MPLS VPN Inter-AS Option B : Cisco IOS-XE

Network Engineer

Summary

  • Two ASBRs established eBGP for VPNv4 address family to exchange VPNv4 prefixes+Labels
  • ASBRs advertises these to their internal AS.
  • VRFs are not configured on ASBRs. Therefore it is required to disable Route-Target Filter on them.

Initial Configurations

AS 1 Routers

PE1

!
hostname PE1

vrf definition A
 rd 1:1
 !
 address-family ipv4
  route-target export 1:1
  route-target import 1:1
 exit-address-family
!
vrf definition B
 rd 1:2
 !
 address-family ipv4
  route-target export 1:2
  route-target import 1:2
 exit-address-family
!
mpls label protocol ldp
!
interface Loopback0
 ip address 11.11.11.11 255.255.255.255
 ip ospf 1 area 0
!
interface GigabitEthernet1
 mtu 1600
 ip address 10.11.12.11 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
 no shutdown
!
interface GigabitEthernet2
 vrf forwarding A
 ip address 172.16.1.1 255.255.255.252
 no shutdown
!
interface GigabitEthernet3
 vrf forwarding B
 ip address 172.16.1.5 255.255.255.252
 no shutdown
!
router ospf 1
 router-id 11.11.11.11
 passive-interface default
 no passive-interface GigabitEthernet1
 mpls ldp sync
 mpls ldp autoconfig area 0
!
router bgp 1
 bgp router-id 11.11.11.11
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 13.13.13.13 remote-as 1
 neighbor 13.13.13.13 update-source Loopback0
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor 13.13.13.13 activate
  neighbor 13.13.13.13 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf A
  redistribute connected
  neighbor 172.16.1.2 remote-as 65101
  neighbor 172.16.1.2 activate
 exit-address-family
 !
 address-family ipv4 vrf B
  redistribute connected
  neighbor 172.16.1.6 remote-as 65201
  neighbor 172.16.1.6 activate
 exit-address-family
!
mpls ldp router-id Loopback0
!

P1

!
hostname P1
!
mpls label protocol ldp

!
interface Loopback0
 ip address 12.12.12.12 255.255.255.255
 ip ospf 1 area 0
!
interface GigabitEthernet1
 mtu 1600
 ip address 10.11.12.12 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
 no shutdown
!
interface GigabitEthernet2
 mtu 1600
 ip address 10.12.13.12 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
 no shutdown

interface GigabitEthernet3
 mtu 1600
 ip address 10.12.14.12 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
 no shutdown


!
router ospf 1
 router-id 12.12.12.12
 passive-interface default
 no passive-interface GigabitEthernet1
 no passive-interface GigabitEthernet2
 no passive-interface GigabitEthernet3
 mpls ldp sync
 mpls ldp autoconfig area 0
!
mpls ldp router-id Loopback0
!

RR1

!
hostname RR1
!
mpls label protocol ldp
!
interface Loopback0
 ip address 13.13.13.13 255.255.255.255
 ip ospf 1 area 0
!
interface GigabitEthernet1
 mtu 1600
 ip address 10.12.13.13 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
 no shutdown
!
router ospf 1
 router-id 13.13.13.13
 passive-interface default
 no passive-interface GigabitEthernet1
 mpls ldp sync
 mpls ldp autoconfig area 0
!
router bgp 1
 bgp router-id 13.13.13.13
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 11.11.11.11 remote-as 1
 neighbor 11.11.11.11 update-source Loopback0
 neighbor 14.14.14.14 remote-as 1
 neighbor 14.14.14.14 update-source Loopback0
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor 11.11.11.11 activate
  neighbor 11.11.11.11 send-community extended
  neighbor 11.11.11.11 route-reflector-client
  neighbor 14.14.14.14 activate
  neighbor 14.14.14.14 send-community extended
  neighbor 14.14.14.14 route-reflector-client
 exit-address-family
!
mpls ldp router-id Loopback0
!

ASBR1

!
hostname ASBR1
!
mpls label protocol ldp
1
interface Loopback0
 ip address 14.14.14.14 255.255.255.255
 ip ospf 1 area 0
!
interface GigabitEthernet1
 mtu 1600
 ip address 10.12.14.14 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
 no shutdown
!
router ospf 1
 router-id 14.14.14.14
 passive-interface default
 no passive-interface GigabitEthernet1
 mpls ldp sync
 mpls ldp autoconfig area 0
!
router bgp 1
 bgp router-id 14.14.14.14
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 13.13.13.13 remote-as 1
 neighbor 13.13.13.13 update-source Loopback0
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor 13.13.13.13 activate
  neighbor 13.13.13.13 send-community extended
 exit-address-family
!
mpls ldp router-id Loopback0

AS 2 Routers

PE2

!
hostname PE2

vrf definition A
 rd 1:1
 !
 address-family ipv4
  route-target export 1:1
  route-target import 1:1
 exit-address-family
!
vrf definition B
 rd 1:2
 !
 address-family ipv4
  route-target export 1:2
  route-target import 1:2
 exit-address-family
!
mpls label protocol ldp
!
interface Loopback0
 ip address 21.21.21.21 255.255.255.255
 ip ospf 1 area 0
!
interface GigabitEthernet1
 mtu 1600
 ip address 20.11.12.11 255.255.255.0
 ip ospf network point-to-point
 ip ospf 1 area 0
 no shutdown
!
interface GigabitEthernet2
 vrf forwarding A
 ip address 172.16.2.1 255.255.255.252
 no shutdown
!
interface GigabitEthernet3
 vrf forwarding B
 ip address 172.16.2.5 255.255.255.252
 no shutdown
!
router ospf 2
 router-id 21.21.21.21
 passive-interface default
 no passive-interface GigabitEthernet1
 mpls ldp sync
 mpls ldp autoconfig area 0
!
router bgp 2
 bgp router-id 21.21.21.21
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 23.23.23.23 remote-as 2
 neighbor 23.23.23.23 update-source Loopback0
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor 23.23.23.23 activate
  neighbor 23.23.23.23 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf A
  redistribute connected
  neighbor 172.16.2.2 remote-as 65102
  neighbor 172.16.2.2 activate
 exit-address-family
 !
 address-family ipv4 vrf B
  redistribute connected
  neighbor 172.16.2.6 remote-as 65202
  neighbor 172.16.2.6 activate
 exit-address-family
!
mpls ldp router-id Loopback0
!

P2

!
hostname P2
!
mpls label protocol ldp

!
interface Loopback0
 ip address 22.22.22.22 255.255.255.255
 ip ospf 2 area 0
!
interface GigabitEthernet1
 mtu 1600
 ip address 20.21.22.22 255.255.255.0
 ip ospf network point-to-point
 ip ospf 2 area 0
 no shutdown
!
interface GigabitEthernet2
 mtu 1600
 ip address 20.22.23.22 255.255.255.0
 ip ospf network point-to-point
 ip ospf 2 area 0
 no shutdown

interface GigabitEthernet3
 mtu 1600
 ip address 20.22.24.22 255.255.255.0
 ip ospf network point-to-point
 ip ospf 2 area 0
 no shutdown


!
router ospf 2
 router-id 22.22.22.22
 passive-interface default
 no passive-interface GigabitEthernet1
 no passive-interface GigabitEthernet2
 no passive-interface GigabitEthernet3
 mpls ldp sync
 mpls ldp autoconfig area 0
!
mpls ldp router-id Loopback0
!

RR2

!
hostname RR2
!
mpls label protocol ldp
!
interface Loopback0
 ip address 23.23.23.23 255.255.255.255
 ip ospf 2 area 0
!
interface GigabitEthernet1
 mtu 1600
 ip address 20.22.23.23 255.255.255.0
 ip ospf network point-to-point
 ip ospf 2 area 0
 no shutdown
!
router ospf 1
 router-id 23.23.23.23
 passive-interface default
 no passive-interface GigabitEthernet1
 mpls ldp sync
 mpls ldp autoconfig area 0
!
router bgp 2
 bgp router-id 23.23.23.23
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 21.21.21.21 remote-as 2
 neighbor 21.21.21.21 update-source Loopback0
 neighbor 24.24.24.24 remote-as 2
 neighbor 24.24.24.24 update-source Loopback0
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor 21.21.21.21 activate
  neighbor 21.21.21.21 send-community extended
  neighbor 21.21.21.21 route-reflector-client
  neighbor 24.24.24.24 activate
  neighbor 24.24.24.24 send-community extended
  neighbor 24.24.24.24 route-reflector-client
 exit-address-family
!
mpls ldp router-id Loopback0
!

ASBR2

!
hostname ASBR2
!
mpls label protocol ldp
!
interface Loopback0
 ip address 24.24.24.24 255.255.255.255
 ip ospf 2 area 0
!
interface GigabitEthernet1
 mtu 1600
 ip address 20.22.24.24 255.255.255.0
 ip ospf network point-to-point
 ip ospf 2 area 0
 no shutdown
!
router ospf 2
 router-id 24.24.24.24
 passive-interface default
 no passive-interface GigabitEthernet1
 mpls ldp sync
 mpls ldp autoconfig area 0
!
router bgp 2
 bgp router-id 24.24.24.24
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 23.23.23.23 remote-as 2
 neighbor 23.23.23.23  update-source Loopback0
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor 23.23.23.23  activate
  neighbor 23.23.23.23  send-community extended
 exit-address-family
!
mpls ldp router-id Loopback0

Inter-AS Configuration

VRFs and Interfaces

  • VRFs are not configured on ASBRs
  • “mpls bgp forward” is automatically added to the Inter-AS interface once VPNv4 eBGP session between ASBRs is established

ASBR1

interface GigabitEthernet2
 mtu 1600
 ip address 172.16.0.1 255.255.255.252
 negotiation auto
 mpls bgp forwarding
no shutdown

ASBR2

interface GigabitEthernet2
 mtu 1600
 ip address 172.16.0.2 255.255.255.252
 negotiation auto
 mpls bgp forwarding
no shutdown

Inter-AS BGP

  • Route Target Filter should be disabled using “no bgp default route-target filter”
  • iBGP next-hop self is required.

ASBR1

router bgp 1
 bgp router-id 14.14.14.14
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 no bgp default route-target filter
 neighbor 13.13.13.13 remote-as 1
 neighbor 13.13.13.13 update-source Loopback0
 neighbor 172.16.0.2 remote-as 2
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor 13.13.13.13 activate
  neighbor 13.13.13.13 send-community extended
  neighbor 13.13.13.13 next-hop-self
  neighbor 172.16.0.2 activate
  neighbor 172.16.0.2 send-community extended
 exit-address-family

ASBR2

router bgp 2
 bgp router-id 24.24.24.24
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 no bgp default route-target filter
 neighbor 23.23.23.23 remote-as 2
 neighbor 23.23.23.23 update-source Loopback0
 neighbor 172.16.0.1 remote-as 1
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor 23.23.23.23 activate
  neighbor 23.23.23.23 send-community extended
  neighbor 23.23.23.23 next-hop-self
  neighbor 172.16.0.1 activate
  neighbor 172.16.0.1 send-community extended
 exit-address-family

Verification

ASBR1

ASBR1#show bgp vpnv4 unicast all
BGP table version is 9, local router ID is 14.14.14.14
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
              t secondary path, L long-lived-stale,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1:1
 *>i  172.16.1.0/30    11.11.11.11              0    100      0 ?
 *>   172.16.2.0/30    172.16.0.2                             0 2 ?
 *>i  192.168.1.1/32   11.11.11.11              0    100      0 65101 i
 *>   192.168.1.2/32   172.16.0.2                             0 2 65102 i
Route Distinguisher: 1:2
 *>i  172.16.1.4/30    11.11.11.11              0    100      0 ?
 *>   172.16.2.4/30    172.16.0.2                             0 2 ?
 *>i  192.168.2.1/32   11.11.11.11              0    100      0 65201 i
 *>   192.168.2.2/32   172.16.0.2                             0 2 65202 i
ASBR1#
ASBR1#
ASBR1#show bgp vpnv4 unicast all 192.168.1.2/32
BGP routing table entry for 1:1:192.168.1.2/32, version 7
Paths: (1 available, best #1, no table)
  Advertised to update-groups:
     7
  Refresh Epoch 1
  2 65102
    172.16.0.2 (via default) from 172.16.0.2 (24.24.24.24)
      Origin IGP, localpref 100, valid, external, best
      Extended Community: RT:1:1
      mpls labels in/out 29/23
      rx pathid: 0, tx pathid: 0x0
      Updated on Oct 11 2022 04:06:20 UTC
ASBR1#
ASBR1#
ASBR1#show bgp vpnv4 unicast all 192.168.2.2/32
BGP routing table entry for 1:2:192.168.2.2/32, version 9
Paths: (1 available, best #1, no table)
  Advertised to update-groups:
     7
  Refresh Epoch 1
  2 65202
    172.16.0.2 (via default) from 172.16.0.2 (24.24.24.24)
      Origin IGP, localpref 100, valid, external, best
      Extended Community: RT:1:2
      mpls labels in/out 28/25
      rx pathid: 0, tx pathid: 0x0
      Updated on Oct 11 2022 04:06:20 UTC
ASBR1#

ASBR2

ASBR2#show bgp vpnv4 unicast all
BGP table version is 9, local router ID is 24.24.24.24
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
              t secondary path, L long-lived-stale,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1:1
 *>   172.16.1.0/30    172.16.0.1                             0 1 ?
 *>i  172.16.2.0/30    21.21.21.21              0    100      0 ?
 *>   192.168.1.1/32   172.16.0.1                             0 1 65101 i
 *>i  192.168.1.2/32   21.21.21.21              0    100      0 65102 i
Route Distinguisher: 1:2
 *>   172.16.1.4/30    172.16.0.1                             0 1 ?
 *>i  172.16.2.4/30    21.21.21.21              0    100      0 ?
 *>   192.168.2.1/32   172.16.0.1                             0 1 65201 i
 *>i  192.168.2.2/32   21.21.21.21              0    100      0 65202 i
ASBR2#
ASBR2#show bgp vpnv4 unicast all 192.168.1.1/32
BGP routing table entry for 1:1:192.168.1.1/32, version 4
Paths: (1 available, best #1, no table)
  Advertised to update-groups:
     7
  Refresh Epoch 1
  1 65101
    172.16.0.1 (via default) from 172.16.0.1 (14.14.14.14)
      Origin IGP, localpref 100, valid, external, best
      Extended Community: RT:1:1
      mpls labels in/out 29/23
      rx pathid: 0, tx pathid: 0x0
      Updated on Oct 11 2022 04:06:20 UTC
ASBR2#
ASBR2#show bgp vpnv4 unicast all 192.168.2.1/32
BGP routing table entry for 1:2:192.168.2.1/32, version 8
Paths: (1 available, best #1, no table)
  Advertised to update-groups:
     7
  Refresh Epoch 1
  1 65201
    172.16.0.1 (via default) from 172.16.0.1 (14.14.14.14)
      Origin IGP, localpref 100, valid, external, best
      Extended Community: RT:1:2
      mpls labels in/out 28/25
      rx pathid: 0, tx pathid: 0x0
      Updated on Oct 11 2022 04:06:20 UTC
ASBR2#

CE-A1

CE-A1#traceroute 192.168.1.2 source 192.168.1.1 numeric
Type escape sequence to abort.
Tracing the route to 192.168.1.2
VRF info: (vrf in name/id, vrf out name/id)
  1 172.16.1.1 [AS 1] 1 msec 0 msec 0 msec
  2 10.11.12.12 [MPLS: Labels 18/29 Exp 0] 3 msec 3 msec 2 msec
  3 10.12.14.14 [MPLS: Label 29 Exp 0] 3 msec 2 msec 2 msec
  4 172.16.0.2 [MPLS: Label 23 Exp 0] 3 msec 3 msec 3 msec
  5 20.22.24.22 [MPLS: Labels 16/16 Exp 0] 2 msec 2 msec 2 msec
  6 172.16.2.1 [AS 2] [MPLS: Label 16 Exp 0] 2 msec 2 msec 3 msec
  7 172.16.2.2 [AS 2] 2 msec *  3 msec
CE-A1#

CE-A2

CE-A2#traceroute 192.168.1.1 source 192.168.1.2 numeric
Type escape sequence to abort.
Tracing the route to 192.168.1.1
VRF info: (vrf in name/id, vrf out name/id)
  1 172.16.2.1 [AS 2] 0 msec 0 msec 0 msec
  2 20.21.22.22 [MPLS: Labels 18/29 Exp 0] 3 msec 3 msec 2 msec
  3 20.22.24.24 [MPLS: Label 29 Exp 0] 3 msec 2 msec 3 msec
  4 172.16.0.1 [MPLS: Label 23 Exp 0] 2 msec 3 msec 2 msec
  5 10.12.14.12 [MPLS: Labels 16/23 Exp 0] 3 msec 3 msec 2 msec
  6 172.16.1.1 [AS 1] [MPLS: Label 23 Exp 0] 3 msec 2 msec 3 msec
  7 172.16.1.2 [AS 1] 3 msec *  3 msec
CE-A2#

CE-B1

CE-B1#traceroute 192.168.2.2 source 192.168.2.1 numeric
Type escape sequence to abort.
Tracing the route to 192.168.2.2
VRF info: (vrf in name/id, vrf out name/id)
  1 172.16.1.5 [AS 1] 1 msec 0 msec 0 msec
  2 10.11.12.12 [MPLS: Labels 18/28 Exp 0] 3 msec 2 msec 3 msec
  3 10.12.14.14 [MPLS: Label 28 Exp 0] 3 msec 3 msec 3 msec
  4 172.16.0.2 [MPLS: Label 25 Exp 0] 3 msec 3 msec 2 msec
  5 20.22.24.22 [MPLS: Labels 16/17 Exp 0] 3 msec 2 msec 3 msec
  6 172.16.2.5 [AS 2] [MPLS: Label 17 Exp 0] 3 msec 2 msec 2 msec
  7 172.16.2.6 [AS 2] 2 msec *  3 msec
CE-B1#

CE-B2

CE-B2#traceroute 192.168.2.1 source 192.168.2.2 numeric
Type escape sequence to abort.
Tracing the route to 192.168.2.1
VRF info: (vrf in name/id, vrf out name/id)
  1 172.16.2.5 [AS 2] 1 msec 1 msec 0 msec
  2 20.21.22.22 [MPLS: Labels 18/28 Exp 0] 3 msec 2 msec 3 msec
  3 20.22.24.24 [MPLS: Label 28 Exp 0] 3 msec 3 msec 2 msec
  4 172.16.0.1 [MPLS: Label 25 Exp 0] 2 msec 2 msec 3 msec
  5 10.12.14.12 [MPLS: Labels 16/24 Exp 0] 3 msec 2 msec 2 msec
  6 172.16.1.5 [AS 1] [MPLS: Label 24 Exp 0] 2 msec 1 msec 2 msec
  7 172.16.1.6 [AS 1] 2 msec *  3 msec
CE-B2#

Inter-AS link carries labelled packets