Did you get chance to go through my basic MPLS configuration blog ? If not then please go through this article for basic understanding of MPLS
In this blog I am going to take the discussion further and talk about the various application of MPLS network. To understand this better you need to put yourself in service provider’s shoe. Lets assume you are a service provider with many customers. First of all we need to know why do we need a service provider?? Answer is simple is to take us to internet , but for enterprises this answer may not be enough because they also need service provider to connect their geographically separated sites as well.
Now, suppose an enterprise (Customer1) comes to you asking for help to connect their two sites which are geographically separated and not only this but also they have specific requirement to exchange routes between the site. For example Customer1_SITE_A should be able to send dynamic route updates to Customer1_SITE_B. Now as we know we cannot have this kind of route exchange over public network so this becomes our problem number one.
We(ISP) took the requirement and started brain storming when we found out that there is another customer say Customer2 has exact same IP subnets that Customer1 uses. They do not need any Natting of traffic hence we will have to take the prefixes with exact same subnets from both the Customers and send it over the common MPLS core and eventually deliver route updates to respective customer’s sites. And we cannot suggest both the customer’s to change their subnet because that will be equivalent of asking them to “go away customer, choose some other ISP.”
This this brings us to problem number two, that how to keep both Customer’s traffic separate if they are using same network addresses.
Now lets see following diagram to have clarity ab out the issue.
Here you can see that we have two customer, Customer1(denoted in green) Customer2(denoted in white) . If you closely look at the diagram you will find out that both of the them are using same subnet (18.104.22.168/24 and 22.214.171.124/24) and they are connected with BGP AS500 which is ISP. Users sitting at SITE-A should reach to users sitting at SITE-B of respective customer. There must not be any kind of mis-routing because any mis-routing will be equivalent of saying both the customer to “go away customer, choose some other ISP.”
Alright, so we now know the problem. Lets see what do we have to solve it. I have heard various type of solution from various engineers and listing down few of them here, let me know in comment section of you had any of these similar thoughts.
- Why we cannot do this with VRF?? That means create one vrf end to end, in our diagram from R2 to R5. This will keep the routes separate and hence problem solved…..Well yes , it will keep the routing table separate but can you image the complexity, each router in core should be able to host 1000s of vrfs and around a million routes in routing table, this will increase the cost of the service at least by 10 times for customer. And how exactly you are sending the routes between sites ??? 🙂
- We need to have a dedicated tunnel, something like GRE….well yes this will work and it solves both of our problems but IP routing is slow, label switching is fast. Even if you have dedicated GRE tunnel but those gre packets needs to be routed through the core and this makes the services slow in comparison of MPLS.
These two are some popular questions that I have been asked, let me know if you have any other question in comment section about the solution.
Finally, lets discuss how to solve this problem with the recommended ways by some genius minds(people who follow protocoholic blog 😀 )
Before we begin we need to understand some terms used in MPLS VPN.
Route Distinguisher (RD) :
As the name suggest the RD is used to distinguish a particular IP prefix. For example if the same prefix is sent by one more customer then I will have to assign another(distinct) RD to the prefix for distinction purpose. For example see following bgp update, here two different customers have sent the same ip prefix as BGP NLRI(Network Layer Reachability Information) update, and the PE router(R2 in this case) makes a distinction between both of them with the help of RD value.
The packet capture was taken in the MPLS core in the above given network.Here Csutomer1 and Customer2 at siteA are sending prefix 126.96.36.199/24 to ISP to transfer it to SITEB. In following captures we can see how R2 has added different RD values to the prefix while sending it over to vpnv4 neighbor(R5 in our case).
Route Update sent by Customer1 :
Route Update sent by Customer2 :
As the name suggests, route target tells you the target vrf where we need to put this particular route.
For example if both of the above BGP updates reaches to R5 in our network then on R5 how would I identify that which update is for which vrf. This is ensure with the help of following route target configuration. While sending the update out to vpnv4 peer R2 needs to put the route target in bgp update so that the vpnv4 peer can identify the target vrf and update the route correctly. On R2 we need to configure route target EXPORT value and same should be configured on vpnv4 peer .i.e on R5 as IMPORT value in the respective vrf.
Config on R2 :
ip vrf CUS1 rd 300:1 route-target export 300:12 route-target import 400:65 ! ip vrf CUS2 rd 600:1 route-target export 600:27 route-target import 700:58
Config on R5:
ip vrf CUS1 rd 400:6 route-target export 400:65 route-target import 300:12 ! ip vrf CUS2 rd 700:8 route-target export 700:58 route-target import 600:27
Update sent by Customer1 :
Update sent by Customer2 :
PE Router (Provider Edge)
Provider edge router are the one sitting at the edge of provider and will have one handoff connection to customer router. It will have ipv4 bgp peering with customer router and vpnv4 peering with other end PE. In our network R2 and R5 are PE routers.
Following is the configuration on PE router R2. We have to do similar config at PE router R5.
// We need to assign interface connecting to customer //in respective customer vrf. ! interface FastEthernet0/0 ip vrf forwarding CUS1 ip address 192.168.10.2 255.255.255.252 ! //In bgp you need to configure neighborship in the vrf address family //CUS1 in this case. ! router bgp 500 no synchronization bgp log-neighbor-changes ! address-family ipv4 vrf CUS1 neighbor 192.168.10.1 remote-as 300 neighbor 192.168.10.1 activate no synchronization exit-address-family
CE(Customer Edge router)
This router sits at customer’s premises and will have a bgp neighborship with PE router.
Following is the configuration on CE router Customer1_SITE_A.
//This interface connects to ISP. ! interface FastEthernet0/0 ip address 192.168.10.1 255.255.255.252 no shut ! router bgp 300 no synchronization bgp log-neighbor-changes neighbor 192.168.10.2 remote-as 500 no auto-summary !
This similar config needs to be done at all the CE routers.
Provider(P) Router :
Provider router are the ones which are sitting at the MPLS core and will have IGP(ospf,isis,eigrp etc) and MPLS configured.
//isis is used as IGP in this setup. ! router isis net 49.1111.2222.3332.00 ! mpls ldp router-id Loopback1 ! interface Loopback1 ip address 188.8.131.52 255.255.255.255 ip router isis ! interface FastEthernet0/0 ip address 184.108.40.206 255.255.255.252 ip router isis mpls ip ! interface FastEthernet1/0 ip address 220.127.116.11 255.255.255.252 ip router isis mpls ip !
Now we know how the routes are populated between the neighbor. lets see the complete configuration quickly. First lets see the configuration vpnv4 neighbors.
Router 2 configuration (PE router).
! router bgp 500 no synchronization bgp log-neighbor-changes neighbor 18.104.22.168 remote-as 500 neighbor 22.214.171.124 update-source Loopback1 no auto-summary ! //This vpnv4 configuration ensures the MPLS VPN neigborship betwenn PE routers, later this peering will be used to transfer routes between two sites of same customer.// ! address-family vpnv4 neighbor 126.96.36.199 activate neighbor 188.8.131.52 send-community extended exit-address-family ! address-family ipv4 vrf CUS2 neighbor 192.168.50.1 remote-as 600 neighbor 192.168.50.1 activate no synchronization exit-address-family ! address-family ipv4 vrf CUS1 neighbor 192.168.10.1 remote-as 300 neighbor 192.168.10.1 activate no synchronization exit-address-family !
Router 5 configuration(PE router) :
! router bgp 500 no synchronization bgp log-neighbor-changes neighbor 184.108.40.206 remote-as 500 neighbor 220.127.116.11 update-source Loopback1 no auto-summary ! address-family vpnv4 neighbor 18.104.22.168 activate neighbor 22.214.171.124 send-community extended exit-address-family ! address-family ipv4 vrf CUS2 neighbor 192.168.70.2 remote-as 700 neighbor 192.168.70.2 activate no synchronization exit-address-family ! address-family ipv4 vrf CUS1 neighbor 192.168.20.1 remote-as 400 neighbor 192.168.20.1 activate no synchronization exit-address-family !
The above configuration is between the VPNv4 peers which is going to bring up the bgp neighborship between R2 and R5. R2 and R5 will start transferring route updates to customer CE(Customer Edge) routers which are Customer1_SITE-A, Customer2_SITE-A, Customer1_SITE-B, Customer2_SITE-B in our topology.
On CE routers we need to configure simple bgp with PE(R2 and R5). SITE A routers will configure BGP peering with R2 and SITE-B routers will configure it with R5 which is PE at their site.
Following are some outputs from R5 (PE node):
R5#show ip bgp all summary For address family: IPv4 Unicast BGP router identifier 126.96.36.199, local AS number 500 BGP table version is 1, main routing table version 1 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 188.8.131.52 4 500 39 39 1 0 0 00:35:54 0 For address family: VPNv4 Unicast BGP router identifier 184.108.40.206, local AS number 500 BGP table version is 11, main routing table version 11 10 network entries using 1560 bytes of memory 10 path entries using 680 bytes of memory 7/4 BGP path/bestpath attribute entries using 1036 bytes of memory 4 BGP AS-PATH entries using 96 bytes of memory 4 BGP extended community entries using 96 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory Bitfield cache entries: current 3 (at peak 3) using 96 bytes of memory BGP using 3564 total bytes of memory BGP activity 10/0 prefixes, 10/0 paths, scan interval 15 secs Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 220.127.116.11 4 500 39 39 11 0 0 00:35:54. 4 192.168.20.1. 4 400. 24 38 11 0 0 00:35:54 1 192.168.70.2 4 700 24 38 11 0 0 00:35:54 1
MPLS VPN is a great method to connect two sites. With this you can have better control on routing in your network even though the sites are seperated in different geo locations. Apart from this you can have switching like speed while sending traffic over the ISP. This is global method used by ISPs to connect customers. Apart from MPLS VPN there are other methods to connect customers to MPLS ISP network and we are going to discuss the same in upcoming blogs. Stay connected by hitting the follow button in the blog.
Thank you for visiting.
Also check end to end path tracing, helpful in troubleshooting GNS3 : Cisco MPLS VPN troubleshooting and Path tracing.
You can download complete configurations and gns3 file from this google drive link: