cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

MPLS L3VPN Internet Access (Option 2)

540
Views
0
Helpful
0
Comments

Continuing our journey through diving in the available options for providing Internet access to customers through MPLS L3VPN service.

The second option is still utilizing non-MP-BGP relation between our edge device (ASBR) and the serving PE as depicted in the below figure:

Design Option 2:

MPLS L3VPN Internet Option 2.png

What this option is all about having multiple connections (logical or physical) between the CE and the PE , one of them is still serving for WAN connectivity to other branches/HQ and the other one will be a non-VRF link that is used solely for Internet access.

Not going deeply into the technical routing details, what will be added to the PE is an extra role for handling the Internet routes through the new assigned attached circuit.

MPLS L3VPN Internet Option 2 Simulation 1.png

What we have relied on in this design instance is establishing an IPv4 BGP session between the PE device and the ASBR device to transport the prefix which the customer will use to reach the destination (Internet).

MPLS L3VPN Internet Option 2 Simulation 2.png

Checking the relevant configuration on some devices:

 

PE:

interface FastEthernet2/0.46

 encapsulation dot1Q 46

 ip vrf forwarding MSSK

 ip address 192.168.46.4 255.255.255.0

 

interface FastEthernet2/0.146

 encapsulation dot1Q 146

 ip address 62.215.1.1 255.255.255.0

 

router bgp 1

 bgp log-neighbor-changes

 no bgp default ipv4-unicast

 neighbor 2.2.2.2 remote-as 1

 neighbor 2.2.2.2 update-source Loopback0

 

 address-family ipv4

  network 62.215.1.0 mask 255.255.255.0

  neighbor 2.2.2.2 activate

 exit-address-family

 

ASBR:

router bgp 1

 bgp log-neighbor-changes

 no bgp default ipv4-unicast

 neighbor 4.4.4.4 remote-as 1

 neighbor 4.4.4.4 update-source Loopback0

 neighbor 212.118.23.3 remote-as 3

 !

 address-family ipv4

  neighbor 4.4.4.4 activate

  neighbor 4.4.4.4 next-hop-self

  neighbor 212.118.23.3 activate

 exit-address-family

 

R2-ASBR#show ip bgp

BGP table version is 23, local router ID is 212.118.23.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

              x best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

 

     Network          Next Hop            Metric LocPrf Weight Path

 *>  3.3.3.3/32       212.118.23.3             0             0 3 i

 r>i 62.215.1.0/24    4.4.4.4                  0    100      0 i

R6-CE#ping 3.3.3.3 source 62.215.1.10

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:

Packet sent with a source address of 62.215.1.10

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 40/60/76 ms


Checking the new roles per the new considerations:

MPLS L3VPN Internet Option 2 Simulation 1 Questions.png

CreatePlease to create content
Content for Community-Ad

Cisco COVID-19 Survey