Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
2656
Views
0
Helpful
0
Comments

How to configure MPLS VPN over ATM using cell mode MPLS with BGP or RIPv2 on the customer site

TCC_2
Level 10
Level 10

‎06-18-2009 03:48 PM - edited ‎03-01-2019 03:39 PM

Core Issue

A Virtual Private Network (VPN) is a network where connectivity between multiple customer sites is deployed on a shared infrastructure. This provides the same access or security policies as a private network. The Multiprotocol Label Switching (MPLS) VPN architecture provides the service providers with a peer-to-peer model. This combines the best features of overlay and peer-to-peer models.

The MPLS VPN terminology divides the overall network into a customer controlled part (C network) and a provider controlled part (P network). The contiguous portion of the C network (called sites) is linked with the P network through the Customer Edge (CE) routers. The CE routers are connected to the Provider Edge (PE) routers that serve as the edge device of the P network. The core devices (or the P routers in the P network) provide the transport across the service provider backbone. In MPLS VPN, PE routers participate in customer routing. PE routers provide optimum routing between sites and easy provisioning of sites. PE routers allow customers to use overlapping addresses and contain a separate set of routes for each customer. This results in the perfect isolation between routers.

Resolution

MPLS can be configured in Cisco IOS  Software by issuing commands that begin with either tag-switching or mpls, depending on the one supported. Some of the releases have support for both tag-switching and mpls to maintain backward compatibility. There are two protocols for label distribution. One is called Label Distribution Protocol (LDP) and the other is called Tag Distribution Protocol (TDP). TDP is Cisco proprietary. The two protocols do not interoperate. Except for any protocol specific functionality, the mpls commands are functionally equivalent to the tag-switching commands. 

To configure MPLS VPN over ATM using cell mode MPLS with Border Gateway Protocol (BGP) or Routing Information Protocol version 2 (RIPv2), perform these steps:

  1. Configure an Interior Gateway Protocol (IGP) and enable cell mode MPLS over ATM in the P network.

    MPLS can be used either in frame mode or cell mode over ATM networks. When using cell mode MPLS over ATM, the ATM switches also become Layer 3 (L3) aware by running a routing protocol and MPLS and using the MPLS labels in the Virtual Path Identifier (VPI) and Virtual Channel Identifier (VCI) fields of the ATM cell while forwarding them.

    The virtual circuits do not have to be built manually and are set up dynamically using LDP or TDP. This virtual circuit is called a Label Virtual Circuit (LVC) or Tag Virtual Circuit (TVC).

    Perform these steps:

    1. To configure cell mode MPLS on the PE router, issue the interface atm interface-number subinterface-number mpls command in global configuration mode for the ATM physical interface connected to the switch. The mpls keyword identifies that the cell mode MPLS is used on this sub-interface.
    2. Issue the mpls ip command to enable MPLS in the sub-interface that the cell mode MPLS was used on.
    3. If necessary, you can configure the range of label values used for the VPI field in the LVC. This is done by issuing the mpls atm vpi vpi [- vpi] command in the sub-interface.
    4. Enable Cisco Express Forwarding (CEF) on the PE router by issuing the ip cef command in global configuration mode.
    5. To configure cell mode MPLS on the ATM switch acting as the P router, issue the mpls ip command in the interface connecting to other ATM devices. If necessary, issue the mpls atm vpi vpi [- vpi] command. CEF is not necessary on the ATM switch because it cannot forward normal IP packets.
    6. Configure an IGP in the P network on ATM attached routers acting as PE routers and on ATM switches acting as P routers. You can use any IGP in the P network. To configure Open Shortest Path First (OSPF) as the IGP, issue the router ospf process-id command in global configuration mode. Include the interfaces on the router to run OSPF as part of a specific area. This is done by issuing the networkip-address wildcard-mask area area-id command in router configuration mode. Refer to the network area command.
  2. Configure Virtual Routing and Forwarding (VRF) on the PE devices.

    Perform these steps:

    1. Create a VRF instance by issuing the ip vrf vrf-name command in global configuration mode. Multiple VRFs can be on the same PE device. Sites can use the same VRF if they have identical routing requirements and are connected to the same PE router.
    2. Define a Route Distinguisher (RD) for the VRF by issuing the rd route-distinguisher command. This allows different customers to use overlapping addresses. RD is a 64-bit value prefixed to the 32-bit IP version 4 (IPv4) routes, which are learned from the customer to make a unique 96-bit address called the VPN version 4 (VPNv4) address. The VPNv4 address is then advertised to other PE devices. Each VRF on the PE device has to be assigned a unique value as RD. A VRF can have only one RD assigned.
    3. Set the import and export Route Targets (RT) for the VRF by issuing the route-target {import | export | both} route-target-ext-community command in VRF configuration mode. The RT parameter indicates the VPN membership of a route, which helps in building complex VPN topologies. RT is represented by extended BGP community attributes that are 64 bits long. Any number of RTs can be attached to a route to indicate membership in more than one VPN. RTs attached to a route when converted from a IPv4 address to a VPNv4 address by the PE router are called export route targets. When the VPNv4 routes are propagated to other PE devices, those routers select the routes to be inserted into the appropriate VRF. This selection is based on the import route target of the VRF.
    4. Apply the configured VRF to an interface attached to the CE device by issuing the ip vrf forwarding vrf-name command in interface configuration mode. This command removes the interface from the global routing table and inserts the interface into the routing table associated with the particular VRF.
  3. Configure Multiprotocol BGP (MP-BGP) between PE devices.

    BGP is required in MPLS VPN setup. BGP transports customer routes directly between PE routers and uses MPLS labels to exchange packets between PE routers. Since BGP was capable of carrying only traditional IPv4 prefixes, it has been enhanced to carry the 96-bit VPNv4 prefixes. BGP also carries extended community attributes like RTs. The enhanced version of BGP is called MP-BGP. Because the PE routers have multiple routing tables associated with different VRFs, the MPLS label (called the VPN label) is carried in the MP-BGP update along with the prefix. This identifies the VRF used while receiving packets to be forwarded to the destination.

    The BGP process in a PE router can be used for three different purposes:

    • To exchange VPNv4 prefixes with other PE devices through MP-BGP.
    • To exchange customer routes with attached CE devices using per VRF exterior BGP (eBGP) sessions by using the PE-CE routing protocol.
    • To provide Internet connectivity by exchanging global BGP routes with other BGP routers.

    Since only one BGP process is allowed to run on Cisco IOS Software, separate routing contexts (called address families) are used to configure these three tasks in the same BGP process.

    Perform these steps:

    1. Configure a BGP routing process by issuing the router bgp as-number command in global configuration mode.
    2. Define the other PE as a neighbor by issuing the neighbor {ip-address | peer-group-name} remote-as as-number command in router configuration mode. Refer to the neighbor remote-as command.
    3. Use the loopback interface for the BGP session by issuing the neighbor {ip-address | peer-group-name} update-source interface-type interface-number command. Refer to the neighbor update-source command.
    4. Configure an MP-BGP session by issuing the address-family vpnv4 command in router configuration mode.
    5. Activate the MP-BGP session with the neighbor you configured by issuing the neighbor {ip-address  | peer-group-name} activate command. Refer to the neighbor activate command. Before activating a session for a neighbor, the neighbor has to be configured in the normal BGP routing process. It also has to be configured with other session-related parameters like remote-as and update-source.
    6. The PE devices have to exchange RTs through BGP extended community attributes. These attributes are enabled by default for the VPNv4 address family. If disabled, or if both standard and extended community attributes need to be exchanged, make sure that you issue the neighbor {ip-address | peer-group-name} send-community [both | extended] command. Refer to the neighbor send-community command.
  4. Configure RIPv2 and BGP as the PE-CE routing protocol on PE devices.

    To exchange IPv4 routes between PE and CE devices, Cisco IOS Software supports using either static routes or RIPv2, OSPF, Enhanced Interior Gateway Routing Protocol (EIGRP) and BGP. These protocols are VRF aware and allow you to run separate instances of the same protocol for each VRF on the PE device. The routes learned through the interface are populated in the routing table for that particular VRF. These routes belong to a specific VRF and provide isolation.

    Perform these steps:

    1. To configure RIPv2 as the PE-CE routing protocol, issue the router rip command in global configuration mode. To send and receive RIPv2 updates, issue the version 2 command.
    2. A separate routing context for each customer or VRF needs to be configured, as only one RIP process is allowed in Cisco IOS Software (just like BGP). This is done by issuing the address-family command. Create a routing context for each VRF that is using RIPv2 by issuing the address-family ipv4 vrf vrf-name command in the router configuration mode of RIP. This takes you to the address-family configuration mode of RIP. Any parameter defined globally in RIP is inherited by the individual address-families. Since RIPv2 has been enabled globally, the address-family for the VRFs use the same version.
    3. To start running RIPv2 on interfaces in the VRF, issue the networkip-address command in address-family configuration mode. These interfaces are part of this network. Refer to the network (RIP) command.
    4. To configure BGP as the PE-CE routing protocol, issue the router bgp as-number command in global configuration mode. The BGP session with the CE device should be an eBGP session, as the customer network is part of a different Autonomous System (AS).
    5. Create a routing context for each VRF using BGP by issuing the address-family ipv4 vrf vrf-name command in the router configuration mode of BGP. This takes you to the address-family configuration mode of BGP.
    6. While the PE neighbors for MP-BGP are specified in the global BGP process, the CE neighbors have to be specified and activated within the per VRF context. This is done in the respective address-family configuration. Define the CE neighbor by issuing the neighbor {ip-address | peer-group-name} remote-as as-number command in address-family configuration mode. Activate the session by issuing the neighbor {ip-address | peer-group-name} activate command in address-family configuration mode.
  5. Configure RIPv2 and BGP as the PE-CE routing protocol on CE devices.

    RIPv2 or BGP have to be configured on the CE devices. However, they do not have to be configured with any address-families or activated sessions because RIPv2 or BGP are not aware of MPLS VPNs. Configure RIPv2 or BGP as you would enable RIPv2 or BGP by using these commands.

  6. Configure redistribution between RIPv2 and MP-BGP on the PE devices.

    For routing information to propagate to other PE devices and attached CE devices, configure redistribution  between the PE-CE routing protocol and MP-BGP on the PE devices.

    Perform these steps:

    1. To redistribute routes learned through RIPv2 into MP-BGP, issue the router bgp as-number and address-family ipv4 vrf vrf-name commands. These enter the address-family configuration mode of BGP for that specific VRF. Issue the redistribute (IP) command in this mode. This redistributes the RIPv2 learned routes available in the routing table of the same VRF into MP-BGP.
    2. To redistribute routes learned through MP-BGP into RIPv2, issue the router rip and address-family ipv4 vrf vrf-name commands. These enter the address-family configuration mode of RIP for that specific VRF. Issue the redistribute bgp as-number metric metric-value command in this mode. This redistributes the MP-BGP learned routes available in the routing table of the same VRF into RIPv2.

      When BGP is used as the PE-CE routing protocol, the routes are automatically injected into MP-BGP. The routes learned through MP-BGP are also automatically advertised to the CE devices through BGP. Therefore, no manual redistribution is necessary.

For more information on configuring MPLS VPN, refer to MPLS Virtual Private Networks.

For an example of MPLS VPN over ATM using cell mode MPLS with BGP or RIPv2 on the customer site, refer to MPLS VPN over ATM: with BGP or RIP on the Customer Site.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents