Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Using Virtual Routers to Provide Customer Peering

 

This topic includes the following sections:

Virtual Router Overview

Multiple distinct routers that are supported within a single router allow service providers to configure multiple, separate, secure routers within a single chassis. These routers are called virtual routers. Applications for this feature include the creation of individual routers dedicated to wholesale customers, corporate virtual private network (VPN) users, or specific traffic type users.

Internet Service Providers (ISPs) can have vast numbers of customers, including organizations that have their own large networks (with users connected to each other on a local access network (LAN) through Ethernet or a similar connection). An Educational Network, called “New University” in the Example: Configuring Virtual Routers for Educational Networks example, is one such organization that is connected to multiple other networks to exchange traffic. New University requires peering with multiple networks to exchange data between the users of each network for mutual benefit.

This example shows how to perform network peering between New University and multiple other networks.

The network topology used in this example consists of the traditional Internet, Internet2, and networks such as national and regional lambda rails. These networks are administratively separate and are not interconnected with each other.

The following terms are used in this example:

  • Service provider networks – Transit-based networks that offer connectivity to other autonomous systems. For example: traditional Internet peering, Internet2 peering, and high-speed regional networks such as National Lambda Rails (NLRs).

  • Educational Network – “New University” is the example used in this document.

  • Customer networks – Networks connected to New University and that view New University as a network service provider of local and distant network connectivity.

Virtual Router Topology for Educational Networks

Consider the network topology as shown in Figure 1. In this example, three virtual router routing instances are created to accommodate the Internet, Internet2, and NLR peering sessions and prefixes. The service provider routers Provider 1 and Provider 2 are configured for virtual router VR-Internet. Similarly, two Internet2 (i2) networks are configured for virtual router VR-i2. The virtual router VR-nlr is connected to the NLR network.

Figure 1: Sample of the Virtual Router Topology for New University
Sample of the Virtual Router
Topology for New University

Table 1 shows the mapping between devices, IP prefixes, and three network types available from different network providers.

Table 1: Details of the Virtual Router Topology for New University

Network Types

Devices

IP Prefixes Representing the Internet Routing Table

Internet

AS65010 and AS65020

10.10.1-20/24

200.200/16

201.201/16

Internet2

AS65222

130.130/16

NLR

AS65050

120.120/16

0.10.11-14/24

Table 2 provides complete mapping details between network types, virtual routers, customer routers, IP prefixes, and routing table details.

Table 2: ­ Provider Prefixes in the Virtual Router Topology

Network Types

Virtual Router Routing Instance

Routing Table

Peer Networks

IP Prefixes

Internet

VR-Internet

internet.inet.0

internet-peer-1

10.10.1-20/24

200.200/16

internet.inet.0

internet-peer-2

10.10.1-20/24

201.201/16

Internet2

VR-i2

i2.inet.0

inet-peer-1

10.10.1-5/24

130.130/16

i2.inet.0

inet-peer-2

10.10.1-5/24

130.130/16

NLR

VR-nlr

nlr.inet.0

nlr-peer-1

10.10.11‐14/24

120.120/16

Routing Tables

As per the topology shown in Figure 1, three routing tables are labeled using the convention <routing-instance-name> .inet.0.

The three routing tables used in this example are:

  • internet.inet.0

  • i2.inet.0

  • nlr.inet.0

Because each network type has a distinct and separate routing table, routing information should be reviewed in each virtual router.

Table 3 provides IP prefixes from provider networks available in each routing table.

Table 3: Mapping of Routing Tables and Provider Prefixes

Routing Table

Peer

IP Prefixes

internet.inet.0

internet-peer-1

10.10.1‐20/24

200.200/16

internet.inet.0

internet-peer-2

10.10.1‐20/24

201.201/16

i2.inet.0

inet-peer-1

10.10.1‐5/24

130.130/16

i2.inet.0

inet-peer-2

10.10.1‐5/24

130.130/16

nlr.inet.0

nlr-peer-1

10.10.11-14/24

120.120/16

Following is an example of the IP prefixes received from the peer (internet-peer-1):

user@J2350-2-R2# run show route receive-protocol bgp 172.16.0.6

Virtual Router Configuration Requirements

The basic steps to create a virtual router include:

  • Creating virtual router routing instances

  • Configuring protocols for provider and logical interfaces between participating routers

  • Assigning interfaces to security zones

  • Importing routes between virtual router routing instances

  • Defining and applying security policies to virtual router routing instances

Note

To create a virtual router you must:

  • Configure separate logical interfaces between each of the service provider devices participating in a virtual router routing instance.

  • Configure separate logical interfaces between the service provider devices and the customer devices participating in each routing instance.

  • Configure a unique set of logical interfaces from all the participating routers.

This topic provides details on some aspects of configuring the virtual router routing instances and includes the following sections:

BGP Communities

BGP is a routing protocol for communication between autonomous systems (ASs) on the Internet. BGP differentiates the prefixes from each service provider to use them in the routing policy.

Autonomous systems share a common set of prefixes and have a peer relationship together in the cloud. Each network type and associated peering sessions are placed into a virtual router that is representative of the network type.

A BGP community consists of routes that share a common attribute. A BGP community specifies a destination grouped into a logical unit to make it easier to apply routing policies. By performing global configurations for a community of routes, you reduce the tasks, time, CPU workload, and memory needed to set parameters for each route. Once you have established which routes you want to include in your community, you create a community list to which you add the IP addresses of the desired routes.

Table 4 shows the BGP communities used in this example.

Table 4: The BGP Community List

Community Name

BGP Community

internet-vr

65000:111

i2-vr

65000:222

nlr-vr

65000:333

cust-routes

65000:1000

prepend-twice

65000:500

The customer scenario examples in this document provide details on:

  • Communities used by the routing policy

  • Sharing of prefixes

  • Forwarding of traffic in the network

Use the show policy-options | match community | match member command to display the routes that are permitted by the BGP community, as shown in the following sample output:

user@J2350-2-R2> show policy-options | match community | match member


The AS-path statement is used with the routing policy to prevent New University from becoming a transit provider to the ISP networks. This statement is used in the policy to match the AS-path attribute in BGP advertisements. Because there are multiple peers per network type, it is important to prevent the network from advertising provider prefixes learned from one provider to other network providers.

Use the null “()” regular expression, which represents an empty value. When used in a BGP policy, the null value only allows prefixes originating from New University to be advertised to external BGP peers.

Use the show policy-options | match as-path command to verify the as-path value, as shown in the following sample output:

user@J2350-2-R2> show policy-options | match as-path

RIB Groups

The routing information base (RIB) is a logical data structure used by BGP to store routing information that includes:

  • Routes that BGP learned from peers

  • Local routes resulting from the application of BGP policies to the learned routes

  • Routes that BGP advertises to its peers

Sometimes routing information is stored in multiple RIBs. For example, New University to customer network interfaces are stored in multiple routing tables for next-hop resolution.

A RIB group includes one or more routing tables to form a routing table group. A routing protocol can import routes into all the routing tables in the group and can export routes from a single routing table. A RIB group determines how routes are distributed between RIBs.

Figure 2 shows the relationship between the protocol, RIB groups, and routing tables.

Figure 2: Relationship Between the Protocol, RIB Group, and Routing Tables
Relationship Between the
Protocol, RIB Group, and Routing Tables

A RIB group only affects the protocols that it is configured under. The default behavior for a protocol such as OSPF is to place the routes into the main routing table (RIB). There are cases when the desired behavior is to distribute those OSPF routes between RIBs.

When a RIB group is applied to a protocol, such as OSPF, the RIB group distributes the OSPF routes to all of the RIBs specified in the RIB group. In this case, the learned OSPF routes are placed in the RIB-1 and RIB-2 routing tables.

Instance Import

The instance import statement is similar to the RIB group, but it affects the entire RIB for a virtual router routing instance instead of individual protocols.

Using the instance import statement essentially replicates the routes from one RIB to another. The replication can be constrained by policy.

Figure 3 shows the role of the instance import statement in the RIB group.

Figure 3: Instance Import
Instance Import

Virtual Router for Internet Access (VR-Internet)

The virtual router for Internet access is a holding container for the peering sessions and prefixes that are representative of the traditional Internet.

Use the show routing-instances virtual-router-name command to display the configuration of the virtual router routing instance. The following sample output shows the configuration of the internet virtual router routing instance:

user@J2350-2-R2> show routing-instances internet

Use the show policy-options policy-statement policy-statement-name command to display the details of the import policy. The following sample output shows the configuration of the internet-import-policy virtual router routing instance. All prefixes learned through the external BGP (EBGP) neighbors are tagged with the community Internet virtual router (65000:111) by the BGP import policy internet-import-policy.

user@J2350-2-R2> show policy-options policy-statement internet-import-policy

Use the show policy-options policy-statement policy-statement-name command to display the details of the export policy. The following sample output shows the configuration of the internet-export-policy virtual router routing instance. The BGP export policy (internet-export-policy) is responsible for controlling outbound advertisements to conform with best practices.

user@J2350-2-R2> show policy-options policy-statement internet-export-policy

Virtual Router for the Internet2 Network (VR-i2)

The virtual router routing instance for the Internet2 network is a holding container for the peering sessions and prefixes that are representative of the I2 network.

Use the show routing-instances virtual-router-name command to display the configuration of the virtual router. The following sample output shows the configuration of the vr-i2 virtual router routing-instance:

user@J2350-2-R2> show routing-instances i2

Use the show policy-options policy-statement policy-statement-name command to display the details of the import policy. The following sample output shows the configuration of the i2-import-policy policy.

All prefixes learned through the I2 EBGP neighbors are tagged with the community i2 virtual router routing instance (65000:222) by the BGP import policy i2-import-policy.

user@J2350-2-R2> show policy-options policy-statement i2-import-policy

Use the show policy-options policy-statement policy-statement-name command to display the details of the export policy. The following sample output shows the configuration of the i2-export-policy policy.

The BGP export policy (i2-export-policy) is responsible for controlling outbound advertisements to conform with best practices.

user@J2350-2-R2> show policy-options policy-statement i2-export-policy

Virtual Router for the NLR Network (VR-nlr)

The NLR virtual router is a holding container for the peering sessions and prefixes that are representative of the NLR network.

user@J2350-2-R2> show routing-instances nlr

Use the show policy-options policy-statement policy-statement-name command to display the details of the import policy. The following sample output shows the configuration of the nlr-import-policy policy.

All prefixes learned through the NLR EBGP neighbors are tagged with the community nlr-vr (65000:333) by the BGP import policy nlr-import-policy.

user@J2350-2-R2> show policy-options policy-statement nlr-import-policy

Use the show policy-options policy-statement policy-statement-name command to display the details of the export policy. The following sample output shows the configuration of the nrl-export-policy policy.

The BGP export policy (nlr-export-policy) is responsible for controlling outbound advertisements to conform with best practices.

user@J2350-2-R2> show policy-options policy-statement nlr-export-policy
Note

For the complete routing table configuration, see Appendix A - Device Configuration Details.