When customer’s sites are connected to different MPLS providers, there are several options available for providers to connect customer sites just like regular MLPS VPNs transparent to customers. In our example below, the Customer1 has two sites, each connected to an individual service provider. Service providers have several options to achieve this goal, the simplest one – is the VRF-to-VRF (as stated in RFC 4364) or the back-to-back VRF (as named by Cisco). SP connects to other SP through a VRF just like the way they connect to CE so that they can exchange IPv4 routes on that connection point. Each sub-interface between SP to SP has to be dedicated to a single VRF (single customer VPN). These PE routers between service providers are called ASBR. (R6 and R7 in our example)
In this method IP packets are forwarded between ASBRs and no form of LSP exists between providers. Although this form of connectivity is very basic however this is the widely deployed Inter-AS option used today.
- CE routers (4 & 5) communicate with PE (R2 & R3) using RIP.
- PE routers redistribute RIP routes into MP-iBGP (RT=600:1 & RT=700:1)
- PE routers send routes to ASBR PE routers (R6 & R7) using MPLS Core.
- ASBR routers redistribute MP-iBGP into RIP and send them to VRF.
- ASBR routers recieve routes through RIP and export them as RT:600:1 fo AS700 and RT:700:1 for AS600 and import them on PE and redistribute them back to RIP for CE routers.
PE and ASBR Configuration of AS700
R3:
ip vrf A
rd 3.3.3.3:1
route-target export 700:1
route-target import 600:1
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Ethernet0/0
ip address 172.16.30.3 255.255.255.0
!
interface Ethernet0/1
ip vrf forwarding A
ip address 172.16.35.3 255.255.255.0
!
router ospf 1
mpls ldp autoconfig area 0
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
router rip
version 2
no auto-summary
!
address-family ipv4 vrf A
redistribute bgp 700 metric transparent
network 172.16.0.0
no auto-summary
exit-address-family
!
router bgp 700
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 7.7.7.7 remote-as 700
neighbor 7.7.7.7 update-source Loopback0
!
address-family vpnv4
neighbor 7.7.7.7 activate
neighbor 7.7.7.7 send-community extended
exit-address-family
!
address-family ipv4 vrf A
redistribute rip
no synchronization
exit-address-family
!
R7:
ip vrf A
rd 7.7.7.7:1
route-target export 600:1
route-target import 700:1
!
interface Loopback0
ip address 7.7.7.7 255.255.255.255
!
interface Ethernet0/0
ip address 172.16.70.7 255.255.255.0
mpls ip
!
interface Ethernet0/1.10
encapsulation dot1Q 10
ip vrf forwarding A
ip address 172.16.67.7 255.255.255.0
!
router ospf 10
log-adjacency-changes
network 7.7.7.7 0.0.0.0 area 0
network 172.16.70.0 0.0.0.255 area 0
!
router rip
version 2
no auto-summary
!
address-family ipv4 vrf A
redistribute bgp 700 metric transparent
network 172.16.0.0
no auto-summary
exit-address-family
!
router bgp 700
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 3.3.3.3 remote-as 700
neighbor 3.3.3.3 update-source Loopback0
!
address-family vpnv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
exit-address-family
!
address-family ipv4 vrf A
redistribute rip
no synchronization
exit-address-family
!
PE and ASBR Configration of AS600
R2:
ip vrf A
rd 2.2.2.2:1
route-target export 600:1
route-target import 700:1
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Ethernet0/0
ip address 172.16.12.2 255.255.255.0
!
interface Ethernet0/2
ip vrf forwarding A
ip address 172.16.24.2 255.255.255.0
!
router ospf 1
mpls ldp autoconfig area 0
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
router rip
version 2
no auto-summary
!
address-family ipv4 vrf A
redistribute bgp 600 metric transparent
network 172.16.0.0
no auto-summary
exit-address-family
!
router bgp 600
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 6.6.6.6 remote-as 600
neighbor 6.6.6.6 update-source Loopback0
!
address-family vpnv4
neighbor 6.6.6.6 activate
neighbor 6.6.6.6 send-community extended
exit-address-family
!
address-family ipv4 vrf A
redistribute rip
no synchronization
exit-address-family
!
R6:
ip vrf A
rd 6.6.6.6:1
route-target export 700:1
route-target import 600:1
!
interface Loopback0
ip address 6.6.6.6 255.255.255.255
!
interface Ethernet0/0
ip address 172.16.16.6 255.255.255.0
mpls ip
!
interface Ethernet0/1.10
encapsulation dot1Q 10
ip vrf forwarding A
ip address 172.16.67.6 255.255.255.0
!
router ospf 10
log-adjacency-changes
network 6.6.6.6 0.0.0.0 area 0
network 172.16.16.0 0.0.0.255 area 0
!
router rip
version 2
no auto-summary
!
address-family ipv4 vrf A
redistribute bgp 600 metric transparent
network 172.16.0.0
no auto-summary
exit-address-family
!
router bgp 600
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 600
neighbor 2.2.2.2 update-source Loopback0
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf A
redistribute rip
no synchronization
exit-address-family
!
CE Routers
R4#sh ip route
172.16.0.0/24 is subnetted, 4 subnets
C 172.16.45.0 is directly connected, Ethernet0/3
R 172.16.35.0 [120/2] via 172.16.24.2, 00:00:02, Ethernet0/0
C 172.16.24.0 is directly connected, Ethernet0/0
R 172.16.67.0 [120/1] via 172.16.24.2, 00:00:02, Ethernet0/0
150.1.0.0/32 is subnetted, 2 subnets
R 150.1.5.5 [120/3] via 172.16.24.2, 00:00:02, Ethernet0/0
C 150.1.4.4 is directly connected, Loopback0
R4#ping 150.1.5.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.5.5, timeout is 2 seconds:
.!!!!
R4#traceroute 150.1.5.5 source 150.1.4.4
Type escape sequence to abort.
Tracing the route to 150.1.5.5
1 172.16.24.2
2 172.16.12.1 [MPLS: Labels 16/22 Exp 0]
3 172.16.67.6 [MPLS: Label 22 Exp 0]
4 172.16.67.7
5 172.16.70.10 [MPLS: Labels 19/16 Exp 0]
6 172.16.35.3 [MPLS: Label 16 Exp 0]
7 172.16.35.5
