hi
BGP Split-Horizon Rule and Route Reflector
PART I
PART II
Friday, September 30, 2011
Tuesday, September 27, 2011
Monday, September 26, 2011
Sunday, September 25, 2011
Sunday, February 27, 2011
GNS3 Topology: Any Transport over MPLS in VLAN Mode
Any Transport over MPLS (AToM) transports data link layer (Layer 2) packets over a Multiprotocol Label Switching (MPLS) backbone. AToM encapsulates Layer 2 frames at the ingress PE and sends them to a corresponding PE at the other end of a pseudowire, which is a connection between the two PE routers. The egress PE removes the encapsulation and sends out the Layer 2 frame.
AToM supports the following like-to-like transport types:
• ATM Adaptation Layer Type-5 (AAL5) over MPLS
• ATM Cell Relay over MPLS
• Ethernet over MPLS (VLAN and port modes)
• Frame Relay over MPLS
• PPP over MPLS
• High-Level Data Link Control (HDLC) over MPLS
BENEFITS of AToM
The AToM product set accommodates many types of Layer 2 packets, including Ethernet and Frame
Relay, across multiple Cisco router platforms, such as the Cisco 7200 and 7500 series routers. This
enables the service provider to transport all types of traffic over the backbone and accommodate all
types of customers.
Upgrading to AToM is transparent to the customer. Because the service provider network is separate from the customer network, the service provider can upgrade to AToM without disruption of service to the customer. The customers assume that they are using a traditional Layer 2 backbone.
PART 1 (Ethernet over MPLS VLAN Based Configuration)
PART 2 (EoMPLS Preferred Path using IP routing)
PART 3 (EoMPLS Preferred Path using MPLS TE and path protection using FRR)
AToM can use MPLS traffic engineering (TE) tunnels with fast reroute (FRR) support. AToM VCs can
be rerouted around a failed link or node at the same time as MPLS and IP prefixes.
http://fengnet.com/book/layer%202%20vpn%20architectures/ch09.html
http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/12_4t/mp_12_4t_book.html
AToM supports the following like-to-like transport types:
• ATM Adaptation Layer Type-5 (AAL5) over MPLS
• ATM Cell Relay over MPLS
• Ethernet over MPLS (VLAN and port modes)
• Frame Relay over MPLS
• PPP over MPLS
• High-Level Data Link Control (HDLC) over MPLS
BENEFITS of AToM
The AToM product set accommodates many types of Layer 2 packets, including Ethernet and Frame
Relay, across multiple Cisco router platforms, such as the Cisco 7200 and 7500 series routers. This
enables the service provider to transport all types of traffic over the backbone and accommodate all
types of customers.
Upgrading to AToM is transparent to the customer. Because the service provider network is separate from the customer network, the service provider can upgrade to AToM without disruption of service to the customer. The customers assume that they are using a traditional Layer 2 backbone.
PART 1 (Ethernet over MPLS VLAN Based Configuration)
PART 2 (EoMPLS Preferred Path using IP routing)
PART 3 (EoMPLS Preferred Path using MPLS TE and path protection using FRR)
AToM can use MPLS traffic engineering (TE) tunnels with fast reroute (FRR) support. AToM VCs can
be rerouted around a failed link or node at the same time as MPLS and IP prefixes.
http://fengnet.com/book/layer%202%20vpn%20architectures/ch09.html
http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/12_4t/mp_12_4t_book.html
Monday, February 21, 2011
GNS3 Topology: Layer 3 VPNs Over Multipoint L2TPv3 Tunnels
VPN services have been traditionally deployed over IP core networks by configuring MPLS or through L2TPv3 tunnels using point-to-point links. This feature introduces the capability to deploy layer 3 VPN services by configuring multipoint L2TPv3 tunnels over an existing IP core network. This feature is configured on only the PE routers and requires no configuration on the core routers. The L2TPv3 multipoint tunnel network allows layer 3 VPN services to be carried through the core without the configuration of MPLS.
Border Gateway Protocol (BGP) is used to advertise the tunnel endpoints and the subaddress family indentifier (SAFI) specific attributes (which contains the tunnel type, and tunnel capabilities). This feature introduces the tunnel SAFI and the BGP SAFI-Specific Attribute (SSA) attribute. The tunnel SAFI defines the tunnel endpoint and carries the endpoint IPv4 address and next hop. The tunnel SAFI is identified by the SAFI number 64. The BGP SSA carries the BGP preference and BGP flags. It also carries the tunnel cookie, tunnel cookie length, and session ID. The BGP SSA is identified by attribute number 19.
These attributes allow BGP to distribute tunnel encapsulation information between PE routers. VPNv4 traffic is routed through these tunnels. The next hop, advertised in BGP VPNv4 updates, determines which tunnel to use for routing tunnel traffic.
(2008,MPLS VPN over L2TPv3 Tunnels, retrieved from http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/cs_l3vpn.html, February 2011)
PART 1
PART 2
you can find this topology here
Thursday, February 3, 2011
GNS3 Topology: LAN Protocols over L2TPv3
PART 1 (port to port manual method)
PART 2 (port to port manual session with keepalives)
PART 2 (port to port manual session with keepalives)
Monday, January 24, 2011
GNS3 Topology: MPLS Carrier Supporting Carrier Configuration
"Carrier supporting carrier is a term used to describe a situation where one service provider allows another service provider to use a segment of its backbone network. The service provider that provides the segment of the backbone network to the other provider is called the backbone carrier. The service provider that uses the segment of the backbone network is called the customer carrier. A backbone carrier offers Border Gateway Protocol and Multiprotocol Label Switching (BGP/MPLS) VPN services.
The customer carrier can be either:
• An Internet service provider (ISP)
• A BGP/MPLS VPN service provider"
PART 1 (backbone carrier configuration)
PART 2 (Customer Carrier configuration, Customer Carrier isn't running MPLS)
PART 3 (Customer Carrier running MPLS and Customer Carrier providing MPLS VPN service.)
"Lobo L, Lakshman U, 2005, MPLS Configuration on Cisco IOS Software, Cisco Press"
Cisco IOS MPLS Configuration Guide Release 12.4T, 2005, MPLS VPN Carrier Supporting Carrier Using LDP and an IGP,retrieved from http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/12_4t/mp_12_4t_book.html , jan 2011
The customer carrier can be either:
• An Internet service provider (ISP)
• A BGP/MPLS VPN service provider"
PART 1 (backbone carrier configuration)
PART 2 (Customer Carrier configuration, Customer Carrier isn't running MPLS)
PART 3 (Customer Carrier running MPLS and Customer Carrier providing MPLS VPN service.)
"Lobo L, Lakshman U, 2005, MPLS Configuration on Cisco IOS Software, Cisco Press"
Cisco IOS MPLS Configuration Guide Release 12.4T, 2005, MPLS VPN Carrier Supporting Carrier Using LDP and an IGP,retrieved from http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/12_4t/mp_12_4t_book.html , jan 2011
Tuesday, January 18, 2011
GNS3 Topology: MPLS Traffic Engineering Fast ReRoute
Fast Reroute
Fast Reroute (FRR) is a mechanism for protecting MPLS TE LSPs from link and node failures by locally repairing the LSPs at the point of failure, allowing data to continue to flow on them while their headend routers attempt to establish new end-to-end LSPs to replace them. FRR locally repairs the protected LSPs by rerouting them over backup tunnels that bypass failed links or nodes. (1)
Prerequisites MPLS TE Fast ReRoute Link and Node Protection
Network must support the following Cisco IOS features:
• IP Cisco Express Forwarding
• Multiprotocol Label Switching (MPLS)
Network must support at least one of the following protocols:
• Intermediate System-to-Intermediate System (IS-IS)
• Open Shortest Path First (OSPF)
Features of MPLS TE FRR Link and Node Protection
-Backup Tunnel Support
-Backup Tunnels can terminate at the Next-Next-Hop to support FRR
-Multiple Backup Tunnels Can Protect the Same Interface
-Backup Tunnels can Provide Scalability
-Backup Bandwidth Protection
-Bandwidth Protection on Backup Tunnels
-Bandwidth Pool Specifications for Backup Tunnels
-Semidynamic Backup Tunnel Paths
-Prioritizing Which LSPs Obtain Backup Tunnels with Bandwidth Protection
-RSVP Hello
1- Cisco IOS Multiprotocol Label Switching Configuration Guide, Release 12.4T, 2008, retrieved from http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/12_4t/mp_12_4t_book.html , jan 2011
Fast Reroute (FRR) is a mechanism for protecting MPLS TE LSPs from link and node failures by locally repairing the LSPs at the point of failure, allowing data to continue to flow on them while their headend routers attempt to establish new end-to-end LSPs to replace them. FRR locally repairs the protected LSPs by rerouting them over backup tunnels that bypass failed links or nodes. (1)
Prerequisites MPLS TE Fast ReRoute Link and Node Protection
Network must support the following Cisco IOS features:
• IP Cisco Express Forwarding
• Multiprotocol Label Switching (MPLS)
Network must support at least one of the following protocols:
• Intermediate System-to-Intermediate System (IS-IS)
• Open Shortest Path First (OSPF)
Features of MPLS TE FRR Link and Node Protection
-Backup Tunnel Support
-Backup Tunnels can terminate at the Next-Next-Hop to support FRR
-Multiple Backup Tunnels Can Protect the Same Interface
-Backup Tunnels can Provide Scalability
-Backup Bandwidth Protection
-Bandwidth Protection on Backup Tunnels
-Bandwidth Pool Specifications for Backup Tunnels
-Semidynamic Backup Tunnel Paths
-Prioritizing Which LSPs Obtain Backup Tunnels with Bandwidth Protection
-RSVP Hello
1- Cisco IOS Multiprotocol Label Switching Configuration Guide, Release 12.4T, 2008, retrieved from http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/12_4t/mp_12_4t_book.html , jan 2011
Friday, January 14, 2011
GNS3 Topology: MPLS Traffic Engineering
Traditional IP-forwarding leads to suboptimal use of available bandwidth between pair of routers in the SP network. The suboptimal paths are under-utilized in IP networks. To avoid packet drops because of inefficient use of available bandwidth, TE is employed to steer some of the traffic, and to enable better bandwidth management and utilization between pair of routers
TE tunnels configured on routers are unidirectional, which means we need to configure a pair of TE tunnel between routers if we want to implement bidirectional TE tunnel.
OSPF or IS-IS with extensions for TE is used to carry information pertaining to the tunnel configured on a router.In OSPF, the LSA type 10 provides information about resource and link status. The inspiration behind MPLS TE is Constraint Based Routing (CBR) and CBR requires IGP like IS-IS or OSPF (IGP must be link-state routing protocol) for its operation. Resource availability and link status information are calculated using a constrained SPF (CSPF) calculation in which factors such as the bandwidth, policies, and topology are taken into consideration to define probable paths from a source to destination.
"Lobo L, Lakshman U, 2005, MPLS Configuration on Cisco IOS Software, Cisco Press"
PART 1 (enabling MPLS and configuring routers for TE support)
PART 2 (configuring headend router, verification and unequal cost load balancing using TE)
TE tunnels configured on routers are unidirectional, which means we need to configure a pair of TE tunnel between routers if we want to implement bidirectional TE tunnel.
OSPF or IS-IS with extensions for TE is used to carry information pertaining to the tunnel configured on a router.In OSPF, the LSA type 10 provides information about resource and link status. The inspiration behind MPLS TE is Constraint Based Routing (CBR) and CBR requires IGP like IS-IS or OSPF (IGP must be link-state routing protocol) for its operation. Resource availability and link status information are calculated using a constrained SPF (CSPF) calculation in which factors such as the bandwidth, policies, and topology are taken into consideration to define probable paths from a source to destination.
"Lobo L, Lakshman U, 2005, MPLS Configuration on Cisco IOS Software, Cisco Press"
PART 1 (enabling MPLS and configuring routers for TE support)
PART 2 (configuring headend router, verification and unequal cost load balancing using TE)
Monday, January 10, 2011
GNS3 Topology: Inter Provider MPLS VPN (Back to Back VRF Method)
Inter-Provider VPN feature allows the VPN information to be redistributed between adjacent MPLS VPN entities so that client sites belonging to customer which is dispersed across multiple service provider backbones can communicate with each other.
1- Back-to-Back VRF Method
2- Multiprotocol eBGP for VPNv4
3- Multi-hop MP-eBGP between Route-Reflectors
4- Non-VPN transit provider
In this approach, ASBRs are interconnected either via a single link consisting of logical subinterfaces or via multiple physical links. VRFs are configured on the ASBRs to collect VPN client routes. Each subinterface or interface connected between the ASBRs is dedicated to a single client VRF. The single client VRF can run eBGP, RIPv2, EIGRP, OSPF, or static routing to distribute the VPN routes to its adjacent peer.
"Lobo L, Lakshman U, 2005, MPLS Configuration on Cisco IOS Software, Cisco Press"
PART 1 (enabling MPLS and PE-PE routing configuration inside SP 1)
PART 2 (enabling MPLS and PE-PE routing configuration inside SP 2)
PART 3 (Configuring VRF instances and PE-CE routing configuration)
PART 4 (Verification of VPN)
To maintain the continuity of VPN services across multiple service providers, there are four different options to distribute VPNv4 information across the ASBR routers:
1- Back-to-Back VRF Method
2- Multiprotocol eBGP for VPNv4
3- Multi-hop MP-eBGP between Route-Reflectors
4- Non-VPN transit provider
In this approach, ASBRs are interconnected either via a single link consisting of logical subinterfaces or via multiple physical links. VRFs are configured on the ASBRs to collect VPN client routes. Each subinterface or interface connected between the ASBRs is dedicated to a single client VRF. The single client VRF can run eBGP, RIPv2, EIGRP, OSPF, or static routing to distribute the VPN routes to its adjacent peer.
"Lobo L, Lakshman U, 2005, MPLS Configuration on Cisco IOS Software, Cisco Press"
PART 1 (enabling MPLS and PE-PE routing configuration inside SP 1)
PART 2 (enabling MPLS and PE-PE routing configuration inside SP 2)
PART 3 (Configuring VRF instances and PE-CE routing configuration)
PART 4 (Verification of VPN)
Thursday, January 6, 2011
GNS3 Topology: MPLS VPN Hub and Spoke Topology Configuration
In certain circumstances, it may be desirable to use a hub-and-spoke topology so that all spoke sites send all their traffic toward a central site location. It can be achieved across MPLS VPN.
All traffic from the spoke sites, destined either for the central site services or for intersite connectivity, will flow via the central hub site. With this type of topology, the spoke sites export their routes to the hub site, and then the hub site re-exports the spoke site routes through a second interface (either physical or logical) using a different route target so that other spoke sites can import the routes. This causes the hub site to become a transit point for interspoke connectivity. (Guichard J, Pepelnjak I, 2001, MPLS and VPN Architectures, Cisco Press)
Here is the HUB and SPOKE MPLS VPN configuration. (this topology and configuration was taken from the book "MPLS Configuration On Cisco IOS Software"
PART 1
PART 2
All traffic from the spoke sites, destined either for the central site services or for intersite connectivity, will flow via the central hub site. With this type of topology, the spoke sites export their routes to the hub site, and then the hub site re-exports the spoke site routes through a second interface (either physical or logical) using a different route target so that other spoke sites can import the routes. This causes the hub site to become a transit point for interspoke connectivity. (Guichard J, Pepelnjak I, 2001, MPLS and VPN Architectures, Cisco Press)
Here is the HUB and SPOKE MPLS VPN configuration. (this topology and configuration was taken from the book "MPLS Configuration On Cisco IOS Software"
PART 1
PART 2
Tuesday, January 4, 2011
GNS3 Topology: MPLS VPN (BGP PE-CE Routing)
In an MPLS VPN network, BGP attributes for a VPN site are transparently transported across the service provider backbone to another site in the same VPN. Because there is a single routing protocol used across the VPN between service provider core and customer sites, the concept of redistribution does not apply.
BGP PE-CE peering in an MPLS VPN environment can be performed in two different ways:
1-) BGP PE-CE VPN sites implementing unique AS numbers (in our example, CUSTOMER A between Site 1 and Site 2)
2-) BGP PE-CE VPN sites implementing same AS numbers (in our example, CUSTOMER B between Site 1 and Site 2)
There will be no issue when implementing BGP PE-CE routing for customers which use unique AS in both VPN sites. However, using same AS number in both VPN sites causes an issue because of the BGP loop prevention mechanism. if both sites have same AS number, routing updates from one site would be dropped at the other site; therefore, connectivity cannot be established between the sites without additional configuration on PE routers. ("neighbor XX.XX.XX.XX as-override" under bgp address-family configuration)
here is the configuration of MPLS VPN with BGP PE-CE Routing.
PART 1
PART 2
BGP PE-CE peering in an MPLS VPN environment can be performed in two different ways:
1-) BGP PE-CE VPN sites implementing unique AS numbers (in our example, CUSTOMER A between Site 1 and Site 2)
2-) BGP PE-CE VPN sites implementing same AS numbers (in our example, CUSTOMER B between Site 1 and Site 2)
There will be no issue when implementing BGP PE-CE routing for customers which use unique AS in both VPN sites. However, using same AS number in both VPN sites causes an issue because of the BGP loop prevention mechanism. if both sites have same AS number, routing updates from one site would be dropped at the other site; therefore, connectivity cannot be established between the sites without additional configuration on PE routers. ("neighbor XX.XX.XX.XX as-override" under bgp address-family configuration)
here is the configuration of MPLS VPN with BGP PE-CE Routing.
PART 1
PART 2
Subscribe to:
Posts (Atom)