In this post we will be taking a look at the "easiest" Inter AS VPN technique, at least in my opinion. It takes advantage of what is already understood with VRF connectivity, instead of connecting to a customer device, we peer with the remote provider in a VRF. This is done per customer, so for every customer we're trying to extend between the SPs, a VRF must be created. This also means that a routing protocol adjacency/peering needs to be configured as well. This is where the scalability of Option A becomes an issue, 1 for 1 VRFs and BGP/IGP peerings will quickly tie up resources on the ASBRs.
The VRFs laid out below will be needed to learn and then propagate BGP routes between the providers.
R5 and R6
vrf definition CSC
rd 1:1
route-target export 1:1
route-target import 1:1
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition VPNA
rd 2:2
route-target export 2:2
route-target import 2:2
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf definition VPNB
rd 3:3
route-target export 3:3
route-target import 3:3
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
XR6
vrf TEST
address-family ipv4 unicast
import route-target
1:1
!
export route-target
1:1
!
!
address-family ipv6 unicast
import route-target
1:1
!
export route-target
1:1
!
vrf VPNA
address-family ipv4 unicast
import route-target
2:2
!
export route-target
2:2
!
!
address-family ipv6 unicast
import route-target
2:2
!
export route-target
2:2
!
!
!
vrf VPNB
address-family ipv4 unicast
import route-target
3:3
!
export route-target
3:3
!
!
address-family ipv6 unicast
import route-target
3:3
!
export route-target
3:3
!
!
!
Now we'll have to apply the VRFs to interfaces.
R5#sh vrf
Name Default RD Protocols Interfaces
CSC 1:1 ipv4,ipv6 Gi1.56
VPNA 2:2 ipv4,ipv6 Gi1.22
VPNB 3:3 ipv4,ipv6 Gi1.33
R6#sh vrf
Name Default RD Protocols Interfaces
CSC 1:1 ipv4,ipv6 Gi1.56
Gi1.166
VPNA 2:2 ipv4,ipv6 Gi1.22
Gi1.122
VPNB 3:3 ipv4,ipv6 Gi1.33
Gi1.133
RP/0/0/CPU0:XR6#sh ip int br | ex default
Thu Apr 12 15:01:34.989 UTC
Interface IP-Address Status Protocol Vrf-Name
GigabitEthernet0/0/0/0.122 100.64.122.16 Up Up VPNA
GigabitEthernet0/0/0/0.133 100.64.133.16 Up Up VPNB
GigabitEthernet0/0/0/0.166 100.64.166.16 Up Up TEST
Now that the interfaces are in the correct VRFs, we can go ahead and setup the BGP configuration.
R5
router bgp 50693
!
address-family ipv4 vrf CSC
neighbor 100.64.56.6 remote-as 2
neighbor 100.64.56.6 activate
exit-address-family
!
address-family ipv4 vrf VPNA
neighbor 100.64.22.6 remote-as 2
neighbor 100.64.22.6 activate
exit-address-family
!
address-family ipv4 vrf VPNB
neighbor 100.64.33.6 remote-as 2
neighbor 100.64.33.6 activate
exit-address-family
R6
router bgp 2
address-family ipv4 vrf CSC
neighbor 100.64.56.5 remote-as 50693
neighbor 100.64.56.5 activate
neighbor 100.64.166.16 remote-as 50693
neighbor 100.64.166.16 activate
exit-address-family
!
address-family ipv4 vrf VPNA
neighbor 100.64.22.5 remote-as 50693
neighbor 100.64.22.5 activate
neighbor 100.64.122.16 remote-as 50693
neighbor 100.64.122.16 activate
exit-address-family
!
address-family ipv4 vrf VPNB
neighbor 100.64.33.5 remote-as 50693
neighbor 100.64.33.5 activate
neighbor 100.64.133.16 remote-as 50693
neighbor 100.64.133.16 activate
exit-address-family
XR6
router bgp 50693
vrf TEST
rd 1:1
address-family ipv4 unicast
!
neighbor 100.64.166.6
remote-as 2
address-family ipv4 unicast
route-policy RPL_EBGP_PEERINGS in
route-policy RPL_EBGP_PEERINGS out
!
!
!
vrf VPNA
rd 2:2
address-family ipv4 unicast
!
neighbor 100.64.122.6
remote-as 2
address-family ipv4 unicast
route-policy RPL_EBGP_PEERINGS in
route-policy RPL_EBGP_PEERINGS out
!
!
!
vrf VPNB
rd 3:3
address-family ipv4 unicast
!
neighbor 100.64.133.6
remote-as 2
address-family ipv4 unicast
route-policy RPL_EBGP_PEERINGS in
route-policy RPL_EBGP_PEERINGS out
RP/0/0/CPU0:XR6#sh bgp vrf all summary | i "Neighbor|100.64."
Thu Apr 12 15:06:51.637 UTC
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
100.64.166.6 0 2 371 334 110 0 0 05:28:33 6
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
100.64.122.6 0 2 16 13 110 0 0 00:09:58 4
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
100.64.133.6 0 2 16 13 110 0 0 00:09:57 4
R5# sh bgp vpnv4 unicast all summary | b Neighbor
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
100.64.22.6 4 2 250 247 57 0 0 03:39:37 4
100.64.33.6 4 2 244 244 57 0 0 03:36:02 4
100.64.56.6 4 2 400 401 57 0 0 05:58:40 6
192.0.2.8 4 50693 1379 1343 57 0 0 20:08:40 12
R6# sh bgp vpnv4 unicast all summary | b Neighbor
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
100.64.22.5 4 50693 248 250 65 0 0 03:40:04 4
100.64.33.5 4 50693 245 244 65 0 0 03:36:29 4
100.64.56.5 4 50693 402 401 65 0 0 05:59:07 4
100.64.122.16 4 50693 18 21 65 0 0 00:14:20 2
100.64.133.16 4 50693 18 21 65 0 0 00:14:19 2
100.64.166.16 4 50693 338 375 65 0 0 05:32:56 4
Now that we have all the verification complete. We need to test.
R2#sh bgp ipv4 unicast | b Network
Network Next Hop Metric LocPrf Weight Path
r> 100.64.21.0/24 100.64.21.1 0 0 50693 i
*> 100.64.114.0/24 100.64.21.1 0 50693 2 65004 i
*> 100.64.144.0/24 100.64.21.1 0 50693 2 65014 i
*> 100.64.165.0/24 100.64.21.1 0 50693 65016 i
*> 100.64.222.0/24 100.64.21.1 0 50693 2 65014 i
*> 100.64.233.0/24 100.64.21.1 0 50693 2 65014 i
*> 192.0.2.2/32 0.0.0.0 0 32768 i
*> 192.0.2.4/32 100.64.21.1 0 50693 2 65004 i
*> 192.0.2.14/32 100.64.21.1 0 50693 2 65014 i
*> 192.0.2.16/32 100.64.21.1 0 50693 65016 i
R2#traceroute 192.0.2.14 source lo0 num
Type escape sequence to abort.
Tracing the route to 192.0.2.14
VRF info: (vrf in name/id, vrf out name/id)
1 100.64.21.1 [AS 50693] 5 msec 3 msec 3 msec
2 100.64.18.8 [MPLS: Labels 20/44 Exp 0] 6 msec 6 msec 7 msec
3 100.64.56.5 [MPLS: Label 44 Exp 0] 14 msec 16 msec 15 msec
4 100.64.56.6 19 msec 11 msec 10 msec
5 100.64.106.10 [MPLS: Labels 22/24010 Exp 0] 16 msec 25 msec 17 msec
6 100.64.103.13 [MPLS: Labels 24008/24010 Exp 0] 20 msec 19 msec 21 msec
7 100.64.134.14 [MPLS: Label 24010 Exp 0] 18 msec 19 msec 20 msec
8 100.64.144.14 [AS 65014] 21 msec * 11 msec
We reach it taking the R5-R6 path to get there. You'll also notice that the traceroute is 2 LSPs and an IP path. LSP1 is R1 to R5, the IP path is R5 to R6 and LSP2 is R6 to XR4. This is expected with option A since it is back to back VRF exchange. There is no label exchange or allocation.
R12#sh bgp ipv4 unicast | b Network
Network Next Hop Metric LocPrf Weight Path
*> 100.64.121.0/24 0.0.0.0 0 32768 i
*> 100.64.144.0/24 100.64.121.11 0 50693 2 65014 i
*> 100.64.178.0/24 100.64.121.11 0 50693 65018 i
*> 100.64.222.0/24 100.64.121.11 0 50693 2 65014 i
*> 100.64.233.0/24 100.64.121.11 0 50693 2 65014 i
*> 192.0.2.12/32 0.0.0.0 0 32768 i
*> 192.0.2.14/32 100.64.121.11 0 50693 2 65014 i
*> 192.0.2.18/32 100.64.121.11 0 50693 65018 i
We check R12 as well, which is a different customer. We see that R18 and R14 loopbacks are learned. R14 is peered with XR4 in all VRFs, so it has visibility in all VPNs. This can be done by peering the PE to the CE in all VRFs or simply importing/exporting the right RT values in the VRF confguration.
R12#traceroute 192.0.2.14 so lo0 num
Type escape sequence to abort.
Tracing the route to 192.0.2.14
VRF info: (vrf in name/id, vrf out name/id)
1 100.64.121.11 2 msec 2 msec 1 msec
2 100.64.151.15 [MPLS: Labels 20/49 Exp 0] 8 msec 9 msec 7 msec
3 100.64.158.8 [MPLS: Labels 20/49 Exp 0] 28 msec 31 msec 31 msec
4 100.64.33.5 [MPLS: Label 49 Exp 0] 21 msec 21 msec 20 msec
5 100.64.33.6 20 msec 13 msec 12 msec
6 100.64.106.10 [MPLS: Labels 22/24014 Exp 0] 15 msec 20 msec 20 msec
7 100.64.103.13 [MPLS: Labels 24008/24014 Exp 0] 23 msec 19 msec 23 msec
8 100.64.134.14 [MPLS: Label 24014 Exp 0] 25 msec 19 msec 22 msec
9 100.64.233.14 [AS 65014] 22 msec * 14 msec
We trace over the Inter AS path, again with 2 LSPs and 1 IP path. We also have Intra AS reachability with R18 but the focus was Inter AS here.
No comments:
Post a Comment