[Contents] [Prev] [Next] [Index] [Report an Error]

Example: Multiple-Instance LDP Configuration

Figure 8: Multiple-Instance LDP Topology Diagram

Image g017136.gif

Figure 8 shows an example of a carrier-of-carriers network. CE3 and CE4 are end customer CE routers residing in AS 100. The VPN provider in AS 200 has three types of routers: PE3 and PE4 are PE routers that connect to the end customer, CE1 and CE2 act as the intermediate carrier CE routers, and P2 and P3 are internal transit routers. PE1 and PE2 in AS 300 are PE routers servicing the intermediate VPN provider, and P0 and P1 are transit routers for the top tier carrier.

To make this configuration work, you must complete three major tasks:

  1. Configure external BGP between the VPN customer CE and the VPN provider PE.
  2. Configure internal BGP using the VPN family between both pairs of PE routers (one IBGP connection between PE1 and PE2 and a second IBGP connection between PE3 and PE 4).
  3. Establish LDP and Interior Gateway Protocol (IGP) connections on all remaining links. This example uses OSPF as the IGP, but you can use the IGP of your choice.

Information supporting this carrier-of-carriers multiple-instance LDP example is summarized in Table 8 and Table 9.

Table 8: Multiple-Instance LDP Example—Routing Protocol Summary

Connection

Protocols

CE3 - PE3

EBGP family inet

PE3 - P2 - CE1

OSPF and LDP

CE1 - PE1

OSPF and LDP

PE1 - P0 - P1 - PE2

OSPF and LDP

PE1 - PE2

IBGP family inet-vpn

PE2 - CE2

OSPF and LDP

CE2 - P3 - PE4

OSPF and LDP

PE4 - CE4

EBGP family inet

PE3 - PE4

IBGP family inet-vpn

Table 9: Multiple-Instance LDP Example—Loopback Addresses

Router

Loopback Address

PE1

10.255.255.171

PE2

10.255.255.172

P0

10.255.255.173

P1

10.255.255.174

P2

10.255.255.175

P3

10.255.255.176

PE3

10.255.255.177

PE4

10.255.255.178

CE1

10.255.255.179

CE2

10.255.255.180

CE3

10.255.255.181

10.49.100.1

CE4

10.255.255.182

10.49.200.1

Your configuration tasks start at CE3 and move router by router through the first part of the VPN provider network, into the carrier AS, through the second VPN provider cluster of AS 200, and end at the second VPN customer Router CE4.

Since CE3 is the first customer router, configure EBGP between CE3 and the connected VPN provider Router PE3. You must also advertise your loopback address into BGP with a routing policy to allow IP reachability with CE4.

Router CE3

[edit]
interfaces {
so-1/2/0 {
description "to pe3 so-1/2/0";
unit 0 {
family inet {
address 192.255.198.14/30;
}
}
}
lo0 {
unit 0 {
family inet {
address 10.255.255.181/32;
address 10.49.100.1/32;
}
}
}
}
routing-options {
static {
route 10.49.100.0/24 reject;
route 10.49.101.0/24 reject;
}
autonomous-system 100;
}
protocols {
bgp {
group provider {
type external;
export static-to-bgp;
peer-as 200;
neighbor 192.255.198.13;
}
}
}
policy-options {
policy-statement static-to-bgp {
term 1 {
from {
protocol static;
route-filter 10.49.100.0/24 exact;
route-filter 10.49.101.0/24 exact;
}
then accept;
}
term 2 {
from protocol direct;
then accept;
}
term 3 {
then reject;
}
}
}

On PE3, the configuration tasks are more involved. You need to complete the EBGP connection to CE3 in a VRF instance, enable MPLS and LDP on the interface pointing toward the VPN provider CE1 router, and configure a master instance of IBGP to reach PE4 at the far edge of AS 200.

Finally, set up an outbound VRF policy that places all BGP traffic and directly connected interfaces into a BGP community and an inbound VRF policy that accepts similar BGP community traffic from PE4.

Router PE3

[edit]
interfaces {
so-1/2/0 {
unit 0 {
family inet {
address 192.255.198.13/30;
}
family mpls;
}
}
so-1/2/1 {
description "to p2 so-1/2/1";
unit 0 {
family inet {
address 192.255.198.9/30;
}
family mpls;
}
}
lo0 {
unit 0 {
family inet {
address 10.255.255.177/32;
}
}
}
}
routing-options {
autonomous-system 200;
}
protocols {
mpls {
interface so-1/2/0.0;
}
bgp {
group internal {
type internal;
local-address 10.255.255.177;
peer-as 200;
neighbor 10.255.255.178 {
family inet-vpn {
unicast;
}
}
}
}
ospf {
area 0.0.0.0 {
interface so-1/2/1.0;
interface lo0.0 {
passive;
}
}
}
ldp {
interface so-1/2/1.0;
}
}
policy-options {
policy-statement vpn-customer-import {
term 1 {
from {
protocol bgp;
community vpn-customer-comm;
}
then accept;
}
term 2 {
then reject;
}
}
policy-statement vpn-customer-export {
term 1 {
from protocol [bgp direct];
then {
community add vpn-customer-comm;
accept;
}
}
term 2 {
then reject;
}
}
community vpn-customer-comm members target:200:100;
}
routing-instances {
vpn-customer {
instance-type vrf;
interface so-1/2/0.0;
route-distinguisher 10.255.255.177:1;
vrf-import vpn-customer-import;
vrf-export vpn-customer-export;
protocols {
bgp {
group customer {
type external;
peer-as 100;
as-override;
neighbor 192.255.198.14;
}
}
}
}
}

On P2, enable LDP and the IGP used for transporting labels (in this case, OSPF). You will repeat these tasks on all transit core routers, both in the VPN provider network and the core carrier network.

Router P2

[edit]
interfaces {
so-1/2/0 {
description "to ce1 so-1/2/0";
unit 0 {
family inet {
address 192.255.198.2/30;
}
family mpls;
}
}
so-1/2/1 {
description "to pe3 so-1/2/1";
unit 0 {
family inet {
address 192.255.198.10/30;
}
family mpls;
}
}
lo0 {
unit 0 {
family inet {
address 10.255.255.175/32;
}
}
}
}
routing-options {
autonomous-system 200;
}
protocols {
ospf {
area 0.0.0.0 {
interface lo0.0 {
passive;
}
interface so-1/2/0.0;
interface so-1/2/1.0;
}
}
ldp {
interface so-1/2/0.0;
interface so-1/2/1.0;
}
}

For Router CE1, configure LDP and OSPF in the same manner that you configured the P2 router.

Router CE1

[edit]
interfaces {
t3-0/1/0 {
description "to pe1 t3-0/2/1";
unit 0 {
family inet {
address 192.255.197.18/30;
}
family mpls;
}
}
so-1/2/0 {
description "to p2 so-1/2/0";
unit 0 {
family inet {
address 192.255.198.1/30;
}
family mpls;
}
}
lo0 {
unit 0 {
family inet {
address 10.255.255.179/32;
}
}
}
}
routing-options {
autonomous-system 200;
}
protocols {
ospf {
area 0.0.0.0 {
interface so-1/2/0.0;
interface lo0.0 {
passive;
}
interface t3-0/1/0.0;
}
}
ldp {
interface t3-0/1/0.0;
interface so-1/2/0.0;
}
}

On core carrier Router PE1, configure a master instance for OSPF, LDP, MPLS, and IBGP (with the family inet-vpn option) to connect the router to neighbor PE2. Next, implement multiple-instance LDP by establishing a secondary instance. Enable LDP and OSPF in this instance for PE1 to communicate with CE1. MPLS is not required in the secondary instance.

Finally, set up an outbound VRF policy that places all LDP traffic coming from CE1 into a BGP community, an export policy that sends this community traffic to PE2, and an inbound VRF policy that accepts similar BGP community traffic from PE2. This step tunnels the VPN provider’s LDP traffic into the carrier’s BGP session.

Router PE1

[edit]
interfaces {
so-0/0/0 {
description "to p0 so-0/1/0";
unit 0 {
family inet {
address 192.255.197.21/30;
}
family mpls;
}
}
t3-0/2/1 {
description "to ce1 t3-0/1/0";
unit 0 {
family inet {
address 192.255.197.17/30;
}
family mpls;
}
}
lo0 {
unit 0 {
family inet {
address 10.255.255.171/32;
}
}
}
}
routing-options {
autonomous-system 300;
}
protocols {
mpls {
interface t3-0/2/1.0;
}
bgp {
group pe {
type internal;
local-address 10.255.255.171;
family inet-vpn {
unicast;
}
peer-as 300;
neighbor 10.255.255.172;
}
}
ospf {
area 0.0.0.0 {
interface lo0.0 {
passive;
}
interface so-0/0/0.0;
}
}
ldp {
interface so-0/0/0.0;
}
}
policy-options {
policy-statement vpn-provider-import {
term 1 {
from {
protocol bgp;
community vpn-provider-comm;
}
then accept;
}
term 2 {
then reject;
}
}
policy-statement vpn-provider-export {
term 1 {
from protocol ldp;
then {
community add vpn-provider-comm;
accept;
}
}
term 2 {
then reject;
}
}
policy-statement bgp-routes-to-export {
term 1 {
from {
protocol bgp;
community vpn-provider-comm;
}
then accept;
}
term 2 {
then reject;
}
}
community vpn-provider-comm members target:300:200;
}
routing-instances {
vpn-provider {
instance-type vrf;
interface t3-0/2/1.0;
route-distinguisher 10.255.255.171:1;
vrf-import vpn-provider-import;
vrf-export vpn-provider-export;
protocols {
ospf {
export bgp-routes-to-export;
area 0.0.0.0 {
interface t3-0/2/1.0;
}
}
ldp {
egress-policy bgp-routes-to-export;
interface t3-0/2/1.0;
}
}
}
}

On P0, enable LDP and OSPF in the same manner that you configured these protocols on P2. You will repeat these tasks on routers P1 and P3.

Router P0

[edit]
interfaces {
so-0/1/0 {
description "to pe1 so-0/0/0";
unit 0 {
family inet {
address 192.255.197.22/30;
}
family mpls;
}
}
so-1/0/0 {
description "to p1 so-1/0/0";
unit 0 {
family inet {
address 192.255.197.85/30;
}
family mpls;
}
}
lo0 {
unit 0 {
family inet {
address 10.255.255.173/32;
}
}
}
}
routing-options {
autonomous-system 300;
}
protocols {
ospf {
area 0.0.0.0 {
interface so-0/1/0.0;
interface so-1/0/0.0;
interface lo0.0 {
passive;
}
}
}
ldp {
interface so-0/1/0.0;
interface so-1/0/0.0;
}
}

On P1, enable LDP and the IGP used for transporting labels (OSPF in this case).

Router P1

[edit]
interfaces {
so-0/0/0 {
description "to pe2 so-0/2/0";
unit 0 {
family inet {
address 192.255.197.74/30;
}
family mpls;
}
}
so-1/0/0 {
description "to p0 so-1/0/0";
unit 0 {
family inet {
address 192.255.197.86/30;
}
family mpls;
}
}
lo0 {
unit 0 {
family inet {
address 10.255.255.174/32;
}
}
}
}
routing-options {
autonomous-system 300;
}
protocols {
ospf {
area 0.0.0.0 {
interface so-0/0/0.0;
interface so-1/0/0.0;
interface lo0.0 {
passive;
}
}
}
ldp {
interface so-0/0/0.0;
interface so-1/0/0.0;
}
}

Core carrier Router PE2 is a mirror image of PE1. First, configure a master instance for OSPF, LDP, MPLS, and IBGP (with the family inet-vpn option) to connect PE2 to neighbor PE1. Next, implement multiple-instance LDP by establishing a secondary instance. Enable LDP and OSPF in this instance for PE2 to communicate with CE2. MPLS is not required in the secondary instance.

Finally, set up an outbound VRF policy that places all LDP traffic coming from CE2 into a BGP community, an export policy that sends this community traffic to PE1, and an inbound VRF policy that accepts similar BGP community traffic from PE1. This step tunnels the VPN provider’s LDP traffic into the carrier’s BGP session.

Router PE2

[edit]
interfaces {
so-0/2/0 {
description "to p1 so-0/0/0";
unit 0 {
family inet {
address 192.255.197.73/30;
}
family mpls;
}
}
t1-3/0/0 {
description "to ce2 t1-0/0/0";
unit 0 {
family inet {
address 192.255.197.37/30;
}
family mpls;
}
}
lo0 {
unit 0 {
family inet {
address 10.255.255.172/32;
}
}
}
}
routing-options {
autonomous-system 300;
}
protocols {
mpls {
interface t1-3/0/0.0;
}
bgp {
group pe {
type internal;
local-address 10.255.255.172;
family inet-vpn {
unicast;
}
peer-as 300;
neighbor 10.255.255.171;
}
}
ospf {
area 0.0.0.0 {
interface so-0/2/0.0;
interface lo0.0 {
passive;
}
}
}
ldp {
interface so-0/2/0.0;
}
}
policy-options {
policy-statement vpn-provider-import {
term 1 {
from {
protocol bgp;
community vpn-provider-comm;
}
then accept;
}
term 2 {
then reject;
}
}
policy-statement vpn-provider-export {
term 1 {
from protocol ldp;
then {
community add vpn-provider-comm;
accept;
}
}
term 2 {
then reject;
}
}
policy-statement bgp-routes-to-export {
term 1 {
from {
protocol bgp;
community vpn-provider-comm;
}
then accept;
}
term 2 {
then reject;
}
}
community vpn-provider-comm members target:300:200;
}
routing-instances {
vpn-provider {
instance-type vrf;
interface t1-3/0/0.0;
route-distinguisher 10.255.255.172:1;
vrf-import vpn-provider-import;
vrf-export vpn-provider-export;
protocols {
ospf {
export bgp-routes-to-export;
area 0.0.0.0 {
interface t1-3/0/0.0;
}
}
ldp {
egress-policy bgp-routes-to-export;
interface t1-3/0/0.0;
}
}
}
}

For Router CE2, configure LDP and OSPF as you did on CE1 and the transit P routers.

Router CE2

[edit]
interfaces {
t1-0/0/0 {
description "to pe2 t1-3/0/0";
unit 0 {
family inet {
address 192.255.197.38/30;
}
family mpls;
}
}
t3-0/3/3 {
description "to p3 t3-0/0/3";
unit 0 {
family inet {
address 192.255.198.26/30;
}
family mpls;
}
lo0 {
unit 0 {
family inet {
address 10.255.255.180/32;
}
}
}
}
routing-options {
autonomous-system 200;
}
protocols {
ospf {
area 0.0.0.0 {
interface t1-0/0/0.0;
interface t3-0/3/3.0;
interface lo0.0 {
passive;
}
}
}
ldp {
interface t1-0/0/0.0;
interface t3-0/3/3.0;
}
}
}

Since P3 is another core provider router, enable LDP and OSPF on all transit interfaces.

Router P3

[edit]
interfaces {
t3-0/0/3 {
description "to ce2 t3-0/3/3";
unit 0 {
family inet {
address 192.255.198.25/30;
}
family mpls;
}
}
t1-0/1/1 {
description "to pe4 t1-0/1/1";
unit 0 {
family inet {
address 192.255.198.37/30;
}
family mpls;
}
}
lo0 {
unit 0 {
family inet {
address 10.255.255.176/32;
}
}
}
}
routing-options {
autonomous-system 200;
}
protocols {
ospf {
area 0.0.0.0 {
interface t3-0/0/3.0;
interface t1-0/1/1.0;
interface lo0.0 {
passive;
}
}
}
ldp {
interface t3-0/0/3.0;
interface t1-0/1/1.0;
}
}

On PE4, complete the IBGP connection initiated on PE3 to connect the edge routers in AS 200. Also, enable LDP and MPLS on the t1-0/0/1 interface pointing toward the VPN provider CE2 router and establish an EBGP connection to CE4 through use of a VRF instance.

Finally, set up an outbound VRF policy that places all BGP traffic and directly connected interfaces into a BGP community and an inbound VRF policy that accepts similar BGP community traffic from PE3.

Router PE4

[edit]
interfaces {
t3-0/0/3 {
description to ce4 t3-0/0/3";
unit 0 {
family inet {
address 192.255.198.21/30;
}
family mpls;
}
}
t1-0/1/1 {
unit 0 {
family inet {
address 192.255.198.38/30;
}
family mpls;
}
}
lo0 {
unit 0 {
family inet {
address 10.255.255.178/32;
}
}
}
}
routing-options {
autonomous-system 200;
}
protocols {
mpls {
interface t3-0/0/3.0;
}
bgp {
group internal {
type internal;
local-address 10.255.255.178;
peer-as 200;
neighbor 10.255.255.177 {
family inet-vpn {
unicast;
}
}
}
}
ospf {
area 0.0.0.0 {
interface t1-0/1/1.0;
interface lo0.0 {
passive;
}
}
}
ldp {
interface t1-0/1/1.0;
}
}
policy-options {
policy-statement vpn-customer-import {
term 1 {
from {
protocol bgp;
community vpn-customer-comm;
}
then accept;
}
term 2 {
then reject;
}
}
policy-statement vpn-customer-export {
term 1 {
from protocol [bgp direct];
then {
community add vpn-customer-comm;
accept;
}
}
term 2 {
then reject;
}
}
community vpn-customer-comm members target:200:100;
}
routing-instances {
vpn-customer {
instance-type vrf;
interface t3-0/0/3.0;
route-distinguisher 10.255.255.178:1;
vrf-import vpn-customer-import;
vrf-export vpn-customer-export;
protocols {
bgp {
group customer {
type external;
peer-as 100;
as-override;
neighbor 192.255.198.22;
}
}
}
}
}

CE4 is the destination VPN customer router. Configure EBGP between CE4 and the connected VPN provider Router PE4 to complete the configuration. Remember to advertise the loopback address into BGP by using a routing policy to allow IP reachability with CE3.

Router CE4

[edit]
interfaces {
t3-0/0/3 {
description "to pe4 t3-0/0/3";
unit 0 {
family inet {
address 192.255.198.22/30;
}
}
}
lo0 {
unit 0 {
family inet {
address 10.255.255.182/32;
address 10.49.200.1/32;
}
}
}
}
routing-options {
static {
route 10.49.200.0/24 reject;
route 10.49.201.0/24 reject;
}
autonomous-system 100;
}
protocols {
bgp {
group provider {
type external;
export static-to-bgp;
peer-as 200;
neighbor 192.255.198.21;
}
}
}
policy-options {
policy-statement static-to-bgp {
term 1 {
from {
protocol static;
route-filter 10.49.200.0/24 exact;
route-filter 10.49.201.0/24 exact;
}
then accept;
}
term 2 {
from protocol direct;
then accept;
}
term 3 {
then reject;
}
}
}
[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.