08-03-2010 09:29 AM
Hi All,
Still cutting my teeth with MPLS, and i am labbing up some stuff, and i've come accross an issue (or not)
This maybe by design, i'm not sure.
I've got a basic P core running OSPF and MPLS. Easy so far.
I've got 2 PEs, one on each side (still with me )
Attached to each PE I have a CE, and a Loopback.
On each side the CE is in one VRF and the Loopback is in another.
All straighforward so far. Routing is work I am using RIP for the CEs and Redisribute connected for the L-Backs.
MPBGP is working fine and the routes are being carried accross the core.
I now want to step it up and bit a try out some route leaking. I have imported routes from the CE VRF to the LBack VRF easily
on one PE. and vice versa.
However, the next step is where i get confused. When i import routes to a VRF i would expect to see them
propagated accross the MPLS core to the same VRF on the other side of the VPN.
Not sure if it should work like this.
Any Opinions??
Thank all
Stephen
08-03-2010 10:57 AM
Hi Stephen,
As per your senario you wnat to import the route from one vrf to other vrf , So to achive that you can configure route-target for same.
Below is the senario :
CE 1_A-------------- ------------------- CE1_B
PE 1 ---------------- P ---------------- PE 2
CE 2_A-------------- ------------------- CE 2_B
In above senario
1] CE1_A & CE 1_B are in CUST_A vrf .
2] CE2_A & CE 2_B are in CUST_B vrf .
Now If you want that in CE 1 _A that is in vrf CUST_A should communicate with only CE2_A that is in vrf CUST_B you ca have different RT , Below is the example for above senario.
PE1 -
ip vrf CUST_A
rd 65000:100
route-target export 65:100
route-target import 65:100
route-target import 65: 20
route-target export 65: 10
ip vrf CUST_B
rd 65000:200
route-target export 65:100
route-target import 65:100
route-target import 65: 10
route-target export 65: 20
Here in above config you can see that in CUST_A vrf we had export the RT 65: 10 & that RT is imported by CUST_B vrf & in CUST_B vrf you had exported 65:20 RT & that RT is imported by CUST_A vrf.
So in now you can see that in CE 1_A & CE 2_A will see each other route in there routing table . This is know as extramet in MPLS.
Regards
Chetan Kumar
08-05-2010 02:27 PM
Hello Stephen,
routes imported from MP BGP vpnv4 address family are not re-advertised, this is wanted and allows to build partial extranets where only some VRF sites of VPN A are visible on some VRF sites of VPN B.
Re-advertising would mean adding a route-target of VPN A to a route imported from VPN B.
So if you want to see routes of VPN B on multiple VRF sites of VPN A you need to add route-target import commands in each VRF.
Hope to help
Giuseppe
08-06-2010 04:52 AM
Thast great guys,
I really appreciate the responses.
I have tried the config and the same thing happens. The routes do not get re-advertised access the VPNv4 paths.
So, how can i scale MPLS easily. If I want to import routes in one location, from one VRF to another (say a central services,
or management VRF) how does this work. I think i understand the extranet concept now.
Does this mean i have to import the central services VRF at every customer VRF location/Router.
Thanks again
Stephen
08-06-2010 08:10 AM
Hi Stephan
MPLS VPN can configure with various flavor. Below are few on them.
1] Central VPN
2] Extranet VPN
This two flavor you can use .
1] Central VPN is like HUB & SPOKE . Here you have to user different RD in every location.
For Example : HUB will import all spoke RD & Export his own RD.
Spoke will import only HUB RD & export his own RD.
2] Extranet VPN : If you want that only particular VPN Site A should communicate will other VPN site B but not with other VPN site that are in same domain . you can call as partial mesh.
For example : Two VRF is configured & Each VRF is having 10 sites. If you want that one site in vrf A should communicate with one site of vrf B but not all other site . Then you can configure extranet to achieve the requirement. ( The configuration was posted in same thread for extranet )
Regards
Chetan Kumar
08-06-2010 08:38 AM
Great Chetan,
That really helps. I now understand the extranet concept.
But in Central VPN, is it the case that the Customer VRFs only have to be imported at the Central VPN Site.
And if you imported for the Central VPN, does the imported routes propagate accross the VPNv4 BGP.
Basically, i want to know when,where and how imported routes propagate, or not.
Thanks again for your input.
Regards
Stephen
08-06-2010 09:43 AM
Hi Stephan
When ?
Use import when you want that VRF route in your VRF.
Where ?
When you wnat multiple VRF shoul communicate ( Complex VPN , HUB & SPOKE , Partial Mesh , Extranet )
How import route propogate ?
All VPNv4 route propogate via bgp vpnv4 update. Here BGP import scanner work ( Scan for ecery 15 Sec ). this scanner work only for AF's.
You can change timers ( bgp scan-time import <5-60 ).
And when Peer I-BGP advertise that VPNv4 route then scanner will detect that route and will install to VRF.using import policies.
But in Central VPN, is it the case that the Customer VRFs only have to be imported at the Central VPN Site ?
Yes in Central VPN you should import only Customer VRF. In this case you will se that in Customer VRF where you have imported only Central VRF route , So it will communicate will only Central location . Means HUB & SPOKE.
Regards
Chetan Kumar
http://chetanress.blogspot.com
Message was edited by: Chetan Kumar Ress
08-06-2010 12:15 PM
Hello Stephen,
>> Does this mean i have to import the central services VRF at every customer VRF location/Router.
yes you need a config line like
route-target import 10000:101
in each VRF configuration: it is not so cumbersome!
routes learned from VPNv4 address-family are not re-advertised in VPNv4 address familty this is a loop avoidance feature: if routes are learned via VPNv4 this means they are originated by a different PE node not by local node so these routes are not re-advertised back.
the BGP attribute extended community route-target is used to decide if a vpnv4 route should be imported in a VRF table or not.
Multiple route targets can be associated to a VPNv4 route like it happens for standard BGP communities
By using route-maps with export-map command you can even modify the set of route targets associated to some routes of a VRF site (a so called partial extranet).
That is you can export only some routes of a VRF site towards sites.
But this is a complex configuration.
Hope to help
Giuseppe
08-10-2010 04:32 AM
Thats great guys.
It all makes sense to me now. I'm glad you could clear this up for me.
And thanks for the lengthy answers
Regards
Stephen
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide