Inter-AS MPLS VPN: Back to Back VRF

Posted by
Facebooktwitterredditpinterestlinkedintumblr

Back to back VRF is one of the options to connect customer sites that are geographically dispersed and also connected to different service provider MPLS VPN backbones. This option is the simplest approach for allowing MPLS VPN providers to exchange VPN routing information for CE sites. The border provider edge routers residing in different AS function as ASBRs. ASBRs are interconnected either via a single physical link consisting of logical interfaces or multiple physical links. Customer VRF is configured on each ASBR to collect VPN client routes. Dynamic routing protocol like BGP, EIGRP and OSPF is run on each ASBR to distribute routes to its adjacent peer. BGP is commonly used in this setup because it scales best to this type of application.

In this example, two customer sites are connected to two different service providers namely service provider 1 and 2. Inter-AS and CE-PE routing protocol in use is BGP. Back to back VRF is configured in PE1-ASBR-AS1 and PE1-ASBR-AS2 routers.

back to back VRF

Verfication.

CE-1#traceroute 192.168.20.1 source loo1

Type escape sequence to abort.
Tracing the route to 192.168.20.1

  1 10.10.10.1 24 msec 8 msec 8 msec
  2 10.12.12.1 [MPLS: Label 17 Exp 0] 28 msec 20 msec 20 msec
  3 10.12.12.2 40 msec 28 msec 56 msec
  4 10.10.20.1 [MPLS: Label 17 Exp 0] 40 msec 76 msec 60 msec
  5 10.10.20.2 64 msec 48 msec 88 msec
CE-1#                                   
CE-1#ping 192.168.20.1 source loo1      

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.10.1 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/60/80 ms

CE-2#traceroute 192.168.10.1 source loo1

Type escape sequence to abort.
Tracing the route to 192.168.10.1

  1 10.10.20.1 16 msec 20 msec 20 msec
  2 10.12.12.2 [MPLS: Label 17 Exp 0] 28 msec 32 msec 28 msec
  3 10.12.12.1 44 msec 24 msec 36 msec
  4 10.10.10.1 [MPLS: Label 17 Exp 0] 28 msec 56 msec 36 msec
  5 10.10.10.2 60 msec 36 msec 80 msec
CE-2#
CE-2#ping 192.168.10.1 source loo1      

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.20.1 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/70/80 ms

PE1-ASBR-AS2#sh ip route vrf customer-a
Routing Table: customer-a
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.12.12.0/30 is directly connected, Serial1/0
L        10.12.12.2/32 is directly connected, Serial1/0
B     192.168.10.0/24 [20/0] via 10.12.12.1, 00:57:35
B     192.168.20.0/24 [200/0] via 2.2.2.2, 00:17:34

PE1-ASBR-AS2#sh ip route vrf customer-a
Routing Table: customer-a
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.12.12.0/30 is directly connected, Serial1/0
L        10.12.12.2/32 is directly connected, Serial1/0
B     192.168.10.0/24 [20/0] via 10.12.12.1, 00:55:20
B     192.168.20.0/24 [200/0] via 2.2.2.2, 00:15:19

Final configuration with back to back VRF.

hostname PE1-AS1
!
ip vrf customer-a
 rd 1:100
 route-target export 1:100
 route-target import 1:100
!
ip cef
!
interface Loopback1
 ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
 ip vrf forwarding customer-a
 ip address 10.10.10.1 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet0/1
 ip address 1.1.10.1 255.255.255.252
 ip ospf priority 0
 duplex auto
 speed auto
 mpls ip
!
router ospf 100
 router-id 1.1.1.1
 network 1.1.1.1 0.0.0.0 area 0
 network 1.1.10.1 0.0.0.0 area 0
!
router bgp 100
 bgp router-id 1.1.1.1
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 1.1.1.2 remote-as 100
 neighbor 1.1.1.2 update-source Loopback1
 !
 address-family ipv4
  neighbor 1.1.1.2 activate
 exit-address-family
 !
 address-family vpnv4
  neighbor 1.1.1.2 activate
  neighbor 1.1.1.2 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf customer-a
  neighbor 10.10.10.2 remote-as 65000
  neighbor 10.10.10.2 update-source FastEthernet0/0
  neighbor 10.10.10.2 activate
 exit-address-family
!
mpls ldp router-id Loopback1 force

hostname PE1-ASBR-AS1
!
ip vrf customer-a
 rd 1:100
 route-target export 1:100
 route-target import 1:100
!
no ip domain lookup
ip cef
!
interface Loopback1
 ip address 1.1.1.2 255.255.255.255
!
interface FastEthernet0/0
 ip address 1.1.10.2 255.255.255.252
 duplex auto
 speed auto
 mpls ip
!
interface Serial1/0
 ip vrf forwarding customer-a
 ip address 10.12.12.1 255.255.255.252
 serial restart-delay 0
!
router ospf 100
 router-id 1.1.1.2
 network 1.1.1.2 0.0.0.0 area 0
 network 1.1.10.2 0.0.0.0 area 0
!
router bgp 100
 bgp router-id 1.1.1.2
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 1.1.1.1 remote-as 100
 neighbor 1.1.1.1 update-source Loopback1
 !
 address-family ipv4
  neighbor 1.1.1.1 activate
 exit-address-family
 !
 address-family vpnv4
  neighbor 1.1.1.1 activate
  neighbor 1.1.1.1 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf customer-a
  neighbor 10.12.12.2 remote-as 200
  neighbor 10.12.12.2 activate
 exit-address-family
!
mpls ldp router-id Loopback1 force

hostname PE1-AS2
!
ip vrf customer-a
 rd 2:100
 route-target export 2:100
 route-target import 2:100
!
ip cef
!
interface Loopback1
 ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
 ip vrf forwarding customer-a
 ip address 10.10.20.1 255.255.255.252
 duplex full
 speed 100
!
interface FastEthernet0/1
 ip address 10.20.20.2 255.255.255.252
 duplex full
 speed 100
 mpls ip
!
!
router eigrp 100
 network 2.2.2.2 0.0.0.0
 network 10.20.20.2 0.0.0.0
 eigrp router-id 2.2.2.2
!
router bgp 200
 bgp router-id 2.2.2.2
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 2.2.2.1 remote-as 200
 neighbor 2.2.2.1 update-source Loopback1
 !
 address-family ipv4
  neighbor 2.2.2.1 activate
 exit-address-family
 !
 address-family vpnv4
  neighbor 2.2.2.1 activate
  neighbor 2.2.2.1 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf customer-a
  neighbor 10.10.20.2 remote-as 65001
  neighbor 10.10.20.2 update-source FastEthernet0/0
  neighbor 10.10.20.2 activate
 exit-address-family
!
mpls ldp router-id Loopback1 force

hostname PE1-ASBR-AS2
!
ip vrf customer-a
 rd 2:100
 route-target export 2:100
 route-target import 2:100
!
no ip domain lookup
ip cef
!
interface Loopback1
 ip address 2.2.2.1 255.255.255.255
!
interface FastEthernet0/1
 ip address 10.20.20.1 255.255.255.252
 duplex full
 speed 100
 mpls ip
!
interface Serial1/0
 ip vrf forwarding customer-a
 ip address 10.12.12.2 255.255.255.252
 serial restart-delay 0   
!
router eigrp 100
 network 2.2.2.1 0.0.0.0
 network 10.20.20.1 0.0.0.0
 eigrp router-id 2.2.2.1
!
router bgp 200
 bgp router-id 2.2.2.1
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 2.2.2.2 remote-as 200
 neighbor 2.2.2.2 update-source Loopback1
 !
 address-family ipv4
  neighbor 2.2.2.2 activate
 exit-address-family
 !
 address-family vpnv4
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf customer-a
  neighbor 10.12.12.1 remote-as 100
  neighbor 10.12.12.1 activate
 exit-address-family
!
mpls ldp router-id Loopback1 force

hostname CE-1
!
ip cef
!
interface Loopback1
 ip address 192.168.10.1 255.255.255.0
!
interface FastEthernet0/0
 ip address 10.10.10.2 255.255.255.252
 speed 100
 full-duplex
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
router bgp 65000
 no synchronization
 bgp log-neighbor-changes
 network 192.168.10.0
 neighbor 10.10.10.1 remote-as 100
 neighbor 10.10.10.1 update-source FastEthernet0/0
 no auto-summary

hostname CE-2
!
no ip icmp rate-limit unreachable
ip cef
!
interface Loopback1
 ip address 192.168.20.1 255.255.255.0
!
interface FastEthernet0/0
 ip address 10.10.20.2 255.255.255.252
 speed 100
 full-duplex
!
router bgp 65001
 no synchronization
 bgp log-neighbor-changes
 network 192.168.20.0
 neighbor 10.10.20.1 remote-as 200
 neighbor 10.10.20.1 update-source FastEthernet0/0
 no auto-summary

Leave a Reply

Your email address will not be published. Required fields are marked *

*