Carrier-of-Carriers IPv4 VPNs
A carrier-of-carriers VPN is a two-tiered relationship between a provider carrier and a customer carrier. In a carrier-of-carriers VPN, the provider carrier provides a VPN backbone network for the customer carrier (Tier 1). The customer carrier, in turn, provides layer 3 VPN or Internet services to its end customers (Tier 2).
This section provides the background you need to understand carrier-of-carriers VPNs in general, but deals with IPv4 VPNs. For information about carrier-of-carriers IPv6 VPNs, see Carrier-of-Carriers IPv6 VPNs.
The carrier-of-carriers VPN enables the customer carrier to provide the following services for its end customers:
- Traditional IP services—The customer carrier provides Internet connections for its customers and uses the provider carrier's VPN to connect its dispersed networks.
- Layer 3 VPN services—The customer carrier provides VPN services for its customers and uses the provider carrier's VPN for the backbone that connects the customer carrier's VPN sites. This environment is called a hierarchical VPN, because there are multiple tiers of VPNs—the tier-1 backbone VPN of the provider carrier and the tier-2 VPNs of the customer carrier.
In a hierarchical carrier-of-carriers VPN environment, each carrier (or ISP) maintains the internal routes of its customers in VRF tables on its PE routers. Therefore, the customer carrier's internal routes are installed into the VRF routing tables of the provider carrier's PE routers and advertised across the provider carrier's core. Similarly, the internal routes of the customer carrier's customers are installed into the VRF routing tables of the customer carrier's PE routers. The customer carrier's external routing information is exchanged by its PE routers (which connect to the provider carrier's VPN) over their own IBGP session.
 |
NOTE: To the customer carrier, the router it uses to connect to the provider carrier's VPN is a PE router. However, the provider carrier views this device as a CE router. |
Carrier-of-carriers VPNs provide the following benefits to the customer carriers:
- Reduced VPN administration—The VPN backbone is managed by the provider carrier.
- Reduced routing management—Intersite routing issues are the responsibility of the provider carrier.
- Flexibility—The VPN backbone can be used to deliver both VPN services and Internet connectivity services.
The following benefits are provided to the provider carriers:
- Reduced VPN administration—Provider carriers do not have to maintain separate VPNs for each customer carrier's end customer.
- Reduced router management—Customer carriers manage their own CE routers.
- Scalability—The provider carrier's PE routers do not maintain the end customer's external routes (as required in a traditional networking environment); the carrier-of-carriers network easily scales as the number of external routes and VPNs increases.
The following sections describe the two types of carrier-of-carriers environments.
Customer Carrier as an Internet Service Provider
The provider carrier's VPN can function as the backbone for a customer carrier that provides Internet services for its customers at multiple sites. In this type of carrier-of-carriers environment, MPLS label-switched paths are established among the customer carrier's PE routers that connect to the provider carrier at each site. Routes are learned and maintained as follows:
- The customer carrier's internal routes are learned and advertised across the provider carrier's VPN. The customer carrier's external routes are not installed in the provider's VPN.
- The customer carrier's PE routers that connect to the provider's VPN use LDP to exchange labels for the internal routes between themselves and the provider carrier's PE router.
- The customer carrier's PE routers that connect to the provider's VPN learn external routes through IBGP sessions among themselves.
Figure 106 shows a sample carrier-of-carriers environment in which the customer carrier provides Internet connectivity services to its customers. The figure shows how the labels are added and removed as the traffic traverses the network. The label-signaling protocol is assumed to be LDP.
Configuration Steps
You must complete the following configuration process when the customer carrier provides Internet connectivity for its customers.
On the provider carrier's PE router:
- Configure MPLS.
- Configure BGP.
- Configure an IGP.
- Configure LDP.
- Configure VRF.
- Enable carrier-of-carriers support on the VRF; use the mpls topology-driven-lsp command in the context of the VRF virtual router to enable MPLS support.
- Enable LDP on the interface in the VRF that connects to the customer carrier's PE router.
- Use the show ip bgp vpnv4 vrf vrfname summary command to verify that carrier-of-carriers support is enabled.
On the customer carrier's PE router that connects to the provider carrier's PE router:
- Configure MPLS.
- Configure BGP.
- Configure an IGP.
- Configure LDP—Enable carrier-of-carriers support on the VR; use the mpls topology-driven-lsp command in the context of the VRF virtual router to enable LDP support.
- Enable LDP on the interface in the VR that connects to the provider carrier's PE router.
Customer Carrier as a VPN Service Provider
The carrier-of-carriers VPN can be used to create two-tiered hierarchical VPNs. In a hierarchical VPN, the provider carrier's VPN is the backbone, or tier-1 VPN, and the customer carrier provides the tier-2 VPN services to its customers.
In a hierarchical VPN environment, each carrier maintains the internal routes of its customers in VRF tables on its PE routers. Routes are learned and maintained as follows:
- In the provider carrier's VPN, PE routers use MP-IBGP to exchange labeled VPN routes that correspond to the internal routes of the customer carrier's VPN sites.
- In the customer carrier's VPN, PE routers use MP-IBGP sessions to exchange labeled VPN routes that correspond to the end customer's VPN routes.
Figure 107 shows a sample carrier-of-carriers environment in which the customer carrier provides VPN services to its customers.
Configuration Steps
You must complete the following configuration process when the customer carrier provides VPN services for its customers.
On the provider carrier's PE router:
- Configure MPLS.
- Configure BGP.
- Configure an IGP.
- Configure LDP.
- Configure VRF.
- Enable carrier-of-carriers support on the VRF; use the mpls topology-driven-lsp command in the context of the VRF virtual router to enable MPLS support.
- Enable LDP on the interface in the VRF that connects to the customer carrier's PE router.
- Use the show ip bgp vpnv4 vrf vrfname summary command to verify that carrier-of-carriers support is enabled.
On all of the customer carrier's routers, configure:
On the customer carrier's PE router that connects to the end customer's CE router, additionally configure:
Enabling Carrier-of-Carriers Support on a VRF
In a carrier-of-carriers environment, a provider carrier creates a backbone VPN that is used by a customer carrier. You must enable carrier-of-carriers support on the VRF of the provider carrier's PE device that connects to the PE device of the customer carrier.
mpls topology-driven-lsp
- Use in the context of the VRF virtual router to enable carrier-of-carriers support in a VRF. The VRF is on a PE router that is in the provider carrier's VPN and that connects to the customer carrier's PE router.
- Use the show ip bgp vpnv4 vrf vrfName summary command to verify whether carrier-of-carriers mode is enabled on a VRF. The output includes a line indicating the status:
Carrier's carrier mode is enabled.
host1:vr1:VrfA(config)#mpls topology-driven-lsp
Carrier-of-Carriers Using BGP as the Label Distribution Protocol
You can run BGP instead of LDP as the label distribution protocol on the PE-CE link between the Tier 1 and the Tier 2 carriers in a carrier-of-carriers topology. This capability is available for carriers providing Internet access or VPN service to end users.