Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
698
Views
10
Helpful
4
Replies

Mpls Vpn sharing sites VRF

BBOOMMAA123
Level 1
Level 1

‎03-09-2014 08:10 AM

report | edit
9 Mar 2014 at 2:16 p.m. UTC

Hi everyone, I read about MPLS VPN here on this website but I think there is something incomplete or that doesn't fit with CISCO guidelines.
First :
http://i.stack.imgur.com/l0k2A.jpg

Here in the PE2 configuration at

ip vrf site 3

shouldn't be an import/export 100:4 ? and also at

ip vrf site4

shouldn't be 100:3? Am I correct ?? or CISCO is correct ?

Second:
Since I would like to be clear between Istance of a VRF and VRF :
Route Distinguisher is used to identify a specific combination of VPNs !
Example :
if I have a site with a single CE and 7 prefixes.4 of them are only in the VPN A and 2 of them are both in the VPN A and B, and the last prefix is part of VPN C.
Then on My PE (connected to this CE) I will have 3 VRF ISTANCES each one with a different RD because of the combination of the VPNs !!

VPN A-----> RD 100:1
VPN A+B----->RD 100:2
VPN C------> RD 100:3

This should be coherent with the CISCO IMAGE since "site 2" is both in VPN A and VPN B so it has a RD 100:2 and the same is true for site3 which has a different RD beacuse of VPN B+VPN C.

Now, here : http://packetlife.net/blog/2011/may/16/creating-mpls-vpn/
on PE1 and PE2 have been created 2 different ISTANCES called with the same name Customer_A with the SAME Route Distinguisher because they have to be part of the same combination of VPNs (in this case they are both part of VPN A).

So It is uncorrect there where it states :"We'll use a route distinguisher for each VRF" right ??? because in truth there are 4 Istances of VRFs 2 of them share the same group of VPNs (only VPN A in this case) and the other 2 share ( VPN B), so It should say "We'll use a route distinguisher for each combination of VPNs !!"

Thank you for your help !!

Labels:
0 Helpful
4 Replies 4

Julio Carvajal
VIP Alumni
VIP Alumni

‎03-09-2014 11:57 AM

Hello,

 

Okey, will try to help as much as possible on this interesting topic.

 

Starting from the basics it's importan to undestand that the router-distinguisher (RD) it's just a logical identifier for all of the routes withing a VRF. This means that whenever you pass Routes to the P routers or PE routers you will be prepending the RD to the route.

 

 

All of this just to  make sure that when you receive a route you know to where VRF the packet needs to be send (Even when having the same IP address domain on different VRFs).

 

 

Most important here when talking about routes being imported from different sites and routes actually being exported is the RT or Route Targets.

This is where you should be looking now.

 

Let's start with VRF 1 (Must see routes on it's own VRF and on Site2)

So it exports everything with 100:1 as a RT.

Which means that Site 2 should import then 100:1 right?

Which it happens so we are good.

 

 

Now Site 2 exports everything with 100:2 and 100:1.

So on Site one either of those 2 will make it happen.

It's actually using 100:1.

So We have covered Site 1 connectivity to Site 2 and from Site 2 to Site 1.

 

 

Let's move forward to Site 2

  • Must reach Site 1 (Already covered)
  • Must reach Site 3.

On site 2 we are exporting 100:1 (as already spoked) and 100:2.

 

If we go to site 3 we should be importing one of those 2 in order to be able to fullfill our routing table with routes of Site 2.

Router 3 it's importing 100:2

 

On the opposite direction R3 is exporting 100:2 and 100:3.

In this case 100:2  will allow the import of routes from Site 2.

 

Does it make sense? I know is kind of hard to understand the way Route-Targets work when building the routing tables across MPLS VPNs but once you have it you will be fine.

 

Let me know if you have another doubt.

 

Important: You do not export what you previously import, this is why you see on some of the VRF you actually importing 2 RT and Exporting 2 RT

 

Regards, 

 

Jcarvaja

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

BBOOMMAA123
Level 1
Level 1
In response to Julio Carvajal

‎03-09-2014 12:15 PM

Dear Jcarvaja ,

thank you for your answer, but I can't see how it address my two questions...  maybe It's my fault !

the first problem is that on that image,the PE2 configuration says :

"ip vrf site3
rd 100:3
route-target export 100:2
route-target import 100:2
route-target import 100:3
route-target export 100:3
ip vrf site4
rd 100:4
route-target export 100:3
route-target import 100:3

so I think that in vrf3 it should be added these two lines :

"route-target export 100:4
route-target import 100:4"

in order to let site3 communucating with site 4. and

 

in vrf4 these two lines :

"route-target export 100:3
route-target import 100:3"

for the same reason respectively.

What do you think ??

 

For what concerns the second question,

 It is uncorrect there where it states :"We'll use a route distinguisher for each VRF".

because in truth there are 4 Istances of VRFs.

2 of them share the same group of VPNs (only VPN A in this case) and the other 2 share ( VPN B),

so It should say "We'll use a route distinguisher for each combination of VPNs" Do you agree ?

 

Thank you for your help !!

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to BBOOMMAA123

‎03-09-2014 06:06 PM

Hello,

It's always a pleasure to help, just remember to rate the answers, that's a thanks for us :D

 

 

Let's go again 

1) The change of Route-Targets

so I think that in vrf3 it should be added these two lines :

"route-target export 100:4
route-target import 100:4"

in vrf4 these two lines :

"route-target export 100:3
route-target import 100:3"

 

VRF 4 already have those lines but if you set those changes on VRF3 communication will be broken as the VRF 4 it's exporting Route-Target 100:3 as it clearly shown on the image.

 

The confusion you have I think is with the usage of RDs and RTs, Again the meaning and usage of those are completely different so if I decide to have an RD of 100:200 does not mean that my route-target got to be 100:200, can be anything I want. and the Other side must import-it. That's the rule.

 

 It is uncorrect there where it states :"We'll use a route distinguisher for each VRF".

It is actually correct as we are using 4 different VRFs, so in order for our router to determine where each route must go will look at that. As in the picture we have for each VRF a dedicated and unique RD.

 

Again I think the confusion is in regards to the usage of RD and RT.

 

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Julio Carvajal
VIP Alumni
VIP Alumni
In response to BBOOMMAA123

‎03-10-2014 11:13 AM

Any other question?

 

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents