Mpls NSN Training Day 2 VPN Pa

MPLS VPN Configuration
Mitrabh Shukla
National IP Manager
Objectives
Upon completion of this chapter you will be able to:
Describe MPLS VPN mechanisms
Use the command line interface to configure a VPN
Verify VPN functionality
For internal use

2
Nokia Siemens Networks
MPLS / Mitrabh Shukla
Agenda
What is a VPN?
How Do MPLS VPNs Work?
What Are Some Scaling Techniques?
How Do I Configure MPLS VPNs?
For internal use

3
What is a MPLS VPN?

VPN A
VPN A
VPN C
Provider
Backbone
VPN B
VPN B
VPN C
For internal use

4
MPLS-VPN Terminology
VPN A
VPN-Aware network
Site1
AS100
Provider Network
P router
AS200
Border Router
PE router
Site1
VPN A
Customer Network
Site
CE router
For internal use
5
Site2
Site2
VPN B
Agenda
What is a VPN?
How do MPLS VPNs Work?
Control Plane
Forwarding Plane
What Are Some MPLS VPN Scaling Techniques?
For internal use

6
What Makes MPLS VPNs Work?
VPN A
MP-iBGP sessions
CE
10.2.0.0
VPN B
CE
P
11.5.0.0
CE
10.2.0.0
CE
PE
VPN A
PE
CE
VPN A
PE
PE
11.6.0.0
10.1.0.0
CE
VPN B
CE
VPN B
10.1.0.0
Five keys to MPLS VPNs functionality:

1. MPLS Forwarding
2. Separation of VPN Routes
(VPN Routing and Forwarding Instances (VRF))
3. VPN Membership Selection (Route Target)
4. IP Address Overlap (Route Distinguisher)
5. VPN Route Distribution (MP-BGP for VPN-ipv4)
For internal use

7
VPN A
10.3.0.0
1. MPLS Forwarding
MPLS VPN Requirement
PE to PE Label Switched Path (LSP)

VRF
P1
PE1
VRF
P2
PE2
VRF
VRF
PE2s perspective
PE1s perspective
Global routing table entries to reach
Global routing table entries to reach
PE2 -> next-hop: P1, label: 50

P2 -> next-hop: P1, label: 65
P1 -> next-hop: interface, label: pop
PE1 -> next-hop: P2, label: 25

P1 -> next-hop: P2, label: 35
P2 -> next-hop: interface, label: pop
For internal use

8
2. How Are VPN Routes Kept Separate?
VPN Routing and Forwarding Instances (VRF)

provides the separation
VRF=Routing Table for VPN
Site-1
CE
Yellow
PE
VPN Backbone IGP

(OSPF, IS-IS)
Site-1
CE
Green
VRF (VPN Routing and Forwarding)

Assigned a symbolic name
ip vrf green
For internal use
9
Global Routing Table
MPLS VPN Routing Requirements

Customer routers (CE-routers) have to run standard IP routing
software
Provider core routers (P-routers) have no VPN routes
Provider edge routers (PE-routers) have to support MPLS VPN
and Internet routing
For internal use

10
MPLS VPN Routing (CE- Router Perspective)
CE - Router
MPLS VPN Backbone
PE Router
CE - Router
Customer routers run standard IP routing software and exchange

routing updates with the PE-router
EBGP, OSPF, RIPv2 , EIGRP or static routes are

supported
PE-router appears as another router in the customers network
For internal use
11
MPLS VPN Routing

PE-Router Perspective
PE-routers:
Exchange VPN routes with CE-routers via per-VPN
routing protocols
Exchange core routes with P-routers and PE-routers via
core IGP
Exchange VPNv4 routes with other PE-routers via
multi- protocol IBGP sessions
For internal use

12
MPLS VPN Support for

Internet Routing
PE-routers can run standard IPv4 BGP in the global routing table
Exchange Internet routes with other PE routers
CE-routers do not participate in Internet routing
P-routers do not need to participate in Internet routing
For internal use
13
MPLS VPN End-to-End

Routing Information Flow (1/3)
PE-routers receive IPv4 routing updates from CE-routers

and install them in the appropriate Virtual Routing and
Forwarding (VRF) table
For internal use

14
MPLS VPN End-to-End

Routing Information Flow (2/3)
PE-routers export VPN routes from VRF into MP-IBGP

and propagate them as VPNv4 routes to other PErouters
IBGP full mesh is needed between PE-routers
For internal use
15
VRF CE Routing
and Sharing
Site-1
CE to PE Routing
CE
Yellow
PE
EBGP, RIP, OSPF, Static
VPN Backbone IGP

(OSPF, IS-IS)
Site-1
CE
Green
1 Interface attached to VRF
Sharing
Site-1
CE
Green
PE
VPN Backbone IGP
Same VPN
(OSPF, IS-IS)
Site-2
CE
Green
Multiple interfaces attached to VRF

(Can NOT have multiple VRFs connected to 1 interface)
For internal use

16
Animated
VRF and Multiple Routing Instances

PE to CE Routing
Processes
BGP
EIGRP
RIP
Static
Routing
Contexts
VRF Routing
Tables
VRF Forwarding
Tables
Routing processes support routing contexts

(sub-processes within main process)
Populate specific VPN routing table and FIBs (VRF)
separate OSPF process for each VRF
For internal use
17
OSPF
OSPF
What are MPLS VPN Extranets?
VPN A
VPN B
Site4
VPN C
Site1
Site5
Site2
Site3
Belonging to more than one VRF

NOTE: A VRF is NOT a VPN
Terms sometime used interchangably but the are NOT the
same
VRF is the routing table
VPN is collection of sites that can access that table
For internal use
18
3. How is VPN Membership Determined?

VPN membership is based on filtering routes to be installed in
VRF
Route Target import/export filtering
Route Target (RT) is a BGP Extended Community
Used to constrain distribution of routing information
Identifier for VRFs that may receive set of routes tagged with
given RT (route filtering)
Based on RFC 2547
For internal use

19
What is a Route Target?

Route Target (RT) is a BGP Extended Community
Used to constrain distribution of routing information
Identifier for VRFs that may receive set of routes tagged with
given RT (route filtering)
For internal use

20
What is a Route Distinguisher?

Route Distinguisher:
converts non-unique IP addresses into unique VPN-IPv4
addresses
Not used for constrained distribution of routing information
(route filtering)
VPN-IPv4 addresses
Must be globally unique
Route Distinguisher (RD) + IP address
RDs are assigned by a service provider
For internal use

21
4. How Can MPLS VPN Addresses Overlap?
VPN A
Same Addresses
CE
10.2.0.0
VPN B
P
CE
PE
PE
PE
11.6.0.0
10.1.0.0
CE
VPN B
CE
VPN B
10.1.0.0
Route
Distinguisher provides the separation
For internal use

22
VPN A
PE
CE
VPN A
VPN A
11.5.0.0
CE
10.2.0.0
CE
10.3.0.0
What is a Route Distinguisher?

Route Distinguisher:
converts non-unique IP addresses into unique VPN-IPv4
addresses (overlapping Private address)
Not used for constrained distribution of routing information
(route filtering)
VPN-IPv4 addresses
Route Distinguisher (RD) 64Bits + IP address = 96 Bits
RDs are assigned by a service provider
RDs should be globally unique
For internal use

23
5. How are VPN Routes Distributed?
MP-iBGP (PE to PE)

to carry VPN-IPv4 Information
VPN yellow
CE1
Site-1
P1
PE1
P2
PE2
Why MP-iBGP?
BGP supports large numbers of routes

BGP is multi-protocol and scales
BGP does not require directly connected peers
BGP optional, transitive attributes
For internal use

24
VPN yellow
CE2 Site-2
What is in an MP-BGP VPNv4 Update?
MP-iBGP (PE to PE)

to carry VPN-IPv4 Information
P1
PE1
P2
PE2
VPN-IPv4 update:
RD1:Net1, Next-hop=PE1
SOO=Site1, RT=Yellow, Label=10
VPN-IPv4 update:
RD2:Net1, Next-hop=PE1
SOO=Site1, RT=Green, Label=12
For internal use
25
What is in an MP-BGP Update?

VPN-IPV4 address (96 bits)
Route Distinguisher (RD) (64 bits)
IPv4 address (32bits)
Extended Community
Route target (RT) - required
Site of Origin (SOO) - optional
(prevents routing loops in multihomed CE topologies)
Any other standard BGP attribute (Ex. VPN Labels)

A second label in the label stack
For internal use

26
Why MP-iBGP?
MP-iBGP session
VPN yellow
Site-1 CE1
VPN yellow
CE2 Site-2
P1
PE1
P2
PE2
BGP supports large numbers of routes

BGP is multi-protocol and scales
BGP does not require directly connected peers
BGP has optional, transitive attributes
For internal use
27
How Does the MPLS VPN

Control Plane Work?
VPN-B VRF
Import routes with
route-target 1:1
VPN-v4 update:
RD:1:27:152.12.4.0/24
NH=PE1, RT=1:1,
VPN Label=(29)
PE1
P1
LDP Update:
Next hop=PE1
Label=(imp-null)
PE2
P2
LDP Update:
Next hop=P1
Label=(41)
LDP Update:
Next hop=P2
Label=(32)
MPLS LSP Foundation

BGP, OSPF, RIP
152.12.4.0/24,
NH=PE2
BGP, OSPF, RIP

152.12.4.0/24,
NH=CE1
CE1
VPN B
152.12.4.0/24
For internal use
28
CE2
VPN B
Animated
How Does the MPLS VPN

Forwarding Plane Work?
?????
MPLS forwarding table (LFIB)

lookup for NH=PE1
Penultimate Hop PoP
(removal of LSP Label)
LFIB lookup
for label 29
= vrf VPN B
29 152.12.4.6
PE1
41 29 152.12.4.6
P1
VRF lookup
for 152.12.4.6
NH=CE1
LSP/MPLS Label
VPN Label
Label Swap
32 29 152.12.4.6
P2
PE2
Packet Forwarding Based on Stack of Labels

152.12.4.6
152.12.4.6
CE1
VPN B
152.12.4.0/24
For internal use
29
VRF lookup
for 152.12.4.6
NH=PE1
VPN Label=(29)
CE2
VPN B
Animated
Agenda
What is a VPN?
For internal use

30
Scaling MPLS-VPN
Route Reflectors
Green
Yellow
Yellow
Yellow
Green
Yellow
Yellow
Green
Green
Use of Route Reflectors highly recommended

Route Reflectors may be partitioned
Each RR store routes for a set of VPNs
Thus, no BGP router needs to store ALL VPN information
PEs will peer to RRs according to the VPNs they

directly connect
For internal use
31
MPLS-VPN Scaling
BGP Automatic Route Filtering (ARF)
Import RT=yellow
VRFs for VPNs

yellow
green
VPN-IPv4 update:
RD:Net1, Next-hop=PE-X
SOO=Site1, RT=Green, Label=XYZ
PE
MP-iBGP sessions
Import RT=green
VPN-IPv4 update:
SOO=Site1, RT=Red, Label=XYZ
Each VRF has an import and export policy configured

Policies use route-target attribute (extended community)
PE receives MP-iBGP updates for VPN-IPv4 routes
If route-target is equal to any of the import values configured in
the PE, the update is accepted
Otherwise, it is silently discarded
For internal use
32
MPLS-VPN Scaling
Route Refresh
Import RT=yellow
PE
Import RT=green
1. PE doesnt have red routes

(previously filtered out)
2. PE issues a Route-Refresh to
all neighbors in order to ask for
re-transmit
VPN-IPv4 update:
SOO=Site1, RT=Green, Label=XYZ
VPN-IPv4 update:
SOO=Site1, RT=Red, Label=XYZ
Import RT=red
3. Neighbors re-send updates and red route-target is now accepted
Policy may change in the PE if VRF modifications are done
New VRFs, removal of VRFs

However, the PE may not have stored routing information which
become useful after a change
PE request a re-transmission of updates to neighbors
Route-Refresh
For internal use

33
MPLS VPN Packet Forwarding
For internal use

34
MPLS / Antnio Santos / 04-06-2009
VPN Packet Forwarding Across

MPLS VPN Backbone
How will PE routers forward VPN packets across MPLS VPN

backbone?
Just forward pure IP packets???
P-routers do not have VPN routes, packet is dropped on

IP lookup.
How about using MPLS for packet propagation across backbone?
For internal use

35

MPLS VPN Backbone
Label VPN packets with LDP label for egress PErouter, forward labeled packets across MPLS
backbone??
P-routers perform label switching, packet reaches
egress PE-router.
However, egress PE-router does not know which
VRF to use for packet lookuppacket is dropped.
How about using a label stack?
For internal use

36

MPLS VPN Backbone
Label VPN packets with a label stack.

Use LDP label for egress PE-router as the top label
VPN label assigned by egress PE-router as the second label in the stack.
P-routers perform label switching, packet reaches egress PE-router.
Egress PE-router performs lookup on the VPN label and forwards the
packet toward the CE-router.
For internal use
37
VPN Packet Forwarding

Penultimate Hop Popping
Penultimate hop popping on the LDP label can be performed

on the last P-router
Egress PE-router performs only label lookup on VPN label,
resulting in faster and simpler label lookup
IP lookup is performed only oncein ingress PE router
For internal use
38
VPN Label Propagation
How will the ingress PE-router get the second label in

the label stack from the egress PE-router?
Labels are propagated in MP-BGP VPNv4 routing
updates.
For internal use
39
For internal use

40
For internal use

41
Impacts of MPLS VPN Label

Propagation
The VPN label has to be assigned by the BGP nexthop
BGP next-hop should not be changed in MP-IBGP
update propagation
Do not use next-hop-self on confederation boundaries
PE-router has to be BGP next-hop
Use next-hop-self on the PE-router
Label has to be re-originated if the next-hop is
changed
A new label is assigned every time the MP-BGP update
crosses AS-boundary where the next-hop is changed
For internal use
42
Impacts of MPLS VPN Packet

Forwarding
VPN label is only understood by egress PE-router

End-to-end Label Switched Path is required
between ingress and egress PE-router
BGP next-hops shall not be announced as BGP
routes
LDP labels are not assigned to BGP routes
BGP next-hops announced in IGP shall not be
summarized in the core network
Summarization breaks LSP
For internal use
43
Agenda
What is a VPN?
1. Configure VRFs
2. associate interfaces with VRFs
3. Configure MP-iBGP routing
4. Configure CE to PE routing
5. Verify VPN operation
For internal use

44
Configure VRF
Logical name of the VPN
use something that makes sense
ip vrf <vrf-symbolic-name>
rd <route-distinguisher-value>
route-target export <community>
route-target import <community>
The extended community string
you will RECEIVE and put into your vrf
The extended community string
you will SEND with your routes
Number to uniquely id the prefix value
Convention is ASN:xxxx
For internal use
45
Configure VRF
VPN red
CE
VPN blue
CE
E1/0
PE
E2/0
Create the VRFs on the

PE Router
vrf symbolic name
PE1(config)#ip vrf red
PE1(config)#ip vrf blue
For internal use

46
Case sensitive
Configure RD
VPN red
CE
VPN blue
CE
E1/0
PE
E2/0

PE Router

PE1(config-vrf)#rd 100:10
ASN:variable
or
IP:variable
For internal use

47
Configure Route Target
VPN red
CE
E1/0
PE
E2/0
VPN blue
CE

PE Router

PE1(config-vrf)#route-target import 100:1
PE1(config-vrf)#route-target export 100:1
RD to RT matching
just makes it easy

PE1(config-vrf)#route-target import 100:2
PE1(config-vrf)#route-target export 100:2
<both> shortcut if import and export are the same

For internal use
48
VRF Options
VPN red
CE
VPN blue
CE
E1/0
PE
E2/0

PE Router
Online documentation

PE1(config-vrf)#description VPN for
PE1(config-vrf)#route-target import
PE1(config-vrf)#route-target export
PE1(config-vrf)#maximum routes 2000
CE1
100:1
100:1
warning-only
Protect your network and PE from

saturation (scaling factor)
For internal use

49
Associate PE interfaces to VRFs
VPN red
CE
E1/0
PE
E2/0
VPN blue
CE
Configure interfaces to
belong to the VRF
PE1(config)#interface ethernet 2/0

PE1(config-if)#ip vrf forwarding blue
PE1(config-if)#ip address 172.11.2.2 255.255.255.252

PE1(config-if)#ip vrf forwarding red
match vrf symbolic name

For internal use
50
Common VRF Configuration Gotcha
Configuring an interface to the VRF: IP

address must be removed from global
routing table
PE1(config-if)#ip vrf forwarding red
% Interface Ethernet1/0 IP address 10.131.31.245 removed due to
enabling VRF red
Also,
can only assign 1 VRF to an interface
For internal use
51
Configure MP-BGP Peering between PEs

PE2
PE2
PE1
MP-BGP
PE1
VPN Backbone
IGP
PE1(config)#router bgp 100
PE1(config-router)#neighbor 10.131.63.252 remote-as 100
PE1(config-router)#neighbor 10.131.63.252 desc MP-BGP to PE2
PE1(config-router)#neighbor 10.131.63.252 update-source Loopback0
standard BGP configuration entries apply

Router config for VPNv4 prefixes
PE1(config-router)#address-family vpnv4
PE1(config-router-af)#neighbor 10.131.63.252 activate
PE1(config-router-af)#neighbor 10.131.63.252 send-community extended
PE1(config-router-af)#exit-address-family
activate neighbor to advertise routes

send extended community to id the VRF (default entry)
For internal use
52
Configure VRF Routing Contexts

PE2
PE2
PE1
MP-BGP
PE1
VPN Backbone
IGP
PE1(config-router)#address-family ipv4 vrf red

PE1(config-router-af)#no auto-summary
PE1(config-router-af)#no synchronization
PE1(config-router)#address-family ipv4 vrf blue
PE1(config-router-af)#no auto-summary
PE1(config-router-af)#no synchronization
For internal use

53
The VRF is now operational

The previous configuration creates the VRF and associated
CEF and routing table
VRF Implementation Considerations
Many commands are now VRF context sensitive
VPN Routes are not yet present
The RD and import and export policies (RT) will be used to fill
the VRF routing table with routes learned by the PE via MPBGP
For internal use

54
Example VRF Configuration
MPLS Core
VPN1
VPN2
VPN1
VPN2
Site A
Site A
Site B
Site B
BGP AS100
CE-1A
CE-2A
CE-1B
CE-2B
OSPF Area 0
lo0 172.16.1.1/24
s0/0
172.16.2.1/30
s1/0 172.16.2.2/30
lo0
s0172.16.1.1/24
172.16.2.1/30
lo0
s0 172.17.1.1/24
172.17.2.1/30
s1/1 172.16.2.2/30
s1/0 172.17.2.2/30
PE-A lo0 200.200.0.11
P-A lo0 200.200.0.1
lo0172.17.2.1/30
172.17.1.1/24
s0/0
s1/1 172.17.2.2/30
VPN2 RD 100:2
PE-B lo0 200.200.0.12
P-B lo0 200.200.0.2
PE-A(config)#ip vrf VPN1
PE-A(config-vrf)#rd 100:1
PE-A(config-vrf)#route-target export 100:10
PE-A(config-vrf)#route-target import 100:10
PE-A(config)#ip vrf VPN2

PE-A(config-vrf)#rd 100:2
PE-A(config-vrf)#route-target export 100:20
PE-A(config-vrf)#route-target import 100:20
For internal use
55
VPN1 RD 100:1
Associate VRFs to Interfaces
For each interface participating in the VPN

match vrf-symbolic-name
interface Serial1/0
ip vrf forwarding VPN1
ip address 172.16.2.2 255.255.255.252
For internal use

56
Example VRF Interface Configuration
MPLS Core
VPN1
VPN2
VPN1
VPN2
Site A
Site A
Site B
Site B
BGP AS100
CE-1A
CE-2A
CE-1B
CE-2B
OSPF Area 0
lo0 172.16.1.1/24
s0/0
172.16.2.1/30
s1/0 172.16.2.2/30
S1/0
lo0
s0172.16.1.1/24
172.16.2.1/30
s1/1 172.16.2.2/30
lo0
s0 172.17.1.1/24
172.17.2.1/30
s1/0 172.17.2.2/30
P-B lo0 200.200.0.2
PE-A(config)#interface Serial1/0
PE-A(config-if)#ip vrf forwarding VPN1

PE-A(config-if)#ip address 172.16.2.2 255.255.255.252
PE-A(config)#interface Serial1/1
PE-A(config-if)#ip vrf forwarding VPN2
PE-A(config-if)#ip address 172.16.2.2 255.255.255.252
For internal use
57
VPN1 RD 100:1
VPN2 RD 100:2
PE-B lo0 200.200.0.12
PE-A lo0 200.200.0.11

P-A lo0 200.200.0.1
lo0172.17.2.1/30
172.17.1.1/24
s0/0
s1/1 172.17.2.2/30
Configure MP-BGP
AS number
router bgp 100

address-family ipv4 vrf
no auto-summary
no synchronization
exit-address-family
address-family vpnv4
neighbor 200.200.0.12
neighbor 200.200.0.12
neighbor 200.200.0.13
neighbor 200.200.0.13
exit-address-family
Advertise Routes
For internal use
58
Router config for standard IP

Version 4 address prefixes
VPN1
Router config for standard VPN

Version 4 address prefixes
activate
send-community extended
activate
send-community extended
extended community string to id the VRF
Example MP-BGP Configuration

VPN1
VPN2
VPN1
VPN2
Site A
Site A
Site B
Site B
CE-1A
CE-2A
CE-1B
CE-2B
lo0 172.16.1.1/24
s0/0
172.16.2.1/30
s1/0 172.16.2.2/30
lo0
s0172.16.1.1/24
172.16.2.1/30
s1/1 172.16.2.2/30
PE-A lo0 200.200.0.11

P-A lo0 200.200.0.1
lo0
s0 172.17.1.1/24
172.17.2.1/30
s1/0 172.17.2.2/30
lo0172.17.2.1/30
172.17.1.1/24
s0/0
s1/1 172.17.2.2/30
PE-B lo0 200.200.0.12
P-B lo0 200.200.0.2
PE-A(config)#router bgp 100

PE-A(config-router)#no synchronization
PE-A(config-router)#no bgp default ipv4-unicast
PE-A(config-router)#bgp log-neighbor-changes
PE-A(config-router)#neighbor 200.200.0.12 remote-as 100
PE-A(config-router)#neighbor 200.200.0.12 update-source Loopback0
PE-A(config-router)#no auto-summary
PE-A(config-router)#address-family ipv4 vrf VPN1
PE-A(config-router-af)#no auto-summary
PE-A(config-router-af)#no synchronization
PE-A(config-router-af)#exit-address-family
PE-A(config-router-af)#no auto-summary
PE-A(config-router-af)#no synchronization
PE-A(config-router)#address-family vpnv4
PE-A(config-router-af)#neighbor 200.200.0.12 activate
PE-A(config-router-af)#neighbor 200.200.0.12 send-community extended
For internal usePE-A(config-router-af)#exit-address-family
59
MPLS Core
BGP AS100
OSPF Area 0
VPN1 RD 100:1
VPN2 RD 100:2
Configure Route Advertisements
CE config
ip route 0.0.0.0 0.0.0.0 172.16.2.2

Define static routes at CE and PE
ip route vrf VPN1 172.16.1.0 255.255.255.0 172.16.2.1
ip route vrf VPN2 172.16.1.0 255.255.255.0 172.16.2.1
PE config
router bgp 100

address-family ipv4 vrf VPN1
network 172.16.1.0 mask 255.255.255.0
network 172.16.2.0 mask 255.255.255.252
exit-address-family
Define BGP routes at PE
For internal use

60
Example Routing Configuration
CE-1A(config)#ip route 0.0.0.0 0.0.0.0 172.16.2.2

MPLS Core
VPN1
VPN2
VPN1
VPN2
Site A
Site A
Site B
Site B
BGP AS100
CE-1A
CE-2A
CE-1B
CE-2B
OSPF Area 0
lo0 172.16.1.1/24
s0/0
172.16.2.1/30
s1/0 172.16.2.2/30
lo0
s0172.16.1.1/24
172.16.2.1/30
lo0
s0 172.17.1.1/24
172.17.2.1/30
s1/1 172.16.2.2/30
s1/0 172.17.2.2/30
PE-A lo0 200.200.0.11
lo0172.17.2.1/30
172.17.1.1/24
s0/0
s1/1 172.17.2.2/30
VPN1 RD 100:1
VPN2 RD 100:2
PE-B lo0 200.200.0.12
lo0 200.200.0.1
lo0 200.200.0.2
PE-A(config)#ip P-A
route
vrf VPN1 172.16.1.0P-B
255.255.255.0
172.16.2.1
PE-A(config)#ip route vrf VPN2 172.16.1.0 255.255.255.0 172.16.2.1
PE-A(config)#router bgp 100
PE-A(config-router-af)#network 172.16.1.0 mask 255.255.255.0
ForPE-A(config-router-af)#exit-address-family
internal use
61
MPLS VPN Verification Steps

Verify the VRFs
show ip vrf [{detail|interfaces}]
Verify routing Information
show
show
show
show
show
ip
ip
ip
ip
ip
route vrf [detail] [vrf-name] [interfaces]

bgp neighbors
bgp vpnv4 all
bgp vpnv4 vrf VRF-name
bgp vpnv4 vrf VRF-name [ip-address]
Verify Labels
show ip bgp vpnv4 all [labels/tags]

show ip cef vrf [detail]
For internal use

62
Ping, Traceroute, Telnet Caveats

Ping and Traceroute in MPLS VPN network only succeed if
end-to-end path is successful
Good verification if successful but NOT for troubleshooting
Ping/Traceroute Command Syntax
traceroute VRF [vrf-name] ip-address
ping VRF [vrf-name] ip-address
Telnet Command Syntax
telnet ip-address /vrf [vrf-name]
For internal use

63
Chapter Summary
You should now be able to:
Describe MPLS VPN mechanisms
Use the command line interface to configure a VPN
Verify VPN functionality
For internal use

64

Mpls NSN Training Day 2 VPN Pa

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Mpls NSN Training Day 2 VPN Pa

Uploaded by

Copyright:

Available Formats

MPLS VPN Configuration

For internal use

MPLS / Mitrabh Shukla

For internal use

MPLS / Mitrabh Shukla

What is a MPLS VPN?

For internal use

MPLS / Mitrabh Shukla

For internal use

MPLS / Mitrabh Shukla

What Makes MPLS VPNs Work?

Five keys to MPLS VPNs functionality:

For internal use

MPLS / Mitrabh Shukla

MPLS VPN Requirement

PE to PE Label Switched Path (LSP)

Global routing table entries to reach

PE2 -> next-hop: P1, label: 50

PE1 -> next-hop: P2, label: 25

For internal use

MPLS / Mitrabh Shukla

2. How Are VPN Routes Kept Separate?

VPN Routing and Forwarding Instances (VRF)

VPN Backbone IGP

VRF (VPN Routing and Forwarding)

MPLS / Mitrabh Shukla

Global Routing Table

MPLS VPN Routing Requirements

For internal use

MPLS / Mitrabh Shukla

MPLS VPN Routing (CE- Router Perspective)

Customer routers run standard IP routing software and exchange

EBGP, OSPF, RIPv2 , EIGRP or static routes are

MPLS / Mitrabh Shukla

MPLS VPN Routing

For internal use

MPLS / Mitrabh Shukla

MPLS VPN Support for

MPLS / Mitrabh Shukla

MPLS VPN End-to-End

PE-routers receive IPv4 routing updates from CE-routers

For internal use

MPLS / Mitrabh Shukla

MPLS VPN End-to-End

PE-routers export VPN routes from VRF into MP-IBGP

MPLS / Mitrabh Shukla

EBGP, RIP, OSPF, Static

VPN Backbone IGP

1 Interface attached to VRF

VPN Backbone IGP

Multiple interfaces attached to VRF

For internal use

MPLS / Mitrabh Shukla

VRF and Multiple Routing Instances

Routing processes support routing contexts

MPLS / Mitrabh Shukla

What are MPLS VPN Extranets?

Belonging to more than one VRF

MPLS / Mitrabh Shukla

3. How is VPN Membership Determined?

For internal use

MPLS / Mitrabh Shukla

What is a Route Target?