[Contents] [Prev] [Next] [Index] [Report an Error]

Carrier-of-Carriers VPN Example—Customer Provides VPN Service

In this example, the carrier customer must run some form of MPLS (Resource Reservation Protocol [RSVP] or LDP) on its network to provide VPN services to the end customer. In the example below, Router B and Router I act as PE routers, and a functioning MPLS path is required between these routers if they exchange VPN-IPv4 routes.

Configuration for Router A

In this example, Router A acts as the CE router for the end customer. Configure a default family inet BGP session on Router A:



[edit]
protocols {


bgp {


group to-routerB {
export attached;
peer-as 21;
neighbor 192.168.197.169;
}


}


}
policy-options {


policy-statement attached {
from protocol direct;
then accept;
}


}

Configuration for Router B

Because Router B is the PE router for the end customer CE router (Router A), you need to configure a routing instance (vpna). Configure the labeled-unicast statement on the IBGP session to Router D, and configure family-inet-vpn for the IBGP session to the other side of the network (see Figure 53) with Router I:



[edit]
protocols {


mpls {
interface fe-1/0/2.0;
interface fe-1/0/3.0;
}




bgp {


group int {
type internal;
local-address 10.255.14.179;


neighbor 10.255.14.175 {


family inet {
labeled-unicast;
resolve-vpn;
}


}


}




neighbor 10.255.14.181 {


family inet-vpn {
any;
}


}


}




ospf {


area 0.0.0.0 {


interface lo0.0 {
passive;
}


interface fe-1/0/3.0;
}


}




ldp {
interface fe-1/0/3.0;
}


}
routing-instances {


vpna {
instance-type vrf;
interface fe-1/0/2.0;
route-distinguisher 10.255.14.179:21;
vrf-import vpna-import;
vrf-export vpna-export;


protocols {


bgp {


group vpna-06 {
peer-as 1;
neighbor 192.168.197.170;
}


}


}


}


}
policy-options {


policy-statement vpna-import {


term a {


from {
protocol bgp;
community vpna-comm;
}


then accept;
}




term b {
then reject;
}


}




policy-statement vpna-export {


term a {
from protocol bgp;


then {
community add vpna-comm;
accept;
}


}




term b {
then reject;
}


}


community vpna-comm members target:100:1001;
}

Configuration for Router C

Configure Router C as a label-swapping router within the local AS:



[edit]
protocols {


mpls {
traffic-engineering bgp-igp;
}




ospf {


area 0.0.0.0 {


interface lo0.0 {
passive;
}


interface fe-0/3/3.0;
interface fe-0/3/0.0;
}


}




ldp {
interface fe-0/3/0.0;
interface fe-0/3/3.0;
}


}

Configuration for Router D

Router D acts as the CE router for the VPN services provided by the AS 10023 network. In the BGP group configuration for group int, which handles traffic to Router B (10.255.14.179), you include the labeled-unicast statement. You also need to configure the BGP group to-isp-red to send labeled internal routes to the PE router (Router E).



[edit]
protocols {


mpls {
traffic-engineering bgp-igp;
interface fe-0/3/0.0;
interface t3-0/0/0.0;
}




bgp {


group int {
type internal;
local-address 10.255.14.175;


neighbor 10.255.14.179 {


family inet {
labeled-unicast;
}


}


}




group to-isp-red {
export internal;
peer-as 10023;


neighbor 192.168.197.13 {


family inet {
labeled-unicast;
}


}


}


}




ospf {


area 0.0.0.0 {


interface lo0.0 {
passive;
}


interface fe-0/3/0.0;
}


}




ldp {
interface fe-0/3/0.0;
}


}
policy-options {


policy-statement internal {


term a {
from protocol [ ospf direct ];
then accept;
}




term b {
then reject;
}


}


}

Configuration for Router E

Router E and Router H are PE routers. Configure a PE-router-to-PE-router BGP session to allow VPN-IPv4 routes to pass between these two PE routers. Configure the routing instance on Router E to send labeled routes to the CE router (Router D).

Configure Router E:



[edit]
protocols {


mpls {
interface t3-0/2/0.0;
interface at-0/1/0.0;
}




bgp {


group pe-pe {
type internal;
local-address 10.255.14.171;


family inet-vpn {
any;
}


neighbor 10.255.14.173;
}


}




isis {
interface at-0/1/0.0;


interface lo0.0 {
passive;
}


}




ldp {
interface at-0/1/0.0;
}


}
policy-options {


policy-statement vpn-isp1-import {


term a {


from {
protocol bgp;
community vpn-isp1-comm;
}


then accept;
}




term b {
then reject;
}


}




policy-statement vpn-isp1-export {


term a {
from protocol bgp;


then {
community add vpn-isp1-comm;
accept;
}


}




term b {
then reject;
}


}


community vpn-isp1-comm members target:69:21;
}
routing-instances {


vpn-isp1 {
instance-type vrf;
interface t3-0/2/0.0;
route-distinguisher 10.255.14.171:21;
vrf-import vpn-isp1-import;
vrf-export vpn-isp1-export;


protocols {


bgp {


group to-isp1 {
peer-as 21;


neighbor 192.168.197.14 {


family inet {
labeled-unicast;
}


}


}


}


}


}


}

Configuration for Router F

Configure Router F to swap labels for routes running through its interfaces:



[edit]
protocols {


isis {
interface so-0/2/0.0;
interface at-0/3/0.0;


interface lo0.0 {
passive;
}


}




ldp {
interface so-0/2/0.0;
interface at-0/3/0.0;
}


}

Configuration for Router G

Configure Router G:



[edit]
protocols {


isis {
interface so-0/0/0.0;
interface so-1/0/0.0;


interface lo0.0 {
passive;
}


}




ldp {
interface so-0/0/0.0;
interface so-1/0/0.0;
}


}

Configuration for Router H

The configuration for Router H is similar to the configuration for Router E:



[edit]
protocols {


mpls {
interface fe-1/1/0.0;
interface so-1/0/0.0;
}




bgp {


group pe-pe {
type internal;
local-address 10.255.14.173;


family inet-vpn {
any;
}


neighbor 10.255.14.171;
}


}




isis {
interface so-1/0/0.0;


interface lo0.0 {
passive;
}


}




ldp {
interface so-1/0/0.0;
}


}
routing-instances {


vpn-isp1 {
instance-type vrf;
interface fe-1/1/0.0;
route-distinguisher 10.255.14.173:21;
vrf-import vpn-isp1-import;
vrf-export vpn-isp1-export;


protocols {


bgp {


group to-isp1 {
peer-as 21;


neighbor 192.168.197.94 {


family inet {
labeled-unicast;
}


}


}


}


}


}


}
policy-options {


policy-statement vpn-isp1-import {


term a {


from {
protocol bgp;
community vpn-isp1-comm;
}


then accept;
}




term b {
then reject;
}


}




policy-statement vpn-isp1-export {


term a {
from protocol bgp;


then {
community add vpn-isp1-comm;
accept;
}


}




term b {
then reject;
}


}


community vpn-isp1-comm members target:69:21;
}

Configuration for Router I

Router I acts as the PE router for the end customer. The configuration that follows is similar to the configuration for Router B:



[edit]
protocols {


mpls {
interface fe-1/0/1.0;
interface fe-1/1/3.0;
}




bgp {


group int {
type internal;
local-address 10.255.14.181;


neighbor 10.255.14.177 {


family inet {


labeled-unicast {
resolve-vpn;
}


}


}




neighbor 10.255.14.179 {


family inet-vpn {
any;
}


}


}


}




ospf {


area 0.0.0.0 {


interface lo0.0 {
passive;
}


interface fe-1/1/3.0;
}


}




ldp {
interface fe-1/1/3.0;
}


}
routing-instances {


vpna {
instance-type vrf;
interface fe-1/0/1.0;
route-distinguisher 10.255.14.181:21;
vrf-import vpna-import;
vrf-export vpna-export;


protocols {


bgp {


group vpna-0 {
peer-as 1;
neighbor 192.168.197.198;
}


}


}


}


}
policy-options {


policy-statement vpna-import {


term a {


from {
protocol bgp;
community vpna-comm;
}


then accept;
}




term b {
then reject;
}


}




policy-statement vpna-export {


term a {
from protocol bgp;


then {
community add vpna-comm;
accept;
}


}




term b {
then reject;
}


}


community vpna-comm members target:100:1001;
}

Configuration for Router J

Configure Router J to swap labels for routes running through its interfaces:



[edit]
protocols {


mpls {
traffic-engineering bgp-igp;
}




ospf {


area 0.0.0.0 {


interface lo0.0 {
passive;
}


interface fe-1/0/2.0;
interface fe-1/0/3.0;
}


}




ldp {
interface fe-1/0/2.0;
interface fe-1/0/3.0;
}


}

Configuration for Router K

The configuration for Router K is similar to the configuration for Router D:



[edit]
protocols {


mpls {
traffic-engineering bgp-igp;
interface fe-1/1/2.0;
interface fe-1/0/2.0;
}




bgp {


group int {
type internal;
local-address 10.255.14.177;


neighbor 10.255.14.181 {


family inet {
labeled-unicast;
}


}


}




group to-isp-red {
export internal;
peer-as 10023;


neighbor 192.168.197.93 {


family inet {
labeled-unicast;
}


}


}


}




ospf {


area 0.0.0.0 {


interface lo0.0 {
passive;
}


interface fe-1/0/2.0;
}


}




ldp {
interface fe-1/0/2.0;
}


}
policy-options {


policy-statement internal {


term a {
from protocol [ ospf direct ];
then accept;
}




term b {
then reject;
}


}


}

Configuration for Router L

In this example, Router L is the end customer’s CE router. Configure Router L:



[edit]
protocols {


bgp {


group to-I {
export attached;
peer-as 21;
neighbor 192.168.197.197;
}


}


}
policy-options {


policy-statement attached {
from protocol direct;
then accept;
}


}

[Contents] [Prev] [Next] [Index] [Report an Error]