ON THIS PAGE
Example: Configuring Layer 3 VPN (VRF) on cRPD Instance
This example shows the VPNv4 route resolution on PE routers and route reflectors by configuring the PE routers with specific policies to control the import of routes into and the export of routes from the VRF table and with next hops learnt using BGP labeled unicast. In this example, the traffic flows from CE1 to CE2.
Requirements
This example uses the following hardware and software components:
Ubuntu software version 18.04
Linux kernel version 4.5 or later
cRPD software Release version 19.4R1 or later
Before you configure a Layer 3 VPN (VRF), you must install the basic components:
MPLS modules on the host OS on which the cRPD instance is created. For details, see Configuring Settings on Host OS.
Provider edge router (PE1), a provider router (P), and provider edge router (PE2). For installing, see Installing cRPD on Docker.
Overview
To configure the VPNv4 route resolution, you need to configure a routing instance of type VRF for each VPN on each of the PE routers participating in the VPN and add static routes to it. The static statement configures the static routes that are installed in the vrfblue.inet.0 routing table. There is no loopback interface or device for every VRF device created in the Linux kernel. But the loopback host addresses are directly added to the VRF device which can be learnt by RPD.
Topology
Figure 1 shows the Layer 3 VPN (VRF) Topology
Configuration
Configuring PE1 router with BGP LU
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy.
- Create the table mpls.0.user@crpd1# set routing-options rib mpls.0
- Configure policy that accepts routes.[edit policy-options policy-statement]user@crpd1# set EXPORT_LO term 10 from route-filter 2.2.2.2/32 exactuser@crpd1# set EXPORT_LO term 10 then acceptuser@crpd1# set NH_SELF term 10 then next-hop self
- Configure a VRF routing instance on PE1 and other routing
instance parameters.[edit routing-instances vrfblue]user@crpd1# set routing-options static route 1.1.1.1/32 next-hop 10.10.10.1user@crpd1# set instance-type vrfuser@crpd1# set route-distinguisher 100:100user@crpd1# set vrf-target target:100:100
- Configure the router ID.user@crpd1# set routing-options router-id 2.2.2.2
- Configure BGP session.[edit protocols bgp group]user@crpd1# set underlay type external family inet unicastuser@crpd1# set underlay type external export EXPORT_LO neighbor 20.20.20.3 family inet labeled-unicast resolve-vpnuser@crpd1# set underlay type external export EXPORT_LO neighbor 20.20.20.3 peer-as 2 local-as 1user@crpd1# set VPN type internal local-address 2.2.2.2 family inet-vpn unicastuser@crpd1# set VPN local-as 5user@crpd1# set VPN neighbor 4.4.4.4 family inet-vpn unicast
- Configure the interface on MPLS.user@crpd1# set protocols mpls interface all
Results
From configuration mode, confirm your configuration by entering the show protocols bgp and show routing-instances commands. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.
If you are done configuring the device, enter commit from configuration mode.
Configuring P router with BGP LU
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy.
- Create the table mpls.0.user@crpd2# set routing-options rib mpls.0
- Configure policy that accepts routes.[edit policy-options policy-statement]user@crpd2# set EXPORT_LO term 10 from route-filter 3.3.3.3/32 exactuser@crpd2# set EXPORT_LO term 10 then acceptuser@crpd2# set NH_SELF term 10 then next-hop self
- Configure BGP session.[edit protocols bgp group]user@crpd2# set underlay type external export EXPORT_LO neighbor 20.20.20.2 family inet labeled-unicast resolve-vpnuser@crpd2# set underlay type external export EXPORT_LO neighbor 20.20.20.2 peer-as 1user@crpd2# set underlay type external export EXPORT_LO neighbor 20.20.20.2 local-as 2user@crpd2# set underlay type external export EXPORT_LO neighbor 30.30.30.4 family inet labeled-unicast resolve-vpnuser@crpd2# set underlay type external export EXPORT_LO neighbor 30.30.30.4 peer-as 3user@crpd2# set underlay type external export EXPORT_LO neighbor 30.30.30.4 local-as 4
- Configure the router ID.user@crpd2# set routing-options router-id 3.3.3.3
- Configure the interface on MPLS.user@crpd2# set protocols mpls interface all
Results
From configuration mode, confirm your configuration by entering the show protocols bgp and show policy-options commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.
Configuring PE2 router with BGP LU
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy.
- Create the table mpls.0.user@crpd3# set routing-options rib mpls.0
- Configure policy that accepts routes.[edit policy-options policy-statement]user@crpd3# set EXPORT_LO term 10 from route-filter 4.4.4.4/32 exactuser@crpd3# set EXPORT_LO term 10 then acceptuser@crpd3# set NH_SELF term 10 then next-hop self
- Configure a VRF routing instance on PE2 and other routing
instance parameters.[edit routing-instances vrfblue]user@crpd3# set routing-options static route 5.5.5.5/32 next-hop 40.40.40.5user@crpd3# set instance-type vrfuser@crpd3# set route-distinguisher 100:100user@crpd3# set vrf-target target:100:100user@crpd3# set interface all
- Configure BGP session.[edit protocols bgp group]user@crpd3# set underlay type external export EXPORT_LO neighbor 30.30.30.3 family inet labeled-unicast resolve-vpnuser@crpd3# set underlay type external export EXPORT_LO neighbor 30.30.30.3 peer-as 4user@crpd3# set underlay type external export EXPORT_LO neighbor 30.30.30.3 local-as 3user@crpd3# set VPN type internal local-address 4.4.4.4 family inet-vpn unicastuser@crpd3# set VPN local-as 5user@crpd3# set VPN neighbor 2.2.2.2 family inet-vpn unicast
- Configure the router ID.user@crpd3# set routing-options router-id 4.4.4.4
- Configure the interface on MPLS.user@crpd3# set protocols mpls interface all
Results
From configuration mode, confirm your configuration by entering the show protocols bgp and show routing-instances commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.
Verification
Verifying VPNv4 Resolution on PE1
Purpose
To verify VPNv4 routes on PE1:
Action
From operational mode, enter the show route table vrfblue.inet.0 5.5.5.5 command:
user@crpd1>show route table vrfblue.inet.0 5.5.5.5vrfblue.inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
5.5.5.5/32 *[BGP/170] 00:00:14, localpref 100, from 4.4.4.4
AS path: I, validation-state: unverified
> to 20.20.20.3 via pe1-p, Push 299808, Push 299792(top)From operational mode, enter the show route table mpls.0 command:
user@crpd1>show route table mpls.0mpls.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
299808 *[VPN/170] 00:01:45
> to 10.10.10.1 via pe1-ce1, Pop
299808(S=0) *[VPN/170] 00:01:45
> to 10.10.10.1 via pe1-ce1, Pop
299824 *[VPN/170] 00:01:45
receive table vrfblue.inet.0, PopFrom bash mode, enter the ip route list table 5 5.5.5.5 command:
user@crpd1>ip route list table 5 5.5.5.55.5.5.5 encap mpls 299792/299808 via 20.20.20.3 dev pe1-p proto 22
From bash mode, enter the ip -f mpls route command:
user@crpd1>ip -f mpls route299808 via inet 10.10.10.1 dev pe1-ce1 proto 22
Meaning
You can view PE1 has a route under vrfblue.inet.0 to CE2 which is learnt from PE2 with nexthop 4.4.4.4, which is resolved using BGP LU from P router.
Verifying BGP LU on P
Purpose
To verify VPNv4 routes on P:
Action
From bash mode, enter the ip -f mpls route show command:
user@crpd2>ip -f mpls route show299776 via inet 20.20.20.2 dev p-pe1 proto 22 299792 via inet 30.30.30.4 dev p-pe2 proto 22
From operational mode, enter the show route table mpls.0 command:
user@crpd2>show route table mpls.0mpls.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0 *[MPLS/0] 01:40:42, metric 1
Receive
1 *[MPLS/0] 01:40:42, metric 1
Receive
2 *[MPLS/0] 01:40:42, metric 1
Receive
13 *[MPLS/0] 01:40:42, metric 1
Receive
299776 *[VPN/170] 01:19:24
> to 20.20.20.2 via p-pe1, Pop
299776(S=0) *[VPN/170] 01:19:24
> to 20.20.20.2 via p-pe1, Pop
299792 *[VPN/170] 01:19:20
> to 30.30.30.4 via p-pe2, Pop
299792(S=0) *[VPN/170] 01:19:20
> to 30.30.30.4 via p-pe2, PopMeaning
You can view the MPLS and VPN routes from P to PE1 and P to PE2.
Verifying VPNv4 Resolution on PE2
Purpose
To verify VPNv4 routes on PE2:
Action
From operational mode, enter the show route table vrfblue.inet.0 1.1.1.1 command:
user@crpd3>show route table vrfblue.inet.0 1.1.1.1vrfblue.inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
1.1.1.1/32 *[BGP/170] 00:00:26, localpref 100, from 2.2.2.2
AS path: I, validation-state: unverified
> to 30.30.30.3 via pe2-p, Push 299808, Push 299776(top)From operational mode, enter the show route table mpls.0 command:
user@crpd3>show route table mpls.0mpls.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0 *[MPLS/0] 01:34:39, metric 1
Receive
1 *[MPLS/0] 01:34:39, metric 1
Receive
2 *[MPLS/0] 01:34:39, metric 1
Receive
13 *[MPLS/0] 01:34:39, metric 1
Receive
299808 *[VPN/170] 00:00:43
> to 40.40.40.5 via pe2-ce2, Pop
299808(S=0) *[VPN/170] 00:00:43
> to 40.40.40.5 via pe2-ce2, Pop
299824 *[VPN/170] 00:00:43
receive table vrfblue.inet.0, PopFrom bash mode, enter the ip route list table 5 1.1.1.1 command:
user@crpd3>ip route list table 5 1.1.1.11.1.1.1 encap mpls 299776/299808 via 30.30.30.3 dev pe2-p proto 22
From bash mode, enter the ip -f mpls route command:
user@crpd3>ip -f mpls route299808 via inet 40.40.40.5 dev pe2-ce2 proto 22
Meaning
On PE2 router, PE1 displays the routes for the VRF table vrfblue.inet.0 using BGP LU about 1.1.1.1 as a VPNv4 prefix with nexthop as 2.2.2.2..