Ethernet Switches & Routers

Reply
N/A
Posts: 1
Registered: ‎05-11-2011

Inter-AS-MPLS-VPN

Hello everybody

I need to set up an inter-as mpls-vpn interconnect to another carrier. I've got a NetIron CER 2000 with ADVPREM SW on it and configured a second one to simulate the other Carriers Router (which will be a Cisco in the end).

Unfortunalty the documentation on this topic is very limited and on the web most stuff is about CISCO and their configs. I've got some things working, vrf routes are exchanged but end-to-end connectivity does not work.

Is there somewhere a sample config available which guides me to the right config? Any help is appreciated.

Thanks,

Martin

Here is what I have so far:

My-Core1#sh run
Current configuration:
!
ver V5.1.0cT183
no spanning-tree
!
!
vlan 1 name DEFAULT-VLAN
!
vlan 50
tagged ethe 1/24
router-interface ve 50
!
!
vrf VRF-Customer
rd 10:10
route-target export 10:123
route-target import 10:123
address-family ipv4
exit-address-family
exit-vrf
!
hostname My-Core1
!
interface loopback 1
ip address 31.171.144.1/32
!
interface loopback 10
!
!
interface ethernet 1/5
enable
!
interface ethernet 1/6
port-name Carrier Inter-AS-VPN
enable
ip address 192.168.2.1/30
!
interface ethernet 1/24
enable
!
interface ve 50
vrf forwarding VRF-Customer
ip address 172.20.1.1/24
!
!
!
router bgp
local-as 197742
capability as4 enable
neighbor 192.168.2.2 remote-as 8404
address-family ipv4 unicast
redistribute connected
exit-address-family
address-family ipv4 multicast
exit-address-family
address-family ipv6 unicast
exit-address-family
address-family ipv6 multicast
exit-address-family
address-family vpnv4 unicast
neighbor 192.168.2.2 activate
neighbor 192.168.2.2 send-community extended
exit-address-family
address-family ipv4 unicast vrf VRF-Customer
neighbor 172.20.2.1 remote-as 65000
neighbor 172.20.2.1 ebgp-multihop 5
redistribute connected
exit-address-family
!
!
router mpls
ldp
  targeted-peer 62.2.2.1
mpls-interface e1/6
  ldp-enable
!
!
!
!
!
end
My-Core1#sh mpls ldp session detail
Peer LDP ID: 62.2.2.1:0, Local LDP ID: 31.171.144.1:0, State: Operational
  Adj: Link, Role: Passive, Next keepalive: 0 sec, Hold time left: 30 sec
  Keepalive interval: 6 sec, Max hold time: 36 sec
  Up time: 1 hr 41 min 53 sec
  Neighboring interfaces: (targeted), e1/6
  TCP connection: 31.171.144.1:646--62.2.2.1:9002, State: ESTABLISHED
  Next-hop addresses received from the peer:
    62.2.2.1  192.168.2.2
My-Core1#sh ip bgp sum
  BGP4 Summary
  Router ID: 31.171.144.1   Local AS Number: 197742
  Confederation Identifier: not configured
  Confederation Peers:
  Maximum Number of IP ECMP Paths Supported for Load Sharing: 1
  Number of Neighbors Configured: 1, UP: 1
  Number of Routes Installed: 4, Uses 344 bytes
  Number of Routes Advertising to All Neighbors: 2 (2 entries), Uses 96 bytes
  Number of Attribute Entries Installed: 2, Uses 180 bytes
  Neighbor Address  AS#         State     Time     Rt:Accepted Filtered Sent     ToSend
  192.168.2.2       8404        ESTAB     1h44m59s    2        0        2        0       
My-Core1#sh ip bgp vpnv4
Total number of BGP VPNv4 Routes: 1
Status codes: s suppressed, d damped, h history, * valid, > best, i internal, S stale
Origin codes: i - IGP, e - EGP, ? - incomplete
    Network            Next Hop        MED    LocPrf Weight Path
Route Distinguisher: 10:20
*   172.20.2.0/24      192.168.2.2     0      100    0      8404 ?
Second Router
ver V5.1.0cT183
!
vlan 1 name DEFAULT-VLAN
!
vrf VRF-Customer
rd 10:20
route-target export 10:123
route-target import 10:123
address-family ipv4
exit-address-family
exit-vrf
hostname Carrier2
!
interface loopback 1
ip address 62.2.2.1/32
!
interface ethernet 1/6
enable
ip address 192.168.2.2/30
!
interface ethernet 1/24
enable
vrf forwarding VRF-Customer
ip address 172.20.2.1/24
!
router bgp
local-as 8404
capability as4 enable
neighbor 192.168.2.1 remote-as 197742
address-family ipv4 unicast
redistribute connected
exit-address-family
address-family ipv4 multicast
exit-address-family
address-family ipv6 unicast
exit-address-family
address-family ipv6 multicast
exit-address-family
address-family vpnv4 unicast
neighbor 192.168.2.1 activate
neighbor 192.168.2.1 send-community extended
exit-address-family
address-family ipv4 unicast vrf VRF-Customer
neighbor 172.20.1.1 remote-as 65000
neighbor 172.20.1.1 ebgp-multihop 5
redistribute connected
exit-address-family
!
router mpls
ldp
  targeted-peer 31.171.144.1
mpls-interface e1/6
  ldp-enable
end

Carrier2#sh mpls ldp session detail

Peer LDP ID: 31.171.144.1:0, Local LDP ID: 62.2.2.1:0, State: Operational

  Adj: Link, Role: Active, Next keepalive: 5 sec, Hold time left: 35 sec

  Keepalive interval: 6 sec, Max hold time: 36 sec

  Up time: 1 hr 50 min 54 sec

  Neighboring interfaces: e1/6, (targeted)

  TCP connection: 62.2.2.1:9002--31.171.144.1:646, State: ESTABLISHED

  Next-hop addresses received from the peer:

    31.171.144.1  192.168.2.1

Carrier2#sh ip bgp sum

  BGP4 Summary

  Router ID: 62.2.2.1   Local AS Number: 8404

  Confederation Identifier: not configured

  Confederation Peers:

  Maximum Number of IP ECMP Paths Supported for Load Sharing: 1

  Number of Neighbors Configured: 1, UP: 1

  Number of Routes Installed: 4, Uses 344 bytes

  Number of Routes Advertising to All Neighbors: 2 (2 entries), Uses 96 bytes

  Number of Attribute Entries Installed: 2, Uses 180 bytes

  Neighbor Address  AS#         State     Time     Rt:Accepted Filtered Sent     ToSend

  192.168.2.1       197742      ESTAB     1h51m14s    2        0        2        0       

Carrier2#sh ip bgp vpnv4 sum

  BGP4 Summary

  Router ID: 62.2.2.1   Local AS Number: 8404

  Confederation Identifier: not configured

  Confederation Peers:

  Maximum Number of IP ECMP Paths Supported for Load Sharing: 1

  Number of Neighbors Configured: 1, UP: 1

  Number of Routes Installed: 1, Uses 86 bytes

  Number of Routes Advertising to All Neighbors: 1 (1 entries), Uses 48 bytes

  Number of Attribute Entries Installed: 2, Uses 180 bytes

  Neighbor Address  AS#         State     Time     Rt:Accepted Filtered Sent     ToSend

  192.168.2.1       197742      ESTAB     1h51m29s    1        0        1        0       

Carrier2#sh ip bgp vpnv4 routes

Total number of BGP Routes: 1

Status A:AGGREGATE B:BEST b:NOT-INSTALLED-BEST C:CONFED_EBGP DSmiley Very HappyAMPED

       E:EBGP H:HISTORY I:IBGP L:LOCAL M:MULTIPATH m:NOT-INSTALLED-MULTIPATH

       SSmiley FrustratedUPPRESSED F:FILTERED sSmiley FrustratedTALE

       Prefix             Next Hop        MED        LocPrf     Weight Status

Route Distinguisher: 10:10

1      172.20.1.0/24      192.168.2.1     0          100        0      E    

         AS_PATH: 197742

Occasional Contributor
Posts: 7
Registered: ‎01-22-2011

Re: Inter-AS-MPLS-VPN

I have a couple of questions for clarification:

Is the carrier going to let you participate in its IGP?

How is the general design of the layout supposed to look? a) cust-site1 > carrier > cust-site2 or b) cust-site1 > cust-equip-in-carrier-network?

I would think that it would be unlikely the carrier would let you participate in their igp because it would let you (or more to the point anyone who maliciously gains access to your network) to be able to inject bad routes into the igp to interrupt service (and other malfeasance).

It might be helpful if you were to toss up a diagram of what you envision the setup looking like. That might spark some more opinions on how/what to do to come to a solution for you.

Ken

New Member
Posts: 1
Registered: ‎08-24-2011

Re: Inter-AS-MPLS-VPN

Hi Ken

thanks for joining the thread. The Carrier would not allow to connect to his IGP. The setup eventually would be rather simple with MP-eBGP running between ASBR1 and ASBR2

CE1 --- PE1 --- ASBR1 --- ASBR2 --- PE2 --- CE2
                            | MP-eBGP |

I guess it all comes down to the question if a CER2000 is supporting INTER-AS Method Option B? I've got information that this is not supported but I have a hard time believing that since it is supported on every other manufacturers equipment.

Thanks, Martin

New Contributor
Posts: 3
Registered: ‎06-06-2011

Re: Inter-AS-MPLS-VPN

I'm also curious as to whether Inter-as is supported by NetIron code, specifically on MLX. The latest Config Guide doesn't have any references.

N/A
Posts: 1
Registered: ‎01-04-2013

Re: Inter-AS-MPLS-VPN

The Netiron does not support options B or C.

Option A is supported, but that's a given as option A is merely a vrf interface in igp/bgp

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.