Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Carrier-of-Carriers VPN Example—Customer Provides Internet Service

    In this example, the carrier customer is not required to configure MPLS and LDP on its network. However, the carrier provider must configure MPLS and LDP on its network.

    For configuration information see the following sections:

    Network Topology for Carrier-of-Carriers Service

    A carrier-of-carriers service allows an Internet service provider (ISP) to connect to a transparent outsourced backbone at multiple locations.

    Figure 1 shows the network topology in this carrier-of-carriers example.

    Figure 1: Carrier-of-Carriers VPN Example Network Topology

    Carrier-of-Carriers VPN Example Network
Topology

    Configuration for Router A

    In this example, Router A represents an end customer. You configure this router as a CE device.

    [edit]
    protocols {
    bgp {
    group to-routerB {
    export attached;
    peer-as 21;
    as-override;
    neighbor 192.168.197.169;
    }
    }
    }
    policy-options {
    policy-statement attached {
    from protocol direct;
    then accept;
    }
    }

    Configuration for Router B

    Router B can act as the gateway router, responsible for aggregating end customers and connecting them to the network. If a full-mesh IBGP session is configured, you can use route reflectors.

    [edit]
    protocols {
    bgp {
    group int {
    type internal;
    local-address 10.255.14.179;
    neighbor 10.255.14.175;
    neighbor 10.255.14.181;
    neighbor 10.255.14.176;
    neighbor 10.255.14.178;
    neighbor 10.255.14.177;
    }
    group to-vpn-blue {
    peer-as 1;
    neighbor 192.168.197.170;
    }
    }
    ospf {
    area 0.0.0.0 {
    interface lo0.0 {
    passive;
    }
    interface fe-1/0/3.0;
    interface fe-1/0/2.0 {
    passive;
    }
    }
    }
    }

    Configuration for Router C

    Configure Router C:

    [edit]
    protocols {
    bgp {
    group int {
    type internal;
    local-address 10.255.14.176;
    neighbor 10.255.14.179;
    neighbor 10.255.14.175;
    neighbor 10.255.14.177;
    neighbor 10.255.14.178;
    neighbor 10.255.14.181;
    }
    }
    ospf {
    area 0.0.0.0 {
    interface lo0.0 {
    passive;
    }
    interface fe-0/3/3.0;
    interface fe-0/3/0.0;
    }
    }
    }

    Configuration for Router D

    Router D is the CE router with respect to AS 10023. In a carrier-of-carriers VPN, the CE router must be able to send labels to the carrier provider; this is done with the labeled-unicast statement in group to-isp-red.

    [edit]
    protocols {
    mpls {
    interface t3-0/0/0.0;
    }
    bgp {
    group int {
    type internal;
    local-address 10.255.14.175;
    neighbor 10.255.14.179;
    neighbor 10.255.14.176;
    neighbor 10.255.14.177;
    neighbor 10.255.14.178;
    neighbor 10.255.14.181;
    }
    group to-isp-red {
    export internal;
    peer-as 10023;
    neighbor 192.168.197.13 {
    family inet {
    labeled-unicast;
    }
    }
    }
    }
    ospf {
    area 0.0.0.0 {
    interface lo0.0 {
    passive;
    }
    interface fe-0/3/0.0;
    interface t3-0/0/0.0 {
    passive;
    }
    }
    }
    }
    policy options {
    policy-statement internal {
    term a {
    from protocol [ ospf direct ];
    then accept;
    }
    term b {
    then reject;
    }
    }
    }

    Configuration for Router E

    This configuration sets up the inet-vpn IBGP session with Router H and the PE router portion of the VPN with Router D. Because Router D is required to send labels in this example, configure the BGP session with the labeled-unicast statement within the virtual routing and forwarding (VRF) table.

    [edit]
    protocols {
    mpls {
    interface t3-0/2/0.0;
    interface at-0/1/0.0;
    }
    bgp {
    group pe-pe {
    type internal;
    local-address 10.255.14.171;
    family inet-vpn {
    any;
    }
    neighbor 10.255.14.173;
    }
    }
    isis {
    interface at-0/1/0.0;
    interface lo0.0 {
    passive;
    }
    }
    ldp {
    interface at-0/1/0.0;
    }
    }
    routing-instances {
    vpn-isp1 {
    instance-type vrf;
    interface t3-0/2/0.0;
    route-distinguisher 10.255.14.171:21;
    vrf-import vpn-isp1-import;
    vrf-export vpn-isp1-export;
    protocols {
    bgp {
    group to-isp1 {
    peer-as 21;
    neighbor 192.168.197.14 {
    family inet {
    labeled-unicast;
    }
    }
    }
    }
    }
    }
    }
    policy-options {
    policy-statement vpn-isp1-import {
    term a {
    from {
    protocol bgp;
    community vpn-isp1-comm;
    }
    then accept;
    }
    term b {
    then reject;
    }
    }
    policy-statement vpn-isp1-export {
    term a {
    from protocol bgp;
    then {
    community add vpn-isp1-comm;
    accept;
    }
    }
    term b {
    then reject;
    }
    }
    community vpn-isp1-comm members target:69:21;
    }

    Configuration for Router F

    Configure Router F to act as a label-swapping router:

    [edit]
    protocols {
    isis {
    interface so-0/2/0.0;
    interface at-0/3/0.0;
    interface lo0.0 {
    passive;
    }
    }
    ldp {
    interface so-0/2/0.0;
    interface at-0/3/0.0;
    }
    }

    Configuration for Router G

    Configure Router G to act as a label-swapping router:

    [edit]
    protocols {
    isis {
    interface so-0/0/0.0;
    interface so-1/0/0.0;
    interface lo0.0 {
    passive;
    }
    }
    ldp {
    interface so-0/0/0.0;
    interface so-1/0/0.0;
    }
    }

    Configuration for Router H

    Router H acts as the PE router for AS 10023. The configuration that follows is similar to that for Router F:

    [edit]
    protocols {
    mpls {
    interface fe-1/1/0.0;
    interface so-1/0/0.0;
    }
    bgp {
    group pe-pe {
    type internal;
    local-address 10.255.14.173;
    family inet-vpn {
    any;
    }
    neighbor 10.255.14.171;
    }
    }
    isis {
    interface so-1/0/0.0;
    interface lo0.0 {
    passive;
    }
    }
    ldp {
    interface so-1/0/0.0;
    }
    }
    routing-instances {
    vpn-isp1 {
    instance-type vrf;
    interface fe-1/1/0.0;
    route-distinguisher 10.255.14.173:21;
    vrf-import vpn-isp1-import;
    vrf-export vpn-isp1-export;
    protocols {
    bgp {
    group to-isp1 {
    peer-as 21;
    neighbor 192.168.197.94 {
    family inet {
    labeled-unicast;
    }
    }
    }
    }
    }
    }
    }
    policy-options {
    policy-statement vpn-isp1-import {
    term a {
    from {
    protocol bgp;
    community vpn-isp1-comm;
    }
    then accept;
    }
    term b {
    then reject;
    }
    }
    policy-statement vpn-isp1-export {
    term a {
    from protocol bgp;
    then {
    community add vpn-isp1-comm;
    accept;
    }
    }
    term b {
    then reject;
    }
    }
    community vpn-isp1-comm members target:69:21;
    }

    Configuration for Router I

    Configure Router I to connect to the basic Internet service customer (Router L):

    [edit]
    protocols {
    mpls {
    interface fe-1/0/1.0;
    interface fe-1/1/3.0;
    }
    bgp {
    group int {
    type internal;
    local-address 10.255.14.181;
    neighbor 10.255.14.177;
    neighbor 10.255.14.179;
    neighbor 10.255.14.175;
    neighbor 10.255.14.176;
    neighbor 10.255.14.178;
    }
    group to-vpn-green {
    peer-as 1;
    neighbor 192.168.197.198;
    }
    }
    ospf {
    area 0.0.0.0 {
    interface lo0.0 {
    passive;
    }
    interface fe-1/0/1.0 {
    passive;
    }
    interface fe-1/1/3.0;
    }
    }
    }

    Configuration for Router J

    Configure Router J as a label-swapping router:

    [edit]
    protocols {
    bgp {
    group int {
    type internal;
    local-address 10.255.14.178;
    neighbor 10.255.14.177;
    neighbor 10.255.14.181;
    neighbor 10.255.14.175;
    neighbor 10.255.14.176;
    neighbor 10.255.14.179;
    }
    }
    }
    ospf {
    area 0.0.0.0 {
    interface lo0.0 {
    passive;
    }
    interface fe-1/0/2.0;
    interface fe-1/0/3.0;
    }
    }

    Configuration for Router K

    Router K acts as the CE router at the end of the connection to the carrier provider. As in the configuration for Router D, include the labeled-unicast statement for the EBGP session:

    [edit]
    protocols {
    mpls {
    interface fe-1/1/2.0;
    interface fe-1/0/2.0;
    }
    bgp {
    group int {
    type internal;
    local-address 10.255.14.177;
    neighbor 10.255.14.181;
    neighbor 10.255.14.178;
    neighbor 10.255.14.175;
    neighbor 10.255.14.176;
    neighbor 10.255.14.179;
    }
    group to-isp-red {
    export internal;
    peer-as 10023;
    neighbor 192.168.197.93 {
    family inet {
    labeled-unicast;
    }
    }
    }
    }
    ospf {
    area 0.0.0.0 {
    interface lo0.0 {
    passive;
    }
    interface fe-1/0/2.0;
    interface fe-1/1/2.0 {
    passive;
    }
    }
    }
    }
    policy-options {
    policy-statement internal {
    term a {
    from protocol [ ospf direct ];
    then accept;
    }
    term b {
    then reject;
    }
    }
    }

    Configuration for Router L

    Configure Router L to act as the end customer for the carrier-of-carriers VPN service:

    [edit]
    protocols {
    bgp {
    group to-routerI {
    export attached;
    peer-as 21;
    neighbor 192.168.197.197;
    }
    }
    }
    policy-options {
    policy-statement attached {
    from protocol direct;
    then accept;
    }
    }

    Modified: 2018-03-20