1 client, 2 provideri, 3 optiuni - InterAS VPN Layer 3 Option C

Si in acest post vom vedea cum doi provideri (ISP 1 - AS 100 si ISP 2 - AS 200) configureaza un NNI (Network to Network Interconnection) pentru a permite interconectarea a doua site-uri diferite (CPE 1 - LAN 7.7.7.7 /32 si CPE 2 - LAN 1.1.1.1 /32) a aceluiasi client. La fel, aceasta legatura poate fi folosita pentru traficul mai multor clienti care beneficiaza de aceasta optiune, singura diferenta majora fata de 'Option B' este ca ASBR-urile nu mai au nevoie de stie toata tabela de rutare VPNv4, caci RR-urile de VPNv4 din fiecare AS au sesiune eBGP intre ele. ASBR-urile au doar sesiune eBGP IPv4 (scenariu absolut normal intre doi ISP-isti) prin care se anunta interfetele de mgmt ale routerelor PE din fiecare ISP, pentru ca tunelul LSP sa se formeze intre routerul PE dintre un ISP si routerul PE din celalalt ISP. Totusi, traficul nu tranziteaza RR-urile, acestea au doar roluri de distribuire a rutelor VPNv4.

Topologie

Config routerelor CPE

CPE 1 !Loopback0 - LAN interface Loopback0 ip address 7.7.7.7 255.255.255.255 !Ethernet0/1 - WAN interface Ethernet0/1 ip address 192.168.78.7 255.255.255.0 !ruta implicita - next hop router-ul PE1 ip route 0.0.0.0 0.0.0.0 192.168.78.8

CPE 2 !Loopback0 - LAN interface Loopback0 ip address 1.1.1.1 255.255.255.255 !Ethernet0/1 - WAN interface Ethernet0/1 ip address 192.168.211.1 255.255.255.0 !ruta implicita - next hop router-ul PE2 ip route 0.0.0.0 0.0.0.0 192.168.211.21

Config routerelor P

P1 interface Loopback0 ip address 23.23.23.23 255.255.255.255 !Ethernet0/0.423 - leg cu ASBR 1 interface Ethernet0/0.423 encapsulation dot1Q 423 ip address 10.4.23.23 255.255.255.0 mpls ip !Ethernet0/0.823 - leg cu PE 1 interface Ethernet0/0.823 encapsulation dot1Q 823 ip address 10.8.23.23 255.255.255.0 mpls ip !Ethernet0/0.236 - leg cu RR 1 interface Ethernet0/0.236 encapsulation dot1Q 236 ip address 10.23.6.23 255.255.255.0 mpls ip router ospf 1 network 10.4.23.23 0.0.0.0 area 0 network 10.8.23.23 0.0.0.0 area 0 network 23.23.23.23 0.0.0.0 area 0 network 10.23.6.23 0.0.0.0 area 0

P2 interface Loopback0 ip address 22.22.22.22 255.255.255.255 !Ethernet0/0.322 - leg cu ASBR 2 interface Ethernet0/0.322 encapsulation dot1Q 322 ip address 10.3.22.22 255.255.255.0 mpls ip !Ethernet0/0.212 - leg cu PE 2 interface Ethernet0/0.212 encapsulation dot1Q 212 ip address 10.21.22.22 255.255.255.0 mpls ip !Ethernet0/0.222 - leg cu RR 2 interface Ethernet0/0.222 encapsulation dot1Q 222 ip address 10.0.222.22 255.255.255.0 mpls ip router ospf 1 network 10.3.22.22 0.0.0.0 area 0 network 10.21.22.22 0.0.0.0 area 0 network 22.22.22.22 0.0.0.0 area 0 network 10.0.222.22 0.0.0.0 area 0

Config routerelor ASBR

Aici am folosit filtrari pentru a anunta numai interfetele de mgmt ale routerelor PE si RR. Am folosit acelasi prefix-list, dar se mai poate rafina astfel incat sa aibe un numar mai mic de linii. Comanda 'neighbor send-label' este folosita pentru ca pe langa prefixe, BGP sa anunte si etictehele MPLS asociate.
Routerele ASBR nu au nevoie nici macar de sesiune iBGP cu RR-ul AS-ului din care face parte, el fac doar label-swapping ca si routerele P.

ASBR 1 interface Loopback0 ip address 4.4.4.4 255.255.255.255 interface Ethernet0/0 no shutdown !Ethernet0/0.43 - leg cu ASBR2 interface Ethernet0/0.43 encapsulation dot1Q 43 ip address 10.0.43.4 255.255.255.0 mpls bgp forwarding !Ethernet0/0.423 - leg cu P1 interface Ethernet0/0.423 encapsulation dot1Q 423 ip address 10.4.23.4 255.255.255.0 mpls ip router ospf 1 redistribute bgp 100 subnets route-map bgp-ospf network 4.4.4.4 0.0.0.0 area 0 network 10.4.23.4 0.0.0.0 area 0 router bgp 100 !sesiune eBGP cu ASBR1 neighbor 10.0.43.3 remote-as 200 address-family ipv4 redistribute ospf 1 neighbor 10.0.43.3 activate neighbor 10.0.43.3 send-label exit-address-family ip prefix-list Loopback seq 5 permit 2.2.2.2/32 ip prefix-list Loopback seq 10 permit 3.3.3.3/32 ip prefix-list Loopback seq 15 permit 4.4.4.4/32 ip prefix-list Loopback seq 20 permit 6.6.6.6/32 ip prefix-list Loopback seq 25 permit 8.8.8.8/32 ip prefix-list Loopback seq 30 permit 22.22.22.22/32 ip prefix-list Loopback seq 35 permit 21.21.21.21/32 route-map bgp-ospf permit 10 match ip address prefix-list Loopback

ASBR 2 interface Loopback0 ip address 3.3.3.3 255.255.255.255 interface Ethernet0/0 no shutdown !Ethernet0/0.43 - leg cu ASBR1 interface Ethernet0/0.43 encapsulation dot1Q 43 ip address 10.0.43.3 255.255.255.0 mpls bgp forwarding !Ethernet0/0.322 - leg cu P2 interface Ethernet0/0.322 encapsulation dot1Q 322 ip address 10.3.22.3 255.255.255.0 mpls ip router ospf 1 redistribute bgp 200 subnets route-map bgp-ospf network 3.3.3.3 0.0.0.0 area 0 network 10.3.22.3 0.0.0.0 area 0 router bgp 200 ! sesiune eBGP cu ASBR2 neighbor 10.0.43.4 remote-as 100 address-family ipv4 redistribute ospf 1 neighbor 10.0.43.4 activate neighbor 10.0.43.4 send-label exit-address-family ip prefix-list Loopback seq 5 permit 2.2.2.2/32 ip prefix-list Loopback seq 10 permit 3.3.3.3/32 ip prefix-list Loopback seq 15 permit 4.4.4.4/32 ip prefix-list Loopback seq 20 permit 6.6.6.6/32 ip prefix-list Loopback seq 25 permit 8.8.8.8/32 ip prefix-list Loopback seq 30 permit 22.22.22.22/32 ip prefix-list Loopback seq 35 permit 21.21.21.21/32 route-map bgp-ospf permit 10 match ip address prefix-list Loopback

Config routerelor RR

Aici, pe langa sesiunea eBGP VPNv4 multihop, este importanta si optiunea neighbor next-hop-unchanged, altfel prefixele din celalalt AS au next-hop RR-ul din celalalt AS si mesajele il vor tranzita in mod inutil.

RR 1 interface Loopback0 ip address 6.6.6.6 255.255.255.255 !Ethernet0/0 - leg cu P1 interface Ethernet0/0 ip address 10.23.6.6 255.255.255.0 mpls ip router ospf 1 network 6.6.6.6 0.0.0.0 area 0 network 10.23.6.6 0.0.0.0 area 0 router bgp 100 no bgp default ipv4-unicast !sesiune eBGP multihop cu RR2 neighbor 2.2.2.2 remote-as 200 neighbor 2.2.2.2 ebgp-multihop 255 neighbor 2.2.2.2 update-source Loopback0 !sesiune iBGP cu PE1 neighbor 8.8.8.8 remote-as 100 neighbor 8.8.8.8 update-source Loopback0 address-family vpnv4 neighbor 2.2.2.2 activate neighbor 2.2.2.2 send-community both neighbor 2.2.2.2 next-hop-unchanged neighbor 8.8.8.8 activate neighbor 8.8.8.8 send-community both neighbor 8.8.8.8 route-reflector-client exit-address-family

RR 2 interface Loopback0 ip address 2.2.2.2 255.255.255.255 !Ethernet0/1 - leg cu P2 interface Ethernet0/1 ip address 10.0.222.2 255.255.255.0 mpls ip router ospf 1 network 2.2.2.2 0.0.0.0 area 0 network 10.0.222.2 0.0.0.0 area 0 router bgp 200 no bgp default ipv4-unicast !sesiune eBGP multihop cu RR1 neighbor 6.6.6.6 remote-as 100 neighbor 6.6.6.6 ebgp-multihop 255 neighbor 6.6.6.6 update-source Loopback0 !sesiune iBGP cu PE2 neighbor 21.21.21.21 remote-as 200 neighbor 21.21.21.21 update-source Loopback0 address-family vpnv4 neighbor 6.6.6.6 activate neighbor 6.6.6.6 send-community both neighbor 6.6.6.6 next-hop-unchanged neighbor 21.21.21.21 activate neighbor 21.21.21.21 send-community both neighbor 21.21.21.21 route-reflector-client exit-address-family