Hey Folks, here we will discuss the interesting LAB of MPLS for implementation of BGP on the Customer Site, or simple running BGP Protocol on customer site.
Here we will see how BGP works on top of MP-BGP, and the Service Provider providing the Connectivity for the Different Customers which are all running BGP.
We know that BGP version 4 (BGP4) is the current de facto Internet standard for inter-domain (AS) exterior routing. In MPLS VPN networks, MP-BGP is used and plays a pivotal role in the transportation of VPNv4 prefixes across the service provider network. In traditional environments, customer networks prefer to use BGP in their networks and, therefore, use BGP as a PE-CE routing protocol when migrating from a non-MPLS based to an MPLS VPN based network.
This helps the customer establish a consistent end-to-end routing policy. In an MPLS VPN network, BGP attributes for a VPN site are transparently transported across the service provider backbone to another site in the same VPN. Because there is a single routing protocol used across the VPN between service provider core and customer sites, the concept of redistribution does not apply.
BGP PE-CE peering in an MPLS VPN environment can be performed in two different ways:
- BGP PE-CE VPN Sites implementing unique AS numbers
- BGP PE-CE VPN Sites implementing same AS numbers
Let’s assume the following topology:
In the MPLS VPN network shown above, an MPLS VPN service provider plans to provision BGP PE-CE routing protocol for two customers, Customers A and B. CE1-A and CE2-A are CE devices belonging to Customer A located at Site 1 and Site 2, respectively. They are part of the same VPN, VPN-A. These CE devices are connected to provider edge devices PE1-AS1 and PE2-AS1 in the service provider network. CE1-A belongs to AS 65001 and CE2-A belongs to AS 65002. For Customer B network, CE1-A and CE2-A are the CE devices located at Site 1 and Site 2, respectively, and are part of the VPN, VPN-B. CE1-A and CE2-A belong to AS 65001 and are connected to PE1-AS1 and PE2-AS1, respectively.
Implementing BGP PE-CE routing for the Customer A network is not an issue because the VPN sites use unique AS numbers. However, Customer B plans on using the same AS number on its sites. This causes an issue when migrating from a traditional non-MPLS based network topology, where the customer might use the same AS numbers at all his sites, to an MPLS VPN-based infrastructure due to the BGP loop prevention mechanism. The BGP loop prevention mechanism disallows customer sites having identical AS numbers to be linked by another AS number. In other words, if such a case occurs, routing updates from one site would be dropped when the other site receives them; therefore, connectivity cannot be established between the sites without additional configuration on the SP PE routers.
To resolve the loop from the same AS between sites we use AS Override command, the AS Override functionality when identical AS numbers are used at customer sites. The AS Override function causes all leading occurrences of the AS number of the receiving BGP router to be replaced with the AS number of the sending BGP router. When AS Override is used, AS 65001 in the AS-PATH is replaced with the AS number of the sending BGP router PE2-AS1, which is 1. Any other occurrences (further down the AS-PATH) of the receiving router’s AS number are not replaced because they indicate a real routing information loop. In addition, an extra copy of the sending router’s AS number is prepended to the AS-PATH (standard AS number prepending procedure that occurs on every eBGP update) to maintain proper AS hop count for proper BGP route selection. PE2-AS1 prepends AS 1 to BGP update.
Let’s jump to the Configuration part of this Lab:
The initial configuration is consist of the IP Address assignments as below:
The Configuration on the Customer Routers are only assignments of the IP Addresses, so let’s configure and enable the Routing Protocol over our Service Provider Network with the following commands:
PE1-AS1(config)#router eigrp 10
PE1-AS1(config-router)#network 10.10.10.0 0.0.0.3
PE1-AS1(config-router)#network 10.10.10.101 0.0.0.0
P1-AS1(config)#router eigrp 10
P1-AS1(config-router)#network 0.0.0.0 0.0.0.0
*Jan 22 10:28:27.265: %DUAL-5-NBRCHANGE: EIGRP-IPv4 10: Neighbor 10.10.10.1 (Serial1/1) is up: new adjacency
( You can see above as soon as we enable the EIGRP Routing process the Neighborship is established )
PE2-AS1(config)#router eigrp 10
PE2-AS1(config-router)#network 10.10.10.0 0.0.0.255
*Jan 22 10:32:05.480: %DUAL-5-NBRCHANGE: EIGRP-IPv4 10: Neighbor 10.10.10.6 (Serial1/0) is up: new adjacency1
PE2-AS1(config-router)#network 10.10.10.102 0.0.0.0
Now let’s enable MPLS over our Service Provider Network:
PE1-AS1(config)#mpls ldp router-id loopback0
PE1-AS1(config)#interface serial 1/0
P1-AS1(config)#mpls ldp router-id loopback0
P1-AS1(config)#interface serial 1/1
*Jan 22 10:39:20.354: %LDP-5-NBRCHG: LDP Neighbor 10.10.10.101:0 (1) is UP
P1-AS1(config)#interface serial 1/0
( Above you can see that the MPLS neighbor between the PE1-AS1 and P1-AS1 is established )
PE2-AS1(config)#mpls ldp router-id loopback0
PE2-AS1(config)#interface serial 1/0
*Jan 22 10:40:27.754: %LDP-5-NBRCHG: LDP Neighbor 10.10.10.100:0 (1) is UP
Now we will start the Configuration of VRFs on PE1-AS1:
The same VRFs also needs to be configured on PE2-AS1 router as you can see below:
Now let’s move to the BGP Configuration on the PE routers of the Server Provider with the following of these steps:
- Configure per VRF BGP routing context on PE routers
Configure per VRF BGP routing contexts for Cust_A and Cust_B under the BGP routing process on PE1-AS1 and PE2-AS1. below demonstrates the per VRF BGP configuration on PE1-AS1. Repeat the steps on PE2-AS1. Note that the address-family IPv4 VRF contexts are seen by default in a router’s configuration when relevant configurations for forming MP-iBGP sessions are configured on PE routers. In that case, address-family ipv4 vrf vrf-name command under the BGP routing process is keyed in to enter a particular VRF’s IPv4 address-family context so that further configurations can be performed.
- Define and activate BGP CE neighbors
In this step, under the BGP VRF routing context created in Step 1, the remote BGP CE neighbors are defined on the PE routers and activated. below shows the configuration to define BGP CE neighbors on the PE routers.
Now let’s see the CE part of the configurations as below:
Now you can verify with the following commands:
- Show ip bgp vpnv4 all summary
- Show ip route vrf Cust-A bgp
- Show ip route vrf Cust-B bgp
- Show ip bgp vpnv4 all
Finally you can Ping end to end from CA-1 towards CA-2 and CB-1 towards CB-2:
Note: Don’t forget to first established the BGP Process in between the PE1-AS1 and PE2-AS1, which also requires the enabling of the VPNv4 Routing Context.