No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - VPN

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document describes VPN features on the device and provides configuration procedures and configuration examples.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Inter-AS VPN

Inter-AS VPN

The MPLS VPN solution is widely used, serving an increasing number of users in a large number of applications. As more sites are developed in an enterprise, a site at one geographical location often needs to connect to an ISP network at another geographical location. Consider, for example, the inter-AS issue facing operators who manage different metropolitan area networks (MANs) or backbone networks that span different autonomous systems (AS).

Generally, MPLS VPN architecture runs within an AS. Routes of any VPN can be flooded within the AS, and cannot be flooded to other ASs. To implement exchange of VPN routes between different ASs, the inter-AS MPLS VPN model is used. The inter-AS MPLS VPN model is an extension to MPLS VPN framework. Through this model, route prefixes and labels can be advertised over links between different carrier networks.

RFC defines the following inter-AS VPN solutions:

  • Inter-Provider Backbones Option A: Autonomous system boundary routers (ASBRs) manage VPN routes for inter-AS VPNs through dedicated interfaces. This solution is also called VRF-to-VRF.

  • Inter-Provider Backbones Option B: ASBRs advertise labeled VPN-IPv4 routes to each other through MP-EBGP. This solution is also called EBGP redistribution of labeled VPN-IPv4 routes.

  • Inter-Provider Backbones Option C: PE devices advertise labeled VPN-IPv4 routes to each other through Multi-hop MP-EBGP. This solution is also called Multi-hop EBGP redistribution of labeled VPN-IPv4 routes.

Inter-Provider Backbones Option A

  • Introduction

    Option A is a basic BGP/MPLS IP VPN application in an inter-AS scenario. In this solution, ASBRs do not require extra configurations for inter-AS VPN or run MPLS. ASBRs of the two ASs are directly connected and function as the PE devices of the ASs. Each ASBR considers the peer ASBR as its CE device and creates a VPN instance for each VPN. The ASBRs use EBGP to advertise IPv4 routes.

    As shown in Figure 7-12, ASBR2 in AS200 is a CE of ASBR1 in AS 100, and ASBR1 is the CE of ASBR2. VPN LSP indicates a private tunnel, and LSP indicates a public tunnel.

    Figure 7-12  Inter-Provider Backbones Option A

  • Route advertisement

    In Option A, PE and ASBR devices use MP-IBGP to exchange VPN-IPv4 routes. Two ASBRs can run BGP, IGP multi-instance, or use static routes to exchange VPN information. EBGP is recommended for inter-AS route exchange.

    Figure 7-13 shows the process of advertising the route destined for 10.1.1.1/24 from CE1 to CE2. In Figure 7-13, D indicates the destination address; NH indicates the next hop; L1 and L2 are private labels. Figure 7-13 does not show advertisement of public IGP routes and distribution of public network labels.
    Figure 7-13  Route advertisement of Option A

  • Packet forwarding

    Figure 7-14 shows how packets are forwarded over the LSPs, which serve as the tunnels on the public network. L1 and L2 are inner labels; Lx and Ly are outer tunnel labels.
    Figure 7-14  Packet forwarding of Option A

  • Characteristics

    • Simplified configuration: MPLS does not need to run between ASBRs and no extra configuration is required.
    • Low scalability: ASBRs need to manage all VPN routes and create VPN instances for each VPN. Because IP forwarding is performed between the ASBRs, the ASBRs must reserve an interface for each inter-AS VPN. Therefore, the PE devices must have high performance. If a VPN spans multiple ASs, the intermediate ASs must support the VPN service. The configuration is complex and intermediate ASs is affected. Option A is applicable when the number of inter-AS VPNs is small.

Inter-Provider Backbones Option B

  • Introduction

    In Option B, two ASBRs use MP-EBGP to exchange labeled VPN-IPv4 routes received from the PE devices in the ASs. In the figure, VPN LSPs are private network tunnels, and LSPs are public network tunnels.

    Figure 7-15  Inter-Provider Backbones Option B

    In Option B, the ASBRs receive all inter-AS VPN-IPv4 routes within or outside the local AS and advertise the routes. In basic MPLS VPN implementation, a PE device stores only the VPN routes that match the VPN target of the local VPN instance. The ASBRs are configured to store all the received VPN routes, regardless of whether any local VPN instance matches the routes.

    All the traffic is forwarded by the ASBRs. This facilitates traffic control but increases the load on the ASBRs. BGP routing policies, such as VPN target filtering policies, can be configured on the ASBRs so that the ASBRs only save some of VPN-IPv4 routes.

  • Route advertisement

    Figure 7-16 shows how the route destined for 10.1.1.1/24 is advertised from CE1 to CE2. D indicates the destination address; NH indicates the next hop; L1, L2, and L3 are inner labels. Figure 7-16 does not show advertisement of public IGP routes and distribution of public network labels.

    Figure 7-16  Route advertisement of Option B

    The route advertisement process is as follows:
    1. CE1 uses BGP, OSPF, or RIP to advertise routes to PE1 in AS 100.
    2. PE1 in AS 100 uses MP-IBGP to advertise labeled VPNv4 routes to ASBR1 in AS 100. If a route reflector (RR) is deployed on the network, PE1 advertises the VPNv4 routes to the RR, and then the RR reflects the routes to ASBR1.
    3. ASBR1 uses MP-EBGP to advertise the labeled VPNv4 routes to ASBR2. Because MP-EBGP changes the next hop of the routes when advertising the routes, ASBR1 allocates a new label to the VPNv4 routes.
    4. ASBR2 uses MP-IBGP to advertise the labeled VPNv4 routes to PE3 in AS 200. If an RR is deployed on the network, ASBR2 advertises the VPNv4 routes to the RR, and then the RR reflects the routes to PE3. When ASBR2 advertises routes to an MP-IBGP peer in the local AS, it changes the next hop of the routes to itself.
    5. PE3 in AS 200 uses BGP, OSPF, or RIP to advertise the routes to CE2.

    Both ASBR1 and ASBR2 swap inner labels of the VPNv4 routes. The inter-AS labels are carried in BGP messages, so the ASBRs do not need to run signaling protocols such as Label Distribution Protocol (LDP) or Resource Reservation Protocol (RSVP).

  • Packet forwarding

    In Option B, both the ASBRs swap labels during packet forwarding. Figure 7-17 shows how packets are forwarded over the LSPs, which serve as the tunnels on the public network. L1, L2, and L3 are inner labels; Lx and Ly are outer tunnel labels.

    Figure 7-17  Packet forwarding of Option B

  • Characteristics

    • Unlike Option A, Option B is not limited by the number of links between ASBRs.
    • Information about VPN routes is stored on and advertised by ASBRs. When a large number of VPN routes exist, the overburdened ASBRs are likely to encounter bottlenecks. Therefore, in the MP-EBGP solution, the ASBRs that maintain VPN routes do not perform IP forwarding on the public network.

Inter-Provider Backbones Option C

  • Introduction

    Option A and Option B can meet inter-AS VPN requirements. However, ASBRs need to maintain and distribute VPN-IPv4 routes. When each AS needs to exchange a large number of VPN routes, ASBRs may hinder network extension.

    To address this issue, PE devices can directly exchange VPN-IPv4 routes, and ASBRs do not maintain or advertise VPN-IPv4 routes.

    • The ASBRs use MP-IBGP to advertise labeled IPv4 routes to PE devices in their respective ASs. The ASBRs also advertise labeled IPv4 routes received from PE devices in the local AS to the ASBR peers in other ASs. The ASBRs in the transit AS also advertise labeled IPv4 routes. A VPN LSP can be established between the ingress PE and egress PE.

    • The PE devices in different ASs establish a multi-hop EBGP connection to exchange VPN-IPv4 routes.

    • The ASBRs do not store or advertise VPN-IPv4 routes to each other.

    Figure 7-18 shows the networking of inter-AS VPN Option C. In the figure, VPN LSPs are private network tunnels, and LSPs are public network tunnels. A BGP LSP enables two PE devices to exchange loopback interface information, and it consists of two parts, for example, BGP LSP1 from PE1 to PE3 and BGP LSP2 from PE3 to PE1.

    Figure 7-18  Inter-Provider Backbones Option C

    To improve network scalability, you can specify an RR in each AS. The RR stores all VPN-IPv4 routes and exchanges VPN-IPv4 routes with the PE devices in the local AS. The RRs in two ASs establish an MP-EBGP connection to advertise VPN-IPv4 routes.

    Figure 7-19  Inter-Provider Backbones Option C with an RR

  • Route advertisement

    The key to Option C is establishment of inter-AS tunnels on a public network.

    Figure 7-20 shows how the route destined for 10.1.1.1/24 is advertised from CE1 to CE2. D indicates the destination address; NH indicates the next hop; L3 indicates the inner label. L9 and L10 are BGP LSP labels. Figure 7-20 does not show advertisement of public IGP routes and distribution of public network labels.

    Figure 7-20  Route advertisement of Option C

  • Packet forwarding

    Figure 7-21 shows how packets are forwarded over the LSPs, which serve as the tunnels on the public network. L3 is the inner label; L9 and L10 are BGP LSP labels; Lx and Ly are outer tunnel labels.

    Figure 7-21  Packet forwarding of Option C

    Before forwarding a packet to PE1, PE2 adds three labels to the packet: VPN route label, BGP LSP label, and public LSP label. When the packet reaches ASBR2, two labels are left: VPN route label and BGP LSP label. When the packet reaches ASBR1, the BGP LSP label is terminated. Then common MPLS VPN forwarding is performed.

  • Characteristics

    • VPN routes are directly exchanged between the ingress PE and the egress PE. The routes do not need to be stored and forwarded by intermediate devices.
    • Only PE devices need to exchange VPN routes. P devices and ASBRs are only responsible for packet forwarding. The intermediate devices need to support only MPLS forwarding, and do not need to support MPLS VPN services. ASBRs are unlikely to encounter bottlenecks. Option C is suitable for the VPNs that span multiple ASs.
    • MPLS VPN load balancing is easy to carry out in Option C.
    • Managing an end-to-end connection between PE devices has high costs.
Translation
Download
Updated: 2019-08-07

Document ID: EDOC1100033725

Views: 152962

Downloads: 369

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next