L3VPN MPLS with RSVP-TE and VLAN

rodolfo.alvizu · ‎09-19-2017

Hi all,

We are having problems to configure a L3VPN in VIRL with an MPLS CORE NETWORK that uses RSVP-TE as label exchange protocol and IS-IS as IGP protocol. The idea is to distinguish different type of traffic from the CEs to route them on specific MPLS tunnels. The topology is depicted in the following Figure.

topology

-CE1 (ioS): belongs to autonomous system 2 (AS-2), it is attached to PE1 with a VLAN/802.1q connection and they use an eBGP session for IPv4 prefix advertisement.

-CE2 (ioS): belongs to AS-3, it is attached to PE2 with a VLAN/802.1q connection and an eBGP session for IPv4 prefix advertisement.

-PE1 and PE2 (XRv): belong to AS-1, they are connected through MPLS-TE tunnel and they use an MP-iBGP session for VPNV4 prefix advertisement.

-P1 and P2 (ioS): belong to AS-1, they are part of the MPLS core network.

-CE1 and CE2 belongs to the same VPN associated to VRF-A on the PEs. VRF-A is placed on a logical subinterface that connects CE1--PE1 and it uses the ip address of physical interface. The same method is used for the connection between CE2--PE2.

-CE1 is reachable from PE1 through VRF-A using physical interface ip address of CE-1 (same from PE2 to CE2).

-PE2 is reachable from PE1 through tunnel-te11 (dynamic config by RSVP-TE) and viceversa using the loopback interface.

-Problem: CE2 cannot reach CE1 and viceversa. We believe that there is an error or something missing in the configuration. Attached please find the configuration of all the routers hoping that someone can help us.

We have some doubts about the configuration:

We use as update-source of eBGP session the logical subinterface on which the VRF-A stays. Is it possible to obtain the association between VRF and an MPLS tunnel that is created using loopback interface?

Is it correct to configure the CE to redistribute the network between CE and PE through eBGP session?
If the connection between CE--PE is done through a VLAN_ID, what are the IPv4 prefixes that PE can advertise in eBGP session? (redistributed connected?)
It is possible to use a CE loopback interface to simulate a network behind the CE and propagate this prefix through eBGP?

Thanks in advance,

Best regards

Serena and Rodolfo

Harold Ritter · ‎09-19-2017

- We use as update-source of eBGP session the logical subinterface on which the VRF-A stays. Is it possible to obtain the association between VRF and an MPLS tunnel that is created using loopback interface?

HR> It is normally recommended to use the following configuration to change the next-hop for a specific VRF.

vrf definition test
rd 109:1
route-target export 109:1
route-target import 109:1
!
address-family ipv4
bgp next-hop Loopback99 (loopback address that correspond to a specific tunnel interface)
exit-address-family
!

- Is it correct to configure the CE to redistribute the network between CE and PE through eBGP session?

HR> Yes, it is correct. It is what most people do.

- If the connection between CE--PE is done through a VLAN_ID, what are the IPv4 prefixes that PE can advertise in eBGP session? (redistributed connected?)

HR> All networks reachable via the specific CE.

- It is possible to use a CE loopback interface to simulate a network behind the CE and propagate this prefix through eBGP?

HR> Yes, using a loopback interface IP address is commonly done to simulate.

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

rodolfo.alvizu · ‎09-20-2017

Thanks a lot for your fast reply. We are using XRv as the PE router, therefore the command from ios that you suggested “bgp nexthop” is not available. We find out that in XRv the “bgp nexthop” can be done with the definition of a route-policy using a pseudo-code:

route-policy NH

set next-hop LoopbackAddress

end-policy

Then, this route-policy needs to be applied to the eBGP neighbor inside the VRF

vrf VRF-A
   rd 1:1001
   label mode per-ce
   address-family ipv4 unicast
   !
neighbor 10.0.0.1

remote-as 2

update-source GigabitEthernet0/0/0/0.101

address-family ipv4 unicast

send-community-ebgp

route-policy NH in

as-override

However, this new configuration creates new questions:

We are not sure if we have to use “update-source loopback 0” and then modify the nexthop (using the route policy), or if it is possible to use the subinterface associated with the VRF (as shown above)?
What is the difference between importing the route-policy: i) at the VRF-A definition (as shown below), and ii) at the eBGP neighbor under VRF-A (as shown above).

vrf VRF-A

address-family ipv4 unicast

import route-policy NH

import route-target

1:101

export route-policy NH

export route-target

1:101

3. When we try to apply the route-policy to the VRF definition there is the following error:

vrf VRF-A

address-family ipv4 unicast

import route-policy NH

!!% Could not find entry in list: Policy [NH] uses 'assign-ip next-hop'. 'set' is not a valid operator for the 'next-hop' attribute at the bgp export attach point.

export route-policy NH

!!% The process 'policy_repository' rejected the operation but returned no error

!

route-policy NH

set next-hop 192.168.1.1

end-policy

!

!!% The process 'policy_repository' rejected the operation but returned no error

end

So what is the right way to apply the route-policy ?

Is there any XRv reference for route-policy?