VRF, MPLS and MPBGP Fundamentals

VRF, MPLS and MPBGP Fundamentals

An Nguyen, Network Consulting Engineer

• Introduction to Virtualisation

• VRF-Lite

• MPLS – BGP Free Core

• MP-BGP

• Conclusion

• Q&A

Agenda

Introduction

MPLSThe Common Perception

• CE Routers owned by customer

• PE Routers owned by SP

• Customer “peers” to “PE” via IP

• Exchanges routing with SP via routing protocol (or static route)

• Customer relies on SP to advertise routes to reach other customer CEs

Provider

MPLS

VPNSite 2

Site3

Site1

IP Routing Peer

(BGP, Static, IGP)

PE PE

SP Demarcation

CE

CE

CE

Customer

Managed

Customer

Managed

* No Labels Are Exchanged with the SP

SiSi

Enterprise Network VirtualisationKey Building Blocks

Device Partitioning Virtualised Interconnect

“Virtualising” the Routing

and Forwarding of the DeviceExtending and Maintaining the

“Virtualised” Devices/Pools over Any Media

VRFVRF

Global

VRF VRFVRF

Global

VRF—Virtual Routing and ForwardingVLAN—Virtual LAN

Virtualise at Layer 3 forwarding

Associates to one or more Layer 3 interfaces on router/switch

Each VRF has its own

Forwarding table (CEF)

Routing process (RIP, EIGRP, OSPF, BGP)

Interconnect options (VRF-Lite)?

802.1q, GRE, sub-interfaces, physical cables, signalling

Virtualise at Layer 2 forwarding

Associates to one or more L2 interfaces on switch

Has its own MAC forwarding table and spanning-tree instance per VLAN

Interconnect options?

VLANs are extended via a physical cable or virtual 802.1q trunk

Device PartitioningLayer 2 vs. Layer 3 Virtualisation

Path IsolationFunctional Components

• Device virtualisation• Control plane virtualisation

• Data plane virtualisation

• Services virtualisation

• Data path virtualisation• Hop-by-Hop - VRF-Lite End-to-End

• Multi-Hop - VRF-Lite GRE

• MPLS-VPN

• MPLS VPN over IP

• MPLS VPN over DMVPN

• MPLS VPN o GRE/mGRE

VRFVRF

Global

IP/MPLS

802.1q

Per VRF:Virtual Routing TableVirtual Forwarding Table

VRF-Lite

WAN/Campus

VRFVRFVRF

VRFVRFVRF

Defined router supports routing (RIB), forwarding (FIB), and interface per VRF

Leverages “Virtual” encapsulation for separation:

Ethernet/802.1Q, GRE, Frame Relay

The routing protocol is also “VRF aware”

RIP/v2, EIGRP, OSPF, BGP, static (per VRF)

Layer 3 VRF interfaces cannot belong to more than a single VRF

802.1q, GRE, DLCI

Per VRF:Virtual Routing TableVirtual Forwarding Table

What is VRF-Lite?Functional Components

VLAN 10VLAN 20

IGPs

End to End segmentation, per VRF and per interface

Targets a small number of VRFs as requirement

Seen frequently in Access Distribution (vs. end to end)

No MP-BGP or control plane signalling is required and does not use labels

No LDP is required (i.e. MPLS)

Still leverages existing QoS model and supports IP multicast

Full range of platform support within the Cisco portfolio of switches and routers

VLAN 16VLAN 26

VLAN 12VLAN 22

VLAN 13VLAN 23

VLAN 15VLAN 25

VLAN 11VLAN 21

VLAN 14VLAN 24

VRF-Lite End-to-EndTarget Requirements

VRF-LiteSub-interface Example

Per VRF:Virtual Routing TableVirtual Forwarding TableLocally Significant

Sub-interface/VLAN/VRF Mapping

VRF-R

VRF-E

VRF-O

VRF-R

VRF-E

VRF-O

VLAN 12

VLAN 112

VLAN 212

VRF-R

VRF-E

VRF-O

VRF-R

VRF-E

VRF-O

VLAN 34

VLAN 134

VLAN 234

VL

AN

23

VL

AN

12

3

VL

AN

22

3

VL

AN

14

VL

AN

11

4

VL

AN

21

4

R1 R2

R4 R3

G0/1.X

VLAN X

10.1.X.0/24

1.1.1.1 2.2.2.2

3.3.3.34.4.4.4

Lo1

Lo2

Lo3

Lo1

Lo2

Lo3

Lo1

Lo2

Lo3

Lo1

Lo2

Lo3

.1

.1

.2

.2

.3

.3.4

.4

IGPs:VRF-R = RIPVRF-E = EIGRPVRF-O = OSPF

Configuration Note: Devices are IOS Routers

ip vrf VRF-O

rd 3:3

interface GigabitEthernet0/1.212

ip vrf forwarding VRF-O

interface Loopback3


VRF-Lite Sub-interface ConfigurationCommand Line Interface (CLI) Review

ip vrf VRF-R

rd 1:1


ip vrf forwarding VRF-R

interface Loopback1


ip vrf VRF-E

rd 2:2


ip vrf forwarding VRF-E

interface Loopback2


VRF

VRF

VRF

VRF Aware RIP ConfigurationCommand Line Interface (CLI) Review

router rip

version 2

network 1.0.0.0

network 10.0.0.0

no auto-summary

router rip

!

address-family ipv4 vrf VRF-R

network 1.0.0.0

network 10.0.0.0

no auto-summary

version 2

exit-address-family

VRF

Similar to what you already know!

RIP leverages address-family ipv4 vrf ______

VRF Aware EIGRP ConfigurationCommand Line Interface (CLI) Review

router eigrp 10

network 1.1.1.1 0.0.0.0

network 10.1.112.0 0.0.0.255

no auto-summary

router eigrp 10

!

address-family ipv4 vrf VRF-E autonomous-system 10

network 1.1.1.1 0.0.0.0

network 10.1.112.0 0.0.0.255

no auto-summary

exit-address-family

VRF


EIGRP leverages address-family ipv4 vrf ______

Set unique autonomous system number per VRF

VRF Aware OSPF ConfigurationCommand Line Interface (CLI) Review

router ospf 1

log-adjacency-changes

network 1.1.1.1 0.0.0.0 area 1

network 10.1.212.0 0.0.0.255 area 0

router ospf 2 vrf VRF-O

log-adjacency-changes

network 1.1.1.1 0.0.0.0 area 1

network 10.1.212.0 0.0.0.255 area 0

VRF


OSPF leverages vrf ______ after the unique process number

Live Exploration

CML: VRF REO Lab – Topology

CML: VRF REO Lab

R1#show ip interface brief

Interface IP-Address OK? Method Status Protocol

GigabitEthernet0/0 10.255.1.63 YES NVRAM administratively down down

GigabitEthernet0/1 unassigned YES unset up up

GigabitEthernet0/1.12 10.1.12.1 YES NVRAM up up






Loopback1 1.1.1.1 YES NVRAM up up



CML: VRF REO Lab

R1#show ip vrf interface

Interface IP-Address VRF Protocol

Lo2 1.1.1.1 VRF-E up

Gi0/1.112 10.1.112.1 VRF-E up

Gi0/1.114 10.1.114.1 VRF-E up

Lo3 1.1.1.1 VRF-O up

Gi0/1.212 10.1.212.1 VRF-O up

Gi0/1.214 10.1.214.1 VRF-O up

Lo1 1.1.1.1 VRF-R up

Gi0/1.12 10.1.12.1 VRF-R up

Gi0/1.14 10.1.14.1 VRF-R up

CML: VRF REO Lab

R1#show vrf

Name Default RD Protocols Interfaces

VRF-E 2:2 ipv4 Lo2

Gi0/1.112

Gi0/1.114

VRF-O 3:3 ipv4 Lo3

Gi0/1.212

Gi0/1.214

VRF-R 1:1 ipv4 Lo1

Gi0/1.12

Gi0/1.14

CML: VRF REO Labrouter rip

!


network 1.0.0.0

network 10.0.0.0

no auto-summary

version 2

exit-address-family

!

end

R1#

R1#show run vrf VRF-R

Building configuration...

Current configuration : 572 bytes

ip vrf VRF-R

rd 1:1

!

!

interface GigabitEthernet0/1

no ip address

duplex auto

speed auto

media-type rj45

!


encapsulation dot1Q 12


ip address 10.1.12.1 255.255.255.0

!




ip address 10.1.14.1 255.255.255.0

!

interface Loopback1


ip address 1.1.1.1 255.255.255.255

!

CML: VRF REO Lab

R1#show run | section router rip

router rip

passive-interface Loopback1

!


network 1.0.0.0

network 10.0.0.0

no auto-summary

version 2

exit-address-family

R1#

CML: VRF REO LabR1#show ip protocol vrf VRF-R

*** IP Routing is NSF aware ***

Routing Protocol is "rip"

Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not set

Sending updates every 30 seconds, next due in 24 seconds

Invalid after 180 seconds, hold down 180, flushed after 240

Redistributing: rip

Default version control: send version 2, receive version 2

Interface Send Recv Triggered RIP Key-chain

GigabitEthernet0/1.12 2 2

GigabitEthernet0/1.14 2 2

Maximum path: 4

Routing for Networks:

1.0.0.0

10.0.0.0

Passive Interface(s):

Loopback1

Routing Information Sources:

Gateway Distance Last Update

10.1.14.4 120 00:00:22

10.1.12.2 120 00:00:26

Distance: (default is 120)

CML: VRF REO Lab

R1#show ip rip database vrf VRF-R

1.0.0.0/8 auto-summary

1.1.1.1/32 directly connected, Loopback1


2.2.2.2/32

[1] via 10.1.12.2, 00:00:25, GigabitEthernet0/1.12


3.3.3.3/32




4.4.4.4/32



10.1.12.0/24 directly connected, GigabitEthernet0/1.12

10.1.14.0/24 directly connected, GigabitEthernet0/1.14

10.1.23.0/24


10.1.34.0/24


CML: VRF REO LabR1#show ip route vrf VRF-R

Routing Table: VRF-R

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

a - application route

+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets

C 1.1.1.1 is directly connected, Loopback1


R 2.2.2.2 [120/1] via 10.1.12.2, 00:00:24, GigabitEthernet0/1.12



[120/2] via 10.1.12.2, 00:00:24, GigabitEthernet0/1.12



10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks

C 10.1.12.0/24 is directly connected, GigabitEthernet0/1.12

L 10.1.12.1/32 is directly connected, GigabitEthernet0/1.12



R 10.1.23.0/24 [120/1] via 10.1.12.2, 00:00:24, GigabitEthernet0/1.12

R 10.1.34.0/24 [120/1] via 10.1.14.4, 00:00:19, GigabitEthernet0/1.14

CML: VRF REO Labrouter eigrp 10

!

address-family ipv4 vrf VRF-E autonomous-system 10

network 1.1.1.1 0.0.0.0

network 10.1.112.0 0.0.0.255

network 10.1.114.0 0.0.0.255


exit-address-family

!

end

R1#show run vrf VRF-E



ip vrf VRF-E

rd 2:2

!

!


no ip address

duplex auto

speed auto

media-type rj45

!




ip address 10.1.112.1 255.255.255.0

!




ip address 10.1.114.1 255.255.255.0

!

interface Loopback2


ip address 1.1.1.1 255.255.255.255

!

CML: VRF REO Lab

R1#show ip eigrp vrf VRF-E interface

EIGRP-IPv4 Interfaces for AS(10) VRF(VRF-E)

Xmit Queue PeerQ Mean Pacing Time Multicast Pending

Interface Peers Un/Reliable Un/Reliable SRTT Un/Reliable Flow Timer Routes

Gi0/1.112 1 0/0 0/0 55 0/0 256 0

Gi0/1.114 1 0/0 0/0 93 0/0 428 0

R1#show ip eigrp vrf VRF-E neighbors

EIGRP-IPv4 Neighbors for AS(10) VRF(VRF-E)

H Address Interface Hold Uptime SRTT RTO Q Seq

(sec) (ms) Cnt Num

1 10.1.112.2 Gi0/1.112 11 4d05h 55 330 0 46

0 10.1.114.4 Gi0/1.114 10 4d05h 93 558 0 22

CML: VRF REO Lab

R1#show ip eigrp vrf VRF-E topology

EIGRP-IPv4 Topology Table for AS(10)/ID(1.1.1.1) VRF(VRF-E)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,

r - reply Status, s - sia Status

P 10.1.114.0/24, 1 successors, FD is 2816

via Connected, GigabitEthernet0/1.114


via 10.1.114.4 (130816/128256), GigabitEthernet0/1.114


via Connected, GigabitEthernet0/1.112










via Connected, Loopback2

CML: VRF REO LabR1#show ip route vrf VRF-E

Routing Table: VRF-E














D 2.2.2.2 [90/130816] via 10.1.112.2, 4d05h, GigabitEthernet0/1.112










D 10.1.123.0/24 [90/3072] via 10.1.112.2, 4d05h, GigabitEthernet0/1.112

D 10.1.134.0/24 [90/3072] via 10.1.114.4, 4d05h, GigabitEthernet0/1.114

CML: VRF REO Labrouter ospf 2 vrf VRF-O


network 1.1.1.1 0.0.0.0 area 1

network 10.1.212.0 0.0.0.255 area 0

network 10.1.214.0 0.0.0.255 area 0

!

!

end

R1#show run vrf VRF-O



ip vrf VRF-O

rd 3:3

!

!


no ip address

duplex auto

speed auto

media-type rj45

!




ip address 10.1.212.1 255.255.255.0

!




ip address 10.1.214.1 255.255.255.0

!

interface Loopback3


ip address 1.1.1.1 255.255.255.255

!

CML: VRF REO Lab

R1#show ip ospf interface br

Interface PID Area IP Address/Mask Cost State Nbrs F/C

Gi0/1.214 2 0 10.1.214.1/24 1 BDR 1/1

Gi0/1.212 2 0 10.1.212.1/24 1 BDR 1/1

Lo3 2 1 1.1.1.1/32 1 LOOP 0/0

R1#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

4.4.4.4 1 FULL/DR 00:00:34 10.1.214.4 GigabitEthernet0/1.214

2.2.2.2 1 FULL/DR 00:00:33 10.1.212.2 GigabitEthernet0/1.212

CML: VRF REO LabR1#show ip ospf 2 database

OSPF Router with ID (1.1.1.1) (Process ID 2)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count

1.1.1.1 1.1.1.1 66 0x800000CC 0x004979 2

2.2.2.2 2.2.2.2 1705 0x800000C9 0x00E3B5 2

3.3.3.3 3.3.3.3 753 0x800000CB 0x007DE2 2

4.4.4.4 4.4.4.4 1312 0x800000CC 0x001F57 2

Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum

10.1.212.2 2.2.2.2 1705 0x800000C8 0x0082F9

10.1.214.4 4.4.4.4 1312 0x800000CA 0x005C0A

10.1.234.4 4.4.4.4 1312 0x800000C8 0x00E764

Summary Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum

1.1.1.1 1.1.1.1 66 0x800000C7 0x00B9B3

2.2.2.2 2.2.2.2 1460 0x800000C7 0x006DF7

--More--

CML: VRF REO LabR1#show ip route vrf VRF-O

Routing Table: VRF-O














O IA 2.2.2.2 [110/2] via 10.1.212.2, 4d10h, GigabitEthernet0/1.212










O 10.1.223.0/24 [110/2] via 10.1.212.2, 4d10h, GigabitEthernet0/1.212

O 10.1.234.0/24 [110/2] via 10.1.214.4, 4d05h, GigabitEthernet0/1.214

CML: VRF REO Lab

R1#ping vrf VRF-R 2.2.2.2 source 1.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:

Packet sent with a source address of 1.1.1.1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 9/21/29 ms

R1#ping vrf VRF-E 2.2.2.2 source 1.1.1.1




!!!!!


R1#ping vrf VRF-O 2.2.2.2 source 1.1.1.1




!!!!!


CML: VRF REO Lab



Lo2 2.2.2.2 VRF-E up

Gi0/1.112 10.1.112.2 VRF-E up

Gi0/1.123 10.1.123.2 VRF-E up

Lo3 2.2.2.2 VRF-O up

Gi0/1.212 10.1.212.2 VRF-O up

Gi0/1.223 10.1.223.2 VRF-O up

Lo1 2.2.2.2 VRF-R up

Gi0/1.12 10.1.12.2 VRF-R up

Gi0/1.23 10.1.23.2 VRF-R up

R2#config t

Enter configuration commands, one per line. End with CNTL/Z.

R2(config)#int lo2

R2(config-if)#shu

R2(config-if)#

CML: VRF REO Lab

R1#ping vrf VRF-R 2.2.2.2 source 1.1.1.1




!!!!!


R1#ping vrf VRF-E 2.2.2.2 source 1.1.1.1




.....

Success rate is 0 percent (0/5)

R1#ping vrf VRF-O 2.2.2.2 source 1.1.1.1




!!!!!


No Sub-interface Support/No ProblemGRE Example

Tunnel/VRF Mapping

VRF-R

VRF-E

VRF-O

VRF-R

VRF-E

VRF-O

Tunnel 12

Tunnel 112

Tunnel 212

VRF-R

VRF-E

VRF-O

VRF-R

VRF-E

VRF-O

Tunnel 34

Tunnel 134

Tunnel 234

Tu

nn

el 2

3

Tu

nn

el 1

23

Tu

nn

el 2

23

Tu

nn

el 1

4

Tu

nn

el 1

14

Tu

nn

el 2

14

R1 R2

R4 R3

Tunnel X

10.1.X.0/24

1.1.1.1

3.3.3.34.4.4.4

Lo11

Lo12

Lo13

Lo11

Lo12

Lo13

Lo1

Lo13

Lo11

Lo12

Lo13

.1

.1

.2

.2

.3

.3.4

.4

VRF Lite can also leverage GRE tunnels

as a segmentation technology

Each VRF uses a unique GRE tunnel

GRE tunnel interface is “VRF aware”

Configuration Note: Each GRE Tunnel Could Require Unique Source/Destination IP (Platform Dependent)

VRF-Lite Tunnel ConfigurationCommand Line Interface (CLI) Review

ip vrf VRF-S

rd 4:4

interface Loopback0

ip address 192.168.1.1 255.255.255.255 (Global Routing Table)

interface Tunnel12

ip vrf forwarding VRF-S

ip address 10.1.12.1 255.255.255.0

tunnel source Loopback0

tunnel destination 192.168.2.2

ip vrf VRF-S

rd 4:4

interface Loopback0

ip address192.168.2.2 255.255.255.255 (Global Routing Table)

interface Tunnel12


ip address 10.1.12.2 255.255.255.0




VRF

ip route vrf VRF-S 2.2.2.2 255.255.255.255 10.1.12.2

ip route vrf VRF-S 1.1.1.1 255.255.255.255 10.1.12.1

Layer 2 Serial Link/No ProblemBack-to-Back Frame Relay Example

FR VC/VRF Mapping

VRF-R

VRF-E

VRF-O

VRF-R

VRF-E

VRF-O

Serial1/0.12

Serial1/0.112

Serial1/0.212

VRF-R

VRF-E

VRF-O

VRF-R

VRF-E

VRF-O

Serial1/0.34

Serial1/0.134

Serial1/0.234

Se

ria

l1/1

.23

Se

ria

l1/1

.12

3

Se

ria

l1/1

.22

3

Se

ria

l1/1

.14

Se

ria

l1/1

.11

4

Se

ria

l1/1

.21

4

R1 R2

R4 R3

Serial1/0.X

Serial1/1.X

10.1.X.0/24

1.1.1.1

3.3.3.34.4.4.4

Lo111

Lo112

Lo113

Lo111

Lo112

Lo113

Lo1

Lo3

Lo111

Lo112

Lo113

.1

.1

.2

.2

.3

.3.4

.4

VRF Lite can also leverage Frame Relay

Sub-interfaces as a segmentation

technology

Each VRF uses a unique Frame-Relay

sub-interface and DLCI

Frame Relay sub-interface is “VRF aware”

Configuration Note: Leveraging Back-to-Back Frame-Relay Configuration

ip vrf VRF-B

rd 5:5

interface Serial1/0

encapsulation frame-relay

no keepalive

Interface Serial1/0.12 point-to-point

ip vrf forwarding VRF-B

ip address 10.1.12.2 255.255.255.0

frame-relay interface-dlci 201

VRF-Lite Back-to-Back Frame Relay ConfigurationCommand Line Interface (CLI) Review

ip vrf VRF-B

rd 5:5

interface Serial1/0

encapsulation frame-relay

no keepalive

Interface Serial1/0.12 point-to-point


ip address 10.1.12.1 255.255.255.0

frame-relay interface-dlci 201


VRF

router bgp 1

address-family ipv4 vrf VRF-B

neighbor 10.1.12.2 remote-as 1

neighbor 10.1.12.2 activate

no synchronization

network 1.1.1.1 mask 255.255.255.255

exit-address-family

router bgp 1




no synchronization

network 2.2.2.2 mask 255.255.255.255

exit-address-family

Live Exploration

CML: VRF SB Lab – Topology


R1#show ip interface brief

Interface IP-Address OK? Method Status Protocol

GigabitEthernet0/0 10.255.1.68 YES NVRAM administratively down down

GigabitEthernet0/1 192.168.12.1 YES NVRAM up up

GigabitEthernet0/2 192.168.14.1 YES NVRAM up up



Tunnel12 10.1.12.1 YES NVRAM up up



Lo4 1.1.1.1 VRF-S up

Tu12 10.1.12.1 VRF-S up


R1#show run vrf VRF-S



ip vrf VRF-S

rd 4:4

!

!

interface Loopback4


ip address 1.1.1.1 255.255.255.255

!

interface Tunnel12


ip address 10.1.12.1 255.255.255.0



!

ip route vrf VRF-S 2.2.2.2 255.255.255.255 10.1.12.2

end


R1#show ip route vrf VRF-S

Routing Table: VRF-S














S 2.2.2.2 [1/0] via 10.1.12.2


C 10.1.12.0/24 is directly connected, Tunnel12

L 10.1.12.1/32 is directly connected, Tunnel12


R1#ping vrf VRF-S 2.2.2.2 source 1.1.1.1




!!!!!


CML: VRF SB Lab – TopologyR4#show run vrf VRF-B



ip vrf VRF-B

rd 5:5

!

!

interface Loopback5


ip address 4.4.4.4 255.255.255.255

!

interface Tunnel34


ip address 10.1.34.4 255.255.255.0



!

router bgp 34

!


network 4.4.4.4 mask 255.255.255.255



exit-address-family

!

end


R4# show bgp vpnv4 unicast vrf VRF-B summary

BGP router identifier 192.168.4.4, local AS number 34

BGP table version is 3, main routing table version 3

2 network entries using 312 bytes of memory

2 path entries using 160 bytes of memory

2/2 BGP path/bestpath attribute entries using 320 bytes of memory

0 BGP route-map cache entries using 0 bytes of memory

0 BGP filter-list cache entries using 0 bytes of memory

BGP using 792 total bytes of memory

BGP activity 2/0 prefixes, 2/0 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

10.1.34.3 4 34 6772 6767 3 0 0 4d06h 1


R4# show bgp vpnv4 unicast vrf VRF-B

BGP table version is 3, local router ID is 192.168.4.4

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 5:5 (default for vrf VRF-B)

*>i 3.3.3.3/32 10.1.34.3 0 100 0 i

*> 4.4.4.4/32 0.0.0.0 0 32768 i


R4#show ip route vrf VRF-B

Routing Table: VRF-B












B 3.3.3.3 [200/0] via 10.1.34.3, 4d06h




C 10.1.34.0/24 is directly connected, Tunnel34

L 10.1.34.4/32 is directly connected, Tunnel34


R4#traceroute vrf VRF-B 3.3.3.3 source 4.4.4.4


Tracing the route to 3.3.3.3

VRF info: (vrf in name/id, vrf out name/id)

1 10.1.34.3 59 msec * 58 msec

VRF-Lite Summary

• Leverages VRF in router (RIB/FIB, interface) and

interface for segmentation

• No MPLS, LDP, or BGP required

• Optimal solution when VRF count is small (~ <8)

• Scale usually dependent on routing protocol

• Supports multicast and QoS solutions

• If you understand routing protocols then you

already understand PE-CE VRF Routing

MPLS – BGP Free Core

BGPNo BGP in Core

1. Always route towards BGP Next-Hop

2. Routes will be valid on PE Routers

3. Routing will break when reaches the P Routers as they are not participating in BGP

10.1.1.0/24

Next-Hop=CE1

iBGP Relationship

10.1.1.0/24

PE1 PE2P

P P

P

CE2CE1

OSPF Area 0

Site 1 Site 2

10.2.1.0/24

10.2.1.0/24

Next-Hop=CE2

Redistribute Static

Into BGP

Redistribute Static

Into BGP

Could run BGP all the way through or redistribute routes into OSPF, but why!

R1 R2

R3 R4

R6

R8

R5

R7

0.0.0.0 0.0.0.0

Next-Hop=PE20.0.0.0 0.0.0.0

Next-Hop=PE1

IP Routing

• Exchange of IP routes for Loopback Reachability

• OSPF, IS-IS, EIGRP, etc.

• iBGP neighbour peering over IGP transport

• Route towards BGP Next-Hop

IGP vs. BGP

10.2

F0/0

In

Label

Address

Prefix

…

Out

I’face

10.2 F0/0

… …

…

Out

Label

In

Label

Address

Prefix

…

Out

I’face

10.2 NA

… …

…

Out

Label

In

Label

Address

Prefix

10.2

…

Out

I’face

F0/0

…

Out

Label

F0/0

You Can Reach 2.2 Through Me

Routing Updates

(OSPF)

You Can Reach 10.2 Thru Me

By routing towards 2.2.2.2

Forwarding Table Forwarding Table Forwarding Table

F0/0


Routing Updates

(BGP)

What Is MPLS?

Multi Multi-Protocol: The ability to carry any payload

Have: IPv4, IPv6, Ethernet, ATM, FR

Protocol

Label Uses Labels to tell a node what to do with a

packet; separates forwarding (hop by hop

behaviour) from routing (control plane)

Switching Routing == IPv4 or IPv6 lookup.

Everything else is Switching.

MPLS Path (LSP) Setup with LDP

• Local label mapping are sent to connected nodes

• Receiving nodes update forwarding table

• Out label

• LDP label advertisement happens in parallel (downstream unsolicited)

Assignment of Remote Labels

1

10.2

F0/0F0/0

Use Label 30 for 2.2

Use Label 20 for 2.2

Label Distribution

Protocol (LDP)(Downstream

Allocation)

In

Label

Address

Prefix

2.2

…

…

Out

I’face

F0/0

…

…

Out

Label

In

Label

Address

Prefix

2.2

…

…

Out

I’face

F0/0

…

…

Out

Label

In

Label

Address

Prefix

2.2

10.2

…

Out

I’face

-

F0/0

…

Out

Label

20

…

-

-

…

30

…

20

…

…

-

-

…

30

…


F0/0

……





MPLS Traffic Forwarding with LDP

• Ingress PE node adds label to packet (push)

• Via forwarding table

• Downstream node use label for forwarding decision (swap)

• Outgoing interface

• Out label

• Egress PE removes label and forwards original packet (pop)

Hop-by-hop Traffic Forwarding Using Labels

F0/0

10.2.1.1 Data 2.2.2.2 Data20

2.2.2.2 Data30

Forwarding based on Label towards BGP

Next-Hop (Loopback of far end router)

10.2.1.1 Data

10.2F0/0

In

Label

Address

Prefix

2.2

…

…

Out

I’face

F0/0

…

…

Out

Label

In

Label

Address

Prefix

2.2

…

…

Out

I’face

F0/0

…

…

Out

Label

In

Label

Address

Prefix

2.2

10.2

…

Out

I’face

-

F0/0

…

Out

Label

20

…

…

-

-

…

30

…

…

20

-

…

-

-

…

30

…


F0/0

BGPMPLS in Core

1. Always route towards BGP Next-Hop

2. Routes will be valid on PE Routers

3. Will label switch towards BGP Next-Hop with MPLS enabled

10.1.1.0/24

Next-Hop=CE1

iBGP Relationship

10.1.1.0/24

PE1 PE2P

P P

PCE2CE1

OSPF Area 0

Site 1 Site 2

10.2.1.0/24

10.2.1.0/24

Next-Hop=CE2

0.0.0.0 0.0.0.0

Next-Hop=PE20.0.0.0 0.0.0.0

Next-Hop=PE1

End-to-End BGP and redistribution of routes into OSPF not necessary!

R1 R2

R3 R4

R6

R8

R5

R7

Live Exploration

CML: MPLS/MPBGP Lab – Topology

CML: MPLS/MPBGP Lab

P-R1#show ip bgp

% BGP not active

P-R1#show vrf

P-R1#show run | include mpls

mpls label protocol ldp

mpls ip

mpls ip

mpls ip

mpls ldp router-id Loopback0

CML: MPLS/MPBGP Lab

P-R1#show mpls interface

Interface IP Tunnel BGP Static Operational

GigabitEthernet0/1 Yes (ldp) No No No Yes



P-R1#show mpls ldp discovery

Local LDP Identifier:

1.1.1.1:0

Discovery Sources:

Interfaces:

GigabitEthernet0/1 (ldp): xmit/recv

LDP Id: 2.2.2.2:0


LDP Id: 4.4.4.4:0


LDP Id: 5.5.5.5:0

CML: MPLS/MPBGP LabP-R1# show ip route ospf












O 2.2.2.2 [110/2] via 192.168.12.2, 2d12h, GigabitEthernet0/1









O 192.168.23.0/24 [110/2] via 192.168.12.2, 2d12h, GigabitEthernet0/1




O 192.168.45.0/24 [110/11] via 192.168.15.5, 00:03:11, GigabitEthernet0/3

[110/11] via 192.168.14.4, 00:03:11, GigabitEthernet0/2

CML: MPLS/MPBGP LabP-R1#show mpls ldp neighbor

Peer LDP Ident: 4.4.4.4:0; Local LDP Ident 1.1.1.1:0

TCP connection: 4.4.4.4.37956 - 1.1.1.1.646

State: Oper; Msgs sent/rcvd: 9632/9662; Downstream

Up time: 5d20h

LDP discovery sources:

GigabitEthernet0/2, Src IP addr: 192.168.14.4

Addresses bound to peer LDP Ident:

192.168.34.4 192.168.14.4 4.4.4.4 192.168.45.4


TCP connection: 2.2.2.2.58733 - 1.1.1.1.646


Up time: 5d20h




192.168.12.2 2.2.2.2 192.168.23.2 192.168.26.2


TCP connection: 5.5.5.5.11708 - 1.1.1.1.646


Up time: 5d17h




192.168.15.5 5.5.5.5 192.168.45.5

CML: MPLS/MPBGP LabP-R1#show mpls ldp bindings

lib entry: 1.1.1.1/32, rev 8

local binding: label: imp-null

remote binding: lsr: 4.4.4.4:0, label: 18



lib entry: 2.2.2.2/32, rev 28

local binding: label: 25


remote binding: lsr: 2.2.2.2:0, label: imp-null


lib entry: 3.3.3.3/32, rev 14





lib entry: 4.4.4.4/32, rev 12


remote binding: lsr: 4.4.4.4:0, label: imp-null



--More--

CML: MPLS/MPBGP Lab

P-R1#show mpls forwarding-table

Local Outgoing Prefix Bytes Label Outgoing Next Hop

Label Label or Tunnel Id Switched interface

16 50 6.6.6.6/32 0 Gi0/1 192.168.12.2

17 Pop Label 4.4.4.4/32 835004 Gi0/2 192.168.14.4

18 53 3.3.3.3/32 0 Gi0/1 192.168.12.2

19 Pop Label 192.168.45.0/24 0 Gi0/2 192.168.14.4

Pop Label 192.168.45.0/24 0 Gi0/3 192.168.15.5

20 Pop Label 192.168.26.0/24 0 Gi0/1 192.168.12.2

21 Pop Label 192.168.23.0/24 0 Gi0/1 192.168.12.2

22 58 192.168.36.0/24 0 Gi0/1 192.168.12.2

23 Pop Label 192.168.34.0/24 0 Gi0/2 192.168.14.4

24 Pop Label 5.5.5.5/32 798232 Gi0/3 192.168.15.5

25 Pop Label 2.2.2.2/32 0 Gi0/1 192.168.12.2

MP-BGP

MPLS VPN Technology—RefresherMPLS VPN Connection Model

PE Routers

• MPLS Edge routers

• MPLS forwarding to P routers

• IGP/BGP – IP to CE routers

• Distributes VPN information through MP-BGP to other PE routers with VPN-IPv4 addresses, extended community, VPN labels

P Routers

• P routers are in the core of the MPLS cloud

• P routers do not need to run BGP

• Do not have knowledge of VPNs

• Switches packets based on labels (push/pop) not IP

PE

VPN Backbone IGP

MP-iBGP – VPNv4 Label Exchange

PEP P

P P

VRF Blue

VRF Green

EIGRP, OSPF, IS-IS, RIPv2, BGP, Static

CE

CE

VPN 1

VPN 2

CE Routers

VRF Associates to one or more interfaces on PE

Has its own routing table and forwarding table (CEF)

VRF has its own instance for the routing protocol

(static, RIP, BGP, EIGRP, OSPF)

Global Address Space

Multi Protocol BGP (MPBGP)Bringing It All Together

1. PE1 receives an IPv4 update on a VRF interface (eBGP/OSPF/ISIS/RIP/EIGRP)

2. PE1 translates it into VPNv4 address

– Assigns an RT per VRF configuration

– Rewrites next-hop attribute to itself

– Assigns a label based on VRF and/or interface

3. PE1 sends MP-iBGP update to other PE routers

10.1.1.0/24

Next-Hop=CE1

iBGP Relationship

10.1.1.0/24

PE1 PE2P

P P

P

CE2CE1

OSPF Area 0

Site 1 Site 2

10.2.1.0/24

10.2.1.0/24

Next-Hop=CE2

VRF InstanceVRF Instance

R1 R2

R3 R4

R6

R8

R5

R7

! PE router

router bgp 65102

no bgp default ipv4-unicast


!

address-family vpnv4


neighbor 2.2.2.2 send-community extended

exit-address-family

!

address-family ipv4 vrf VRF-1

redistribute rip

exit-address-family

PE

VPN Backbone IGP

MP-iBGP – VPNv4

Label Exchange

PEP P

P P

MPLS VPNCommand Line Interface (CLI) Review

VRF VRF-1

VRF VRF-2

EIGRP, OSPF, IS-IS, RIPv2, BGP, Static

CE

CE

Customer 1

Customer 2

MP-iBGP Configuration (PE)

VRF VRF-1

VRF VRF-2

CE

CE

! PE Router – Multiple VRFs

ip vrf VRF-1

rd 65100:10

route-target import 65102:10

route-target export 65102:10

ip vrf VRF-2

rd 65100:20



!

Interface FastEthernet0/1.10

ip vrf forwarding VRF-1

Interface FastEthernet0/1.20

ip vrf forwarding VRF-2

VRF Configuration (PE)

Live Exploration

CML: MPLS/MPBGP LabPE-R5#show run vrf VRF-R



ip vrf VRF-R

rd 56:10



!

!



ip address 10.1.57.5 255.255.255.0

duplex auto

speed auto

media-type rj45

!

router rip

!


redistribute bgp 56 metric 5

network 10.0.0.0

no auto-summary

version 2

exit-address-family

!

router bgp 56

!


redistribute rip

exit-address-family

!

end

CML: MPLS/MPBGP LabPE-R5#show run | section router bgp

router bgp 56

bgp router-id 5.5.5.5

bgp log-neighbor-changes

no bgp default ipv4-unicast


neighbor 6.6.6.6 update-source Loopback0

!

address-family ipv4

exit-address-family

!

address-family vpnv4


neighbor 6.6.6.6 send-community extended

exit-address-family

!


redistribute rip

exit-address-family

!

address-family ipv4 vrf VRF-S

redistribute static

exit-address-family

CML: MPLS/MPBGP Lab

PE-R5#show bgp vpnv4 unicast all summary

BGP router identifier 5.5.5.5, local AS number 56

BGP table version is 16, main routing table version 16

6 network entries using 936 bytes of memory

6 path entries using 480 bytes of memory

6/6 BGP path/bestpath attribute entries using 960 bytes of memory

2 BGP extended community entries using 48 bytes of memory

0 BGP route-map cache entries using 0 bytes of memory

0 BGP filter-list cache entries using 0 bytes of memory

BGP using 2424 total bytes of memory

BGP activity 6/0 prefixes, 6/0 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

6.6.6.6 4 56 6374 6276 16 0 0 3d23h 3

CML: MPLS/MPBGP Lab

PE-R5#show bgp vpnv4 unicast vrf VRF-R

BGP table version is 10, local router ID is 5.5.5.5

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 56:10 (default for vrf VRF-R)

*> 10.1.1.0/24 10.1.57.7 1 32768 ?

*> 10.1.57.0/24 0.0.0.0 0 32768 ?

*>i 10.1.69.0/24 6.6.6.6 0 100 0 ?

*>i 10.2.1.0/24 6.6.6.6 1 100 0 ?

PE-R5#

CML: MPLS/MPBGP Lab

PE-R5#show ip route vrf VRF-R

Routing Table: VRF-R












R 10.1.1.0/24 [120/1] via 10.1.57.7, 00:00:10, GigabitEthernet0/3

C 10.1.57.0/24 is directly connected, GigabitEthernet0/3

L 10.1.57.5/32 is directly connected, GigabitEthernet0/3

B 10.1.69.0/24 [200/0] via 6.6.6.6, 2d11h

B 10.2.1.0/24 [200/1] via 6.6.6.6, 2d11h

CML: MPLS/MPBGP Lab

PE-R5# show ip rip database vrf VRF-R


10.1.1.0/24

[1] via 10.1.57.7, 00:00:22, GigabitEthernet0/3

10.1.57.0/24 directly connected, GigabitEthernet0/3

10.1.69.0/24 redistributed

[5] via 6.6.6.6,

10.2.1.0/24 redistributed

[5] via 6.6.6.6,

CML: MPLS/MPBGP Lab

CE-R7#show ip route












C 10.1.1.0/24 is directly connected, Loopback0

L 10.1.1.1/32 is directly connected, Loopback0

C 10.1.57.0/24 is directly connected, GigabitEthernet0/1

L 10.1.57.7/32 is directly connected, GigabitEthernet0/1



CML: MPLS/MPBGP LabCE-R7#ping 10.2.1.1 source 10.1.1.1




!!!!!


CE-R7#traceroute 10.2.1.1 source 10.1.1.1


Tracing the route to 10.2.1.1

VRF info: (vrf in name/id, vrf out name/id)

1 10.1.57.5 111 msec 36 msec 21 msec

2 192.168.15.1 [MPLS: Labels 16/28 Exp 0] 74 msec 88 msec 101 msec

3 192.168.12.2 [MPLS: Labels 50/28 Exp 0] 130 msec 80 msec 57 msec

4 10.1.69.6 [MPLS: Label 28 Exp 0] 110 msec 105 msec 112 msec

5 10.1.69.9 55 msec * 68 msec

CML: MPLS/MPBGP LabPE-R5#show bgp vpnv4 unicast vrf VRF-R labels

Network Next Hop In label/Out label

Route Distinguisher: 56:10 (VRF-R)

10.1.1.0/24 10.1.57.7 91/nolabel

10.1.57.0/24 0.0.0.0 92/nolabel(VRF-R)

10.1.69.0/24 6.6.6.6 nolabel/27

10.2.1.0/24 6.6.6.6 nolabel/28

PE-R5#show mpls forwarding-table



80 16 6.6.6.6/32 0 Gi0/1 192.168.15.1

81 17 4.4.4.4/32 0 Gi0/1 192.168.15.1

82 18 3.3.3.3/32 0 Gi0/1 192.168.15.1

83 25 2.2.2.2/32 0 Gi0/1 192.168.15.1

84 Pop Label 1.1.1.1/32 0 Gi0/1 192.168.15.1

85 23 192.168.34.0/24 0 Gi0/1 192.168.15.1

86 22 192.168.36.0/24 0 Gi0/1 192.168.15.1

87 20 192.168.26.0/24 0 Gi0/1 192.168.15.1

88 21 192.168.23.0/24 0 Gi0/1 192.168.15.1

89 Pop Label 192.168.12.0/24 0 Gi0/1 192.168.15.1

90 Pop Label 192.168.14.0/24 0 Gi0/1 192.168.15.1

91 No Label 10.1.1.0/24[V] 0 Gi0/3 10.1.57.7

92 No Label 10.1.57.0/24[V] 0 aggregate/VRF-R

93 No Label 10.1.1.0/24[V] 0 Gi0/4 10.1.58.8

28 Data16

CML: MPLS/MPBGP Lab

P-R1#show mpls forwarding-table labels 16



16 50 6.6.6.6/32 4287217 Gi0/1 192.168.12.2

P-R2#show mpls forwarding-table labels 50



50 Pop Label 6.6.6.6/32 4474638 Gi0/3 192.168.26.6

PE-R6#show mpls forwarding-table labels 28



28 No Label 10.2.1.0/24[V] 11544 Gi0/3 10.1.69.9

Closing Tips

• Separate the building blocks of “MPLS” to foster an improved understanding

• Don’t over complicate things

• PE-CE VRF based routing is not much different than regular routing

• MPLS LDP Configuration is pretty simple

• MPBGP and traditional IPv4 BGP configuration is nearly the same

• If routes are not present on CE routers check route-target import/export and redistribution between IPv4 VRF address-families under IGP and BGP

• If routes are present but you are having problems with reachability, check MPLS configuration

• Remember that on PE devices you are living in a VRF world

Personal Insights

Complete Your Online Session Evaluation

Learn online with Cisco Live!

Visit us online after the conference

for full access to session videos and

presentations.

www.CiscoLiveAPAC.com

Give us your feedback and receive a

Cisco 2016 T-Shirt by completing the

Overall Event Survey and 5 Session

Evaluations.– Directly from your mobile device on the Cisco Live

Mobile App

– By visiting the Cisco Live Mobile Site http://showcase.genie-connect.com/ciscolivemelbourne2016/

– Visit any Cisco Live Internet Station located

throughout the venue

T-Shirts can be collected Friday 11 March

at Registration

http://www.ciscoliveapac.com/

http://showcase.genie-connect.com/ciscolivemelbourne2016/

Thank you

VRF, MPLS and MPBGP Fundamentals

Technology

Transcript of VRF, MPLS and MPBGP Fundamentals