Thursday, April 12, 2012

MPLS VPN Configuration


  • Main steps in configuring MPLS VPN configuration:
    • Creating each VRF, RD, & RT, plus associating the customer-facing PE interfaces with the correct VRF
    • Configuring the IGP between PE & CE
    • Configuring mutual redistribution between the IGP & BGP
    • Configuring MP-BGP between PEs

















  • VPNs are configured only on PE routers only.
    • The customer routers no need to know about VPNs
    • P routers no need to know about the MPLS VPN features
  • VRFs allow PEs to store routes learned from various CEs, even if the prefixes overlap.
  • RD allows PEs to store routes as unique prefixes.
  • RT tells the PEs which routes should be added to each VRF
    • which provides greater control & ability to allow sites to be reachable from multiple VPNs.
  • VRF configuration on PE use the following commands:
    • Configure the VRF using command:
      • ip vrf <vrf-name>
    • Configure the RD under VRF sub-command using
      • rd <rd-value>
    • Configure the RT under VRF sub-command using
      • rt {import|export} <rt-value>
    • Associating an interface with the VRF under interface sub-command using
      • ip vrf forwarding <vrf-name>
  • Each VRF has:
    • One RD
    • At least one import & export routing tag.
  • If we give unique RD to every VRF, overlapping of prefixes will be overcomes.
  • Configuring the IGP between PE & CE:
    • Configure a routing protocol between PE & CE.
    • This allows the PE router to learn the customer routes & CE to learn the other customer routes learned by PE from other PE in the MPLS cloud.
    • Any IGP or even BGP can be used as the routing protocol.
    • Show Commands:
      • sh ip route vrf cust-A
        • shows connected route on PE router & router learned from CE.
  • Configuring Redistribution between PE-CE IGP & MP-BGP
    • PE have no ability to advertise these routes across the MPLS VPN cloud.
    • Then redistribute the IGP learned routes from CE into BGP table contain other CE routes learned from remaining PEs & vice-versa.
    • 2 methods to add new routes to BGP table are
      • Using network command
      • Redistribution
    • The BGP network command works well when adding small number of predictable prefixes.
    • The Redistribution process works best when 
      • the prefixes are not predictable
      • there may be many no.of prefixes,... etc.
    • So MPLS VPN BGP configurations uses the Redistribution process for adding new routes.
    • MPLS VPN mutual redistribution configuration requires specific VRF told by both IGP & BGP.
    • Redistribution command under the IGP & BGP process is
      •  address-family ipv4 vrf  <vrf-name>
  • Configuring MP-BGP between PFs
    • To configure each peer, commands used are in normal BGP in non-MPLS configurations & others occur inside a new VPNv4 address family.
    • Compare MPLS VPN BGP  & traditional BGP configuration. 
      • The PE neighbors are defined under the main BGP process, not for particular address family.
      • In MPLS VPN designs loopback is used as update source on the PE routers.
        • In that case, the neighbor update-source command is also under the mail BGP process.
      • The PE neighbors are then activated, using the neighbor activate command, under the VPNv4 address family process (address-family vpnv4).
      • BGP must be told to send the community PA (neighbor send-community) command, under the address-family vpnv4 command.
      • The VPNv4 address family does not refer to any particular VRF.
      • Thre is no need of iBGP neighbor per VRF on each remote VRF.




at