |
(config-router-af)#neighbor 172.5.6.116 | Activate the iBGP PE router peer to carry VPN routes. |
(config-router-af)#neighbor 172.4.5.114 | Enable the CLI for allowing eBGP VPNs between the two ASBRs. |
(config-router-af)#neighbor 172.4.5.114 | Activate the eBGP ASBR to carry VPN routes. |
(config-router-af)#exit-address-family | Exit IPv4 Address Family mode. |
(config-router)#exit | Exit Router mode. |
Validation show ip bgp neighbors, show ip bgp vpnv4 all
PE to RR with ASBR to ASBRs by eBGP
In this example, a PE router is connected to a Route-Reflector (RR), one of whose client is an ASBR connected to other ASBRs by eBGP. This configuration is same as the scenario above (PE to ASBR to ASBRs Using eBGP), except the PE routers are clients of an RR, one of whose numerous clients is an ASBR. The ASBRs are now connected to each other using eBGP.
Topology
Configure other CE routers, PE routers, RR, and ASBR according to the topology.
CE Routers
Use the same steps as in PE to ASBR to ASBRs Using eBGP.
PE Routers
Use the same steps as in PE to ASBR to ASBRs Using eBGP, except that the RR is configured as an iGBP peer, instead of the ASBR.
Route Reflectors
| Command | Description |
|---|---|
#configure terminal | Enter Configure mode. |
(config)#ip vrf IPI | Create a new VRF named IPI. |
(config-vrf)#rd 1:100 | Assign the RD value as 1:100. |
(config-vrf)#route-target both 100:200 | Import routes between RT ext-communities 100 and 200. |
(config-vrf)#exit | Exit VRF mode. |
(config)#interface eth1 | Enter interface mode. |
(config-if)#ip address 172.4.5.114/24 | Assign an IP address for the interface. |
(config-if)#exit | Exit interface mode. |
(config)#router bgp 1 | Define the BGP routing process with AS number 1. |
(config-router)#neighbor 172.5.6.116 remote- | Add the PE router as an iBGP peer: 172.5.6.116 is the PE router IP address, and 1 is the AS number. |
(config-router)#neighbor 172.4.5.114 remote- | Add the ASBR as an iBGP peer: 172.4.5.114 is the ASBR IP address, and 1 is the AS number. |
(config-router)#address-family vpnv4 unicast | Enter VPNv4 Address Family mode. |
(config-router-af)#neighbor 172.5.6.116 | Activate the PE router to carry VPN routes. |
(config-router-af)#neighbor 172.5.6.116 | Add the PE router as a route-reflector-client. |
(config-router-af)#neighbor 172.4.5.114 | Activate the ASBR to carry VPN routes. |
(config-router-af)#neighbor 172.4.5.114 | Add the ASBR as a route-reflector-client. |
(config-router-af)#exit-address-family | Exit IPv4 Address Family mode. |
(config-router)#exit | Exit Router mode. |
ASBRs
Use the same configuration steps as in PE to ASBR to ASBRs Using eBGP, except that the ASBR is configured as an iGBP peer, instead of an RR.
Validation show ip bgp neighbors, show ip bgp vpnv4 all
Connect PEs Using eBGP multi-hop
In this example, PE routers are directly connected to each other using an eBGP multi-hop connection.
EBGP is configured between CE-PE routers. PE routers are configured to have an eBGP multi-hop connection between them. To make the multi-hop connection work, an IGP protocol must be run between PE1-P-PE2.
Topology
Configure other CE and PE routers according to the topology. The P routers should only have an IGP protocol (OSPF, in this case) configuration.
CE Routers
| Command | Description |
|---|---|
#configure terminal | Enter Configure mode. |
(config)#interface eth1 | Enter interface mode |
(config-if)#ip address 172.6.7.117/24 | Assign the IP address. |
(config-if)#exit | Exit interface mode. |
(config)#router bgp 65001 | Define the BGP routing process with AS number 65001. |
(config-router)#neighbor 172.6.7.116 remote- | Define the PE router as the neighbor. In this case |
Validation show ip bgp neighbors, show ip bgp
PE Routers
| Command | Description |
|---|---|
#configure terminal | Enter Configure mode. |
(config)#ip vrf IPI | Create a new VRF named IPI. |
(config-vrf)#rd 1:100 | Assign the RD value as 1:100. |
(config-vrf)#route-target both 100:200 | Import routes between RT ext-communities 100 and 200. |
(config-vrf)#exit | Exit VRF mode. |
(config)#interface eth3 | Enter interface mode. |
(config-if)#ip vrf forwarding IPI | Bind the interface connected to the CE router with VRF IPI. |
(config-if)#ip address 172.6.7.116/24 | Assign an IP address for the interface. |
(config-if)#exit | Exit interface mode. |
(config)#router ospf 1 | Define the OSPF routing process. |
(config-router)#network 172.5.6.0/24 area 0 | Advertise the network between the PE router with the P router, so the multi-hop connection can come up. |
(config-router)#exit | Exit the OSPF routing process. |
(config)#router bgp 1 | Define the BGP process with AS number 1. |
(config-router)#neighbor 172.4.5.114 remote- | Define the remote PE router as the neighbor. In this case, 172.4.5.114 is the IP address of the remote PE router, and 2 is the AS number |
(config-router)#neighbor 172.4.5.114 ebgp- | Assign the remote PE router as an eBGP-multi-hop peer. |
(config-router)#address-family vpnv4 unicast | Enter VPNv4 Address Family mode. |
(config-router-af)#neighbor 172.4.5.114 | Configure the remote PE router to allow eBGP VPNs. |
(config-router-af)#neighbor 172.4.5.114 | Activate the remote PE router so that it can accept VPN routes. |
(config-router-af)#exit-address-family | Exit VPNv4 Address Family mode. |
(config-router)#address-family ipv4 vrf IPI | Enter the IPv4 address family for VRF IPI. |
(config-router-af)#neighbor 172.6.7.117 | Define the CE router as a neighbor: 172.6.7.117 is the |
(config-router-af)#exit-address-family | Exit IPv4 Address Family mode. |
(config-router)#exit | Exit Router mode. |
Validation show ip bgp neighbors, show ip bgp vpnv4 all
Connect PEs to RRs to RRs Using eBGP multi-hop
In this example, PE routers are connected to Route-Reflectors (RRs), which are connected to other RRs using an eBGP-multi-hop connection.
This configuration is same as the previous scenario (Connect PEs Using eBGP multi-hop), except the PE routers are connected to RRs using an iBGP connection. EBGP multi-hop connections are present between the RRs only.
Topology
Configure the CE routers, PE routers, and RRs according to the topology. The P routers should only have an IGP protocol (OSPF, in this case) configuration.
CE Routers
Same as the scenario for Connect PEs Using eBGP multi-hop.
PE Routers
Same as the scenario for Connect PEs Using eBGP multi-hop, except PE routers have only iBGP connections with the RR.
Route Reflectors
| Command | Description |
|---|---|
#configure terminal | Enter Configure mode. |
(config)#ip vrf IPI | Create a new VRF named IPI. |
(config-vrf)#rd 1:100 | Assign the RD value as 1:100. |
(config-vrf)#route-target both 100:200 | Import routes between RT ext-communities 100 and 200. |
(config-vrf)#exit | Exit VRF mode. |
(config)#interface eth1 | Enter interface mode. |
(config-if)#ip address 172.5.6.115/24 | Assign an IP address for the interface. |
(config-if)#exit | Exit interface mode. |
(config)#router bgp 1 | Define the BGP routing process with AS number 1. |
(config-router)#neighbor 172.5.6.116 remote- | Add the PE router as an iBGP peer: 172.5.6.116 is the PE router IP address, and 1 is the AS number. |
(config-router)#neighbor 172.3.4.113 remote- | Add the remote RR as an iBGP peer: 172.3.4.113 is the IP address of the remote eBGP peer, and 2 is the AS number. |
(config-router)#neighbor 172.3.4.113 ebgp- | Assign the remote RR router as an eBGP multi-hop peer. |
(config-router)#address-family vpnv4 unicast | Enter VPNv4 Address Family mode. |
(config-router-af)#neighbor 172.3.4.113 | Configure the remote RR to allow EBGP VPNs. |
(config-router-af)#neighbor 72.3.4.113 | Activate the remote RR to carry VPN routes. |
(config-router-af)#neighbor 172.5.6.116 | Activate the PE router to carry VPN routes. |
(config-router-af)#neighbor 172.5.6.116 | Add the PE router as a route-reflector-client. |
(config-router-af)#exit-address-family | Exit IPv4 Address Family mode. |
(config-router)#exit | Exit Router mode. |
(config)#router ospf 1 | Define the OSPF routing process. |
(config-router)#network 172.4.5.0/24 area 0 | Advertise the network between the PE router with the P router, so the multi-hop connection can come up. |
(config-router)#exit | Exit the OSPF routing process. |
Validation show ip bgp neighbors, show ip bgp vpnv4 all