CCIE SPv5.1 Labs
  • Intro
    • Setup
  • Purpose
  • Video Demonstration
  • Containerlab Tips
  • Labs
    • ISIS
      • Start
      • Topology
      • Prefix Suppression
      • Hello padding
      • Overload Bit
      • LSP size
      • Default metric
      • Hello/Hold Timer
      • Mesh groups
      • Prefix Summarization
      • Default Route Preference
      • ISIS Timers
      • Log Neighbor Changes
      • Troubleshooting 1 - No routes
      • Troubleshooting 2 - Adjacency
      • IPv6 Single Topology
      • IPv6 Single Topology Challenge
      • IPv6 Multi Topology
      • IPv6 Single to Multi Topology
      • Wide Metrics Explained
      • Route Filtering
      • Backdoor Link
      • Non-Optimal Intra-Area routing
      • Multi Area
      • Authentication
      • Conditional ATT Bit
      • Troubleshooting iBGP
      • Troubleshooting TE Tunnel
    • LDP
      • Start
      • Topology
      • LDP and ECMP
      • LDP and Static Routes
      • LDP Timers
      • LDP Authentication
      • LDP Session Protection
      • LDP/IGP Sync (OSPF)
      • LDP/IGP Sync (ISIS)
      • LDP Local Allocation Filtering
      • LDP Conditional Label Advertisement
      • LDP Inbound Label Advertisement Filtering
      • LDP Label Advertisement Filtering Challenge
      • LDP Implicit Withdraw
      • LDP Transport Address Troubleshooting
      • LDP Static Labels
    • MPLS-TE
      • Start
      • Topology
      • Basic TE Tunnel w/ OSPF
      • Basic TE Tunnel w/ ISIS
      • TE Tunnel using Admin Weight
      • TE Tunnel using Link Affinity
      • TE Tunnel with Explicit-Null
      • TE Tunnel with Conditional Attributes
      • RSVP message pacing
      • Reoptimization timer
      • IGP TE Flooding Thresholds
      • CSPF Tiebreakers
      • TE Tunnel Preemption
      • TE Tunnel Soft Preemption
      • Tunneling LDP inside RSVP
      • PE to P TE Tunnel
      • Autoroute Announce Metric (XE)
      • Autoroute Announce Metric (XR)
      • Autoroute Announce Absolute Metric
      • Autoroute Announce Backup Path
      • Forwarding Adjacency
      • Forwarding Adjacency with OSPF
      • TE Tunnels with UCMP
      • Auto-Bandwidth
      • FRR Link Protection (XE, BFD)
      • FRR Link Protection (XE, RSVP Hellos)
      • FRR Node Protection (XR)
      • FRR Path Protection
      • FRR Multiple Backup Tunnels (Node Protection)
      • FRR Multiple Backup Tunnels (Link Protection)
      • FRR Multiple Backup Tunnels (Backwidth/Link Protection)
      • FRR Backup Auto-Tunnels
      • FRR Backup Auto-Tunnels with SRLG
      • Full Mesh Auto-Tunnels
      • Full Mesh Dynamic Auto-Tunnels
      • One-Hop Auto-Tunnels
      • CBTS/PBTS
      • Traditional DS-TE
      • IETF DS-TE with MAM
      • IETF DS-TE with RDM
      • RDM w/ FRR Troubleshooting
      • Per-VRF TE Tunnels
      • Tactical TE Issues
      • Multicast and MPLS-TE
    • SR
      • Start
      • Topology
      • Basic SR with ISIS
      • Basic SR with OSPF
      • SRGB Modifcation
      • SR with ExpNull
      • SR Anycast SID
      • SR Adjacency SID
      • SR LAN Adjacency SID (Walkthrough)
      • SR and RSVP-TE interaction
      • SR Basic Inter-area with ISIS
      • SR Basic Inter-area with OSPF
      • SR Basic Inter-IGP (redistribution)
      • SR Basic Inter-AS using BGP
      • SR BGP Data Center (eBGP)
      • SR BGP Data Center (iBGP)
      • LFA
      • LFA Tiebreakers (ISIS)
      • LFA Tiebreakers (OSPF)
      • Remote LFA
      • RLFA Tiebreakers?
      • TI-LFA
      • Remote LFA or TILFA?
      • TI-LFA Node Protection
      • TI-LFA SRLG Protection
      • TI-LFA Protection Priorities (ISIS)
      • TI-LFA Protection Priorities (OSPF)
      • Microloop Avoidance
      • SR/LDP Interworking
      • SR/LDP SRMS OSPF Inter-Area
      • SR/LDP Design Challenge #1
      • SR/LDP Design Challenge #2
      • Migrate LDP to SR (ISIS)
      • OAM with SR
      • SR-MPLS using IPv6
      • Basic SR-TE with AS
      • Basic SR-TE with AS and ODN
      • SR-TE with AS Primary/Secondary Paths
      • SR-TE Dynamic Policies
      • SR-TE Dynamic Policy with Margin
      • SR-TE Explicit Paths
      • SR-TE Disjoint Planes using Anycast SIDs
      • SR-TE Flex-Algo w/ Latency
      • SR-TE Flex-Algo w/ Affinity
      • SR-TE Disjoint Planes using Flex-Algo
      • SR-TE BSIDs
      • SR-TE RSVP-TE Stitching
      • SR-TE Autoroute Include
      • SR Inter-IGP using PCE
      • SR-TE PCC Features
      • SR-TE PCE Instantiated Policy
      • SR-TE PCE Redundancy
      • SR-TE PCE Redundancy w/ Sync
      • SR-TE Basic BGP EPE
      • SR-TE BGP EPE for Unified MPLS
      • SR-TE Disjoint Paths
      • SR Converged SDN Transport Challenge
      • SR OAM DPM
      • SR OAM Tools
      • Performance-Measurement (Interface Delay)
    • SRv6
      • Start
      • Topology
      • Basic SRv6
      • SRv6 uSID
      • SRv6 uSID w/ EVPN-VPWS and BGP IPv4/IPv6
      • SRv6 uSID w/ SR-TE
      • SRv6 uSID w/ SR-TE Explicit Paths
      • SRv6 uSID w/ L3 IGW
      • SRv6 uSID w/ Dual-Connected PE
      • SRv6 uSID w/ Flex Algo
      • SRv6 uSID - Scale (Pt. 1)
      • SRv6 uSID - Scale (Pt. 2)
      • SRv6 uSID - Scale (Pt. 3) (UPA Walkthrough)
      • SRv6 uSID - Scale (Pt. 4) (Flex Algo)
      • SRv6 uSID w/ TI-LFA
    • Multicast
      • Start
      • Topology
      • Basic PIM-SSM
      • PIM-SSM Static Mapping
      • Basic PIM-SM
      • PIM-SM with Anycast RP
      • PIM-SM with Auto-RP
      • PIM-SM with BSR
      • PIM-SM with BSR for IPv6
      • PIM-BiDir
      • PIM-BiDir for IPv6
      • PIM-BiDir with Phantom RP
      • PIM Security
      • PIM Boundaries with AutoRP
      • PIM Boundaries with BSR
      • PIM-SM IPv6 using Embedded RP
      • PIM SSM Range Note
      • PIM RPF Troubleshooting #1
      • PIM RPF Troubleshooting #2
      • PIM RP Troubleshooting
      • PIM Duplicate Traffic Troubleshooting
      • Using IOS-XR as a Sender/Receiver
      • PIM-SM without Receiver IGMP Joins
      • RP Discovery Methods
      • Basic Interdomain Multicast w/o MSDP
      • Basic Interdomain Multicast w/ MSDP
      • MSDP Filtering
      • MSDP Flood Reduction
      • MSDP Default Peer
      • MSDP RPF Check (IOS-XR)
      • MSDP RPF Check (IOS-XE)
      • Interdomain MBGP Policies
      • PIM Boundaries using MSDP
    • MVPN
      • Start
      • Topology
      • Profile 0
      • Profile 0 with data MDTs
      • Profile 1
      • Profile 1 w/ Redundant Roots
      • Profile 1 with data MDTs
      • Profile 6
      • Profile 7
      • Profile 3
      • Profile 3 with S-PMSI
      • Profile 11
      • Profile 11 with S-PMSI
      • Profile 11 w/ Receiver-only Sites
      • Profile 9 with S-PMSI
      • Profile 12
      • Profile 13
      • UMH (Upstream Multicast Hop) Challenge
      • Profile 13 w/ Configuration Knobs
      • Profile 13 w/ PE RP
      • Profile 12 w/ PE Anycast RP
      • Profile 14 (Partitioned MDT)
      • Profile 14 with Extranet option #1
      • Profile 14 with Extranet option #2
      • Profile 14 w/ IPv6
      • Profile 17
      • Profile 19
      • Profile 21
    • MVPN SR
      • Start
      • Topology
      • Profile 27
      • Profile 27 w/ Constraints
      • Profile 27 w/ FRR
      • Profile 28
      • Profile 28 w/ Constraints and FRR
      • Profile 28 w/ Data MDTs
      • Profile 29
    • VPWS
      • Start
      • Topology
      • Basic VPWS
      • VPWS with Tag Manipulation
      • Redundant VPWS
      • Redundant VPWS (IOS-XR)
      • VPWS with PW interfaces
      • Manual VPWS
      • VPWS with Sequencing
      • Pseudowire Logging
      • VPWS with FAT-PW
      • MS-PS (Pseudowire stitching)
      • VPWS with BGP AD
    • VPLS
      • Start
      • Topology
      • Basic VPLS with LDP
      • VPLS with LDP and BGP
      • VPLS with BGP only
      • Hub and Spoke VPLS
      • Tunnel L2 Protocols over VPLS
      • Basic H-VPLS
      • H-VPLS with BGP
      • H-VPLS with QinQ
      • H-VPLS with Redundancy
      • VPLS with Routing
      • VPLS MAC Protection
      • Basic E-TREE
      • VPLS with LDP/BGP-AD and XRv RR
      • VPLS with BGP and XRv RR
      • VPLS with Storm Control
    • EVPN
      • Start
      • Topology
      • EVPN VPWS
      • EVPN VPWS Multihomed
      • EVPN VPWS Multihomed Single-Active
      • Basic Single-homed EVPN E-LAN
      • EVPN E-LAN Service Label Allocation
      • EVPN E-LAN Ethernet Tag
      • EVPN E-LAN Multihomed
      • EVPN E-LAN on XRv
      • EVPN IRB
      • EVPN-VPWS Multihomed IOS-XR (All-Active)
      • EVPN-VPWS Multihomed IOS-XR (Port-Active)
      • EVPN-VPWS Multihomed IOS-XR (Single-Active)
      • EVPN-VPWS Multihomed IOS-XR (Non-Bundle)
      • PBB-EVPN (Informational)
    • BGP Multi-Homing (XE)
      • Start
      • Topology
      • Lab1 ECMP
      • Lab2 UCMP
      • Lab3 Backup Path
      • Lab4 Shadow Session
      • Lab5 Shadow RR
      • Lab6 RR with Add-Path
      • Lab7 MPLS + Add Path ECMP
      • Lab8 MPLS + Shadow RR
      • Lab9 MPLS + RDs + UCMP
    • BGP Multi-Homing (XR)
      • Start
      • Topology
      • Lab1 ECMP
      • Lab2 UCMP
      • Lab3 Backup Path
      • Lab4 “Shadow Session”
      • Lab5 “Shadow RR”
      • Lab6 RR with Add-Path
      • Lab7 MPLS + Add Path ECMP
      • Lab8 MPLS + “Shadow RR”
      • Lab9 MPLS + RDs + UCMP
      • Lab10 MPLS + Same RD + Add-Path + UCMP
      • Lab11 MPLS + Same RD + Add-Path + Repair Path
    • BGP
      • Start
      • Conditional Advertisement
      • Aggregation and Deaggregation
      • Local AS
      • BGP QoS Policy Propagation
      • Non-Optimal eBGP Routing
      • Multihomed Enterprise Challenge
      • Provider Communities
      • Destination-Based RTBH
      • Destination-Based RTBH (Community-Based)
      • Source-Based RTBH
      • Source-Based RTBH (Community-Based)
      • Multihomed Enterprise Challenge (XRv)
      • Provider Communities (XRv)
      • DMZ Link BW Lab1
      • DMZ Link BW Lab2
      • PIC Edge in the Global Table
      • PIC Edge Troubleshooting
      • PIC Edge for VPNv4
      • AIGP
      • AIGP Translation
      • Cost-Community (iBGP)
      • Cost-Community (confed eBGP)
      • Destination-Based RTBH (VRF Provider-triggered)
      • Destination-Based RTBH (VRF CE-triggered)
      • Source-Based RTBH (VRF Provider-triggered)
      • Flowspec (Global IPv4/6PE)
      • Flowspec (VRF)
      • Flowspec (Global IPv4/6PE w/ Redirect)
      • Flowspec (Global IPv4/6PE w/ Redirect) T-Shoot
      • Flowspec (VRF w/ Redirect)
      • Flowspec (Global IPv4/6PE w/ CE Advertisement)
    • Intra-AS L3VPN
      • Start
      • Partitioned RRs
      • Partitioned RRs with IOS-XR
      • RT Filter
      • Non-Optimal Multi-Homed Routing
      • Troubleshoot #1 (BGP)
      • Troubleshoot #2 (OSPF)
      • Troubleshoot #3 (OSPF)
      • Troubleshoot #4 (OSPF Inter-AS)
      • VRF to Global Internet Access (IOS-XE)
      • VRF to Global Internet Access (IOS-XR)
    • Inter-AS L3VPN
      • Start
      • Inter-AS Option A
      • Inter-AS Option B
      • Inter-AS Option C
      • Inter-AS Option AB (D)
      • CSC
      • CSC with Option AB (D)
      • Inter-AS Option C - iBGP LU
      • Inter-AS Option B w/ RT Rewrite
      • Inter-AS Option C w/ RT Rewrite
      • Inter-AS Option A Multi-Homed
      • Inter-AS Option B Multi-Homed
      • Inter-AS Option C Multi-Homed
    • Russo Inter-AS
      • Start
      • Topology
      • Option A L3NNI
      • Option A L2NNI
      • Option A mVPN
      • Option B L3NNI
      • Option B mVPN
      • Option C L3NNI
      • Option C L3NNI w/ L2VPN
      • Option C mVPN
    • BGP RPKI
      • Start
      • RPKI on IOS-XE (Enabling the feature)
      • RPKI on IOS-XE (Validation)
      • RPKI on IOS-XR (Enabling the feature)
      • Enable SSH in Routinator
      • RPKI on IOS-XR (Validation)
      • RPKI on IOS-XR (RPKI Routes)
      • RPKI on IOS-XR (VRF)
      • RPKI iBGP Mesh (No Signaling)
      • RPKI iBGP Mesh (iBGP Signaling)
    • NAT
      • Start
      • Egress PE NAT44
      • NAT44 within an INET VRF
      • Internet Reachability between VRFs
      • CGNAT
      • NAT64 Stateful
      • NAT64 Stateful w/ Static NAT
      • NAT64 Stateless
      • MAP-T BR
    • BFD
      • Start
      • Topology
      • OSPF Hellos
      • ISIS Hellos
      • BGP Keepalives
      • PIM Hellos
      • Basic BFD for all protocols
      • BFD Asymmetric Timers
      • BFD Templates
      • BFD Tshoot #1
      • BFD for Static Routes
      • BFD Multi-Hop
      • BFD for VPNv4 Static Routes
      • BFD for VPNv6 Static Routes
      • BFD for Pseudowires
    • QoS
      • Start
      • QoS on IOS-XE
      • Advanced QoS on IOS-XE Pt. 1
      • Advanced QoS on IOS-XE Pt. 2
      • MPLS QoS Design
      • Notes - QoS on IOS-XR
    • NSO
      • Start
      • Basic NSO Usage
      • Basic NSO Template Service
      • Advanced NSO Template Service
      • Advanced NSO Template Service #2
      • NSO Template vs. Template Service
      • NSO API using Python
      • NSO API using Python #2
      • NSO API using Python #3
      • Using a NETCONF NED
      • Python Service
      • Nano Services
    • MDT
      • Start
      • MDT Server Setup
      • Basic Dial-Out
      • Filtering Data using XPATH
      • Finding the correct YANG model
      • Finding the correct YANG model #2
      • Event-Driven MDT
      • Basic Dial-In using gNMI
      • Dial-Out with TLS
      • Dial-In with TLS
      • Dial-In with two-way TLS
    • App-Hosting
      • Start
      • Lab - iperf3 Docker Container
      • Notes - LXC Container
      • Notes - Native Applications
      • Notes - Process Scripts
    • ZTP
      • Notes - Classic ZTP
      • Notes - Secure ZTP
    • L2 Connectivity Notes
      • 802.1ad (Q-in-Q)
      • MST-AG
      • MC-LAG
      • G.8032
    • Ethernet OAM
      • Start
      • Topology
      • CFM
      • y1731
      • Notes - y1564
    • Security
      • Start
      • Notes - Security ACLs
      • Notes - Hybrid ACLs
      • Notes - MPP (IOS-XR)
      • Notes - MPP (IOS-XE)
      • Notes - CoPP (IOS-XE)
      • Notes - LPTS (IOS-XR)
      • Notes - WAN MACsec White Paper
      • Notes - WAN MACsec Config Guide
      • Notes - AAA
      • Notes - uRPF
      • Notes - VTY lines (IOS-XR)
      • Lab - uRPF
      • Lab - MPP
      • Lab - AAA (IOS-XE)
      • Lab - AAA (IOS-XR)
      • Lab - CoPP and LPTS
    • Assurance
      • Start
      • Notes - Syslog on IOS-XE
      • Notes - Syslog on IOS-XR
      • Notes - SNMP Traps
      • Syslog (IOS-XR)
      • RMON
      • Netflow (IOS-XE)
      • Netflow (IOS-XR)
Powered by GitBook
On this page
  • Answer
  • Explanation
  • A closer look at eBGP VPNv4/v6 operations
  • Summary
  1. Labs
  2. Russo Inter-AS

Option B L3NNI

Load russo.pl.course.inter-as.opt.b.init.cfg

#IOS-XE
config replace flash:russo.pl.course.inter-as.opt.b.init.cfg
 
#IOS-XR
configure
load bootflash:russo.pl.course.inter-as.opt.b.init.cfg
commit replace
y

Configure inter-AS option B using the following guidelines:

  • Globomantics is AS65001 and Wired Brain is AS65002

  • Globomantics has two ASBRs. Setup the BGP advertisements so that optimal convergence is used within the AS.

  • Wired Brain only has one ASBR. Setup the BGP advertisements for ease of configuration/troubleshooting.

  • XR11 must be preferred for egress from AS65001 into AS65002 but R2 must be preferred for ingress from AS65002 into AS65001

    • Only configure policies on XR11 to accomplish this using MED and LP

    • Only use RPLs that take parameters

All IGP/BGP peerings are already setup (except for the ASBR-ASBR peerings for option B).

Answer

#R3
router bgp 65002
 no bgp default route-target filter
 neighbor 10.2.3.2 remote-as 65001
 neighbor 10.3.11.11 remote-as 65001
 !
 add vpnv4 
  neighbor 10.2.3.2 activate
  neighbor 10.3.11.11 activate
  neighbor 10.0.0.14 next-hop-self
 add vpnv6
  neighbor 10.2.3.2 activate
  neighbor 10.3.11.11 activate
  neighbor 10.0.0.14 next-hop-self

#R2
router bgp 65001
 no bgp default route-target filter
 neighbor 10.2.3.3 remote-as 65002
 !
 add vpnv4
  neighbor 10.2.3.3 activate
 add vpnv6
  neighbor 10.2.3.3 activate
!
ip prefix-list R3_NEXTHOP permit 10.2.3.3/32
route-map REDIST_CONN
 match ip addr prefix R3_NEXTHOP
!
router isis 65001
 redistribute connected route-map REDIST_CONN

#XR11
router static add ipv4 uni
 10.3.11.3/32 GigabitEthernet0/0/0/0.3113888 tag 65002
!
route-policy REDIST_STATIC($TAG)
 if tag eq $TAG then pass endif
end-policy
!
router isis 65001
 add ipv4
  redistribute static route-policy REDIST_STATIC(65002)
!
prefix-set PREFIXES_V4
  192.0.2.2/32,
  192.0.2.3/32
end-set
!
prefix-set PREFIXES_V6
  2001:db8:3::102/128,
  2001:db8:3::103/128
end-set
!
route-policy SET_IF_DST_SET_LP($DST, $LP)
 if destination in $DST then set local-pref $LP endif
 pass
end-policy
!
route-policy SET_MED($MED)
 set med $MED
end-policy
!
router bgp 65001
  add vpnv4 uni
   retain route-target all
  add vpnv6 uni
   retain route-target all
 !
 neighbor 10.3.11.3
  remote-as 65002
  add vpnv4 uni
   route-policy SET_IF_DST_SET_LP(PREFIXES_V4, 200) in
   route-policy SET_MED(100) out
  add vpnv6 uni
   route-policy SET_IF_DST_SET_LP(PREFIXES_V6, 200) in
   route-policy SET_MED(100) out

Explanation

Inter-AS option B introduces scalability at the ASBRs. The ASBRs no longer hold a VRF for every single customer VRF. Instead, the ASBRs exchange VPNv4/v6 routes directly. The NNI link is now MPLS enabled. To accomplish this, we must tweak a few settings:

  • The ASBR must accept all VPN prefixes even though it is not a RR, nor does it have the local VRFs

    • Must disable the RT fitler

  • The ASBR must enable MPLS forwarding for BGP prefixes on the NNI link

  • The ASBR must set next-hop-self on the VPN routes advertised towards the RR, or redistribute the NNI into the IGP

This task asks us to achieve optimal convergence within AS65001. This is accomplished by redistributing the NNI link into the IGP. This allows for slightly faster convergence when the link goes down. The IGP can react faster than BGP withdrawls/updates. This does not manifest itself until you are at large scale (which is why you might be choosing option B in the first place, though). The ASBR would have to withdraw many 1000s of prefixes upon a link down event. Instead, all PEs can detect the single /32 route dissapearing from the IGP and immediately invalidate all associated BGP routes.

On R2 we redistribute the connected prefix pointing to R3. This /32 connected route is automatically created on IOS-XE when an eBGP peer is established for VPNv4/v6 or IPv4/v6/LU.

ip prefix-list R3_NEXTHOP permit 10.2.3.3/32
route-map REDIST_CONN
 match ip addr prefix R3_NEXTHOP
!
router isis 65001
 redistribute connected route-map REDIST_CONN

On XR11 we must create a static /32 route to resolve labels in the LFIB. We redistribute this static route into the IGP using a parameterized RPL.

#XR11
router static add ipv4 uni
 10.3.11.3/32 GigabitEthernet0/0/0/0.3113888 tag 65002
!
route-policy REDIST_STATIC($TAG)
 if tag eq $TAG then pass endif
end-policy
!
router isis 65001
 add ipv4
  redistribute static route-policy REDIST_STATIC(65002)

AS65002 only has one single ASBR, so this optimization is not needed. Instead, R3 just sets nexthop to itself. This simplifies operations, and keeps the IGP from having E2 routes. We will see later that this has an impact on the VPN label allocation.

#R3
router bgp 65002
 add vpnv4 
  neighbor 10.0.0.14 next-hop-self
 add vpnv6
  neighbor 10.0.0.14 next-hop-self

The BGP peerings are fairly simple, so we won’t go over them in detail. Instead we’ll look at XR11’s policies. XR11 sets LP high on received routes from AS65002. XR11 also sets MED high, in order to influence AS65002 to use R2 as the preferred ingress point. R2 is sending a default MED of 0, so R3 should prefer R2 over XR11’s higher MED.

#XR11
prefix-set PREFIXES_V4
  192.0.2.2/32,
  192.0.2.3/32
end-set
!
prefix-set PREFIXES_V6
  2001:db8:3::102/128,
  2001:db8:3::103/128
end-set
!
route-policy SET_IF_DST_SET_LP($DST, $LP)
 if destination in $DST then set local-pref $LP endif
 pass
end-policy
!
route-policy SET_MED($MED)
 set med $MED
end-policy
!
router bgp 65001
 neighbor 10.3.11.3
  add vpnv4 uni
   route-policy SET_IF_DST_SET_LP(PREFIXES_V4, 200) in
   route-policy SET_MED(100) out
  add vpnv6 uni
   route-policy SET_IF_DST_SET_LP(PREFIXES_V6, 200) in
   route-policy SET_MED(100) out

On R2, we see that the bestpath for these L3VPN prefixes is via XR11 due to the higher LP.

On R3, we see that the routes via R2 are best due to the lower MED. (Missing is 0 and is best by default).

The RTs have already been set to match between both ASs. Let’s traceroute from AS65001 to AS65002:

Above, we see that XR11 is the preferred egress point. Also, because XR11 is not setting next-hop-self, there are only two VPN labels - one allocated by R8 and one allocated by R3. Each time a router sets next-hop-self (which happens automatically at eBGP peerings), the router must terminate the LSP and allocate a new VPN label. This is because the router is setting its own IP address as the final nexthop for the route. When XR11 does not set next-hop-self, the final destination is R3, so XR11 can simply act as a transit node.

When we trace from AS65002 to AS65001 we see three VPN labels. This is because R3 is setting next-hop-self, so it must allocate its own local label for every VPN prefix. Also notice that R2 is the preferred ingress point for AS65002.

What characterizes option B is the single MPLS label at the NNI. The ASBRs must enable MPLS forwarding for BGP learned prefixes. This is accomplished on IOS-XE with the automatic mpls bgp forwarding command that is added to the NNI link. This is automatically added to the running configuration when the eBGP peer comes up.

On IOS-XR, this is automatically accomplished when running a VPN or LU address-family with an eBGP peer. There is no command added to the config, but MPLS is enabeld on the link for BGP VPNv4.

A closer look at eBGP VPNv4/v6 operations

Let’s examine the VPN behavior at the ASBRs more closely. Traffic from AS65001 to AS65002 is simpler because there are only two VPN labels.

R8 advertises the VPN route for 192.0.2.2/32 to the RR with service label 8004. Normally, only PEs that import the RT attached to the VPN route will import this route into their own VRF. These PEs would not allocate a label for that prefix, because these PEs are operating as an ingress PE. The PE will never be transit, so it doesn’t need to accept a certain incoming label and swap it to the egress PE’s VPN label.

However, the ASBR in this situation is different. This ASBR will never act as ingress PE for the VPN traffic, only a transit PE. It must allocate a local label so that it can receive labeled traffic inbound and swap it to the original VPN label and transport it to the egress PE. In this case, since R3 is setting nexthop self (by default as its an eBGP peering), R3 must allocate a service label (3005) so that R2 has some label to use to keep the LSP intact.

Summary

While inter-AS option A’s distinguishing characteristic is an unlabeled hop at the NNI, inter-AS option B’s distinguishing characteristic is a VPN label swap at the NNI. We will see in inter-AS option C that the VPN label is carried end-to-end, offering the greatest scalability.

PreviousOption A mVPNNextOption B mVPN

Last updated 2 months ago