configuration example- route-reflectors implementation in mpls vpn

Configuration Example- Route-Reflectors Implementation in MPLS VPN

VERSION 4

o Introduction: o BGP route reflectors: o How MPLS will work without RR: o How MPLS will work after adding RR: o Configuration Example:

MPLS VPN Data Plan: MPLS VPN Control Plan:

o Verification:

Introduction:

We know that BGP has strong rules to prevent routing loops. This rule states that any route received from an iBGP neighbor must not be advertised to any other iBGP neighbor.

This loop prevention mechanism induces a requirement that all iBGP routers in the network should be connected in logical full mesh topology to allow for routing information propagation throughout the network. However, full mesh connectivity has never been a scalable solution especially in large networks.

Two mechanisms were introduced to solve the scalability problem, by eliminating the need for the full mesh and in the same time keep the network loop free. The first was BGP confederations and the second was BGP route reflectors

In this document you will understand concept behind Implementing Route-Reflectors in MPLS VPN

https://supportforums.cisco.com/docs/DOC-32629#Verification

https://supportforums.cisco.com/docs/DOC-32629#MPLS_VPN_Control_Plan

https://supportforums.cisco.com/docs/DOC-32629#MPLS_VPN_Data_Plan

https://supportforums.cisco.com/docs/DOC-32629#Configuration_Example

https://supportforums.cisco.com/docs/DOC-32629#_How_MPLS_will_work_after_adding_RR

https://supportforums.cisco.com/docs/DOC-32629#_How_MPLS_will_work_without_RR

https://supportforums.cisco.com/docs/DOC-32629#_BGP_route_reflectors

https://supportforums.cisco.com/docs/DOC-32629#Introduction

BGP route reflectors:

A route reflector is BGP router that is allowed to break the iBGP loop avoidance rule. Route reflectors can advertise updates received from an iBGP peer to another iBGP peer under specific conditions.

By breaking the rules, route reflectors are used to eliminate the full mesh requirement and allow for building iBGP networks that scale easily and cleanly.

How MPLS will work without RR:

The below diagram shows a typical MPLS VPN-based network where there is no RR and whenever you introduced new PE, each existing PE in the service provider network will require an additional BGP neighbor command associating it to the new PE. In BGP, updates received by a peer in an AS are not allowed to be forwarded to another peer within the same AS. Therefore, a BGP network must be fully meshed, with all peers adjacent to one another, as far as BGP routing updates are concerned. If the number of PEs becomes substantial enough to make this operation impractical that is, adding neighbor commands in every PE.

How MPLS will work after adding RR:

When you add RRs, the PEs would only require neighbors defined for each RR. Any updates would be sent to the RR alone. The RRs are then responsible for propagating information received from PEs to all other PEs. Each time a PE is added, a neighbor statement pointing to the RR needs to be added on the new PE router, and on the RR, a neighbor statement pointing to the PE must be added.

https://supportforums.cisco.com/servlet/JiveServlet/showImage/102-32629-4-137921/RR1.jpg

Configuration Example:

In below scenario, PE1, PE2 are Provider edge routers facing towards customer end CE1 and CE2 respectivly.RR1 and RR2 routers are used only as a VPNv4 RR. These routers will forward both control and data plane forwarding for VPN sites only.

https://supportforums.cisco.com/servlet/JiveServlet/showImage/102-32629-4-137922/RR2.jpg

https://supportforums.cisco.com/servlet/JiveServlet/showImage/102-32629-4-137923/mplsrr.jpg

All interfaces are already configured as shown in basic configuration:

CE1 CE2 PE1 PE2 RR1 RR2

hostname CE1

!

ip cef

!

interface Loopback0

ip address 1.1.1.1 255.255.255.255

!

interface FastEthernet0/0

ip address 172.16.1.1 255.255.255.252

!

hostname CE2

!

ip cef

!

interface Loopback0

ip address 2.2.2.2 255.255.255.255

!


ip address 172.16.1.5 255.255.255.252

!

hostname PE1

!

ip cef

!

interface Loopback0

ip address 10.1.1.3 255.255.255.255

!


ip address 192.168.1.1 255.255.255.252

!


ip address 192.168.1.

hostname PE2

!

ip cef

!

interface Loopback0

ip address 10.1.1.4 255.255.255.255

!


ip address 192.168.1.13 255.255.255.252

!



hostname RR1

!

ip cef

!

interface Loopback0

ip address 10.1.1.1 255.255.255.255

!


ip address 192.168.1.2 255.255.255.252

!



hostname RR2

!

ip cef

!

interface Loopback0

ip address 10.1.1.2 255.255.255.255

!


ip address 192.168.1.14 255.255.255.252

!



5 255.255.255.252

!


ip address 172.16.1.2 255.255.255.252

!

10 255.255.255.252

!


ip address 172.16.1.6 255.255.255.252

!

9 255.255.255.252

!

6 255.255.255.252

!

We will step by step configure all routers in the topolgy.

MPLS VPN Data Plan:

Configure OSPF Back bone IGP and enable MPLS on the interface:

PE1(config)#int fa0/0

PE1(config-if)#ip os 1 ar 0

PE1(config-if)#mpls ip

PE1(config-if)#int fa0/1


PE1(config-if)#mpls ipPE1(config-if)#int lo 0


PE1(config-if)#exit



PE2(config-if)#mpls ip

PE2(config-if)#int fa0/1


PE2(config-if)#mpls ipPE2(config-if)#int lo0


PE2(config-if)#exit

RR1(config)#int fa0/0

RR1(config-if)#ip os 1 ar 0

RR1(config-if)#mpls ip

RR1(config-if)#int fa0/1



RR1(config-if)#int lo0


RR1(config-if)#exit

RR2(config)#int fa0/0



RR2(config-if)#int fa0/1



RR2(config-if)#int lo0


RR2(config-if)#exit

MPLS VPN Control Plan:

Step1:Configure VRF and Associated interfaces

Define VRF Cust_A, Route Distinguishers (RD) and Route Targets (RT) on PE Routers PE1 and PE2 and apply on VRF on Physical interface facing customer.

PE1#conf t

Enter configuration commands, one per line. End with CNTL/Z.

PE1(config)#ip vrf Cust_A

PE1(config-vrf)# description Customer-A

PE1(config-vrf)# rd 1:100

PE1(config-vrf)# route-target export 1:100

PE1(config-vrf)# route-target import 1:100

PE1(config-vrf)#exit


PE1(config-if)#ip vrf forwarding Cust_A

PE2#conf t


PE2(config)#ip vrf Cust_A

PE2(config-vrf)# description Customer-A

PE2(config-vrf)# rd 1:100

PE2(config-vrf)# route-target export 1:100

PE2(config-vrf)# route-target import 1:100

PE2(config-vrf)#exit


PE2(config-if)#ip vrf forwarding Cust_A

PE2(config-if)#exit

Step2:Configuring IGP between PE and CE

Configure OSPF with process number 100 under VRF on Both PE1 and PE2

PE1(config)#router ospf 100 vrf Cust_A

PE1(config-router)# log-adjacency-changes

PE1(config-router)# network 0.0.0.0 255.255.255.255 area 1

PE1(config-router)#exit


PE2(config-router)# log-adjacency-changes

PE2(config-router)# network 0.0.0.0 255.255.255.255 area 1


Enable OSPF on CE1 and CE2 facing PE1 and PE2 respectively

CE1#conf t


CE1(config)#int lo 0

CE1(config-if)# ip ospf 100 area 1

CE1(config-if)#int fa0/0


CE1(config-if)#exit

CE2#conf t


CE2(config)#int lo 0


CE2(config-if)#int fa0/0


CE2(config-if)#exit

Step3:Configuring redistribution between PE-CE IGP and MP-BGP

PE1#conf t



PE1(config-router)# redistribute bgp 1 subnets


PE1(config)#router bgp 1

PE1(config-router)#address-family ipv4 vrf Cust_A

PE1(config-router-af)#redistribute os 100 vrf Cust_A match internal ex 1 ex 2

PE1(config-router-af)#end

PE2#conf t



PE2(config-router)# redistribute bgp 1 subnets



PE2(config-router)#address-family ipv4 vrf Cust_A

PE2(config-router-af)#redistribute os 100 vrf Cust_A match internal ex 1 ex 2

PE2(config-router-af)#end

Step4: Configuring MP-BGP between PEs:

In this step you have to configure MP-BGP session with RR and RR will forward VPNv4 routes from one PE to Other. Here RR1 and RR2

are not only responsible for MPLS data plane but also act as Route reflector Only for VPNv4 Prefixes.

PE1 and PE2 configuration:

PE1#conf t



PE1(config-router)# neighbor 10.1.1.1 remote-as 1

PE1(config-router)# neighbor 10.1.1.1 update-source Loopback0



PE1(config-router)# address-family vpnv4

PE1(config-router-af)# neighbor 10.1.1.1 activate

PE1(config-router-af)# neighbor 10.1.1.1 send-community both



PE1(config-router-af)# exit-address-family


PE2#conf t







PE2(config-router)# address-family vpnv4





PE2(config-router-af)# exit-address-family


Configuring RR1 and RR2:

RR1(config)#router bgp 1

RR1(config-router)#neighbor RR1 peer-group

RR1(config-router)#neighbor RR1 remote-as 1

RR1(config-router)#address-family vpnv4

RR1(config-router-af)#neighbor 10.1.1.3 peer-group RR1


RR1(config-router-af)#neighbor RR1 route-reflector-client

RR1(config-router-af)#end

RR2(config)#router bgp 1

RR2(config-router)#neighbor RR2 peer-group

RR2(config-router)#neighbor RR2 remote-as 1

RR2(config-router)#address-family vpnv4



RR2(config-router-af)#neighbor RR2 route-reflector-client

RR2(config-router-af)#end

Another key point to note is that the peer groups need not be activated under the VPNv4 address-family. They are automatically activated when peer-group parameters are defined.

Verification:

Step1:Verify peer group information:

RR1#show ip bgp peer-group RR1

BGP peer-group is RR1, remote AS 1

BGP version 4

Default minimum time between advertisement runs is 0 seconds

For address family: IPv4 Unicast

BGP neighbor is RR1, no member

Index 0, Offset 0, Mask 0x0

Update messages formatted 0, replicated 0

Number of NLRIs in the update sent: max 0, min 0

For address family: VPNv4 Unicast

BGP neighbor is RR1, peer-group internal, members:

10.1.1.3 10.1.1.4


Route-Reflector Client



RR2#show ip bgp peer-group RR2

BGP peer-group is RR2, remote AS 1

BGP version 4

Default minimum time between advertisement runs is 0 seconds

For address family: IPv4 Unicast

BGP neighbor is RR2, no member




For address family: VPNv4 Unicast

BGP neighbor is RR2, peer-group internal, members:

10.1.1.3 10.1.1.4


Route-Reflector Client



Step2:Verify BGP VPNv4 routing table on RR1 and RR2 shows that RR1/RR2 and PE1 receive the routes as expected:

RR1#sh ip bgp vpnv4 al | be Ne

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 1:100

*>i1.1.1.1/32 10.1.1.3 2 100 0 ?

*>i2.2.2.2/32 10.1.1.4 2 100 0 ?

*>i172.16.1.0/30 10.1.1.3 0 100 0 ?

*>i172.16.1.4/30 10.1.1.4 0 100 0 ?

RR2#sh ip bgp vpnv4 al | be Ne


Route Distinguisher: 1:100

*>i1.1.1.1/32 10.1.1.3 2 100 0 ?

*>i2.2.2.2/32 10.1.1.4 2 100 0 ?

*>i172.16.1.0/30 10.1.1.3 0 100 0 ?

*>i172.16.1.4/30 10.1.1.4 0 100 0 ?

PE1#sh ip bgp vpnv4 al | be Ne


Route Distinguisher: 1:100 (default for vrf Cust_A)

*> 1.1.1.1/32 172.16.1.1 2 32768 ?

* i2.2.2.2/32 10.1.1.4 2 100 0 ?

*>i 10.1.1.4 2 100 0 ?

*> 172.16.1.0/30 0.0.0.0 0 32768 ?

* i172.16.1.4/30 10.1.1.4 0 100 0 ?

*>i 10.1.1.4 0 100 0 ?

PE2#sh ip bgp vpnv4 al | be Ne


Route Distinguisher: 1:100 (default for vrf Cust_A)

* i1.1.1.1/32 10.1.1.3 2 100 0 ?

*>i 10.1.1.3 2 100 0 ?

*> 2.2.2.2/32 172.16.1.5 2 32768 ?

* i172.16.1.0/30 10.1.1.3 0 100 0 ?

*>i 10.1.1.3 0 100 0 ?

*> 172.16.1.4/30 0.0.0.0 0 32768 ?

Step3:Verify end to end connectivity:

CE1#ping 2.2.2.2 so lo 0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:

Packet sent with a source address of 1.1.1.1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 40/66/80 ms

CE1#traceroute 2.2.2.2 so lo 0

Type escape sequence to abort.

Tracing the route to 2.2.2.2

1 172.16.1.2 36 msec 36 msec 32 msec

2 192.168.1.6 [MPLS: Labels 20/21 Exp 0] 64 msec 68 msec 72 msec

3 172.16.1.6 [MPLS: Label 21 Exp 0] 60 msec 48 msec 40 msec

4 172.16.1.5 80 msec * 100 msec

configuration example- route-reflectors implementation in mpls vpn

Documents