No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - VPN

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of VPN, including GRE, BGP/MPLS IP VPN, BGP/MPLS IPv6 VPN, VLL, PWE3, and VPLS.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Inter-AS VPN

Inter-AS VPN

MPLS VPN is widely used to serve an increasing number of users across many applications. As an enterprise expands, it may need to connect a site at one geographical location to an ISP network at another geographical location. For example, operators who manage different metropolitan area networks (MANs) or backbone networks that span different autonomous systems (AS) may encounter inter-AS issues.

Generally, MPLS VPN architecture runs within an AS. Routes of any VPN can be flooded within the AS but cannot be flooded to other ASs. To implement the exchange of VPN routes between different ASs, the inter-AS MPLS VPN model is used. This model extends the MPLS VPN framework and allows route prefixes and labels to be advertised over links between different carrier networks.

RFC 4364 defines the following inter-AS VPN solutions:

  • Inter-AS Option A: Autonomous system boundary routers (ASBRs) manage VPN routes for inter-AS VPNs through dedicated interfaces. This solution is also called VRF-to-VRF.

  • Inter-AS Option B: ASBRs advertise labeled VPN-IPv4 routes to each other through MP-EBGP. This solution is also called EBGP redistribution of labeled VPN-IPv4 routes.

  • Inter-AS Option C: PE devices advertise labeled VPN-IPv4 routes to each other through Multi-hop MP-EBGP. This solution is also called Multi-hop EBGP redistribution of labeled VPN-IPv4 routes.

Inter-AS VPN Option A

  • Introduction

    Inter-AS VPN Option A is a basic BGP/MPLS IP VPN application in an inter-AS scenario. In this solution, ASBRs do not require extra configurations for inter-AS VPN or run MPLS. ASBRs of the two ASs are directly connected and function as the PE devices of the ASs. Each ASBR considers the peer ASBR as its CE device and creates a VPN instance for each VPN. The ASBRs use EBGP to advertise IPv4 routes.

    As shown in Figure 2-12, ASBR2 in AS200 is a CE device of ASBR1 in AS 100, and ASBR1 is a CE device of ASBR2. VPN LSP indicates a private tunnel, and LSP indicates a public tunnel.

    Figure 2-12 Inter-AS VPN Option A networking

  • Route advertisement

    In inter-AS VPN Option A, PE and ASBR devices run MP-IBGP to exchange VPN-IPv4 routes. To exchange VPN information, two ASBRs can run BGP or IGP multi-instance, or use static routes. EBGP is recommended for inter-AS route exchange.

    Figure 2-13 shows the process of advertising the route destined for 10.1.1.1/24 from CE1 to CE2. In this figure, D indicates the destination address, NH indicates the next hop, and L1 and L2 are private labels. This figure does not show advertisement of public IGP routes or distribution of public network labels.
    Figure 2-13 Route advertisement in the Option A solution

  • Packet forwarding

    Figure 2-14 shows how packets are forwarded over the LSPs, which serve as the tunnels on the public network. In this figure, L1 and L2 are inner labels, and Lx and Ly are outer tunnel labels.
    Figure 2-14 Packet forwarding in the Option A solution

  • Characteristics

    • Simplified configuration: MPLS does not need to run between ASBRs and no additional configuration is required.
    • Low scalability: ASBRs need to manage all VPN routes and create a VPN instance for each VPN. Because IP forwarding is performed between the ASBRs, they must reserve an interface for each inter-AS VPN. Therefore, the PE devices must have high performance. If a VPN spans multiple ASs, the intermediate ASs must support the VPN service. The configuration workload is huge and intermediate ASs are affected. Option A is applicable when only a few inter-AS VPNs are deployed.

Inter-AS VPN Option B

  • Introduction

    In inter-AS VPN Option B, two ASBRs use MP-EBGP to exchange labeled VPN-IPv4 routes received from the PE devices in their own ASs. As shown in Figure 2-15, VPN LSPs are private network tunnels, and LSPs are public network tunnels.

    Figure 2-15 Inter-AS VPN Option B networking

    In Option B, the ASBRs receive all inter-AS VPN-IPv4 routes within or outside the local AS and advertise the routes. In basic MPLS VPN implementation, a PE device stores only the VPN routes that match the VPN target of the local VPN instance. The ASBRs are configured to store all the received VPN routes, regardless of whether any local VPN instance matches the routes.

    All the traffic is forwarded by the ASBRs. This facilitates traffic control but increases the load on the ASBRs. To allow ASBRs to save only some VPN-IPv4 routes, BGP routing policies, such as route-target filtering policies, can be configured on the ASBRs.

  • Route advertisement

    Figure 2-16 shows how the route destined for 10.1.1.1/24 is advertised from CE1 to CE2. In this figure, D indicates the destination address, NH indicates the next hop, and L1, L2, and L3 are inner labels. This figure does not show advertisement of public IGP routes or distribution of public network labels.

    Figure 2-16 Route advertisement in the Option B solution

    The route advertisement process is as follows:
    1. CE1 uses BGP, OSPF, or RIP to advertise routes to PE1 in AS 100.
    2. PE1 in AS 100 uses MP-IBGP to advertise labeled VPNv4 routes to ASBR1 in AS 100. If a route reflector (RR) is deployed on the network, PE1 advertises the VPNv4 routes to the RR, which reflects the routes to ASBR1.
    3. ASBR1 uses MP-EBGP to advertise the labeled VPNv4 routes to ASBR2. Because MP-EBGP changes the next hop of the routes when advertising them, ASBR1 distributes a new label to the VPNv4 routes.
    4. ASBR2 uses MP-IBGP to advertise the labeled VPNv4 routes to PE3 in AS 200. If an RR is deployed on the network, ASBR2 advertises the VPNv4 routes to the RR, which reflects the routes to PE3. When ASBR2 advertises routes to an MP-IBGP peer in the local AS, ASBR2 changes the next hop of the routes to itself.
    5. PE3 in AS 200 uses BGP, OSPF, or RIP to advertise the routes to CE2.
    Both ASBR1 and ASBR2 swap inner labels of the VPNv4 routes. The inter-AS labels are carried in BGP messages. Therefore, the ASBRs do not need to run the Label Distribution Protocol (LDP).
  • Packet forwarding

    In Option B, both ASBRs swap labels during packet forwarding. Figure 2-17 shows how packets are forwarded over the LSPs, which serve as the tunnels on the public network. In this figure, L1, L2, and L3 are inner labels, and Lx and Ly are outer tunnel labels.

    Figure 2-17 Packet forwarding in the Option B solution

  • Characteristics

    • Unlike Option A, Option B is not limited by the number of links between ASBRs.
    • Information about VPN routes is stored on and advertised by ASBRs. If a large number of VPN routes exist, ASBRs are likely to become a bottleneck as the burden on them increases. Therefore, in the MP-EBGP solution, the ASBRs that maintain VPN routes do not perform IP forwarding on the public network.

Inter-AS VPN Option C

  • Introduction

    Option A and Option B can meet inter-AS VPN requirements. However, ASBRs need to maintain and distribute VPN-IPv4 routes. When each AS needs to exchange a large number of VPN routes, ASBRs may hinder network extension.

    To address this issue, PE devices can directly exchange VPN-IPv4 routes. In this case, ASBRs do not maintain or advertise VPN-IPv4 routes.

    • The ASBRs use MP-IBGP to advertise labeled IPv4 routes to PE devices in their respective ASs. The ASBRs also advertise labeled IPv4 routes received from PE devices in the local AS to the ASBR peers in other ASs. The ASBRs in the intermediate AS also advertise labeled IPv4 routes. A VPN LSP can be established between the ingress PE device and egress PE device.

    • The PE devices in different ASs establish a multi-hop EBGP connection to exchange VPN-IPv4 routes.

    • The ASBRs do not store or advertise VPN-IPv4 routes to each other.

    Figure 2-18 shows the inter-AS VPN Option C networking. In this figure, VPN LSPs are private network tunnels, and LSPs are public network tunnels. A BGP LSP enables two PE devices to exchange loopback interface information. The BGP LSP in this example consists of two parts: BGP LSP1 from PE1 to PE3 and BGP LSP2 from PE3 to PE1..

    Figure 2-18 Inter-AS VPN Option C networking

    To improve network scalability, an RR can be specified in each AS. The RR stores all VPN-IPv4 routes and exchanges VPN-IPv4 routes with the PE devices in the local AS. The RRs in two ASs establish an MP-EBGP connection to advertise VPN-IPv4 routes.

    Figure 2-19 Inter-AS VPN Option C networking with an RR

  • Route advertisement

    Central to Option C is the establishment of inter-AS tunnels on a public network.

    Figure 2-20 shows how the route destined for 10.1.1.1/24 is advertised from CE1 to CE2. In this figure, D indicates the destination address, NH indicates the next hop, and L3 indicates the inner label. L9 and L10 are BGP LSP labels. This figure does not show advertisement of public IGP routes or distribution of public network labels.

    Figure 2-20 Route advertisement in the Option C solution

  • Packet forwarding

    Figure 2-21 shows how packets are forwarded over the LSPs, which serve as the tunnels on the public network. In this figure, L3 is the inner label, L9 and L10 are BGP LSP labels, and Lx and Ly are outer tunnel labels.

    Figure 2-21 Packet forwarding in the Option C solution

    Before forwarding a packet to PE1, PE3 adds three labels to the packet: VPN route label, BGP LSP label, and public LSP label. The P device in AS 200 terminates the public LSP label and forwards the packet to ASBR1 through ASBR2. ASBR1 then terminates the BGP LSP label before forwarding the packet to the P device in AS 100. Common MPLS VPN forwarding is performed for the remainder of the route.

  • Characteristics

    • VPN routes are directly exchanged between the ingress PE device and the egress PE device. The routes do not need to be stored and forwarded by intermediate devices.
    • Only PE devices need to exchange VPN routes. P devices and ASBRs are only responsible for packet forwarding. The intermediate devices need to support only MPLS forwarding, and do not need to support MPLS VPN services. ASBRs are unlikely to become a bottleneck. Option C is suitable for VPNs that span multiple ASs.
    • End-to-end connections between PE devices are difficult to manage.
Translation
Download
Updated: 2019-04-03

Document ID: EDOC1100075353

Views: 14611

Downloads: 25

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next