18 Jun

MPLS workshop #2 – MP-BGP for L3VPN in the Core

Our core network after first chapter of workshop is able to forward labeled packets. Let’s focus now on deploying some services within this network. First MPLS L3VPN. As for now we have IS-IS as an IGP protocol in the core to forward prefixes of links and loopbacks, and LDP to maintain label exchange. Next step is to introduce mechanism that will allow us to attach label information to prefixes. MP-BGP is an extension of standard BGP protocol that let us carry MPLS VPN routes. It’s flexible and well known protocol. At this step we configure core routers (P and PE) to carry MPLS VPN routes.


MPLS VPN route is combination of route distinguisher (RD) and actual prefix. RD is an unique identifier used to distinguish the same prefix from different customer. We define it at PE router for particular VRF. Prefix combined with RD and actual IPv6 prefix is called vpnv4 prefix and is carried by MP-BGP. If the RD is 65000:1 and IPv4 prefix is 10.0.0.1/32 then vpnv4 prefix is 65000:1:1.0.0.1/32. BGP extended community support is required to carry vpvn4 prefixes and labels. It’s enabled by default for vpnv4 address-family but it’s usually good to also carry standard community.

To carry vpnv4 prefixes we configure iBGP in core network. It either require full mesh connections between routers or route reflectors deployment. We go with second option making R5 as a route-reflector. Let’s look at R5 configuration.

router bgp 65111
 bgp log-neighbor-changes
 neighbor MPLS peer-group
 neighbor MPLS remote-as 65111
 neighbor MPLS update-source Loopback0
 neighbor 10.0.0.3 peer-group MPLS
 neighbor 10.0.0.4 peer-group MPLS
 neighbor 10.0.0.8 peer-group MPLS
 neighbor 10.0.0.9 peer-group MPLS
 !
 address-family ipv4
  no synchronization
  no neighbor 10.0.0.3 activate
  no neighbor 10.0.0.4 activate
  no neighbor 10.0.0.8 activate
  no neighbor 10.0.0.9 activate
  no auto-summary
 exit-address-family
 !
 address-family vpnv4
  neighbor MPLS send-community both
  neighbor MPLS route-reflector-client
  neighbor 10.0.0.3 activate
  neighbor 10.0.0.4 activate
  neighbor 10.0.0.8 activate
  neighbor 10.0.0.9 activate
 exit-address-family
 !

To simplify configuration we use peer-groups. We also use loopback0 interfaces as source of updates (loopbacks are advertised in IS-IS so unless all links are down there should be connectivity). All neighbors are deactivated under address-family ipv4 because we are not going to use them to forward standard IPv4 prefixes. We activate them under address-family vpnv4 only. We can use no bgp default ipv4-unicast command under bgp process to make router not activate neighbor under address-family ipv4 by default. Also for this peer-group we are going to send both standard and extended communities. We also define every member of this group as a route reflector client.

Now all other routers have only to establish session with RR to receive all vpnv4 prefixes.

R3

router bgp 65111
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor MPLS peer-group
 neighbor MPLS remote-as 65111
 neighbor MPLS update-source Loopback0
 neighbor 10.0.0.5 peer-group MPLS
!
address-family ipv4
  no synchronization
  neighbor MPLS send-community both
  neighbor MPLS soft-reconfiguration inbound
  no auto-summary
 exit-address-family
 !
 address-family vpnv4
  neighbor MPLS send-community both
  neighbor 10.0.0.5 activate
 exit-address-family

R4

router bgp 65111
 bgp log-neighbor-changes
 neighbor MPLS peer-group
 neighbor MPLS remote-as 65111
 neighbor MPLS update-source Loopback0
 neighbor 10.0.0.5 peer-group MPLS
 !
 address-family ipv4
  no synchronization
  neighbor MPLS send-community both
  neighbor MPLS soft-reconfiguration inbound
  no neighbor 10.0.0.5 activate
  no auto-summary
 exit-address-family
 !
 address-family vpnv4
  neighbor MPLS send-community both
  neighbor 10.0.0.5 activate
 exit-address-family

R8

router bgp 65111
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor MPLS peer-group
 neighbor MPLS remote-as 65111
 neighbor MPLS update-source Loopback0
 neighbor 10.0.0.5 peer-group MPLS
 !
 address-family ipv4
  no synchronization
  neighbor MPLS send-community both
  neighbor MPLS soft-reconfiguration inbound
  no auto-summary
 exit-address-family
 !
 address-family vpnv4
  neighbor MPLS send-community both
  neighbor 10.0.0.5 activate
 exit-address-family

R9

router bgp 65111
 bgp log-neighbor-changes
 neighbor MPLS peer-group
 neighbor MPLS remote-as 65111
 neighbor MPLS update-source Loopback0
 neighbor 10.0.0.5 peer-group MPLS
 !
 address-family ipv4
  no synchronization
  neighbor MPLS send-community both
  neighbor MPLS soft-reconfiguration inbound
  no neighbor 10.0.0.5 activate
  no auto-summary
 exit-address-family
 !
 address-family vpnv4
  neighbor MPLS send-community both
  neighbor 10.0.0.5 activate
 exit-address-family

We can’t verify yet how the prefixes are transported because we have no CE-PE connections yet. But we can verify if the session were properly established

R5#show ip bgp vpnv4 all summary 
BGP router identifier 10.0.0.5, local AS number 65111
BGP table version is 13, main routing table version 13
12 network entries using 1632 bytes of memory
12 path entries using 624 bytes of memory
7/7 BGP path/bestpath attribute entries using 868 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
5 BGP extended community entries using 224 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 3372 total bytes of memory
BGP activity 12/0 prefixes, 12/0 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.0.0.3        4        65111     155     159       13    0    0 02:17:10        0
10.0.0.4        4        65111     153     161       13    0    0 02:17:15        0
10.0.0.8        4        65111     154     160       13    0    0 02:17:10        0
10.0.0.9        4        65111     152     160       13    0    0 02:17:10        0

2 thoughts on “MPLS workshop #2 – MP-BGP for L3VPN in the Core

  1. I'm not clearly enough about this. "All neighbors are deactivated under address-family ipv4 because we are not going to use them to forward standard IPv4 prefixes" can you explain more about that ? if we not use them to forward standart ipv4,so whats we use ?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.