Simplified Networking
  • Home
  • Technology VoD!
    • Cisco >
      • Route & Switch / Enterprise Infrastructure
  • Technology Breakdowns!
    • Route&Switch/Ent. Infra. >
      • L2 Technologies
      • L3 Technologies
      • VPN Technologies
      • Services >
        • IOS - Dynamic NAT
        • HSRP - IPv4 Setup
        • HSRP - Priority and Preemption
    • Service Provider >
      • IGPs (Interior Gateway Protocols)
      • First Hop Redundancy >
        • HSRP (Hot Standby Router Protocol) >
          • HSRP - IOS/IOS XE Setup
          • HSRP - IOS XR Setup
      • BGP (Border Gateway Protocol)
      • Inter AS Multicast (MSDP)
      • Intra-AS MPLS
      • Inter-AS MPLS
    • Security >
      • IOS Firewall
      • ASA Firewall
      • FirePOWER Threat Defense >
        • FTD - FTD NGFW Device Setup and FMC Integration
      • VPNs >
        • PKI
        • Site to Site VPNs
        • Remote Access VPNs >
          • IOS Remote Access
          • ASA Remote Access
    • Data Center >
      • Nexus 9000v >
        • Nexus 9000v - Enabling Features
        • Nexus 9000v - VLANs and Trunks
        • Nexus 9000v - LACP Port Channels
        • Nexus 9000v - vPC (Virtual Port Channel)
        • Nexus 9000v - OSPFv2
        • Nexus 9000v - VXLAN - Ingress Replication Flood and Learn
        • Nexus 9000v - IP Multicast
        • Nexus 9000v - VxLAN - Multicast Flood and Learn
        • Nexus 9000v - VxLAN - BGP EVPN with Multicast
        • Nexus 9000v - VxLAN - BGP EVPN w/Ingress Replication
        • Nexus 9000v - VxLAN - Inter-VxLAN Routing with BGP EVPN
        • Nexus 9000v - VXLAN - External Routing
      • Nexus 7000v
    • Palo Alto

Inter AS MPLS L3 VPN Option AB or D

Picture
Option D takes advantage of Option A and Option B. We're not setting up ASBR connections for both A and B, just for B and telling the VRFs to rely on option B to exchange routing information. This option is only supported on IOS for IPv4. All of the Option B components need to be implemented. This includes the VPNv4 eBGP peering between the ASBRs and Locally configured VRFs to import routes from the local PE routers.

We'll focus specifically on the Option D components.

CSR5
router bgp 1
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 12.5.6.6 remote-as 2
 !
 address-family vpnv4
  no bgp default route-target filter
  neighbor 12.5.6.6 activate
  neighbor 12.5.6.6 send-community extended
  neighbor 12.5.6.6 inter-as-hybrid
!
vrf definition C1
 address-family ipv4
  inter-as-hybrid next-hop 101.5.6.6
 exit-address-family

Technically the "no bgp default route-target filter" isn't necessary, this is because there are locally configured VRFs importing the RT values from the PE routers. However, in our environment, each PE and ASBR have their own RT values, so imports and exports are still necessary. 


CSR6
router bgp 2
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 12.5.6.5 remote-as 1
 !
 address-family vpnv4
  no bgp default route-target filter
  neighbor 12.5.6.5 activate
  neighbor 12.5.6.5 send-community extended
  neighbor 12.5.6.5 inter-as-hybrid
!
vrf definition C1
 address-family ipv4
  inter-as-hybrid next-hop 101.5.6.5
 exit-address-family


When I initially got this working with eBGP VPNv4, routes from the ASBR weren't being learned via VPNv4 or the VRF C1. It took me a little while to realize the issue, specific to Option B, where RT values need to be imported to work correctly. This isn't an issue with normal Option B, since the ASBRs are just using VPNv4 to exchange routes between the ASBRs. In this variation, not importing the RT value of the other ASBR for those VRFs, will result in a loss of route propagation.

BGP(4): (base) 101.1.19.19 send unreachable (format) 10.1.25.0/24
BGP(4): (base) 102.1.20.20 send unreachable (format) 10.2.26.0/24
BGP(4): (base) 103.1.21.21 send unreachable (format) 10.3.27.0/24


CSR1#sh bgp vpnv4 unicast all
BGP table version is 640, local router ID is 1.0.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf C1)
 *>  10.1.19.0/24     101.1.19.19              0             0 119 i
 *>i 10.1.22.0/24     1.0.0.2                  0    100      0 122 i
Route Distinguisher: 1:2 (default for vrf C2)
 *>  10.2.20.0/24     102.1.20.20              0             0 220 i
 *>i 10.2.23.0/24     1.0.0.2                  0    100      0 223 i
Route Distinguisher: 1:3 (default for vrf C3)
 *>  10.3.21.0/24     103.1.21.21              0             0 321 i
 *>i 10.3.24.0/24     1.0.0.2                  0    100      0 324 i


CSR5
vrf definition C1
  route-target import 2:6
!
do clear ip bgp * soft 

BGP(4): (base) 101.1.19.19 send UPDATE (format) 10.1.25.0/24, next 101.1.19.1, metric 0, path 2 125, extended community RT:1:5
BGP(4): (base) 101.1.19.19 send UPDATE (format) 10.1.28.0/24, next 101.1.19.1, metric 0, path 2 128, extended community RT:1:5

BGP(4): (base) 101.1.19.19 send UPDATE (format) 10.1.25.0/24, next 101.1.19.1, metric 0, path 2 125, extended community RT:1:5
BGP(4): (base) 101.1.19.19 send UPDATE (format) 10.1.28.0/24, next 101.1.19.1, metric 0, path 2 128, extended community RT:1:5



CSR1#sh bgp vpnv4 unicast all
BGP table version is 646, local router ID is 1.0.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf C1)
 *>  10.1.19.0/24     101.1.19.19              0             0 119 i
 *>i 10.1.22.0/24     1.0.0.2                  0    100      0 122 i
 *>i 10.1.25.0/24     1.0.0.5                  0    100      0 2 125 i
 *>i 10.1.28.0/24     1.0.0.5                  0    100      0 2 128 i
Route Distinguisher: 1:2 (default for vrf C2)
 *>  10.2.20.0/24     102.1.20.20              0             0 220 i
 *>i 10.2.23.0/24     1.0.0.2                  0    100      0 223 i
Route Distinguisher: 1:3 (default for vrf C3)
 *>  10.3.21.0/24     103.1.21.21              0             0 321 i
 *>i 10.3.24.0/24     1.0.0.2                  0    100      0 324 i



CSR1# sh ip route vrf C1 bgp

Gateway of last resort is not set

      10.0.0.0/24 is subnetted, 4 subnets
B        10.1.19.0 [20/0] via 101.1.19.19, 4d12h
B        10.1.22.0 [200/0] via 1.0.0.2, 14:30:14
B        10.1.25.0 [200/0] via 1.0.0.5, 00:02:07
B        10.1.28.0 [200/0] via 1.0.0.5, 00:02:07



CSR6
vrf definition C1
 route-target import 1:5



R19#traceroute 10.1.25.25 source loopback 1 numeric 
Type escape sequence to abort.
Tracing the route to 10.1.25.25
VRF info: (vrf in name/id, vrf out name/id)
  1 101.1.19.1 8 msec 2 msec 3 msec
  2 1.1.3.3 [MPLS: Labels 24/54 Exp 0] 16 msec 17 msec 13 msec
  3 1.3.10.10 [MPLS: Labels 24004/54 Exp 0] 13 msec 12 msec 25 msec
  4 101.5.6.5 [MPLS: Label 54 Exp 0] 16 msec 13 msec 13 msec
  5 101.5.6.6 14 msec 16 msec 13 msec
  6 2.6.13.13 [MPLS: Labels 24018/38 Exp 0] 29 msec 31 msec 26 msec
  7 2.13.15.15 [MPLS: Labels 24018/38 Exp 0] 27 msec 32 msec 27 msec
  8 101.8.25.8 [MPLS: Label 38 Exp 0] 29 msec 25 msec 24 msec
  9 101.8.25.25 26 msec *  36 msec

The control plane is handled by the VPNv4 or Option B and the data plane is handled by Option A via the VRF. The VRF needs the inter-as-hybrid command defined and so does the VPNv4 connection. This ties the VRF data plane to the VPNv4 control plane and allows the solution to work.
Powered by Create your own unique website with customizable templates.
  • Home
  • Technology VoD!
    • Cisco >
      • Route & Switch / Enterprise Infrastructure
  • Technology Breakdowns!
    • Route&Switch/Ent. Infra. >
      • L2 Technologies
      • L3 Technologies
      • VPN Technologies
      • Services >
        • IOS - Dynamic NAT
        • HSRP - IPv4 Setup
        • HSRP - Priority and Preemption
    • Service Provider >
      • IGPs (Interior Gateway Protocols)
      • First Hop Redundancy >
        • HSRP (Hot Standby Router Protocol) >
          • HSRP - IOS/IOS XE Setup
          • HSRP - IOS XR Setup
      • BGP (Border Gateway Protocol)
      • Inter AS Multicast (MSDP)
      • Intra-AS MPLS
      • Inter-AS MPLS
    • Security >
      • IOS Firewall
      • ASA Firewall
      • FirePOWER Threat Defense >
        • FTD - FTD NGFW Device Setup and FMC Integration
      • VPNs >
        • PKI
        • Site to Site VPNs
        • Remote Access VPNs >
          • IOS Remote Access
          • ASA Remote Access
    • Data Center >
      • Nexus 9000v >
        • Nexus 9000v - Enabling Features
        • Nexus 9000v - VLANs and Trunks
        • Nexus 9000v - LACP Port Channels
        • Nexus 9000v - vPC (Virtual Port Channel)
        • Nexus 9000v - OSPFv2
        • Nexus 9000v - VXLAN - Ingress Replication Flood and Learn
        • Nexus 9000v - IP Multicast
        • Nexus 9000v - VxLAN - Multicast Flood and Learn
        • Nexus 9000v - VxLAN - BGP EVPN with Multicast
        • Nexus 9000v - VxLAN - BGP EVPN w/Ingress Replication
        • Nexus 9000v - VxLAN - Inter-VxLAN Routing with BGP EVPN
        • Nexus 9000v - VXLAN - External Routing
      • Nexus 7000v
    • Palo Alto