Interprovider Layer 3 VPN Option B Overview

 

A customer service provider depends on a virtual private network (VPN) service provider (SP) to deliver a VPN transport service between the customer service provider’s points of presence (POPs) or regional networks.

If the customer service provider’s sites have different autonomous system (AS) numbers, then the VPN transit service provider supports carrier-of-carriers VPN service for the interprovider VPN service. This functionality might be used by a VPN customer who has connections to several different Internet service providers (ISPs), or different connections to the same ISP in different geographic regions, each of which has a different AS number.

Applications

A customer might require VPN services for different sites, yet the same SP is not available for all of those sites.

RFC 4364 suggests several methods to resolve this problem, including:

  • Interprovider VRF-to-VRF connections at the AS boundary routers (ASBR) (not very scalable). This option is presented in Implementing Interprovider Layer 3 VPN Option A.

  • Interprovider external border gateway protocol (EBGP) redistribution of labeled VPN-IPv4 routes from AS to neighboring AS (somewhat scalable). This option is presented in Implementing Interprovider Layer 3 VPN Option B.

  • Interprovider multihop EBGP redistribution of labeled VPN-IPv4 routes between source and destination ASs, with EBGP redistribution of labeled IPv4 routes from AS to neighboring AS (very scalable). This option is presented in Implementing Interprovider Layer 3 VPN Option C.

Solutions might include elements of both the interprovider VPN solutions and the carrier-of-carriers solution. For example, a transit carrier might supply a service provider whose sites have different AS numbers, which makes the solution topology look like an interprovider solution (because of the different AS numbers). However, it is the same service for the transit carrier, so it really is a carrier-of-carriers service. This type of service solution is referred to as carrier-of-carriers VPN service for the interprovider VPN service.

In contrast, if the customer service provider's sites have the same AS number, then the VPN transit service provider delivers a carrier-of-carriers VPN service.

In addition to resolving the initial problem described above, carrier-of-carriers or interprovider VPN solutions may be used to solve other problems such as scalability and merging two service providers.

Implementation

In this solution, ASBR routers keep all VPN-IPv4 routes in the routing information base (RIB), and the labels associated with the prefixes are kept in the forwarding information base (FIB). Because the RIB and FIB tables can take too much of the respective allocated memory, this solution is not very scalable for an interprovider VPN.

If a transit SP is used between SP1 and SP2, the transit SP also has to keep all VPN-IPv4 routes in the RIB and the corresponding labels in the FIB. The ASBRs at the transit SP have the same functionality as ASBRs at SP1 or SP2 in this solution.

The provider edge (PE) routers within an AS use multiprotocol internal BGP (MP-IBGP) to distribute labeled VPN-IPv4 routes to an AS boundary router or to a route reflector of which the AS boundary router is a client. The AS boundary router uses MP-EBGP to distribute the labeled VPN-IPv4 routes to its peer AS boundary router in the neighboring AS. The peer AS boundary router then uses multiprotocol internal BGP (MP-IBGP) to distribute labeled VPN-IPv4 routes to PE routers, or to a route reflector of which the PE routers are a client. The logical topology of the network is shown in Figure 1.

Figure 1: Logical Topology of Interprovider Layer 3 VPN Option B
Logical Topology of Interprovider Layer 3 VPN Option B