MPLS workshop #2 – MP-BGP for L3VPN in the Core
Our core network after first chapter of workshop is able to forward labeled packets. Let’s focus now on deploying some services within this network. First MPLS L3VPN. As for now we have IS-IS as an IGP protocol in the core to forward prefixes of links and loopbacks, and LDP to maintain label exchange. Next step is to introduce mechanism that will allow us to attach label information to prefixes. MP-BGP is an extension of standard BGP protocol that let us carry MPLS VPN routes. It’s flexible and well known protocol. At this step we configure core routers (P and PE) to carry MPLS VPN routes.
MPLS VPN route is combination of route distinguisher (RD) and actual prefix. RD is an unique identifier used to distinguish the same prefix from different customer. We define it at PE router for particular VRF. Prefix combined with RD and actual IPv6 prefix is called vpnv4 prefix and is carried by MP-BGP. If the RD is 65000:1 and IPv4 prefix is 10.0.0.1/32 then vpnv4 prefix is 65000:1:1.0.0.1/32. BGP extended community support is required to carry vpvn4 prefixes and labels. It’s enabled by default for vpnv4 address-family but it’s usually good to also carry standard community.
To carry vpnv4 prefixes we configure iBGP in core network. It either require full mesh connections between routers or route reflectors deployment. We go with second option making R5 as a route-reflector. Let’s look at R5 configuration.
router bgp 65111 bgp log-neighbor-changes neighbor MPLS peer-group neighbor MPLS remote-as 65111 neighbor MPLS update-source Loopback0 neighbor 10.0.0.3 peer-group MPLS neighbor 10.0.0.4 peer-group MPLS neighbor 10.0.0.8 peer-group MPLS neighbor 10.0.0.9 peer-group MPLS ! address-family ipv4 no synchronization no neighbor 10.0.0.3 activate no neighbor 10.0.0.4 activate no neighbor 10.0.0.8 activate no neighbor 10.0.0.9 activate no auto-summary exit-address-family ! address-family vpnv4 neighbor MPLS send-community both neighbor MPLS route-reflector-client neighbor 10.0.0.3 activate neighbor 10.0.0.4 activate neighbor 10.0.0.8 activate neighbor 10.0.0.9 activate exit-address-family !
To simplify configuration we use peer-groups. We also use loopback0 interfaces as source of updates (loopbacks are advertised in IS-IS so unless all links are down there should be connectivity). All neighbors are deactivated under address-family ipv4 because we are not going to use them to forward standard IPv4 prefixes. We activate them under address-family vpnv4 only. We can use no bgp default ipv4-unicast command under bgp process to make router not activate neighbor under address-family ipv4 by default. Also for this peer-group we are going to send both standard and extended communities. We also define every member of this group as a route reflector client.
Now all other routers have only to establish session with RR to receive all vpnv4 prefixes.
R3
router bgp 65111 no bgp default ipv4-unicast bgp log-neighbor-changes neighbor MPLS peer-group neighbor MPLS remote-as 65111 neighbor MPLS update-source Loopback0 neighbor 10.0.0.5 peer-group MPLS ! address-family ipv4 no synchronization neighbor MPLS send-community both neighbor MPLS soft-reconfiguration inbound no auto-summary exit-address-family ! address-family vpnv4 neighbor MPLS send-community both neighbor 10.0.0.5 activate exit-address-family
R4
router bgp 65111 bgp log-neighbor-changes neighbor MPLS peer-group neighbor MPLS remote-as 65111 neighbor MPLS update-source Loopback0 neighbor 10.0.0.5 peer-group MPLS ! address-family ipv4 no synchronization neighbor MPLS send-community both neighbor MPLS soft-reconfiguration inbound no neighbor 10.0.0.5 activate no auto-summary exit-address-family ! address-family vpnv4 neighbor MPLS send-community both neighbor 10.0.0.5 activate exit-address-family
R8
router bgp 65111 no bgp default ipv4-unicast bgp log-neighbor-changes neighbor MPLS peer-group neighbor MPLS remote-as 65111 neighbor MPLS update-source Loopback0 neighbor 10.0.0.5 peer-group MPLS ! address-family ipv4 no synchronization neighbor MPLS send-community both neighbor MPLS soft-reconfiguration inbound no auto-summary exit-address-family ! address-family vpnv4 neighbor MPLS send-community both neighbor 10.0.0.5 activate exit-address-family
R9
router bgp 65111 bgp log-neighbor-changes neighbor MPLS peer-group neighbor MPLS remote-as 65111 neighbor MPLS update-source Loopback0 neighbor 10.0.0.5 peer-group MPLS ! address-family ipv4 no synchronization neighbor MPLS send-community both neighbor MPLS soft-reconfiguration inbound no neighbor 10.0.0.5 activate no auto-summary exit-address-family ! address-family vpnv4 neighbor MPLS send-community both neighbor 10.0.0.5 activate exit-address-family
We can’t verify yet how the prefixes are transported because we have no CE-PE connections yet. But we can verify if the session were properly established
R5#show ip bgp vpnv4 all summary BGP router identifier 10.0.0.5, local AS number 65111 BGP table version is 13, main routing table version 13 12 network entries using 1632 bytes of memory 12 path entries using 624 bytes of memory 7/7 BGP path/bestpath attribute entries using 868 bytes of memory 1 BGP AS-PATH entries using 24 bytes of memory 5 BGP extended community entries using 224 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP using 3372 total bytes of memory BGP activity 12/0 prefixes, 12/0 paths, scan interval 60 secs Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.0.0.3 4 65111 155 159 13 0 0 02:17:10 0 10.0.0.4 4 65111 153 161 13 0 0 02:17:15 0 10.0.0.8 4 65111 154 160 13 0 0 02:17:10 0 10.0.0.9 4 65111 152 160 13 0 0 02:17:10 0
2 thoughts on “MPLS workshop #2 – MP-BGP for L3VPN in the Core”