Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Layer 3 Overlay Support in cRPD

Understanding Layer 3 Overlay VRF support in cRPD

Starting in Junos OS Release 19.4R1, virtual routing and forwarding (VRF) instances are supported in cRPD along with the support of MPLS and Multiprotocol BGP to provide overlay functionality.

A routing instance is a collection of routing tables, interfaces, and routing protocol parameters. To implement Layer 3 VPNs, you configure one routing instance for each VPN. A VRF is a network device in the Linux kernel and the device is associated with table-id. You configure the routing instances on PE routers only. You can create VRFs in the Linux network. VRF device implementation impacts only Layer 3 and above. Each VPN routing instance consists of the following components:

  • VRF table—On each PE router, you configure one VRF table for each VPN.

  • Policy rules—These control the import of routes into and the export of routes from the VRF table.

  • One or more routing protocols that install routes from CE routers into the VRF table—You can use the BGP, OSPF, and RIP routing protocols, and you can use static routes.

When a VRF device is created, it is associated with a routing table. Packets that come in through enslaved devices to the VRF are looked up in the routing table associated with the VRF device. Similarly egress routing rules are used to send packets to the VRF driver before sending it out on the actual interface.

VRF is used to manage routes and to forward traffic based on independent forwarding tables in VRF. RPD creates multiple routing tables for every routing instance of type vrf. The tables are one for each address family. You need to configure a routing instance for each VPN on each of the PE routers participating in the VPN. You can configure routing instances using the [edit routing-instances] hierarchy. The routing instance of type vrf is only supported on cRPD.

You can create multiple instances of BFD, BGP, IS-IS, OSPF version 2 (referred as OSPF), OSPF version 3 (OSPFv3), and ICMP router discovery under a VRF using the [edit routing-instances routing-instance-name protocols] hierarchy. You can configure protocol independent routing using the edit routing-instances instance-name routing-options hierarchy.

Layer-3 Overlay supports the following tunneling protocols in cRPD:

  • Static routes in inet.3

  • BGP labeled unicast

  • GRE tunneling

  • MPLS static LSPs

  • Routes programmed using programmable-rpd APIs

  • direct-ebgp-peering on MPLS enabled interface

Moving the Interfaces under a VRF

The enslavement of devices is done by RPD that is interfaces configured under the routing instance are migrated (enslaved) to the vrf-device by RPD using a netlink message sent to the kernel.

When an interface is configured under the routing instance of type vrf, if such a link has been learnt from the kernel and the link is not associated to the correct table, RPD sends a netlink notification to enslave the link. If the link does not exist or RPD has not learnt about the link, whenever the link is created or RPD learns about it then the link will be enslaved correctly based on the configuration.

Example: Configuring Layer 3 VPN (VRF) on cRPD Instance

This example shows the VPNv4 route resolution on PE routers and route reflectors by configuring the PE routers with specific policies to control the import of routes into and the export of routes from the VRF table and with next hops learnt using BGP labeled unicast. In this example, the traffic flows from CE1 to CE2.

Requirements

This example uses the following hardware and software components:

  • Ubuntu software version 18.04

  • Linux kernel version 4.5 or later

  • cRPD software Release version 19.4R1 or later

Before you configure a Layer 3 VPN (VRF), you must install the basic components:

Overview

To configure the VPNv4 route resolution, you need to configure a routing instance of type VRF for each VPN on each of the PE routers participating in the VPN and add static routes to it. The static statement configures the static routes that are installed in the vrfblue.inet.0 routing table. There is no loopback interface or device for every VRF device created in the Linux kernel. But the loopback host addresses are directly added to the VRF device which can be learnt by RPD.

Topology

Figure 1 shows the Layer 3 VPN (VRF) Topology

Figure 1: Layer 3 VPN (VRF) TopologyLayer 3 VPN (VRF) Topology

Configuration

Configuring PE1 router with BGP LU

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy.

  1. Create the table mpls.0.

  2. Configure policy that accepts routes.

  3. Configure a VRF routing instance on PE1 and other routing instance parameters.

  4. Configure the router ID.

  5. Configure BGP session.

  6. Configure the interface on MPLS.

Results

From configuration mode, confirm your configuration by entering the show protocols bgp and show routing-instances commands. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

If you are done configuring the device, enter commit from configuration mode.

Configuring P router with BGP LU

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy.

  1. Create the table mpls.0.

  2. Configure policy that accepts routes.

  3. Configure BGP session.

  4. Configure the router ID.

  5. Configure the interface on MPLS.

Results

From configuration mode, confirm your configuration by entering the show protocols bgp and show policy-options commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

Configuring PE2 router with BGP LU

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy.

  1. Create the table mpls.0.

  2. Configure policy that accepts routes.

  3. Configure a VRF routing instance on PE2 and other routing instance parameters.

  4. Configure BGP session.

  5. Configure the router ID.

  6. Configure the interface on MPLS.

Results

From configuration mode, confirm your configuration by entering the show protocols bgp and show routing-instances commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

Verification

Verifying VPNv4 Resolution on PE1

Purpose

To verify VPNv4 routes on PE1:

Action

From operational mode, enter the show route table vrfblue.inet.0 5.5.5.5 command:

From operational mode, enter the show route table mpls.0 command:

From bash mode, enter the ip route list table 5 5.5.5.5 command:

From bash mode, enter the ip -f mpls route command:

Meaning

You can view PE1 has a route under vrfblue.inet.0 to CE2 which is learnt from PE2 with nexthop 4.4.4.4, which is resolved using BGP LU from P router.

Verifying BGP LU on P

Purpose

To verify VPNv4 routes on P:

Action

From bash mode, enter the ip -f mpls route show command:

From operational mode, enter the show route table mpls.0 command:

Meaning

You can view the MPLS and VPN routes from P to PE1 and P to PE2.

Verifying VPNv4 Resolution on PE2

Purpose

To verify VPNv4 routes on PE2:

Action

From operational mode, enter the show route table vrfblue.inet.0 1.1.1.1 command:

From operational mode, enter the show route table mpls.0 command:

From bash mode, enter the ip route list table 5 1.1.1.1 command:

From bash mode, enter the ip -f mpls route command:

Meaning

On PE2 router, PE1 displays the routes for the VRF table vrfblue.inet.0 using BGP LU about 1.1.1.1 as a VPNv4 prefix with nexthop as 2.2.2.2..