Configuring Inter-AS VPN Option C (Solution 2)
If virtual private network (VPN) routes need to be established over a Multiprotocol Label Switching (MPLS) backbone network spanning multiple autonomous areas (ASs), inter-AS VPN is required. If each AS needs to exchange a large number of VPN routes, inter-AS VPN-Option C is a good choice to prevent the autonomous area border routers (ASBRs) from becoming bottlenecks that impede network expansion.
Pre-configuration Tasks
Before configuring inter-AS VPN Option C, complete the following tasks:
- Configuring an Interior Gateway Protocol (IGP) for the MPLS backbone network of each AS to ensure IP connectivity on the backbone network within each AS
- Configuring the basic MPLS functions and MPLS Label Distribution Protocol (LDP) or Resource Reservation Protocol-Traffic Engineering (RSVP-TE) for the MPLS backbone network of each AS
- In each AS, configuring VPN instances on the PE devices connected to CE devices and associating the VPN instances with PE interfaces connected to CE devices
- Configuring route exchange between the PE and CE devices in each AS
For details about the configurations, see Configuring Basic BGP/MPLS IP VPN Functions.
Context
The following solutions can be used to implement inter-AS VPN-Option C:
- Solution 1: After learning the labeled BGP routes of the public network in the remote AS from the remote ASBR, the local ASBR allocates labels for these routes, and advertises these routes to the IBGP peer that supports the label switching capability. In this manner, a complete LSP is set up.
- Solution 2: The IBGP peer relationship between the PE and ASBR is not needed. In this solution, an ASBR learns the labeled public BGP routes of the remote AS from the peer ASBR. Then these labeled public BGP routes are imported to an IGP to trigger the establishment of an LDP LSP. In this manner, a complete LDP LSP can be established between the two PEs.
If an ASBR is ready to access a large number of PEs, solution 2 is recommended for its easy configuration.
In inter-AS VPN Option C mode, do not enable LDP between ASBRs. If LDP is enabled on the interfaces between ASBRs, LDP sessions are then established between the ASBRs. When a lot of BGP routes exist, many LDP labels are occupied.
Configuration Procedure
All the following tasks are mandatory. Perform these tasks in this sequence to complete inter-AS VPN Option C configuration.
When VPN services need to be transmitted over TE tunnels or when multiple tunnels need to perform load balancing to fully use network resources, you also need to complete the task of Configuring Tunnel Policies.
- Establishing the EBGP Peer Relationship Between ASBRs
- Advertising the Routes of the PE in the Local AS to the Remote
PE
- Enabling the Capability of Exchanging Labeled IPv4 Routes
- Establishing an LDP LSP for the Labeled BGP Routes of the Public
Network
- Establishing the MP-EBGP Peer Relationship Between PEs
- Verifying the Inter-AS VPN Option C Configuration (Solution 2)
Establishing the EBGP Peer Relationship Between ASBRs
Context
An EBGP peer relationship is established between ASBRs to advertise routes destined for the loopback interfaces on PEs.
Perform the following steps on ASBRs.
Procedure
- Run system-view
The system view is displayed.
- Run interface interface-type interface-number
The view of the interface that connects the remote ASBR is displayed.
- Run ip address ip-address { mask | mask-length }
The IP address is configured.
- Run quit
Return to the system view.
- Run bgp { as-number-plain | as-number-dot }
The BGP view is displayed.
- Run peer ipv4-address as-number as-number
The remote ASBR is configured as the EBGP peer.
- (Optional) Run peer { ipv4-address | group-name } ebgp-max-hop [ hop-count ]
The maximum number of hops is configured for the EBGP connection.
Generally, one or multiple directly connected physical links exist between EBGP peers. If the directly connected physical link(s) are not available, run the peer ebgp-max-hop command to ensure that the TCP connection can be set up between the EBGP peers through multiple hops.
Advertising the Routes of the PE in the Local AS to the Remote PE
Establishing an LDP LSP for the Labeled BGP Routes of the Public Network
Establishing the MP-EBGP Peer Relationship Between PEs
Prerequisites
By introducing extended community attributes into BGP, MP-IBGP can advertise VPNv4 routes between PEs. PEs of different ASs are generally not directly connected. To set up an EBGP connection between the PEs of different ASs, you must configure the permitted maximum number of hops between PEs.
Perform the following steps on PEs.
Procedure
- Run system-view
The system view is displayed.
- Run bgp { as-number-plain | as-number-dot }
The BGP view is displayed.
- Run peer ipv4-address as-number as-number
The remote PE is specified as the EBGP peer.
- Run peer ipv4-address connect-interface interface-type interface-number ipv4-source-address
The source interface that sends BGP packets is specified.
- Run peer ipv4-address ebgp-max-hop [ hop-count ]
The maximum number of hops permitted to establish the EBGP peer is specified.
- (Optional)
Run peer { group-name | ipv4-address } mpls-local-ifnet disable
The ability to establish an MPLS local IFNET tunnel between PEs is disabled.
In the Option C scenario, PEs establish an MP-EBGP peer relationship. Therefore, an MPLS local IFNET tunnel between PEs is established over the MP-EBGP peer relationship. The MPLS local IFNET tunnel fails to transmit traffic because PEs are indirectly connected.
If a fault occurs on the BGP LSP between PEs, traffic is iterated to the MPLS local IFNET tunnel, not an FRR bypass tunnel. As the MPLS local IFNET tunnel cannot forward traffic, traffic is interrupted. To prevent the traffic interruption, run this command to disable the establishment of an MPLS local IFNET tunnel between PEs.
- Run ipv4-family vpnv4
The BGP VPNv4 sub-address family view is displayed.
- Run peer ipv4-address enable
The VPNv4 route exchange capability with the remote PE is enabled.
Verifying the Inter-AS VPN Option C Configuration (Solution 2)
Procedure
- Run the display bgp vpnv4 all peer command to check information about the specified VPNv4 peer on a PE. You can find that the EBGP peer relationship between PEs is established.
- Run the display bgp vpnv4 all routing-table command to check information about the VPN-IPv4 routing table on a PE or an ASBR. You can find that BGP VPNv4 routes and BGP VPN instance routes are on the PE, rather than on the ASBR.
- Run the display bgp routing-table label command to check information about the labels of IPv4 routes on an ASBR.
- Run the display ip routing-table vpn-instance vpn-instance-name command to check the VPN routing table on a PE device. You can find that the VPN routing table of the PE has the VPN routes to the CE related to the specified VPN instance.
- Run the display mpls route-state [ { exclude | include } { idle | ready | settingup } * | destination-address mask-length ] [ verbose ] command to check the matching relationship between routes and the LSP on an ASBR. You can find the routes with the type as L, that is, the labeled BGP routes of the public network.
- Run the display ip routing-table command to check information about the routing table on an ASBR. You can find that the routes to the remote PE are labeled BGP routes of the public network: The routing table is "Public", the protocol type is "BGP", and the label has a non-zero value.
- Run the display mpls lsp [ vpn-instance vpn-instance-name ] [ protocol ldp ] [ { exclude | include } ip-address mask-length ] [ outgoing-interface interface-type interface-number ] [ in-label in-label-value ] [ out-label out-label-value ] [ lsr-role { egress | ingress | transit } ] [ verbose ] command to check whether an LDP LSP is established on an ASBR. You can find that an LDP LSP is established between the ASBR and the remote PE. Besides, the LDP ingress LSP to the remote PE can be found on the local PE.