Inter-AS L3VPN with Option B and Inter-AS TE

leedavies · ‎03-21-2013

Hi

I'm labbing a scenario where 2 SP networks are joined using Option B and a remote VPN site is connected to each. I have connectivity between sites across the ASBR's working OK. I now want to add in an Inter-AS TE tunnel between the egress PE's and route the VPN traffic over the TE LSP. The TE tunnel is in place but I cannot see how to force VPN traffic down the tunnel as the BGP next-hop for the prefixes is our own ASBR and not the PE in the other SP. Is there a way round this using Option B?

I can see how it can be done using Option C

Regards

Sent from Cisco Technical Support Android App

Andre Gustavo Albuquerque · ‎03-22-2013

I don't see differences between doing it with option B or C.

In both cases, head end and tail end are located in different domains, which don't share IGP information.

I recommend you to familiarize with available implementation options watching the session BRKMPL-2105 (Inter-AS MPLS Solutions) at www.ciscolive365.com (free registration - at least it was last time I've checked).

Once you understand the options, check what is available in the hardware and software being used in your lab.

HTH, Gustavo

leedavies · ‎03-22-2013

HI Gustavo

The Inter-AS VPN with Option B is working. I have an Inter-AS TE tunnel between the PE's and I can route L2VPN traffic through the TE tunnel. But I want to route the VPN traffic through the TE tunnel as well.

I cannot see a way of forcing VPN traffic through the TE tunnel because the BGP next-hop is never the remote PE's loopback. It's either my own ASBR's loopback (when using next-hop-self on the ASBR) or the neighbor ASBR's interface (when using redistribute connected) so the recursive lookup never selects the TE tunnel as the outgoing interface

Option C works because the BGP next-hop is the egress PE's loopback which I can statically route into a TE tunnel.

Regards

Lee

Andre Gustavo Albuquerque · ‎03-22-2013

Ok, so you figured out a way of establishing a TE tunnel between the PEs in both ASes. My understanding was that this was a problem for you.

Now, regarding Inter-AS option B, I don't see a simple option to redirect traffic towards the tunnel. You may try source routing with PBR, but I am not sure it works and I am sure it is not scalable.

Is there a real application for all this effort or is it a pure academic exercise?

Regards

amit.bhagat · ‎08-13-2013

Hi Lee,

Even I tried this with Option-B but it wont work with usual procedures. The reason being the VPN label advertised by remote PE. The Inter-AS MPLS-TE tunnel is end-to-end. While the VPN label value changes at every ASBR. When you force the traffic over the MPLS-TE tunnel, the VPN label is never exposed until the traffic reaches the remote PE, and since the VPN label values wont match, the remote PE will drop it.

There must be other means to do this - may be some extra configurations/tweaking.

Edited: I should add that when PEs exchange VPNv4 prefixes directly (rather than through ASBRs like in Option-B), you can force the traffic between them statically, and this works. I have tested it.

Regards,

Amit.

leedavies · ‎03-22-2013

Both. I'm studying Inter-AS MPLS for SP lab attempt but also have possible requirement to peer with another SP.

I've tried changing the next-hop in an import-map but that didn't work. I'll give PBR a try. It looks like there's no simple, scalable solution to this problem.

Thanks for your replies

Sent from Cisco Technical Support Android App

Andre Gustavo Albuquerque · ‎03-22-2013

For CCIE SP, it is not on blueprint for the lab exam.

It contains Inter-AS for MPLS L3VPN, not for MPLS-TE.

I don't think Inter-AS MPLS TE is supported with the combination of hardware and software of the exam.

The blueprint and hardware and software used are documented on the Cisco Learning Network.

Cheers

Message was edited by: Andre Albuquerque

galimijgalimi · ‎08-06-2013

I am having the exact same issue with routing L3VPN traffic through the Inter-AS TE tunnel with option B. Is this possible?

Marwan ALshawi · ‎08-13-2013

can you try to usedestination IP in the hean end that point to the tail-end IP

and use static route that for this IP point to the TE tunnel

e.g.

tunnelx

tunnel destination 2.2.2.2

ip route 2.2.2.2 255.255.255.255 tunnel x

then you may staticaly route traffic to TE tunnel for Layer 3 VPN traffic or autoroute once the next hope is chnaged to 2.2.2.2

To change the next hope of L3VPN MP-iBGP using route-map by making it using the tailend IP (2.2.2.2 ) under the relevant bgp address-family/VPNv4 at the ASBR/RR toward the desired PE ( head end )

e.g

ASBR/RR

bgp xx

address-family vpnv4

neighbor [head-end/PE IP] route-map map1 out

 
route-map map1 permit

set ip next-hope 2.2.2.2

in the path option you should have both your AS ASBR and the remote AS ASBR IPs

in the ASBR of both ends in te phsycial interface facing the other AS:

int x/x

mpls traffic-eng passive-interface nbr-te-id [next-hop ASBR IP ] nbr-igp-id ospf [next-hop ASBR IP]

and let us know if this help !

Message was edited by: Marwan

Mohammed Imran Khan · ‎08-13-2013

Hi,

I was just trying to undertsand how this will work:

tunnelx

tunnel destination 2.2.2.2

ip route 2.2.2.2 255.255.255.255 tunnel x

You are trying to use the same IP as destination and then using the same IP for routing over the tunnel. In my opinion, this will cause recursive failure and the tunnel will flap. I havent really tested this but thinking with a generic tunnel config point of view!!

Marwan ALshawi · ‎08-13-2013

I agree with your point

however I THINK this is not like normal tunnel because this tunnel has path option where it will use to reach its destination

that has the 2 ASBRS in the path and those ASBRS should calculate and find the path !! but you can try it and update us as this is in theory only

by the way this idea from ciscolive slide of using the tunnel destination with static route !