Fundamentals
An Nguyen, Network Consulting Engineer
Agenda
Introduction to Virtualisation
VRF-Lite
MPLS BGP Free Core
MP-BGP
Conclusion
Q&A
Introduction
MPLS
The Common Perception
Customer Customer
CE Routers owned by customer Managed Managed
CE SP Demarcation
PE Routers owned by SP Site1
Customer peers to PE via IP Provider CE
MPLS Site3
Exchanges routing with SP via routing Site 2 PE
VPN
PE
protocol (or static route) CE IP Routing Peer
Customer relies on SP to advertise (BGP, Static, IGP)
routes to reach other customer CEs * No Labels Are Exchanged with the SP
Enterprise Network Virtualisation
Key Building Blocks
Si
VRF
VRF
Global
VRF VRF
VRF
Global
IP/MPLS
VRF-Lite
What is VRF-Lite?
Functional Components Per VRF:
Virtual Routing Table
Virtual Forwarding Table
WAN/Campus
VRF VRF
VRF VRF
VRF VRF
802.1q, GRE, DLCI
Defined router supports routing (RIB), forwarding (FIB), and interface per VRF
Leverages Virtual encapsulation for separation:
Ethernet/802.1Q, GRE, Frame Relay
The routing protocol is also VRF aware
RIP/v2, EIGRP, OSPF, BGP, static (per VRF)
Layer 3 VRF interfaces cannot belong to more than a single VRF
VRF-Lite End-to-End
Target Requirements
Lo1 R1 R2 Lo1
.1 .2
VLAN 12
VRF-R VRF-R
1.1.1.1 Lo2 VLAN 112 Lo2 2.2.2.2
VRF-E VRF-E
VLAN 212
VRF-O VRF-O
Lo3 .1 .2 Lo3
G0/1.X
VLAN X IGPs:
VLAN 114
VLAN 214
VLAN 223
VLAN 123
VRF-R = RIP
VLAN 14
VLAN 23
10.1.X.0/24
Sub-interface/VLAN/VRF Mapping VRF-E = EIGRP
.4 .3 VRF-O = OSPF
Lo1 Lo1
VLAN 34
VRF-R VRF-R
4.4.4.4 Lo2 VRF-E
VLAN 134
VRF-E Lo2 3.3.3.3
VLAN 234
VRF-O VRF-O
.4 .3
Lo3 R4 R3 Lo3
interface GigabitEthernet0/1.12
ip vrf forwarding VRF-R
interface Loopback1
ip vrf forwarding VRF-R
ip vrf VRF-E
rd 2:2
interface GigabitEthernet0/1.112
ip vrf forwarding VRF-E
VRF
interface Loopback2
ip vrf forwarding VRF-E VRF
ip vrf VRF-O VRF
rd 3:3
interface GigabitEthernet0/1.212
ip vrf forwarding VRF-O
interface Loopback3
ip vrf forwarding VRF-O
VRF Aware RIP Configuration
Command Line Interface (CLI) Review
Similar to what you already know!
router rip
version 2
network 1.0.0.0
network 10.0.0.0
no auto-summary
router rip
!
address-family ipv4 vrf VRF-R
network 1.0.0.0
network 10.0.0.0
no auto-summary
version 2
exit-address-family
VRF
RIP leverages address-family ipv4 vrf ______
VRF Aware EIGRP Configuration
Command Line Interface (CLI) Review
Similar to what you already know!
router eigrp 10
network 1.1.1.1 0.0.0.0
network 10.1.112.0 0.0.0.255
no auto-summary
router eigrp 10
!
address-family ipv4 vrf VRF-E autonomous-system 10
network 1.1.1.1 0.0.0.0
network 10.1.112.0 0.0.0.255
no auto-summary
exit-address-family
VRF
EIGRP leverages address-family ipv4 vrf ______
VRF
OSPF leverages vrf ______ after the unique
process number
Live Exploration
CML: VRF REO Lab Topology
CML: VRF REO Lab
R1#show vrf
Name Default RD Protocols Interfaces
VRF-E 2:2 ipv4 Lo2
Gi0/1.112
Gi0/1.114
VRF-O 3:3 ipv4 Lo3
Gi0/1.212
Gi0/1.214
VRF-R 1:1 ipv4 Lo1
Gi0/1.12
Gi0/1.14
CML: VRF REO Lab
R1#show run vrf VRF-R router rip
Building configuration... !
address-family ipv4 vrf VRF-R
Current configuration : 572 bytes network 1.0.0.0
ip vrf VRF-R network 10.0.0.0
rd 1:1 no auto-summary
! version 2
! exit-address-family
interface GigabitEthernet0/1 !
no ip address end
duplex auto
speed auto R1#
media-type rj45
!
interface GigabitEthernet0/1.12
encapsulation dot1Q 12
ip vrf forwarding VRF-R
ip address 10.1.12.1 255.255.255.0
!
interface GigabitEthernet0/1.14
encapsulation dot1Q 14
ip vrf forwarding VRF-R
ip address 10.1.14.1 255.255.255.0
!
interface Loopback1
ip vrf forwarding VRF-R
ip address 1.1.1.1 255.255.255.255
!
CML: VRF REO Lab
R2#config t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#int lo2
R2(config-if)#shu
R2(config-if)#
CML: VRF REO Lab
Lo13 .1 .2 Lo13
Tunnel X
Tunnel 114 10.1.X.0/24
Tunnel 214
Tunnel 223
Tunnel 123
Tunnel 14
Tunnel 23
Tunnel/VRF Mapping
.4 .3
Lo11 Lo11
Tunnel 34
VRF-R VRF-R
4.4.4.4 Lo12 VRF-E
Tunnel 134
VRF-E Lo12 3.3.3.3
Tunnel 234
VRF-O VRF-O
.4 .3
Lo13 R4 R3 Lo13
Configuration Note: Each GRE Tunnel Could Require Unique Source/Destination IP (Platform Dependent)
VRF-Lite Tunnel Configuration
Command Line Interface (CLI) Review
ip vrf VRF-S
Similar to what you already know!
rd 4:4
interface Tunnel12
ip vrf forwarding VRF-S
ip address 10.1.12.1 255.255.255.0
tunnel source Loopback0
tunnel destination 192.168.2.2
ip vrf VRF-S
rd 4:4
interface Loopback0
VRF
ip address192.168.2.2 255.255.255.255 (Global Routing Table)
interface Tunnel12
ip vrf forwarding VRF-S ip route vrf VRF-S 1.1.1.1 255.255.255.255 10.1.12.1
ip address 10.1.12.2 255.255.255.0
tunnel source Loopback0
tunnel destination 192.168.1.1
Layer 2 Serial Link/No Problem
Back-to-Back Frame Relay Example
VRF Lite can also leverage Frame Relay
Lo111 R1 R2 Sub-interfaces
Lo1
as a segmentation
.1 .2 technology
Serial1/0.12
Serial1/1.223
Serial1/1.123
Serial1/1.14
Serial1/1.23
10.1.X.0/24
FR VC/VRF Mapping
.4 .3
Lo111 Lo111
Serial1/0.34
VRF-R VRF-R
4.4.4.4 Lo112 VRF-E
Serial1/0.134
VRF-E Lo112 3.3.3.3
Serial1/0.234
VRF-O VRF-O
.4 .3
Lo113 R4 R3 Lo113
ip vrf VRF-B
rd 5:5
interface Serial1/0
encapsulation frame-relay VRF
no keepalive
router bgp 1
Interface Serial1/0.12 point-to-point address-family ipv4 vrf VRF-B
ip vrf forwarding VRF-B neighbor 10.1.12.1 remote-as 1
ip address 10.1.12.2 255.255.255.0 neighbor 10.1.12.1 activate
frame-relay interface-dlci 201 no synchronization
network 2.2.2.2 mask 255.255.255.255
exit-address-family
Live Exploration
CML: VRF SB Lab Topology
CML: VRF SB Lab Topology
Could run BGP all the way through or redistribute routes into OSPF, but why!
IP Routing
IGP vs. BGP
IGP transport
F0/0 10.2
Out label
10.2
F0/0 F0/0
LDP label advertisement happens in F0/0
Ingress PE node adds label to Forwarding Table Forwarding Table Forwarding Table
In Address Out Out In Address Out Out In Address Out Out
packet (push) Label Prefix IfaceLabel Label Prefix IfaceLabel Label Prefix IfaceLabel
- 2.2 F0/0 20 20 2.2 F0/0 30 30 2.2 - -
Via forwarding table
- - 10.2 F0/0 -
Downstream node use label for
forwarding decision (swap) F0/0 10.2
Outgoing interface F0/0
10.2.1.1 Data
F0/0
Out label 30 2.2.2.2 Data
10.2.1.1 Data 20 2.2.2.2 Data
Egress PE removes label and
forwards original packet (pop) Forwarding based on Label towards BGP
Next-Hop (Loopback of far end router)
You Can Reach 10.2 Thru Me
By routing towards 2.2.2.2
BGP
MPLS in Core
0.0.0.0 0.0.0.0
0.0.0.0 0.0.0.0 Next-Hop=PE2
Next-Hop=PE1
Site 1
iBGP Relationship Site 2
10.1.1.0/24 CE1 CE2 10.2.1.0/24
R7 R8
P P
PE1 PE2
10.1.1.0/24 R1 R2 10.2.1.0/24
Next-Hop=CE1 R5 Next-Hop=CE2
P P R6
R3 R4
OSPF Area 0
P-R1#show ip bgp
% BGP not active
P-R1#show vrf
Site 1
iBGP Relationship Site 2
10.1.1.0/24 CE1 CE2 10.2.1.0/24
R7 R8
P P
PE1 PE2
10.1.1.0/24 R1 R2 10.2.1.0/24
Next-Hop=CE1 R5 R6 Next-Hop=CE2
P P
VRF Instance R3 R4
VRF Instance
OSPF Area 0
1. PE1 receives an IPv4 update on a VRF interface (eBGP/OSPF/ISIS/RIP/EIGRP)
2. PE1 translates it into VPNv4 address
Assigns an RT per VRF configuration
Rewrites next-hop attribute to itself
Assigns a label based on VRF and/or interface