Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 INTER-AUTONOMOUS SYSTEM MPLS VPN: ADVANCED CONCEPTS December 2003.

Similar presentations


Presentation on theme: "1 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 INTER-AUTONOMOUS SYSTEM MPLS VPN: ADVANCED CONCEPTS December 2003."— Presentation transcript:

1 1 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 INTER-AUTONOMOUS SYSTEM MPLS VPN: ADVANCED CONCEPTS December 2003

2 2 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Routing between sub-autonomous systems Inter-AS scaling Inter-AS filtering and route distribution Load balancing RT rewrite Services in Inter-AS Inter-AS and CSC comparison Inter-AS Summary Agenda

3 3 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 ROUTING BETWEEN SUB-AUTONOMOUS SYSTEMS 33 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID

4 4 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Separate IGPs Each sub-confederations runs a single IGP Route-reflectors are used as peering points between sub-confederations for better scaling Next-hop self done by border routers on eBGP and iBGP sessions towards intra-confederation peers Confederation Multiple IGP Domains

5 5 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 PE-1 CEGBP-1 CE-2 CEGBP-2 PE-3 CE-1 PE-2 CE-5 CE-4 CE-3 Core of P LSRs Confederation Sub-AS1 with IGP-1 Sub-AS2 with IGP-2 MP-eBGP intra confederation for VPNv4 routes with label distribution PEs exchange VPNv4 addresses with labels Next-hop and labels are changed (next-hop self is used) PE1 and PE-2 addresses are known in both IGPs MP-iBGP Confederation Multiple IGP Domains

6 6 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 PE-1 CEGBP-1 CE-2 CEBGP-2 PE-3 CE-1 PE-2 CE-5 CE-4 CE-3 Core of P LSRs Confederation Sub-AS1 with IGP-1 Sub-AS2 with IGP-2 Network=N Next-hop=CE2 Network=N Next-hop=PE3 Network=RD1:N Next-hop=PE1 Label=L1 Network=RD1:N Next-hop=RR1 Label=L2 Network=RD1:N Next-hop=RR2 Label=L3 Confederation Multiple IGP Domains (Cont.)

7 7 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Route reflectors exchange routes Using Route reflectors is a natural approach since they already have all VPN routes Next-hop-self choices Option-1: eBGP only Option-2: eBGP and iBGP on border routers When next-hop self is used on both iBGP and eBGP sessions (in CEBGP-1 and CEBGP-2) the topology is similar to a Multi-provider-VPN topology Confederation Multiple IGP Domains: Important Points

8 8 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Confederation Multiple IGP Domains: Important Points (Cont.) CEBGP-1 and CEBGP-2 each need to be known in both IGPs CEBGP-1 and CEBGP-2 use interface addresses for their BGP session Label has to be bound on peer address; single label is used between sub-confederations Neighbor route needs to be known either a static router, or by using PPP neighbor-route discovery Implementation will create a neighbor route for the BGP peer address

9 9 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 SCALING INTER-PROVIDER SOLUTIONS 99 © 2003 Cisco Systems, Inc. All rights reserved. Presentation_ID

10 10 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 PE-ASBR Memory Consumption VPNv4 MP-iBGP Sessions PE-ASBR Memory No. VPN Routes Memory Consumption

11 11 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 PE-ASBR Memory Scaling Potentially large amounts of VPN routing information that may not need to be carried on PE-ASBRs Large percentage will be local VPN prefixes PE-ASBRs must hold relevant VPN routing information such as VPN prefix details Two methods available to aid scaling ARF with local VRF import ARF disabled with inbound filtering

12 12 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 ARF with Local VRF Import Automatic Route Filtering (ARF) for non-imported routes If RT does not match locally configured import statement then drop the route Each PE-ASBR holds VRFs for Inter-AS VPNs and imports routes based on RT values PE-ASBR acts like normal PE routers with MP-eBGP sessions

13 13 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 BGP Memory VRFs CEF Memory MPLS Memory Routing Table Memory MP-iBGP VPNv4 Automatic Route Filtering BGP, CEF, MPLS & RT Memory per-VRF ARF with Local VRF Import (Cont.)

14 14 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 ARF Disabled With Inbound Filtering Automatic Route Filtering (ARF) enabled by default if no VRFs are configured then ALL VPN routes are dropped by the PE-ASBR Automatic Route Filtering may be disabled with no default BGP route-target filter command within the BGP configuration Disabling of ARF will cause ALL routes to be accepted by the PE-ASBR Additional filtering mechanisms should be used to drop unwanted routes

15 15 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 BGP Memory MP-iBGP VPNv4 NO Automatic Route Filtering NO per-VRF CEF or RT Memory, only BGP & LFIB router bgp 1 ! no bgp default route-target filter ! address-family vpnv4 neighbor activate neighbor send-community extended neighbor route-map vpn-routes-filter in LFIB Memory VRF & CEF memory not required Routing Table memory not required ARF Disabled With Inbound Filtering (Cont.)

16 16 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Next-Hop-Self Effect On LFIB BGP Memory 1000 prefixes MP-iBGP VPNv4 Next-hop-self increase amount of LFIB entries on receiving PE-ASBR LFIB Memory 1000 prefixes With NHS Without NHS BGP Memory 1000 prefixes LFIB Memory 1000 prefixes BGP Memory 1000 prefixes LFIB memory 1 prefix for BGP next- hop 1000 prefixes in total

17 17 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 FILTERING AND ROUTER DISTRIBUTION MECHANISMS

18 18 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Various Filtering Points In Inter-AS PE RR 2. Outbound filtering per-peer 4. Inbound filtering per-peer OR rr-group 1. Inbound filtering on PE-ASBR 3. Automatic route filtering inbound AS #100 AS #200 RR AS #300 PE 5. Automatic route filtering inbound

19 19 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Inbound Filtering On PE-ASBR BGP Memory RT 214:27 NO Automatic Route Filtering NO ARF – Filter inbound on per-peer basis router bgp 1 ! no bgp default route-target filter ! address-family vpnv4 neighbor activate neighbor send-community extended neighbor route-map vpn-routes-filter in ! ip extcommunity-list 1 permit rt 214:27 rt 214:94 ! route-map vpn-routes-filter permit 10 match extcommunity 1 LFIB Memory RT 214:94 Blue VPN routes discarded RT 214:129

20 20 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Outbound Filtering On PE-ASBR BGP Table address-family vpnv4 neighbor route-map MPeBGP-2 out neighbor route-map MPeBGP-3 out ! route-map MPeBGP-2 permit 10 match extcommunity 214:27 ! route-map MPeBGP-3 permit 10 match extcommunity 214:94 RED VPN GREEN VPN AS #300 AS #200

21 21 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Downstream RT Allocation Inbound and outbound filtering are restrictive with a large number of VPN clients Each RT must be known, and the filters must be established Changes to VPN client membership will cause configuration changes on PE-ASBRs Each filter must be updated to reflect the addition/deletion of VPN clients Simplified filtering scheme is needed with a large number of clients Provided with downstream provider RT allocation scheme

22 22 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 RED VPN AS #300 RT 129:102 AS #100 GREEN VPN RED VPN RT 129:12090 GREEN VPN RT 129:12001 address-family vpnv4 neighbor activate neighbor send-community extended neighbor route-map asbr-routes-filter in neighbor route-map MPeBGP-2 out neighbor route-map MPeBGP-3 out ! ip extcommunity-list 1 permit rt 129:101 rt 129:102 ip extcommunity-list 16 permit rt 129:101 ip extcommunity-list 17 permit rt 129:102 Export RT 129:12090 RT 129:102 Export RT 129:12001 RT 129:101 AS #200 RT 129:101 route-map asbr-routes-filter permit 10 match extcommunity 1 ! route-map MPeBGP-2 permit 10 match extcommunity 16 ! route-map MPeBGP-3 permit 10 match extcommunity 17 Downstream RT Allocation (Cont.)

23 23 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 LOAD BALANCING: DISTRIBUTION OF TRAFFIC LOAD BETWEEN PROVIDERS

24 24 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Balancing of Inter-AS traffic is an important issue for distribution of traffic and redundancy of network design All Inter-AS traffic must pass through PE-ASBRs As BGP next-hops are reachable via these routers Multiple links provide traffic distribution These do not provide redundancy due to single point of failure of the PE-ASBR Load Balancing Between Backbones

25 25 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 VPN Client Traffic Flow PE-1 PE-2 VPN-B CE-2 CE-3 VPN-B PE-ASBR-1 PE-ASBR /24 BGP, OSPF, RIPv /24,NH=CE-2 VPN-v4 update: RD:1:27: /24, NH=PE-1 RT=1:222, Label=(L1) VPN-v4 updates: NH=PE-ASBR-1 VPN-v4 updates: NH=PE-ASBR-2 ALL Inter-AS traffic flows across PE- ASBR-2 to PE- ASBR-1 link VPN Client to VPN Client traffic flow via Inter-AS Link

26 26 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Load Balancing Between PE-ASBRs PE-ASBR-1 Network Y BGP NH=PE-ASBR-2 LO0 Network Y BGP NH=PE-ASBR-2 LO0 Network Y PE-ASBR-2 Loopback Interface BGP peering (Multi-HOP MP-eBGP) between loopbacks Routing Table PE-ASBR-2 LO0 via via via Routing Table PE-ASBR-2 LO0 via via via Load Balancing across multiple PE-ASBR links Statics or IGP AND LDP

27 27 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Redundant PE-ASBR Connections PE-ASBR-1 PE-ASBR-2 PE-ASBR-3 PE-ASBR-4 PE-1 VPN-v4 updates: NH=PE-ASBR-1 VPN-v4 updates: NH=PE-ASBR-3 VPN-v4 updates: NH=PE-ASBR-2 VPN-v4 updates: NH=PE-ASBR-4 RR will choose BGP best path and advertise only this path to receiving clients VPN-v4 updates: NH=PE-ASBR-4 VPN-v4 update: RD:1:27: /24, NH=PE-1 RT=1:222, Label=(L1) VPN-B Inter-site traffic flow Redundant PE-ASBR used purely for backup

28 28 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Redundant PE-ASBR Load Balancing PE-ASBR-1 PE-ASBR-2 PE-ASBR-3 PE-ASBR-4 PE-1 VPN-v4 updates: NH=PE-ASBR-1 VPN-v4 updates: NH=PE-ASBR-3 VPN-v4 updates: NH=PE-ASBR-2 VPN-v4 updates: NH=PE-ASBR-4 iBGP multipath support provides ability to load balance between two exit points VPN-v4 update: RD:1:27: /24, NH=PE-1 RT=1:222, Label=(L1) VPN-B Load balancing PE-ASBR links without Route Reflectors Network /24 BGP NH=PE-ASBR-2 PE-ASBR-4 Network /24 BGP NH=PE-ASBR-2 PE-ASBR-4

29 29 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 RT REWRITE

30 30 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 RT Rewrite RTs identify the VRF routing tables into which the prefix carried by the update is to be imported Carried as extended community attributes in bgp-vpnv4 updates RT Rewrites Supported for VRF export-maps Allow the replacement of route-targets on incoming and outgoing BGP updates Enables Service Providers to customize Route Targets within their network RT replacement can be performed at ASBRs exchanging VPNv4 prefixes RTs can also be replaced by PEs or RRs

31 31 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 RT Rewrite Memory and Performance Impact Memory impact should be insignificant, as it modifies the update itself without requiring storage Other transient memory requirements are minimal Performance impact will depend on the product of the number of updates and the size (length, depth) of the route-map To perform RT replacement, each extended-community list is examined while matching and again while deleting the RT

32 32 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 RT Rewrite Sample Configuration Replace RT X with Y Use BGP inbound or outbound route-map at the receiving PE(ASBR, RR): ip extcommunity-list permit rt c:d ! route-map extmap permit match extcommunityX set extcomm-list delete set extcomm-list additive ! address family vpnv4 neighbor route-map extmap

33 33 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 RT Rewrite Verification Commands Verify route target replacement show ip bgp vpnv4 [all] Verifying the Route Target Replacement Policy debug ip bgp updates

34 34 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 SHARED SERVICES IN INTER-AS

35 35 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Supported Shared Services in Inter-AS Network Address Translation Address Translation at the egress point of the peering Service Provider is possible Redundancy (HSRP, VRRP, GLBP) Two ASBRs will reside in a single SP network IP Address Management and assignment DHCP, ODAP will be supported for Inter-AS Security AAA Servers Troubleshoot/Management Ping, Traceroute, SAA, Netflow

36 36 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 INTER-AS VERSUS CARRIER SUPPORTING CARRIER

37 37 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 CSC versus Inter-AS Carrier Supporting Carrier Opportunity: Offer backbone services to peer or smaller carriers Inter-Provider Access Opportunity: Provide carrier services on behalf of other carriers Backbone Carrier Customer Carrier A POP1 Carrier A Carrier B Customer Carrier A POP2

38 38 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 CSC versus Inter-AS (Cont.) CSCInter-AS Client-server topologiesPeer-to-peer topologies ISP or MPLS VPN provider is a customer of another MPLS VPN backbone provider Two ISPs peer up providing services to some of the common customer base MPLS VPN backbone services needed between the same carrier POPs Single SP POPs not available in all geographical areas required by their customers Subscribing service provider may or may not have MPLS enabled Participating Providers must support MPLS VPNs Customers sites do not distribute reachability information to the backbone carrier Customers sites distribute reachability information directly to the participating service providers MPLS VPN in a BGP confederation

39 39 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 INTER-AS SUMMARY

40 40 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Service Providers have deployed Inter-AS for: Scalability purposes Partitioning the network based on services or management boundaries Some contract work is in progress amongst Service Providers to establish partnership and offer end-end VPN services to the common customer base Service Provider networks are completely separate Do not need to exchange internal prefix or label information Each Service Provider establishes a direct MP-eBGP session with the others to exchange VPN-IPv4 addresses with labels /32 route to reach the ASBR is created by default so ASBRs can communicate without a need for IGP Must be redistributed in the receiving Service Providers IGP Inter-AS Summary

41 41 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 IGP or LDP across ASBR links is not required Labels are already assigned to the routes when exchanged via MP-eBGP Interface used to establish MP-eBGP session does not need to be associated with a VRF Direct eBGP routes and labels can be exchanged. Next-Hop self can be turned on on ASBRs, enabling the ASBR to use its own address for next-hop Using the next-hop self requires an additional entry in the TFIB for each VPNv4 route (about 180) bytes If the Service Provider wishes to hide the Inter-AS link then use the next-hop-self method otherwise use the redistribute connected subnets method Inter-AS Summary (Cont.)

42 42 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 Multi-hop MP-eBGP sessions can be passed between Service Providers without conversions to VPNv4 routes Configuration of VRFs is not required on the ASBRs because bgp default route-target filter (automatic route filtering feature) has been disabled To conserve memory on both sides of the boundary and implement a simple form of security, always configure inbound route-maps to filter only routes that need to be passed to the other AS Inter-AS Summary (Cont.)

43 43 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 References Inter-AS for MPLS VPNs CCO Documentation: 121newft/121t/121t5/interas.htm MPLS and VPN architectures Jim Guichard/Ivan Pepelnjak ISBN : Support for Inter-provider MPLS VPN ENG Dan Tappan, (internal only)

44 44 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03


Download ppt "1 © 2003 Cisco Systems, Inc. All rights reserved. MPLS VPN Inter-AS, 12/03 INTER-AUTONOMOUS SYSTEM MPLS VPN: ADVANCED CONCEPTS December 2003."

Similar presentations


Ads by Google