Inter-AS Option B Multi-Homed

Load inter.as.l3vpn.option.b.multi.homed.init.cfg

#IOS-XE
config replace flash:inter.as.l3vpn.option.b.multi.homed.init.cfg
 
#IOS-XR
configure
load bootflash:inter.as.l3vpn.option.b.multi.homed.init.cfg
commit replace
y

A link has been added between R3 and R4. Configure a multi-homed inter-AS option B setup, so that R7/R8 and R9/R10 have reachability. Everything has been preconfigured except for the inter-AS setup.

Use R1-XR1 as the primary link for VPN_A, and R3-R4 as the primary link for VPN_B. In the case of link failure, the other remain link should provide backup.

Answer

#R1
ip extcommunity-list standard VPN_A permit rt 101:201
ip extcommunity-list standard VPN_B permit rt 102:202
!
route-map XR1_INBOUND
 match extcomm VPN_A
 set local-pref 110
route-map XR1_INBOUND permit 20
!
router bgp 100
 no bgp default route-target filter
 neighbor 30.1.19.19 remote-as 200
 neighbor 2.2.2.2 remote-as 100
 neighbor 2.2.2.2 update-so lo0
 neighbor 3.3.3.3 remote-as 100
 neighbor 3.3.3.3 update-so lo0
 !
 add vpnv4
  neighbor 30.1.19.19 activate
  neighbor 30.1.19.19 route-map XR1_INBOUND in
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 next-hop-self
  neighbor 3.3.3.3 activate
  neighbor 3.3.3.3 next-hop-self

#R2
router bgp 100
 neighbor 1.1.1.1 remote-as 100
 neighbor 1.1.1.1 update-source Loopback0
 neighbor 3.3.3.3 remote-as 100
 neighbor 3.3.3.3 update-source Loopback0
 address-family vpnv4
  neighbor 3.3.3.3 activate
  neighbor 3.3.3.3 activate

#R3
ip extcommunity-list standard VPN_A permit rt 101:201
ip extcommunity-list standard VPN_B permit rt 102:202
!
route-map R4_INBOUND
 match extcomm VPN_B
 set local-pref 110
route-map R4_INBOUND permit 20
!
router bgp 100
 no bgp default route-target filter
 neighbor 30.3.4.4 remote-as 200
 neighbor 2.2.2.2 remote-as 100
 neighbor 2.2.2.2 update-so lo0
 neighbor 1.1.1.1 remote-as 100
 neighbor 1.1.1.1 update-so lo0
 !
 add vpnv4
  neighbor 30.3.4.4 activate
  neighbor 30.3.4.4 route-map R4_INBOUND in
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 next-hop-self
  neighbor 1.1.1.1 activate
  neighbor 1.1.1.1 next-hop-self
  
#R4
ip extcommunity-list standard VPN_A permit rt 101:201
ip extcommunity-list standard VPN_A permit rt 102:202
!
route-map R3_INBOUND
 match extcomm VPN_B
 set local-pref 110
route-map R3_INBOUND permit 20
!
router bgp 200
 no bgp default route-target filter
 neighbor 30.3.4.3 remote-as 100
 neighbor 20.20.20.20 remote-as 200
 neighbor 20.20.20.20 update-so lo0
 neighbor 19.19.19.19 remote-as 200
 neighbor 19.19.19.19 update-so lo0
 !
 add vpnv4
  neighbor 30.3.4.3 activate
  neighbor 30.3.4.3 route-map R3_INBOUND in
  neighbor 20.20.20.20 activate
  neighbor 20.20.20.20 next-hop-self
  neighbor 19.19.19.19 activate
  neighbor 19.19.19.19 next-hop-self

#XR1
router static add ipv4 uni
 30.1.19.1/32 gi0/0/0/0.30
!
route-policy R1_INBOUND
  if extcommunity rt matches-any (101:201) then
    set local-preference 110
  endif
  pass
end-policy
route-policy PASS
 pass
end-policy
!
router bgp 200
 add vpnv4 uni
  retain route-target all
 !
 neighbor 30.1.19.1
  remote-as 100
  add vpnv4 uni
   route-policy R1_INBOUND in
   route-policy PASS out
 !
 neighbor 20.20.20.20
  remote-as 200
  update-source Loopback0
  address-family vpnv4 unicast
   next-hop-self

#XR2
router bgp 200
 neighbor 4.4.4.4
  remote-as 200
  update-source Loopback0
  address-family vpnv4 unicast

Explanation

This lab asks us to configure a multi-homed inter-AS option B setup. The VPN_A VRF should use the R1-XR1 primarily, and the VPN_B VRF should use the R3-R4 link primarily.

This is similar to the option A multi-homed setup, in that we use standard BGP tools to configure the multi-homing. However, we now have a single VPNv4 session between ASBRs instead of one IPv4 unicast session per VRF. For this reason, we set local pref on matching extcommunity values. On R1 and XR1, we match the VPN_A extcommunity and set LP=110. On R3 and R4 we match the VPN_B extcommunity and set LP=110.

#R1
ip extcommunity-list standard VPN_A permit rt 101:201
ip extcommunity-list standard VPN_B permit rt 102:202
!
route-map XR1_INBOUND
 match extcomm VPN_A
 set local-pref 110
route-map XR1_INBOUND permit 20
!
router bgp 100
 add vpnv4
  neighbor 30.1.19.19 activate
  neighbor 30.1.19.19 route-map XR1_INBOUND in

#R3
ip extcommunity-list standard VPN_A permit rt 101:201
ip extcommunity-list standard VPN_B permit rt 102:202
!
route-map R4_INBOUND
 match extcomm VPN_B
 set local-pref 110
route-map R4_INBOUND permit 20
!
router bgp 100
 add vpnv4
  neighbor 30.3.4.4 activate
  neighbor 30.3.4.4 route-map R4_INBOUND in
  
#R4
ip extcommunity-list standard VPN_A permit rt 101:201
ip extcommunity-list standard VPN_A permit rt 102:202
!
route-map R3_INBOUND
 match extcomm VPN_B
 set local-pref 110
route-map R3_INBOUND permit 20
!
router bgp 200
 add vpnv4
  neighbor 30.3.4.3 activate
  neighbor 30.3.4.3 route-map R3_INBOUND in

#XR1
route-policy R1_INBOUND
  if extcommunity rt matches-any (101:201) then
    set local-preference 110
  endif
  pass
end-policy
!
router bgp 200
 neighbor 30.1.19.1
  add vpnv4 uni
   route-policy R1_INBOUND in
   route-policy PASS out

Otherwise, this configuration is just basic option B configuration.

• A static route is needed on XR1 to fix the label forwarding issue.

• Next-hop-self is needed on each ASBR’s VPNv4 session with internal routers to terminate the VPN LSP

  • There are three LSPs: PE-ASBR, ASBR-ASBR, ASBR-PE

• The RT filter needs to be disabled on all ASBRs

Verification

We can verify that VPN_A traffic uses the R1-XR1 link:

VPN_B traffic uses the R3-R4 link:

Shut down the R1-XR1 link and verify that VPN_A traffic can use the R3-R4 link:

#R1
int gi2.30
 shut

#XR1
int gi0/0/0/0.30
 shut

Bring the link back up, shutdown the R3-R4 link, and verify VPN_B traffic can use the R1-XR1 link:

#R3, R4
int gi2.30
 shut

Summary

The goals of this lab are very similar to the previous lab, but we are using option B instead of option A. All VPNv4 routes are exchanged over a single eBGP session in option B, so we cannot use a per-neighbor route-policy like we used in option A. Instead, we identify routes based on the extcommunity value and set the LP on matching routes on each ASBR. This configuration is a little less command-intensive because we do not need to define the individual VRFs and per-VRF neighbors on every ASBR.