Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883

Text Part Number: OL-24668-01

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCBs public domain version of the UNIX operating system. All rights reserved. Copyright 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R) Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental. Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide 2011 Cisco Systems, Inc. All rights reserved.

CONTENTS

Preface

VPC-vii VPC-9

Implementing MPLS Layer 3 VPNs Contents

VPC-10

Prerequisites for Implementing MPLS L3VPN MPLS L3VPN Restrictions

VPC-11

VPC-10

Information About MPLS Layer 3 VPNs VPC-11 MPLS L3VPN Overview VPC-11 MPLS L3VPN Benefits VPC-12 How MPLS L3VPN Works VPC-13 Virtual Routing and Forwarding Tables VPC-13 VPN Routing Information: Distribution VPC-13 BGP Distribution of VPN Routing Information VPC-14 MPLS Forwarding VPC-14 Automatic Route Distinguisher Assignment VPC-15 MPLS L3VPN Major Components VPC-15 Inter-AS Support for L3VPN VPC-15 Inter-AS Support: Overview VPC-16 Inter-AS and ASBRs VPC-16 Confederations VPC-17 MPLS VPN Inter-AS BGP Label Distribution VPC-18 Exchanging IPv4 Routes with MPLS labels VPC-19 BGP Routing Information VPC-20 BGP Messages and MPLS Labels VPC-20 Sending MPLS Labels with Routes VPC-21 Carrier Supporting Carrier Support for L3VPN VPC-22 CSC Prerequisites VPC-22 CSC Benefits VPC-22 Configuration Options for the Backbone and Customer Carriers Customer Carrier: ISP with IP Core VPC-23 Customer Carrier: MPLS Service Provider VPC-24 How to Implement MPLS Layer 3 VPNs VPC-25 Configuring the Core Network VPC-25 Assessing the Needs of MPLS VPN Customers

VPC-23

VPC-25

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

iii

Contents

Configuring Routing Protocols in the Core VPC-26 Configuring MPLS in the Core VPC-26 Determining if FIB Is Enabled in the Core VPC-26 Configuring Multiprotocol BGP on the PE Routers and Route Reflectors VPC-27 Connecting MPLS VPN Customers VPC-28 Defining VRFs on the PE Routers to Enable Customer Connectivity VPC-29 Configuring VRF Interfaces on PE Routers for Each VPN Customer VPC-31 Configuring BGP as the Routing Protocol Between the PE and CE Routers VPC-33 Configuring RIPv2 as the Routing Protocol Between the PE and CE Routers VPC-37 Configuring Static Routes Between the PE and CE Routers VPC-40 Configuring OSPF as the Routing Protocol Between the PE and CE Routers VPC-41 Configuring EIGRP as the Routing Protocol Between the PE and CE Routers VPC-44 Configuring EIGRP Redistribution in the MPLS VPN VPC-47 Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS VPN Inter-AS with ASBRs Exchanging IPv4 Routes and MPLS Labels VPC-49 Configuring ASBRs to Exchange IPv4 Routes and MPLS Labels VPC-49 Configuring the Route Reflectors to Exchange VPN-IPv4 Routes VPC-52 Configuring the Route Reflector to Reflect Remote Routes in its AS VPC-55 Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS VPN Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses VPC-58 Configuring the ASBRs to Exchange VPN-IPv4 Addresses VPC-58 Configuring EBGP Routing to Exchange VPN Routes Between Subautonomous Systems in a Confederation VPC-62 Configuring MPLS Forwarding for ASBR Confederations VPC-64 Configuring a Static Route to an ASBR Confederation Peer VPC-66 Configuring Carrier Supporting Carrier VPC-68 Identifying the Carrier Supporting Carrier Topology VPC-68 Configuring the Backbone Carrier Core VPC-69 Configuring the CSC-PE and CSC-CE Routers VPC-69 Configuring a Static Route to a Peer VPC-76 Verifying the MPLS Layer 3 VPN Configuration VPC-78 Configuration Examples for Implementing MPLS Layer 3 VPNs VPC-82 Configuring an MPLS VPN Using BGP: Example VPC-82 Configuring the Routing Information Protocol on the PE Router: Example VPC-83 Configuring the PE Router Using EIGRP: Example VPC-83 Configuration Examples for MPLS VPN CSC VPC-84 Configuring the Backbone Carrier Core: Examples VPC-84 Configuring the Links Between CSC-PE and CSC-CE Routers: Examples VPC-84 Configuring a Static Route to a Peer: Example VPC-85 Additional References
VPC-86

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

iv

OL-24668-01

Contents

Related Documents VPC-86 Standards VPC-86 MIBs VPC-86 RFCs VPC-87 Technical Assistance VPC-87 Implementing IPv6 VPN Provider Edge Transport over MPLS Contents
VPC-89 VPC-90 VPC-89

Prerequisites for Implementing 6PE/VPE

Information About 6PE/VPE VPC-90 Overview of 6PE/VPE VPC-90 Benefits of 6PE/VPE VPC-91 Deploying IPv6 over MPLS Backbones VPC-91 IPv6 on the Provider Edge and Customer Edge Routers IPv6 Provider Edge Multipath VPC-92 OSPFv3 6VPE VPC-92 Multiple VRF Support VPC-92 OSPFv3 PE-CE Extensions VPC-93 VRF Lite VPC-93

VPC-91

How to Implement 6PE/VPE VPC-93 Configuring 6PE/VPE VPC-93 Configuring PE to PE Core VPC-95 Configuring PE to CE Core VPC-99 Configuring OSPFv3 as the Routing Protocol Between the PE and CE Routers Configuration Examples for 6PE VPC-106 Configuring 6PE on a PE Router: Example VPC-106 Configuring 6VPE on a PE Router: Example VPC-106 Configuring OSPFv3 between PE to CE: Example: VPC-107 Additional References VPC-108 Related Document VPC-108 Standards VPC-108 MIBs VPC-108 RFCs VPC-108 Technical Assistance VPC-109 Index

VPC-102

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

Contents

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

vi

OL-24668-01

Preface
The preface consists of these sections:

Changes to This Document, page VPC-vii Obtaining Documentation and Submitting a Service Request, page VPC-vii

Changes to This Document

Table 1 lists the technical changes made to this document since it was first printed.
Table 1 Changes to This Document

Revision OL-24668-01

Date April 2011

Change Summary Initial release of this document.

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly Whats New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html Subscribe to the Whats New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

vii

Preface

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

viii

OL-24668-01

Implementing MPLS Layer 3 VPNs

A Multiprotocol Label Switching (MPLS) Layer 3 Virtual Private Network (VPN) consists of a set of sites that are interconnected by means of an MPLS provider core network. At each customer site, one or more customer edge (CE) routers attach to one or more provider edge (PE) routers. This module provides the conceptual and configuration information for MPLS Layer 3 VPNs on Cisco ASR 9000 Series Aggregation Services Routers.

Note

You must acquire an evaluation or permanent license in order to use MPLS Layer 3 VPN functionality. However, if you are upgrading from a previous version of the software, MPLS Layer 3 VPN functionality will continue to work using an implicit license for 90 days (during which time, you can purchase a permanent license). For more information about licenses, see the Software Entitlement on Cisco ASR 9000 Series Routers module in the Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide.

Note

For a complete description of the commands listed in this module, refer to the Cisco ASR 9000 Series Aggregation Services Router MPLS Command Reference . To locate documentation of other commands that appear in this chapter, use the command reference master index, or search online.
Feature History for Implementing MPLS Layer 3 VPNs on Cisco ASR 9000 Series Routers
Release Modification

Release 3.7.2

This feature was introduced.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

Implementing MPLS Layer 3 VPNs Contents

Contents

Prerequisites for Implementing MPLS L3VPN, page VPC-10 MPLS L3VPN Restrictions, page VPC-11 Information About MPLS Layer 3 VPNs, page VPC-11 How to Implement MPLS Layer 3 VPNs, page VPC-25 Configuration Examples for Implementing MPLS Layer 3 VPNs, page VPC-82 Additional References, page VPC-86

Prerequisites for Implementing MPLS L3VPN

These prerequisites are required to configure MPLS Layer 3 VPN:

You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

These prerequisites are required for configuring MPLS VPN Inter-AS with autonomous system boundary routers (ASBRs) exchanging VPN-IPV4 addresses or IPv4 routes and MPLS labels:

Before configuring external Border Gateway Protocol (eBGP) routing between autonomous systems or subautonomous systems in an MPLS VPN, ensure that all MPLS VPN routing instances and sessions are properly configured (see the How to Implement MPLS Layer 3 VPNs, page VPC-25 for procedures). These tasks must be performed:
Define VPN routing instances Configure BGP routing sessions in the MPLS core Configure PE-to-PE routing sessions in the MPLS core Configure BGP PE-to-CE routing sessions Configure a VPN-IPv4 eBGP session between directly connected ASBRs

To configure MPLS Layer 3 VPNs, routers must support MPLS forwarding and Forwarding Information Base (FIB).

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

10

OL-24668-01

Implementing MPLS Layer 3 VPNs MPLS L3VPN Restrictions

MPLS L3VPN Restrictions

These are restrictions for implementing MPLS Layer 3 VPNs:

Multihop VPN-IPv4 eBGP is not supported for configuring eBGP routing between autonomous systems or subautonomous systems in an MPLS VPN. MPLS VPN supports only IPv4 address families.

These restrictions apply when configuring MPLS VPN Inter-AS with ASBRs exchanging IPv4 routes and MPLS labels:

For networks configured with eBGP multihop, a label switched path (LSP) must be configured between nonadjacent routers. Inter-AS supports IPv4 routes only. IPv6 is not supported.

Note

The physical interfaces that connect the BGP speakers must support FIB and MPLS. These restrictions apply to routing protocols OSPF and RIP:

IPv6 is not supported on OSPF and RIP.

Information About MPLS Layer 3 VPNs

To implement MPLS Layer 3 VPNs, you need to understand these concepts:

MPLS L3VPN Overview, page VPC-11 MPLS L3VPN Benefits, page VPC-12 How MPLS L3VPN Works, page VPC-13 MPLS L3VPN Major Components, page VPC-15

MPLS L3VPN Overview

Before defining an MPLS VPN, VPN in general must be defined. A VPN is:

An IP-based network delivering private network services over a public infrastructure A set of sites that are allowed to communicate with each other privately over the Internet or other public or private networks

Conventional VPNs are created by configuring a full mesh of tunnels or permanent virtual circuits (PVCs) to all sites in a VPN. This type of VPN is not easy to maintain or expand, as adding a new site requires changing each edge device in the VPN. MPLS-based VPNs are created in Layer 3 and are based on the peer model. The peer model enables the service provider and the customer to exchange Layer 3 routing information. The service provider relays the data between the customer sites without customer involvement. MPLS VPNs are easier to manage and expand than conventional VPNs. When a new site is added to an MPLS VPN, only the edge router of the service provider that provides services to the customer site needs to be updated. The components of the MPLS VPN are described as follows:

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

11

Implementing MPLS Layer 3 VPNs Information About MPLS Layer 3 VPNs

Provider (P) routerRouter in the core of the provider network. PE routers run MPLS switching and do not attach VPN labels to routed packets. VPN labels are used to direct data packets to the correct private network or customer edge router. PE routerRouter that attaches the VPN label to incoming packets based on the interface or subinterface on which they are received, and also attaches the MPLS core labels. A PE router attaches directly to a CE router. Customer (C) routerRouter in the Internet service provider (ISP) or enterprise network. Customer edge (CE) routerEdge router on the network of the ISP that connects to the PE router on the network. A CE router must interface with a PE router.

Figure 1 shows a basic MPLS VPN topology.

Figure 1 Basic MPLS VPN Topology

MPLS Backbone Customer Site Provider (P) routers Customer Site

Customer Edge (CE) router

Provider Edge (PE) router Provider (P) routers

Provider Edge (PE) router

Customer Edge (CE) router

103875

MPLS L3VPN Benefits

MPLS L3VPN provides these benefits:

Service providers can deploy scalable VPNs and deliver value-added services. Connectionless service guarantees that no prior action is necessary to establish communication between hosts. Centralized Service: Building VPNs in Layer 3 permits delivery of targeted services to a group of users represented by a VPN. Scalability: Create scalable VPNs using connection-oriented, point-to-point overlays, Frame Relay, or ATM virtual connections. Security: Security is provided at the edge of a provider network (ensuring that packets received from a customer are placed on the correct VPN) and in the backbone. Integrated Quality of Service (QoS) support: QoS provides the ability to address predictable performance and policy implementation and support for multiple levels of service in an MPLS VPN. Straightforward Migration: Service providers can deploy VPN services using a straightforward migration path.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

12

OL-24668-01

Implementing MPLS Layer 3 VPNs Information About MPLS Layer 3 VPNs

Migration for the end customer is simplified. There is no requirement to support MPLS on the CE router and no modifications are required for a customer intranet.

How MPLS L3VPN Works

MPLS VPN functionality is enabled at the edge of an MPLS network. The PE router performs these tasks:

Exchanges routing updates with the CE router Translates the CE routing information into VPN version 4 (VPNv4) routes Exchanges VPNv4 routes with other PE routers through the Multiprotocol Border Gateway Protocol (MP-BGP)

Virtual Routing and Forwarding Tables

Each VPN is associated with one or more VPN routing and forwarding (VRF) instances. A VRF defines the VPN membership of a customer site attached to a PE router. A VRF consists of these components:

An IP version 4 (IPv4) unicast routing table A derived FIB table A set of interfaces that use the forwarding table A set of rules and routing protocol parameters that control the information that is included in the routing table

These components are collectively called a VRF instance. A one-to-one relationship does not necessarily exist between customer sites and VPNs. A site can be a member of multiple VPNs. However, a site can associate with only one VRF. A VRF contains all the routes available to the site from the VPNs of which it is a member. Packet forwarding information is stored in the IP routing table and the FIB table for each VRF. A separate set of routing and FIB tables is maintained for each VRF. These tables prevent information from being forwarded outside a VPN and also prevent packets that are outside a VPN from being forwarded to a router within the VPN.

VPN Routing Information: Distribution

The distribution of VPN routing information is controlled through the use of VPN route target communities, implemented by BGP extended communities. VPN routing information is distributed as follows:

When a VPN route that is learned from a CE router is injected into a BGP, a list of VPN route target extended community attributes is associated with it. Typically, the list of route target community extended values is set from an export list of route targets associated with the VRF from which the route was learned. An import list of route target extended communities is associated with each VRF. The import list defines route target extended community attributes that a route must have for the route to be imported into the VRF. For example, if the import list for a particular VRF includes route target extended communities A, B, and C, then any VPN route that carries any of those route target extended communitiesA, B, or Cis imported into the VRF.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

13

Implementing MPLS Layer 3 VPNs Information About MPLS Layer 3 VPNs

BGP Distribution of VPN Routing Information

A PE router can learn an IP prefix from these sources:

A CE router by static configuration An eBGP session with the CE router A Routing Information Protocol (RIP) exchange with the CE router Open Shortest Path First (OSPF), Enhanced Interior Gateway Routing Protocol (EIGRP), and RIP as Interior Gateway Protocols (IGPs)

The IP prefix is a member of the IPv4 address family. After the PE router learns the IP prefix, the PE converts it into the VPN-IPv4 prefix by combining it with a 64-bit route distinguisher. The generated prefix is a member of the VPN-IPv4 address family. It uniquely identifies the customer address, even if the customer site is using globally nonunique (unregistered private) IP addresses. The route distinguisher used to generate the VPN-IPv4 prefix is specified by the rd command associated with the VRF on the PE router. BGP distributes reachability information for VPN-IPv4 prefixes for each VPN. BGP communication takes place at two levels:

Within the IP domain, known as an autonomous system. Between autonomous systems.

PE to PE or PE to route reflector (RR) sessions are iBGP sessions, and PE to CE sessions are eBGP sessions. PE to CE eBGP sessions can be directly or indirectly connected (eBGP multihop). BGP propagates reachability information for VPN-IPv4 prefixes among PE routers by the BGP protocol extensions (see RFC 2283, Multiprotocol Extensions for BGP-4), which define support for address families other than IPv4. Using the extensions ensures that the routes for a given VPN are learned only by other members of that VPN, enabling members of the VPN to communicate with each other.

MPLS Forwarding
Based on routing information stored in the VRF IP routing table and the VRF FIB table, packets are forwarded to their destination using MPLS. A PE router binds a label to each customer prefix learned from a CE router and includes the label in the network reachability information for the prefix that it advertises to other PE routers. When a PE router forwards a packet received from a CE router across the provider network, it labels the packet with the label learned from the destination PE router. When the destination PE router receives the labeled packet, it pops the label and uses it to direct the packet to the correct CE router. Label forwarding across the provider backbone is based on either dynamic label switching or traffic engineered paths. A customer data packet carries two levels of labels when traversing the backbone:

The top label directs the packet to the correct PE router. The second label indicates how that PE router should forward the packet to the CE router.

More labels can be stacked if other features are enabled. For example, if traffic engineering (TE) tunnels with fast reroute (FRR) are enabled, the total number of labels imposed in the PE is four (Layer 3 VPN, Label Distribution Protocol (LDP), TE, and FRR).

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

14

OL-24668-01

Implementing MPLS Layer 3 VPNs Inter-AS Support for L3VPN

Automatic Route Distinguisher Assignment

To take advantage of iBGP load balancing, every network VRF must be assigned a unique route distinguisher. VRFs require a route distinguisher for BGP to distinguish between potentially identical prefixes received from different VPNs. With thousands of routers in a network each supporting multiple VRFs, configuration and management of route distinguishers across the network can present a problem. Cisco IOS XR software simplifies this process by assigning unique route distinguisher to VRFs using the rd auto command. To assign a unique route distinguisher for each router, you must ensure that each router has a unique BGP router-id. If so, the rd auto command assigns a Type 1 route distinguisher to the VRF using this format: ip-address:number. The IP address is specified by the BGP router-id statement and the number (which is derived as an unused index in the 0 to 65535 range) is unique across the VRFs. Finally, route distinguisher values are checkpointed so that route distinguisher assignment to VRF is persistent across failover or process restart. If an route distinguisher is explicitely configured for a VRF, this value is not overridden by the autoroute distinguisher.

MPLS L3VPN Major Components

An MPLS-based VPN network has three major components:

VPN route target communitiesA VPN route target community is a list of all members of a VPN community. VPN route targets need to be configured for each VPN community member. Multiprotocol BGP (MP-BGP) peering of the VPN community PE routersMP-BGP propagates VRF reachability information to all members of a VPN community. MP-BGP peering needs to be configured in all PE routers within a VPN community. MPLS forwardingMPLS transports all traffic between all VPN community members across a VPN service-provider network.

A one-to-one relationship does not necessarily exist between customer sites and VPNs. A given site can be a member of multiple VPNs. However, a site can associate with only one VRF. A customer-site VRF contains all the routes available to the site from the VPNs of which it is a member.

Inter-AS Support for L3VPN

This section contains these topics:

Inter-AS Support: Overview, page VPC-16 Inter-AS and ASBRs, page VPC-16 Confederations, page VPC-17 MPLS VPN Inter-AS BGP Label Distribution, page VPC-18 Exchanging IPv4 Routes with MPLS labels, page VPC-19

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

15

Implementing MPLS Layer 3 VPNs Inter-AS Support for L3VPN

Inter-AS Support: Overview

An autonomous system (AS) is a single network or group of networks that is controlled by a common system administration group and uses a single, clearly defined routing protocol. As VPNs grow, their requirements expand. In some cases, VPNs need to reside on different autonomous systems in different geographic areas. In addition, some VPNs need to extend across multiple service providers (overlapping VPNs). Regardless of the complexity and location of the VPNs, the connection between autonomous systems must be seamless. An MPLS VPN Inter-AS provides these benefits:

Allows a VPN to cross more than one service provider backbone. Service providers, running separate autonomous systems, can jointly offer MPLS VPN services to the same end customer. A VPN can begin at one customer site and traverse different VPN service provider backbones before arriving at another site of the same customer. Previously, MPLS VPN could traverse only a single BGP autonomous system service provider backbone. This feature lets multiple autonomous systems form a continuous, seamless network between customer sites of a service provider.

Allows a VPN to exist in different areas. A service provider can create a VPN in different geographic areas. Having all VPN traffic flow through one point (between the areas) allows for better rate control of network traffic between the areas.

Allows confederations to optimize iBGP meshing. Internal Border Gateway Protocol (iBGP) meshing in an autonomous system is more organized and manageable. You can divide an autonomous system into multiple, separate subautonomous systems and then classify them into a single confederation. This capability lets a service provider offer MPLS VPNs across the confederation, as it supports the exchange of labeled VPN-IPv4 Network Layer Reachability Information (NLRI) between the subautonomous systems that form the confederation.

Inter-AS and ASBRs

Separate autonomous systems from different service providers can communicate by exchanging IPv4 NLRI in the form of VPN-IPv4 addresses. The ASBRs use eBGP to exchange that information. Then an Interior Gateway Protocol (IGP) distributes the network layer information for VPN-IPV4 prefixes throughout each VPN and each autonomous system. These protocols are used for sharing routing information:

Within an autonomous system, routing information is shared using an IGP. Between autonomous systems, routing information is shared using an eBGP. An eBGP lets service providers set up an interdomain routing system that guarantees the loop-free exchange of routing information between separate autonomous systems.

The primary function of an eBGP is to exchange network reachability information between autonomous systems, including information about the list of autonomous system routes. The autonomous systems use EBGP border edge routers to distribute the routes, which include label switching information. Each border edge router rewrites the next-hop and MPLS labels. Inter-AS configurations supported in an MPLS VPN can include:

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

16

OL-24668-01

Implementing MPLS Layer 3 VPNs Inter-AS Support for L3VPN

Interprovider VPNMPLS VPNs that include two or more autonomous systems, connected by separate border edge routers. The autonomous systems exchange routes using eBGP. No IGP or routing information is exchanged between the autonomous systems. BGP ConfederationsMPLS VPNs that divide a single autonomous system into multiple subautonomous systems and classify them as a single, designated confederation. The network recognizes the confederation as a single autonomous system. The peers in the different autonomous systems communicate over eBGP sessions; however, they can exchange route information as if they were iBGP peers.

Confederations
A confederation is multiple subautonomous systems grouped together. A confederation reduces the total number of peer devices in an autonomous system. A confederation divides an autonomous system into subautonomous systems and assigns a confederation identifier to the autonomous systems. A VPN can span service providers running in separate autonomous systems or multiple subautonomous systems that form a confederation. In a confederation, each subautonomous system is fully meshed with other subautonomous systems. The subautonomous systems communicate using an IGP, such as Open Shortest Path First (OSPF) or Intermediate System-to-Intermediate System (IS-IS). Each subautonomous system also has an eBGP connection to the other subautonomous systems. The confederation eBGP (CEBGP) border edge routers forward next-hop-self addresses between the specified subautonomous systems. The next-hop-self address forces the BGP to use a specified address as the next hop rather than letting the protocol choose the next hop. You can configure a confederation with separate subautonomous systems two ways:

Configure a router to forward next-hop-self addresses between only the CEBGP border edge routers (both directions). The subautonomous systems (iBGP peers) at the subautonomous system border do not forward the next-hop-self address. Each subautonomous system runs as a single IGP domain. However, the CEBGP border edge router addresses are known in the IGP domains. Configure a router to forward next-hop-self addresses between the CEBGP border edge routers (both directions) and within the iBGP peers at the subautonomous system border. Each subautonomous system runs as a single IGP domain but also forwards next-hop-self addresses between the PE routers in the domain. The CEBGP border edge router addresses are known in the IGP domains. The two CEBGP border edge routers exchange VPN-IPv4 addresses with labels between the two autonomous systems. The distributing router changes the next-hop addresses and labels and uses a next-hop-self address. IGP-1 and IGP-2 know the addresses of CEBGP-1 and CEBGP-2.

Figure 2 illustrates a typical MPLS VPN confederation configuration. In this configuration:

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

17

Implementing MPLS Layer 3 VPNs Inter-AS Support for L3VPN

Figure 2

eBGP Connection Between Two Subautonomous Systems in a Confederation

Service Provider 1 Sub-AS1 with IGP-1 Core of P routers

Service Provider 1 Sub-AS2 with IGP-2 Core of P routers

eBGP intraconfederation for VPNv4 routes with label distribution PE-1 CEGBP-1 CEBGP-2 PE-2

PE-3

CE-1 VPN 1

CE-2

CE-5

CE-3 VPN 1

CE-4

In this confederation configuration:

CEBGP border edge routers function as neighboring peers between the subautonomous systems. The subautonomous systems use eBGP to exchange route information. Each CEBGP border edge router (CEBGP-1 and CEBGP-2) assigns a label for the router before distributing the route to the next subautonomous system. The CEBGP border edge router distributes the route as a VPN-IPv4 address by using the multiprotocol extensions of BGP. The label and the VPN identifier are encoded as part of the NLRI. Each PE and CEBGP border edge router assigns its own label to each VPN-IPv4 address prefix before redistributing the routes. The CEBGP border edge routers exchange IPV-IPv4 addresses with the labels. The next-hop-self address is included in the label (as the value of the eBGP next-hop attribute). Within the subautonomous systems, the CEBGP border edge router address is distributed throughout the iBGP neighbors, and the two CEBGP border edge routers are known to both confederations.

For more information about how to configure confederations, see the Configuring MPLS Forwarding for ASBR Confederations section on page MPC-64.

MPLS VPN Inter-AS BGP Label Distribution

Note

This section is not applicable to Inter-AS over IP tunnels. You can set up the MPLS VPN Inter-AS network so that the ASBRs exchange IPv4 routes with MPLS labels of the provider edge (PE) routers. Route reflectors (RRs) exchange VPN-IPv4 routes by using multihop, multiprotocol external Border Gateway Protocol (eBGP). This method of configuring the Inter-AS system is often called MPLS VPN Inter-AS BGP Label Distribution. Configuring the Inter-AS system so that the ASBRs exchange the IPv4 routes and MPLS labels has these benefits:

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

18

43880

OL-24668-01

Implementing MPLS Layer 3 VPNs Inter-AS Support for L3VPN

Saves the ASBRs from having to store all the VPN-IPv4 routes. Using the route reflectors to store the VPN-IPv4 routes and forward them to the PE routers results in improved scalability compared with configurations in which the ASBR holds all the VPN-IPv4 routes and forwards the routes based on VPN-IPv4 labels. Having the route reflectors hold the VPN-IPv4 routes also simplifies the configuration at the border of the network. Enables a non-VPN core network to act as a transit network for VPN traffic. You can transport IPv4 routes with MPLS labels over a non-MPLS VPN service provider. Eliminates the need for any other label distribution protocol between adjacent label switch routers (LSRs). If two adjacent LSRs are also BGP peers, BGP can handle the distribution of the MPLS labels. No other label distribution protocol is needed between the two LSRs.

Exchanging IPv4 Routes with MPLS labels

Note

This section is not applicable to Inter-AS over IP tunnels. You can set up a VPN service provider network to exchange IPv4 routes with MPLS labels. You can configure the VPN service provider network as follows:

Route reflectors exchange VPN-IPv4 routes by using multihop, multiprotocol eBGP. This configuration also preserves the next-hop information and the VPN labels across the autonomous systems. A local PE router (for example, PE1 in Figure 3) needs to know the routes and label information for the remote PE router (PE2). This information can be exchanged between the PE routers and ASBRs in one of two ways:
Internal Gateway Protocol (IGP) and Label Distribution Protocol (LDP): The ASBR can

redistribute the IPv4 routes and MPLS labels it learned from eBGP into IGP and LDP and from IGP and LDP into eBGP.
Internal Border Gateway Protocol (iBGP) IPv4 label distribution: The ASBR and PE router can

use direct iBGP sessions to exchange VPN-IPv4 and IPv4 routes and MPLS labels. Alternatively, the route reflector can reflect the IPv4 routes and MPLS labels learned from the ASBR to the PE routers in the VPN. This reflecting of learned IPv4 routes and MPLS labels is accomplished by enabling the ASBR to exchange IPv4 routes and MPLS labels with the route reflector. The route reflector also reflects the VPN-IPv4 routes to the PE routers in the VPN. For example, in VPN1, RR1 reflects to PE1 the VPN-IPv4 routes it learned and IPv4 routes and MPLS labels learned from ASBR1. Using the route reflectors to store the VPN-IPv4 routes and forward them through the PE routers and ASBRs allows for a scalable configuration.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

19

Implementing MPLS Layer 3 VPNs Inter-AS Support for L3VPN

Figure 3

VPNs Using eBGP and iBGP to Distribute Routes and MPLS Labels

RR1

Multihop Multiprotocol VPNv4 BGP IPv4 routes and label with multipath support

RR2

PE1

ASBR1

ASBR2

PE2
59251

CE1 VPN1

CE2 VPN2

BGP Routing Information

BGP routing information includes these items:

Network number (prefix), which is the IP address of the destination. Autonomous system (AS) path, which is a list of the other ASs through which a route passes on the way to the local router. The first AS in the list is closest to the local router; the last AS in the list is farthest from the local router and usually the AS where the route began. Path attributes, which provide other information about the AS path, for example, the next hop.

BGP Messages and MPLS Labels

MPLS labels are included in the update messages that a router sends. Routers exchange these types of BGP messages:

Open messagesAfter a router establishes a TCP connection with a neighboring router, the routers exchange open messages. This message contains the number of the autonomous system to which the router belongs and the IP address of the router that sent the message. Update messagesWhen a router has a new, changed, or broken route, it sends an update message to the neighboring router. This message contains the NLRI, which lists the IP addresses of the usable routes. The update message includes any routes that are no longer usable. The update message also includes path attributes and the lengths of both the usable and unusable paths. Labels for VPN-IPv4 routes are encoded in the update message, as specified in RFC 2858. The labels for the IPv4 routes are encoded in the update message, as specified in RFC 3107. Keepalive messagesRouters exchange keepalive messages to determine if a neighboring router is still available to exchange routing information. The router sends these messages at regular intervals. (Sixty seconds is the default for Cisco routers.) The keepalive message does not contain routing data; it contains only a message header. Notification messagesWhen a router detects an error, it sends a notification message.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

20

OL-24668-01

Implementing MPLS Layer 3 VPNs Inter-AS Support for L3VPN

Sending MPLS Labels with Routes

When BGP (eBGP and iBGP) distributes a route, it can also distribute an MPLS label that is mapped to that route. The MPLS label mapping information for the route is carried in the BGP update message that contains the information about the route. If the next hop is not changed, the label is preserved. When you issue the show bgp neighbors ip-address command on both BGP routers, the routers advertise to each other that they can then send MPLS labels with the routes. If the routers successfully negotiate their ability to send MPLS labels, the routers add MPLS labels to all outgoing BGP updates.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

21

Implementing MPLS Layer 3 VPNs Carrier Supporting Carrier Support for L3VPN

Carrier Supporting Carrier Support for L3VPN

This section provides conceptual information about MPLS VPN Carrier Supporting Carrier (CSC) functionality and includes these topics:

CSC Prerequisites, page VPC-22 CSC Benefits, page VPC-22 Configuration Options for the Backbone and Customer Carriers, page VPC-23

Throughout this document, the following terminology is used in the context of CSC: backbone carrierService provider that provides the segment of the backbone network to the other provider. A backbone carrier offers BGP and MPLS VPN services. customer carrierService provider that uses the segment of the backbone network. The customer carrier may be an Internet service provider (ISP) or a BGP/MPLS VPN service provider. CE routerA customer edge router is part of a customer network and interfaces to a provider edge (PE) router. In this document, the CE router sits on the edge of the customer carrier network. PE routerA provider edge router is part of a service provider's network connected to a customer edge (CE) router. In this document, the PE router sits on the edge of the backbone carrier network ASBRAn autonomous system boundary router connects one autonomous system to another.

CSC Prerequisites
These prerequisites are required to configure CSC:

You must be able to configure MPLS VPNs with end-to-end (CE-to-CE router) pings working. You must be able to configure Interior Gateway Protocols (IGPs), MPLS Label Distribution Protocol (LDP), and Multiprotocol Border Gateway Protocol (MP-BGP). You must ensure that CSC-PE and CSC-CE routers support BGP label distribution.

Note

BGP is the only supported label distribution protocol on the link between CE and PE.

CSC Benefits
This section describes the benefits of CSC to the backbone carrier and customer carriers.
Benefits to the Backbone Carrier

The backbone carrier can accommodate many customer carriers and give them access to its backbone. The MPLS VPN carrier supporting carrier feature is scalable. The MPLS VPN carrier supporting carrier feature is a flexible solution.

Benefits to the Customer Carriers

The MPLS VPN carrier supporting carrier feature removes from the customer carrier the burden of configuring, operating, and maintaining its own backbone.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

22

OL-24668-01

Implementing MPLS Layer 3 VPNs Carrier Supporting Carrier Support for L3VPN

Customer carriers who use the VPN services provided by the backbone carrier receive the same level of security that Frame Relay or ATM-based VPNs provide. Customer carriers can use any link layer technology to connect the CE routers to the PE routers. The customer carrier can use any addressing scheme and still be supported by a backbone carrier.

Benefits of Implementing MPLS VPN CSC Using BGP

The benefits of using BGP to distribute IPv4 routes and MPLS label routes are:

BGP takes the place of an IGP and LDP in a VPN forwarding and routing instance (VRF) table. BGP is the preferred routing protocol for connecting two ISPs,

Configuration Options for the Backbone and Customer Carriers

To enable CSC, the backbone and customer carriers must be configured accordingly:

The backbone carrier must offer BGP and MPLS VPN services. The customer carrier can take several networking forms. The customer carrier can be:
An ISP with an IP core (see the Customer Carrier: ISP with IP Core section on page MPC-23). An MPLS service provider with or without VPN services (see Customer Carrier: MPLS

Service Provider section on page MPC-24).

Note

An IGP in the customer carrier network is used to distribute next hops and loopbacks to the CSC-CE. IBGP with label sessions are used in the customer carrier network to distribute next hops and loopbacks to the CSC-CE.

Customer Carrier: ISP with IP Core

Figure 4 shows a network configuration where the customer carrier is an ISP. The customer carrier has two sites, each of which is a point of presence (POP). The customer carrier connects these sites using a VPN service provided by the backbone carrier. The backbone carrier uses MPLS or IP tunnels to provide VPN services. The ISP sites use IP.
Figure 4 Network: Customer Carrier Is an ISP

ISP site 1

Backbone carrier

ISP site 2

IP CSC-CE1 CSC-PE1

MPLS CSC-PE2

IP CSC-CE2

The links between the CE and PE routers use eBGP to distribute IPv4 routes and MPLS labels. Between the links, the PE routers use multiprotocol iBGP to distribute VPNv4 routes.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

50846

23

Implementing MPLS Layer 3 VPNs Carrier Supporting Carrier Support for L3VPN

Customer Carrier: MPLS Service Provider

Figure 5 shows a network configuration where the backbone carrier and the customer carrier are BGP/MPLS VPN service providers. The customer carrier has two sites. The customer carrier uses MPLS in its network while the backbone carrier may use MPLS or IP tunnels in its network.
Figure 5 Network: Customer Carrier Is an MPLS VPN Service Provider

MP-IBGP exchanging VPNv4 prefixes MP-IBGP exchanging VPNv4 prefixes

IPv4 + labels

IPv4 + labels

CE1

PE1

CSC-CE1

CSC-PE1

CSC-PE2

CSC-CE2

PE2

CE2
65682

Customer carrier MPLS VPN SP

Backbone carrier MPLS VPN SP

Customer carrier MPLS VPN SP

In this configuration (Figure 5), the customer carrier can configure its network in one of these ways:

The customer carrier can run an IGP and LDP in its core network. In this case, the CSC-CE1 router in the customer carrier redistributes the eBGP routes it learns from the CSC-PE1 router of the backbone carrier to an IGP. The CSC-CE1 router of the customer carrier system can run an IPv4 and labels iBGP session with the PE1 router.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

24

OL-24668-01

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

How to Implement MPLS Layer 3 VPNs

This section contains instructions for these tasks:

Configuring the Core Network, page VPC-25 Connecting MPLS VPN Customers, page VPC-28 Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS VPN Inter-AS with ASBRs Exchanging IPv4 Routes and MPLS Labels, page VPC-49 (optional) Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS VPN Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses, page VPC-58 (optional) Configuring Carrier Supporting Carrier, page VPC-68 (optional) Verifying the MPLS Layer 3 VPN Configuration, page VPC-78

Configuring the Core Network

Configuring the core network includes these tasks:

Assessing the Needs of MPLS VPN Customers, page VPC-25 Configuring Routing Protocols in the Core, page VPC-26 Configuring MPLS in the Core, page VPC-26 Determining if FIB Is Enabled in the Core, page VPC-26 Configuring Multiprotocol BGP on the PE Routers and Route Reflectors, page VPC-27

Assessing the Needs of MPLS VPN Customers

Before configuring an MPLS VPN, the core network topology must be identified so that it can best serve MPLS VPN customers. Perform this task to identify the core network topology.

SUMMARY STEPS
1. 2. 3. 4.

Identify the size of the network. Identify the routing protocols in the core. Determine if MPLS High Availability support is required. Determine if BGP load sharing and redundant paths are required.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

25

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

DETAILED STEPS

Command or Action
Step 1

Purpose Identify these to determine the number of routers and ports required:

Identify the size of the network.

How many customers will be supported? How many VPNs are required for each customer? How many virtual routing and forwarding (VRF) instances are there for each VPN?

Step 2 Step 3

Identify the routing protocols in the core. Determine if MPLS High Availability support is required. Determine if BGP load sharing and redundant paths are required.

Determine which routing protocols are required in the core network. MPLS VPN nonstop forwarding and graceful restart are supported on select routers and Cisco IOS XR software releases. Determine if BGP load sharing and redundant paths in the MPLS VPN core are required.

Step 4

Configuring Routing Protocols in the Core

To configure a routing protocol, see the Cisco ASR 9000 Series Aggregation Services Routers Routing Configuration Guide.

Configuring MPLS in the Core

To enable MPLS on all routers in the core, you must configure a Label Distribution Protocol (LDP). You can use either of these as an LDP:

MPLS LDPSee the Implementing MPLS Label Distribution Protocol on Cisco ASR 9000 Series Routersfor configuration information. MPLS Traffic Engineering Resource Reservation Protocol (RSVP)See Implementing RSVP for MPLS-TE on Cisco ASR 9000 Series Routers module in this document for configuration information.

Determining if FIB Is Enabled in the Core

Forwarding Information Base (FIB) must be enabled on all routers in the core, including the provider edge (PE) routers. For information on how to determine if FIB is enabled, see the Implementing Cisco Express Forwarding on Cisco ASR 9000 Series Routers module in the Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

26

OL-24668-01

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Configuring Multiprotocol BGP on the PE Routers and Route Reflectors

Perform this task to configure multiprotocol BGP (MP-BGP) connectivity on the PE routers and route reflectors.

SUMMARY STEPS
1. 2. 3. 4. 5.

configure router bgp autonomous-system-number address-family vpnv4 unicast neighbor ip-address remote-as autonomous-system-number address-family vpnv4 unicast end or commit

DETAILED STEPS

Command or Action
Step 1
configure

Purpose Enters global configuration mode.

Example:
RP/0/RSP0/CPU0:router# configure

Step 2

router bgp autonomous-system-number

Enters BGP configuration mode allowing you to configure the BGP routing process.

Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120

Step 3

address-family vpnv4 unicast Example: RP/0/RSP0/CPU0:router(config-bgp)# address-family vpnv4 unicast

Enters VPNv4 address family configuration mode for the VPNv4 address family.

Step 4

neighbor ip-address remote-as autonomous-system-number

Creates a neighbor and assigns it a remote autonomous system number.

Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor 172.168.40.24 remote-as 2002

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

27

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Command or Action
Step 5
address-family vpnv4 unicast Example: RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family vpnv4 unicast

Purpose Enters VPNv4 address family configuration mode for the VPNv4 address family.

Step 6

end

Saves configuration changes.

or
commit

When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting (yes/no/cancel)? [cancel]:

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end

or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit

Entering yes saves configuration changes to the

running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and

returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current

configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Connecting MPLS VPN Customers

To connect MPLS VPN customers to the VPN, perform these tasks:

Defining VRFs on the PE Routers to Enable Customer Connectivity, page VPC-29 Configuring VRF Interfaces on PE Routers for Each VPN Customer, page VPC-31 Configuring BGP as the Routing Protocol Between the PE and CE Routers, page VPC-33 (optional) Configuring RIPv2 as the Routing Protocol Between the PE and CE Routers, page VPC-37 (optional) Configuring Static Routes Between the PE and CE Routers, page VPC-40 (optional) Configuring OSPF as the Routing Protocol Between the PE and CE Routers, page VPC-41 (optional) Configuring EIGRP as the Routing Protocol Between the PE and CE Routers, page VPC-44 (optional) Configuring EIGRP Redistribution in the MPLS VPN, page VPC-47 (optional)

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

28

OL-24668-01

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Defining VRFs on the PE Routers to Enable Customer Connectivity

Perform this task to define VPN routing and forwarding (VRF) instances.

SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.

configure vrf vrf-name address-family ipv4 unicast import route-policy policy-name import route-target [as-number:nn | ip-address:nn] export route-policy policy-name export route-target [as-number:nn | ip-address:nn] exit exit

10. router bgp autonomous-system-number 11. vrf vrf-name 12. rd {as-number | ip-address | auto} 13. end

or commit

DETAILED STEPS

Command or Action
Step 1
configure

Purpose Enters global configuration mode.

Example:
RP/0/RSP0/CPU0:router# configure

Step 2

vrf vrf-name

Configures a VRF instance and enters VRF configuration mode.

Example:
RP/0/RSP0/CPU0:router(config)# vrf vrf_1

Step 3

address-family ipv4 unicast

Enters VRF address family configuration mode for the IPv4 address family.

Example:
RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4 unicast

Step 4

import route-policy policy-name

Specifies a route policy that can be imported into the local VPN.

Example:
RP/0/RSP0/CPU0:router(config-vrf-af)# import route-policy policy_A

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

29

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Command or Action
Step 5
import route-target [as-number:nn | ip-address:nn]

Purpose Allows exported VPN routes to be imported into the VPN if one of the route targets of the exported route matches one of the local VPN import route targets.

Example:
RP/0/RSP0/CPU0:router(config-vrf-af)# import route-target 120:1

Step 6

export route-policy policy-name

Specifies a route policy that can be exported from the local VPN.

Example:
RP/0/RSP0/CPU0:router(config-vrf-af)# export route-policy policy_B

Step 7

export route-target [as-number:nn | ip-address:nn]

Example:
RP/0/RSP0/CPU0:router(config-vrf-af)# export route-target 120:2

Associates the local VPN with a route target. When the route is advertised to other provider edge (PE) routers, the export route target is sent along with the route as an extended community.

Step 8

exit

Exits VRF address family configuration mode and returns the router to VRF configuration mode.

Example:
RP/0/RSP0/CPU0:router(config-vrf-af)# exit

Step 9

exit

Exits VRF configuration mode and returns the router to global configuration mode.

Example:
RP/0/RSP0/CPU0:router(config-vrf)# exit

Step 10

router bgp autonomous-system-number

Enters BGP configuration mode allowing you to configure the BGP routing process.

Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120

Step 11

vrf vrf-name

Configures a VRF instance and enters VRF configuration mode for BGP routing.

Example:
RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf_1

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

30

OL-24668-01

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Command or Action
Step 12
rd {as-number | ip-address | auto}

Purpose Automatically assigns a unique route distinguisher (RD) to vrf_1.

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)# rd auto

Step 13

end

Saves configuration changes.

or
commit

When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)# end

or
RP/0/RSP0/CPU0:router(config-bgp-vrf)# commit

Entering yes saves configuration changes to the

running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and

returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current

configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Configuring VRF Interfaces on PE Routers for Each VPN Customer

Perform this task to associate a VPN routing and forwarding (VRF) instance with an interface or a subinterface on the PE routers.

Note

You must remove IPv4/IPv6 addresses from an interface prior to assigning, removing, or changing an interface's VRF. If this is not done in advance, any attempt to change the VRF on an IP interface is rejected.

SUMMARY STEPS
1. 2. 3. 4. 5.

configure interface type interface-path-id vrf vrf-name ipv4 address ipv4-address mask end or commit

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

31

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

DETAILED STEPS

Command or Action
Step 1
configure

Purpose Enters global configuration mode.

Example:
RP/0/RSP0/CPU0:router# configure

Step 2

interface type interface-path-id

Enters interface configuration mode.

Example:
RP/0/RSP0/CPU0:router(config)# interface GigabitEthernet 0/3/0/0

Step 3

vrf vrf-name

Configures a VRF instance and enters VRF configuration mode.

Example:
RP/0/RSP0/CPU0:router(config-if)# vrf vrf_A

Step 4

ipv4 address ipv4-address mask

Configures a primary IPv4 address for the specified interface.

Example:
RP/0/RSP0/CPU0:router(config-if)# ipv4 address 192.168.1.27 255.255.255.0

Step 5

end

Saves configuration changes.

or
commit

When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:

Example:
RP/0/RSP0/CPU0:router(config-if)# end

or
RP/0/RSP0/CPU0:router(config-if)# commit

Entering yes saves configuration changes to the

running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and

returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current

configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

32

OL-24668-01

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Configuring BGP as the Routing Protocol Between the PE and CE Routers

Perform this task to configure PE-to-CE routing sessions using BGP.

SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7.

configure router bgp autonomous-system-number bgp router-id {ip-address} vrf vrf-name label-allocation-mode per-ce address-family ipv4 unicast redistribute connected [metric metric-value] [route-policy route-policy-name] or redistribute isis process-id [level {1 | 1-inter-area | 2}] [metric metric-value] [route-policy route-policy-name] or redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric metric-value] [route-policy route-policy-name] or redistribute static [metric metric-value] [route-policy route-policy-name] aggregate-address address/mask-length [as-set] [as-confed-set] [summary-only] [route-policy route-policy-name] network {ip-address/prefix-length | ip-address mask} [route-policy route-policy-name]

8. 9.

10. exit 11. neighbor ip-address 12. remote-as autonomous-system-number 13. password {clear | encrypted} password 14. ebgp-multihop [ttl-value] 15. address-family ipv4 unicast 16. allowas-in [as-occurrence-number] 17. route-policy route-policy-name in 18. route-policy route-policy-name out 19. end

or commit

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

33

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

DETAILED STEPS

Command or Action
Step 1
configure

Purpose Enters global configuration mode.

Example:
RP/0/RSP0/CPU0:router# configure

Step 2

router bgp autonomous-system-number

Enters Border Gateway Protocol (BGP) configuration mode allowing you to configure the BGP routing process.

Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120

Step 3

bgp router-id {ip-address}

Configures the local router with a router ID of 192.168.70.24.

Example:
RP/0/RSP0/CPU0:router(config-bgp)# bgp router-id 192.168.70.24

Step 4

vrf vrf-name

Configures a VPN routing and forwarding (VRF) instance and enters VRF configuration mode for BGP routing.

Example:
RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf_1

Step 5

label-allocation-mode per-ce

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)# label-allocation-mode per-ce

Sets the MPLS VPN label allocation mode for each customer edge (CE) label mode allowing the provider edge (PE) router to allocate one label for every immediate next-hop. Enters VRF address family configuration mode for the IPv4 address family.

Step 6

address-family ipv4 unicast

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)# address-family ipv4 unicast

Step 7

redistribute connected [metric metric-value] [route-policy route-policy-name]

or
redistribute isis process-id [level {1 | 1-inter-area | 2}] [metric metric-value] [route-policy route-policy-name]

Causes routes to be redistributed into BGP. The routes that can be redistributed into BGP are:

Connected Intermediate System-to-Intermediate System (IS-IS) Open Shortest Path First (OSPF) Static

or
redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric metric-value] [route-policy route-policy-name]

or
redistribute static [metric metric-value] [route-policy route-policy-name]

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# redistribute connected

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

34

OL-24668-01

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Command or Action
Step 8
aggregate-address address/mask-length [as-set] [as-confed-set] [summary-only] [route-policy route-policy-name]

Purpose Creates an aggregate address. The path advertised for this route is an autonomous system set consisting of all elements contained in all paths that are being summarized.

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# aggregate-address 10.0.0.0/8 as-set

The as-set keyword generates autonomous system set path information and community information from contributing paths. The as-confed-set keyword generates autonomous system confederation set path information from contributing paths. The summary-only keyword filters all more specific routes from updates. The route-policy route-policy-name keyword and argument specify the route policy used to set the attributes of the aggregate route.

Step 9

network {ip-address/prefix-length | ip-address mask} [route-policy route-policy-name]

Configures the local router to originate and advertise the specified network.

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# network 172.20.0.0/16

Step 10

exit

Exits VRF address family configuration mode and returns the router to VRF configuration mode for BGP routing.

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# exit

Step 11

neighbor ip-address

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)# neighbor 172.168.40.24

Places the router in VRF neighbor configuration mode for BGP routing and configures the neighbor IP address 172.168.40.24 as a BGP peer.

Step 12

remote-as autonomous-system-number

Creates a neighbor and assigns it a remote autonomous system number.

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# remote-as 2002

Step 13

password {clear | encrypted} password

Configures neighbor 172.168.40.24 to use MD5 authentication with the password pswd123.

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# password clear pswd123

Step 14

ebgp-multihop [ttl-value]

Allows a BGP connection to neighbor 172.168.40.24.

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# ebgp-multihop

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

35

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Command or Action
Step 15
address-family ipv4 unicast

Purpose Enters VRF neighbor address family configuration mode for BGP routing.

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# address-family ipv4 unicast

Step 16

allowas-in [as-occurrence-number]

Replaces the neighbor autonomous system number (ASN) with the PE ASN in the AS path three times.

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# allowas-in 3

Step 17

route-policy route-policy-name in

Applies the In-Ipv4 policy to inbound IPv4 unicast routes.

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# route-policy In-Ipv4 in

Step 18

route-policy route-policy-name out

Applies the In-Ipv4 policy to outbound IPv4 unicast routes.

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# route-policy In-Ipv4 in

Step 19

end

Saves configuration changes.

or
commit

When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# end

or
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# commit

Entering yes saves configuration changes to the

running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and

returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current

configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

36

OL-24668-01

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Configuring RIPv2 as the Routing Protocol Between the PE and CE Routers

Perform this task to configure provider edge (PE)-to-customer edge (CE) routing sessions using Routing Information Protocol version 2 (RIPv2).

SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7.

configure router rip vrf vrf-name interface type instance site-of-origin {as-number:number | ip-address:number} exit redistribute bgp as-number [[external | internal | local] [route-policy name] or redistribute connected [route-policy name] or redistribute isis process-id [level-1 | level-1-2 | level-2] [route-policy name] or redistribute eigrp as-number [route-policy name] or redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [route-policy name] or redistribute static [route-policy name] end or commit

8.

DETAILED STEPS

Command or Action
Step 1
configure

Purpose Enters global configuration mode.

Example:
RP/0/RSP0/CPU0:router# configure

Step 2

router rip

Example:
RP/0/RSP0/CPU0:router(config)# router rip

Enters the Routing Information Protocol (RIP) configuration mode allowing you to configure the RIP routing process. Configures a VPN routing and forwarding (VRF) instance and enters VRF configuration mode for RIP routing.

Step 3

vrf vrf-name

Example:
RP/0/RSP0/CPU0:router(config-rip)# vrf vrf_1

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

37

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Command or Action
Step 4
interface type instance

Purpose Enters VRF interface configuration mode.

Example:
RP/0/RSP0/CPU0:router(config-rip-vrf)# interface GigabitEthernet 0/3/0/0

Step 5

site-of-origin {as-number:number | ip-address:number}

Example:
RP/0/RSP0/CPU0:router(config-rip-vrf-if)# site-of-origin 200:1

Identifies routes that have originated from a site so that the re-advertisement of that prefix back to the source site can be prevented. Uniquely identifies the site from which a PE router has learned a route.

Step 6

exit

Exits VRF interface configuration mode, and returns the router to VRF configuration mode for RIP routing.

Example:
RP/0/RSP0/CPU0:router(config-rip-vrf-if)# exit

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

38

OL-24668-01

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Command or Action
Step 7
redistribute bgp as-number [[external | internal | local] [route-policy name]

Purpose Causes routes to be redistributed into RIP. The routes that can be redistributed into RIP are:

or
redistribute connected [route-policy name]

Border Gateway Protocol (BGP) Connected Enhanced Interior Gateway Routing Protocol (EIGRP) Intermediate System-to-Intermediate System (IS-IS) Open Shortest Path First (OSPF) Static

or
redistribute eigrp as-number [route-policy name]

or
redistribute isis process-id [level-1 | level-1-2 | level-2] [route-policy name]

or
redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [route-policy name]

or
redistribute static [route-policy name]

Example:
RP/0/RSP0/CPU0:router(config-rip-vrf)# redistribute connected

Step 8

end

Saves configuration changes.

or
commit

When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:

Example:
RP/0/RSP0/CPU0:router(config-rip-vrf)# end

or
RP/0/RSP0/CPU0:router(config-rip-vrf)# commit

Entering yes saves configuration changes to the

running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and

returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current

configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

39

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Configuring Static Routes Between the PE and CE Routers

Perform this task to configure provider edge (PE)-to-customer edge (CE) routing sessions that use static routes.

Note

You must remove IPv4/IPv6 addresses from an interface prior to assigning, removing, or changing an interface's VRF. If this is not done in advance, any attempt to change the VRF on an IP interface is rejected.

SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7.

configure router static vrf vrf-name address-family ipv4 unicast prefix/mask [vrf vrf-name] {ip-address | type interface-path-id} prefix/mask [vrf vrf-name] bfd fast-detect end or commit

DETAILED STEPS

Command or Action
Step 1
configure

Purpose Enters global configuration mode.

Example:
RP/0/RSP0/CPU0:router# configure

Step 2

router static

Enters static routing configuration mode allowing you to configure the static routing process.

Example:
RP/0/RSP0/CPU0:router(config)# router static

Step 3

vrf vrf-name

Configures a VPN routing and forwarding (VRF) instance and enters VRF configuration mode for static routing.

Example:
RP/0/RSP0/CPU0:router(config-static)# vrf vrf_1

Step 4

address-family ipv4 unicast

Enters VRF address family configuration mode for the IPv4 address family.

Example:
RP/0/RSP0/CPU0:router(config-static-vrf)# address-family ipv4 unicast

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

40

OL-24668-01

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Command or Action
Step 5
prefix/mask [vrf vrf-name] {ip-address | type interface-path-id}

Purpose Assigns the static route to vrf_1.

Example:
RP/0/RSP0/CPU0:router(config-static-vrf-afi)# 172.168.40.24/24 vrf vrf_1 10.1.1.1

Step 6

prefix/mask [vrf vrf-name] bfd fast-detect

Enables bidirectional forwarding detection (BFD) to detect failures in the path between adjacent forwarding engines. This option is available is when the forwarding router address is specified in Step 5. Saves configuration changes.

Example:
RP/0/RSP0/CPU0:router(config-static-vrf-afi)# 172.168.40.24/24 vrf vrf_1 bfd fast-detect

Step 7

end

or
commit

When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:

Example:
RP/0/RSP0/CPU0:router(config-static-vrf-afi)# end

or
RP/0/RSP0/CPU0:router(config-static-vrf-afi)# commit

Entering yes saves configuration changes to the

running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and

returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current

configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Configuring OSPF as the Routing Protocol Between the PE and CE Routers

Perform this task to configure provider edge (PE)-to-customer edge (CE) routing sessions that use Open Shortest Path First (OSPF).

SUMMARY STEPS
1. 2. 3. 4. 5.

configure router ospf process-name vrf vrf-name router-id {router-id | type interface-path-id} redistribute bgp process-id [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute connected [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value]

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

41

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

or redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute static [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute eigrp process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute rip [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value]
6. 7. 8.

area area-id interface type interface-path-id end or commit

DETAILED STEPS

Command or Action
Step 1
configure

Purpose Enters global configuration mode.

Example:
RP/0/RSP0/CPU0:router# configure

Step 2

router ospf process-name

Enters OSPF configuration mode allowing you to configure the OSPF routing process.

Example:
RP/0/RSP0/CPU0:router(config)# router ospf 109

Step 3

vrf vrf-name

Configures a VPN routing and forwarding (VRF) instance and enters VRF configuration mode for OSPF routing.

Example:
RP/0/RSP0/CPU0:router(config-ospf)# vrf vrf_1

Step 4

router-id {router-id | type interface-path-id}

Configures the router ID for the OSPF routing process.

Example:
RP/0/RSP0/CPU0:router(config-ospf-vrf)# router-id 172.20.10.10

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

42

OL-24668-01

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Command or Action
Step 5
redistribute bgp process-id [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value]

Purpose Causes routes to be redistributed into OSPF. The routes that can be redistributed into OSPF are:

or
redistribute connected [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value]

Border Gateway Protocol (BGP) Connected Enhanced Interior Gateway Routing Protocol (EIGRP) OSPF Static Routing Information Protocol (RIP)

or
redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value]

or
redistribute static [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value]

or
redistribute eigrp process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]]}[metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value]

or
redistribute rip [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value]

Example:
RP/0/RSP0/CPU0:router(config-ospf-vrf)# redistribute connected

Step 6

area area-id

Configures the OSPF area as area 0.

Example:
RP/0/RSP0/CPU0:router(config-ospf-vrf)# area 0

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

43

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Command or Action
Step 7
interface type interface-path-id

Purpose Associates interface GigabitEthernet 0/3/0/0 with area 0.

Example:
RP/0/RSP0/CPU0:router(config-ospf-vrf-ar)# interface GigabitEthernet 0/3/0/0

Step 8

end

Saves configuration changes.

or
commit

When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:

Example:
RP/0/RSP0/CPU0:router(config-ospf-vrf-ar-if)# end

or
RP/0/RSP0/CPU0:router(config-ospf-vrf-ar-if)# commit

Entering yes saves configuration changes to the

running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and

returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current

configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Configuring EIGRP as the Routing Protocol Between the PE and CE Routers

Perform this task to configure provider edge (PE)-to-customer edge (CE) routing sessions that use Enhanced Interior Gateway Routing Protocol (EIGRP). Using EIGRP between the PE and CE routers allows you to transparently connect EIGRP customer networks through an MPLS-enable Border Gateway Protocol (BGP) core network so that EIGRP routes are redistributed through the VPN across the BGP network as internal BGP (iBGP) routes.

Prerequisites
BGP must configured in the network. See the Implementing BGP on Cisco ASR 9000 Series Routers module in Cisco ASR 9000 Series Aggregation Services Routers Routing Configuration Guide.

Note

You must remove IPv4/IPv6 addresses from an interface prior to assigning, removing, or changing an interface's VRF. If this is not done in advance, any attempt to change the VRF on an IP interface is rejected.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

44

OL-24668-01

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.

configure router eigrp as-number vrf vrf-name address-family ipv4 router-id router-id autonomous-system as-number default-metric bandwidth delay reliability loading mtu redistribute {{bgp | connected | isis | ospf| rip | static} [as-number | instance-name]} [route-policy name] interface type interface-path-id

10. site-of-origin {as-number:number | ip-address:number} 11. end

or commit

DETAILED STEPS

Command or Action
Step 1
configure

Purpose Enters global configuration mode.

Example:
RP/0/RSP0/CPU0:router# configure

Step 2

router eigrp as-number

Enters EIGRP configuration mode allowing you to configure the EIGRP routing process.

Example:
RP/0/RSP0/CPU0:router(config)# router eigrp 24

Step 3

vrf vrf-name

Configures a VPN routing and forwarding (VRF) instance and enters VRF configuration mode for EIGRP routing.

Example:
RP/0/RSP0/CPU0:router(config-eigrp)# vrf vrf_1

Step 4

address-family ipv4

Enters VRF address family configuration mode for the IPv4 address family.

Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf)# address family ipv4

Step 5

router-id router-id

Configures the router ID for the Enhanced Interior Gateway Routing Protocol (EIGRP) routing process.

Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# router-id 172.20.0.0

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

45

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Command or Action
Step 6
autonomous-system as-number

Purpose Configures the EIGRP routing process to run within a VRF.

Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# autonomous-system 6

Step 7

default-metric bandwidth delay reliability loading mtu

Sets the metrics for an EIGRP.

Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# default-metric 100000 4000 200 45 4470

Step 8

redistribute {{bgp | connected | isis | ospf| rip | static} [as-number | instance-name]} [route-policy name]

Causes connected routes to be redistributed into EIGRP.

Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# redistribute connected

Step 9

interface type interface-path-id

Associates interface GigabitEthernet 0/3/0/0 with the EIGRP routing process.

Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# interface GigabitEthernet 0/3/0/0

Step 10

site-of-origin {as-number:number | ip-address:number}

Configures site of origin (SoO) on interface GigabitEthernet 0/3/0/0.

Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)# site-of-origin 201:1

Step 11

end

Saves configuration changes.

or
commit

When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:

Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)# end

or
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)# commit

Entering yes saves configuration changes to the

running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and

returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current

configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

46

OL-24668-01

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Configuring EIGRP Redistribution in the MPLS VPN

Perform this task for every provider edge (PE) router that provides VPN services to enable Enhanced Interior Gateway Routing Protocol (EIGRP) redistribution in the MPLS VPN.

Prerequisites
The metric can be configured in the route-policy configuring using the redistribute command (or configured with the default-metric command). If an external route is received from another EIGRP autonomous system or a non-EIGRP network without a configured metric, the route is not installed in the EIGRP database. If an external route is received from another EIGRP autonomous system or a non-EIGRP network without a configured metric, the route is not advertised to the CE router. See the Implementing EIGRP on Cisco ASR 9000 Series Routers module in the Cisco ASR 9000 Series Aggregation Services Routers Routing Configuration Guide.

Restrictions
Redistribution between native EIGRP VPN routing and forwarding (VRF) instances is not supported. This behavior is designed.

SUMMARY STEPS
1. 2. 3. 4. 5. 6.

configure router eigrp as-number vrf vrf-name address-family ipv4 redistribute bgp [as-number] [route-policy policy-name] end or commit

DETAILED STEPS

Command or Action
Step 1
configure

Purpose Enters global configuration mode.

Example:
RP/0/RSP0/CPU0:router# configure

Step 2

router eigrp as-number

Enters EIGRP configuration mode allowing you to configure the EIGRP routing process.

Example:
RP/0/RSP0/CPU0:router(config)# router eigrp 24

Step 3

vrf vrf-name

Configures a VRF instance and enters VRF configuration mode for EIGRP routing.

Example:
RP/0/RSP0/CPU0:router(config-eigrp)# vrf vrf_1

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

47

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Command or Action
Step 4
address-family ipv4

Purpose Enters VRF address family configuration mode for the IPv4 address family.

Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf)# address family ipv4

Step 5

redistribute bgp [as-number] [route-policy policy-name]

Causes Border Gateway Protocol (BGP) routes to be redistributed into EIGRP.

Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# redistribute bgp 24 route-policy policy_A

Step 6

end

Saves configuration changes.

or
commit

When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:

Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)# end

or
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)# commit

Entering yes saves configuration changes to the

running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and

returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current

configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

48

OL-24668-01

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS VPN Inter-AS with ASBRs Exchanging IPv4 Routes and MPLS Labels
Note

This section is not applicable to Inter-AS over IP tunnels. This section contains instructions for these tasks:

Configuring ASBRs to Exchange IPv4 Routes and MPLS Labels, page VPC-49 Configuring the Route Reflectors to Exchange VPN-IPv4 Routes, page VPC-52 Configuring the Route Reflector to Reflect Remote Routes in its AS, page VPC-55

Configuring ASBRs to Exchange IPv4 Routes and MPLS Labels

Perform this task to configure the autonomous system boundary routers (ASBRs) to exchange IPv4 routes and MPLS labels.

SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.

configure router bgp autonomous-system-number address-family ipv4 unicast allocate-label all neighbor ip-address remote-as autonomous-system-number address-family ipv4 labeled-unicast route-policy route-policy-name in route-policy route-policy-name out or commit

10. end

DETAILED STEPS

Command or Action
Step 1
configure

Purpose Enters global configuration mode.

Example:
RP/0/RSP0/CPU0:router# configure

Step 2

router bgp autonomous-system-number

Enters Border Gateway Protocol (BGP) configuration mode allowing you to configure the BGP routing process.

Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120 RP/0/RSP0/CPU0:router(config-bgp)#

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

49

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Command or Action
Step 3
address-family ipv4 unicast

Purpose Enters global address family configuration mode for the IPv4 unicast address family.

Example:
RP/0/RSP0/CPU0:router(config-bgp)# address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-af)#

Step 4

allocate-label all

Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# allocate-label all

Allocates the MPLS labels for a specific IPv4 unicast or VPN routing and forwarding (VRF) IPv4 unicast routes so that the BGP router can send labels with BGP routes to a neighboring router that is configured for a labeled-unicast session. Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address 172.168.40.24 as a BGP peer.

Step 5

neighbor ip-address

Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# neighbor 172.168.40.24 RP/0/RSP0/CPU0:router(config-bgp-nbr)#

Step 6

remote-as autonomous-system-number

Creates a neighbor and assigns it a remote autonomous system number.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2002

Step 7

address-family ipv4 labeled-unicast

Enters neighbor address family configuration mode for the IPv4 labeled-unicast address family.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family ipv4 labeled-unicast RP/0/RSP0/CPU0:router(config-bgp-nbr-af)

Step 8

route-policy route-policy-name in

Applies a routing policy to updates that are received from a BGP neighbor.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pass-all in

Use the route-policy-name argument to define the name of the of route policy. The example shows that the route policy name is defined as pass-all. Use the in keyword to define the policy for inbound routes.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

50

OL-24668-01

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Command or Action
Step 9
route-policy route-policy-name out

Purpose Applies a routing policy to updates that are sent to a BGP neighbor.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pass-all out

Use the route-policy-name argument to define the name of the of route policy. The example shows that the route policy name is defined as pass-all. Use the out keyword to define the policy for outbound routes. When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:

Step 10
end

Saves configuration changes.

or
commit

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end

or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit

Entering yes saves configuration changes to the

running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and

returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current

configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

51

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Configuring the Route Reflectors to Exchange VPN-IPv4 Routes

Perform this task to enable the route reflectors to exchange VPN-IPv4 routes by using multihop. This task specifies that the next-hop information and the VPN label are to be preserved across the autonomous system.

SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.

configure router bgp autonomous-system-number neighbor ip-address remote-as autonomous-system-number ebgp-multihop [ttl-value] update-source type interface-path-id address-family vpnv4 unicast route-policy route-policy-name in route-policy route-policy-name out

10. next-hop-unchanged 11. end

or commit

DETAILED STEPS

Command or Action
Step 1
configure

Purpose Enters global configuration mode.

Example:
RP/0/RSP0/CPU0:router# configure

Step 2

router bgp autonomous-system-number

Enters Border Gateway Protocol (BGP) configuration mode allowing you to configure the BGP routing process.

Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120 RP/0/RSP0/CPU0:router(config-bgp)#

Step 3

neighbor ip-address

Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor 172.168.40.24 RP/0/RSP0/CPU0:router(config-bgp-nbr)#

Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address 172.168.40.24 as a BGP peer.

Step 4

remote-as autonomous-system-number

Creates a neighbor and assigns it a remote autonomous system number.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2002

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

52

OL-24668-01

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Command or Action
Step 5
ebgp-multihop [ttl-value]

Purpose Enables multihop peerings with external BGP neighbors.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# ebgp-multihop

Step 6

update-source type interface-path-id

Allows BGP sessions to use the primary IP address from a particular interface as the local address.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# update-source loopback0

Step 7

address-family vpnv4 unicast

Configures VPNv4 address family.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family vpnv4 unicast RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#

Step 8

route-policy route-policy-name in

Applies a routing policy to updates that are received from a BGP neighbor.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pass-all in

Use the route-policy-name argument to define the name of the of route policy. The example shows that the route policy name is defined as pass-all. Use the in keyword to define the policy for inbound routes.

Step 9
route-policy route-policy-name out

Applies a routing policy to updates that are sent to a BGP neighbor.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pass-all out

Use the route-policy-name argument to define the name of the of route policy. The example shows that the route policy name is defined as pass-all. Use the out keyword to define the policy for outbound routes.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

53

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Command or Action
Step 10
next-hop-unchanged

Purpose Disables overwriting of the next hop before advertising to external Border Gateway Protocol (eBGP) peers.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# next-hop-unchanged

Step 11

end

Saves configuration changes.

or
commit

When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end

or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit

Entering yes saves configuration changes to the

running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and

returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current

configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

54

OL-24668-01

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Configuring the Route Reflector to Reflect Remote Routes in its AS

Perform this task to enable the route reflector (RR) to reflect the IPv4 routes and labels learned by the autonomous system boundary router (ASBR) to the provider edge (PE) routers in the autonomous system. This task is accomplished by making the ASBR and PE route reflector clients of the RR.

SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.

configure router bgp autonomous-system-number address-family ipv4 unicast allocate-label all neighbor ip-address remote-as autonomous-system-number update-source type interface-path-id address-family ipv4 labeled-unicast route-reflector-client

10. neighbor ip-address 11. remote-as autonomous-system-number 12. update-source type interface-path-id 13. address-family ipv4 labeled-unicast 14. route-reflector-client 15. end

or commit

DETAILED STEPS

Command or Action
Step 1
configure

Purpose Enters global configuration mode.

Example:
RP/0/RSP0/CPU0:router# configure

Step 2

router bgp autonomous-system-number

Enters Border Gateway Protocol (BGP) configuration mode allowing you to configure the BGP routing process.

Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120

Step 3

address-family ipv4 unicast

Enters global address family configuration mode for the IPv4 unicast address family.

Example:
RP/0/RSP0/CPU0:router(config-bgp)# address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-af)#

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

55

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Command or Action
Step 4
allocate-label all

Purpose Allocates the MPLS labels for a specific IPv4 unicast or VPN routing and forwarding (VRF) IPv4 unicast routes so that the BGP router can send labels with BGP routes to a neighboring router that is configured for a labeled-unicast session. Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address 172.168.40.24 as an ASBR eBGP peer.

Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# allocate-label all

Step 5

neighbor ip-address

Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# neighbor 172.168.40.24 RP/0/RSP0/CPU0:router(config-bgp-nbr)#

Step 6

remote-as autonomous-system-number

Creates a neighbor and assigns it a remote autonomous system number.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2002

Step 7

update-source type interface-path-id

Allows BGP sessions to use the primary IP address from a particular interface as the local address.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# update-source loopback0

Step 8

address-family ipv4 labeled-unicast

Enters neighbor address family configuration mode for the IPv4 labeled-unicast address family.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family ipv4 labeled-unicast RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#

Step 9

route-reflector-client

Configures the router as a BGP route reflector and neighbor 172.168.40.24 as its client.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-reflector-client

Step 10

neighbor ip-address

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# neighbor 10.40.25.2 RP/0/RSP0/CPU0:router(config-bgp-nbr)#

Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address 10.40.25.2 as an VPNv4 iBGP peer.

Step 11

remote-as autonomous-system-number

Creates a neighbor and assigns it a remote autonomous system number.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2002

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

56

OL-24668-01

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Command or Action
Step 12
update-source type interface-path-id

Purpose Allows BGP sessions to use the primary IP address from a particular interface as the local address.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# update-source loopback0

Step 13

address-family ipv4 labeled-unicast

Enters neighbor address family configuration mode for the IPv4 labeled-unicast address family.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family ipv4 labeled-unicast RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#

Step 14

route-reflector-client

Configures the neighbor as a route reflector client.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-reflector-client

Step 15

end

Saves configuration changes.

or
commit

When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end

or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit

Entering yes saves configuration changes to the

running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and

returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current

configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

57

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS VPN Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses
This section contains instructions for these tasks:

Configuring the ASBRs to Exchange VPN-IPv4 Addresses, page VPC-58 Configuring EBGP Routing to Exchange VPN Routes Between Subautonomous Systems in a Confederation, page VPC-62 Configuring MPLS Forwarding for ASBR Confederations, page VPC-64 Configuring a Static Route to an ASBR Confederation Peer, page VPC-66

Configuring the ASBRs to Exchange VPN-IPv4 Addresses

Perform this task to configure an external Border Gateway Protocol (eBGP) autonomous system boundary router (ASBR) to exchange VPN-IPv4 routes with another autonomous system.

SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.

configure router bgp autonomous-system-number address-family vpnv4 unicast neighbor ip-address remote-as autonomous-system-number address-family vpnv4 unicast route-policy route-policy-name in route-policy route-policy-name out neighbor ip-address

10. remote-as autonomous-system-number 11. update-source type interface-path-id 12. address-family vpnv4 unicast 13. end

or commit

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

58

OL-24668-01

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

DETAILED STEPS

Command or Action
Step 1
configure

Purpose Enters global configuration mode.

Example:
RP/0/RSP0/CPU0:router# configure

Step 2

router bgp autonomous-system-number

Enters Border Gateway Protocol (BGP) configuration mode allowing you to configure the BGP routing process.

Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120 RP/0/RSP0/CPU0:router(config-bgp)#

Step 3

address-family vpnv4 unicast

Configures VPNv4 address family.

Example:
RP/0/RSP0/CPU0:router(config-bgp)# address-family vpnv4 unicast RP/0/RSP0/CPU0:router(config-bgp-af)#

Step 4

neighbor ip-address

Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# neighbor 172.168.40.24 RP/0/RSP0/CPU0:router(config-bgp-nbr)#

Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address 172.168.40.24 as an ASBR eBGP peer.

Step 5

remote-as autonomous-system-number

Creates a neighbor and assigns it a remote autonomous system number.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2002

Step 6

address-family vpnv4 unicast

Configures VPNv4 address family.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family vpnv4 unicast RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#

Step 7

route-policy route-policy-name in

Applies a routing policy to updates that are received from a BGP neighbor.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pass-all in

Use the route-policy-name argument to define the name of the of route policy. The example shows that the route policy name is defined as pass-all. Use the in keyword to define the policy for inbound routes.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

59

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Command or Action
Step 8
route-policy route-policy-name out

Purpose Applies a routing policy to updates that are sent from a BGP neighbor.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pass-all out

Use the route-policy-name argument to define the name of the of route policy. The example shows that the route policy name is defined as pass-all. Use the out keyword to define the policy for outbound routes.

Step 9
neighbor ip-address

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# neighbor 10.40.25.2 RP/0/RSP0/CPU0:router(config-bgp-nbr)#

Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address 10.40.25.2 as an VPNv4 iBGP peer.

Step 10

remote-as autonomous-system-number

Creates a neighbor and assigns it a remote autonomous system number.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2002

Step 11

update-source type interface-path-id

Allows BGP sessions to use the primary IP address from a particular interface as the local address.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# update-source loopback0

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

60

OL-24668-01

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Command or Action
Step 12
address-family vpnv4 unicast

Purpose Configures VPNv4 address family.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family vpnv4 unicast RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#

Step 13

end

Saves configuration changes.

or
commit

When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end

or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit

Entering yes saves configuration changes to the

running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and

returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current

configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

61

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Configuring EBGP Routing to Exchange VPN Routes Between Subautonomous Systems in a Confederation
Perform this task to configure external Border Gateway Protocol (eBGP) routing to exchange VPN routes between subautonomous systems in a confederation.

Note

To ensure that host routes for VPN-IPv4 eBGP neighbors are propagated (by means of the Interior Gateway Protocol [IGP]) to other routers and PE routers, specify the redistribute connected command in the IGP configuration portion of the confederation eBGP (CEBGP) router. If you are using Open Shortest Path First (OSPF), make sure that the OSPF process is not enabled on the CEBGP interface in which the redistribute connected subnet exists.

SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.

configure router bgp autonomous-system-number bgp confederation peers peer autonomous-system-number bgp confederation identifier autonomous-system-number address-family vpnv4 unicast neighbor ip-address remote-as autonomous-system-number address-family vpnv4 unicast route-policy route-policy-name in

10. route-policy route-policy-name out 11. next-hop-self 12. end

or commit

DETAILED STEPS

Command or Action
Step 1
configure

Purpose Enters global configuration mode.

Example:
RP/0/RSP0/CPU0:router# configure

Step 2

router bgp autonomous-system-number

Enters BGP configuration mode allowing you to configure the BGP routing process.

Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120 RP/0/RSP0/CPU0:router(config-bgp)#

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

62

OL-24668-01

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Command or Action
Step 3
bgp confederation peers peer autonomous-system-number

Purpose Configures the peer autonomous system number that belongs to the confederation.

Example:
RP/0/RSP0/CPU0:router(config-bgp)# bgp confederation peers 8

Step 4

bgp confederation identifier autonomous-system-number

Specifies the autonomous system number for the confederation ID.

Example:
RP/0/RSP0/CPU0:router(config-bgp)# bgp confederation identifier 5

Step 5

address-family vpnv4 unicast

Configures VPNv4 address family.

Example:
RP/0/RSP0/CPU0:router(config-bgp)# address-family vpnv4 unicast RP/0/RSP0/CPU0:router(config-bgp-af)#

Step 6

neighbor ip-address

Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# neighbor 10.168.40.24 RP/0/RSP0/CPU0:router(config-bgp-nbr)#

Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address 10.168.40.24 as a BGP peer.

Step 7

remote-as autonomous-system-number

Creates a neighbor and assigns it a remote autonomous system number.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2002

Step 8

address-family vpnv4 unicast

Configures VPNv4 address family.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family vpnv4 unicast RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#

Step 9

route-policy route-policy-name in

Applies a routing policy to updates received from a BGP neighbor.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy In-Ipv4 in

Step 10

route-policy route-policy-name out

Applies a routing policy to updates advertised to a BGP neighbor.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy Out-Ipv4 out

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

63

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Command or Action
Step 11
next-hop-self

Purpose Disables next-hop calculation and let you insert your own address in the next-hop field of BGP updates.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# next-hop-self

Step 12

end

Saves configuration changes.

or
commit

When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end

or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit

Entering yes saves configuration changes to the

running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and

returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current

configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Configuring MPLS Forwarding for ASBR Confederations

Perform this task to configure MPLS forwarding for autonomous system boundary router (ASBR) confederations (in BGP) on a specified interface.

Note

This configuration adds the implicit NULL rewrite corresponding to the peer associated with the interface, which is required to prevent BGP from automatically installing rewrites by LDP (in multihop instances).

SUMMARY STEPS
1. 2. 3. 4. 5.

configure router bgp as-number mpls activate interface type interface-path-id end or commit

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

64

OL-24668-01

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

DETAILED STEPS

Command or Action
Step 1
configure

Purpose Enters global configuration mode.

Example:
RP/0/RSP0/CPU0:router# configure

Step 2

router bgp as-number

Enters BGP configuration mode allowing you to configure the BGP routing process.

Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120 RP/0/RSP0/CPU0:router(config-bgp)

Step 3

mpls activate

Enters BGP MPLS activate configuration mode.

Example:
RP/0/RSP0/CPU0:router(config-bgp)# mpls activate RP/0/RSP0/CPU0:router(config-bgp-mpls)#

Step 4

interface type interface-path-id

Enables MPLS on the interface.

Example:
RP/0/RSP0/CPU0:router(config-bgp-mpls)# interface GigabitEthernet 0/3/0/0

Step 5

end

Saves configuration changes.

or
commit

When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:

Example:
RP/0/RSP0/CPU0:router(config-bgp-mpls)# end

or
RP/0/RSP0/CPU0:router(config-bgp-mpls)# commit

Entering yes saves configuration changes to

the running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session

and returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the

current configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

65

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Configuring a Static Route to an ASBR Confederation Peer

Perform this task to configure a static route to an Inter-AS confederation peer. For more detailed information, see Configuring a Static Route to a Peer section on page MPC-76.

SUMMARY STEPS
1. 2. 3. 4. 5.

configure router static address-family ipv4 unicast A.B.C.D/length next-hop end or commit

DETAILED STEPS

Command or Action
Step 1
configure

Purpose Enters global configuration mode.

Example:
RP/0/RSP0/CPU0:router# configure

Step 2

router static

Enters router static configuration mode.

Example:
RP/0/RSP0/CPU0:router(config)# router static RP/0/RSP0/CPU0:router(config-static)#

Step 3

address-family ipv4 unicast

Enables an IPv4 address family.

Example:
RP/0/RSP0/CPU0:router(config-static)# address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-static-afi)#

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

66

OL-24668-01

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Command or Action
Step 4
A.B.C.D/length next-hop

Purpose Enters the address of the destination router (including IPv4 subnet mask).

Example:
RP/0/RSP0/CPU0:router(config-static-afi)# 10.10.10.10/32 10.9.9.9

Step 5

end

Saves configuration changes.

or
commit

When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:

Example:
RP/0/RSP0/CPU0:router(config-static-afi)# end

or
RP/0/RSP0/CPU0:router(config-static-afi)# commit

Entering yes saves configuration changes to the

running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and

returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current

configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

67

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Configuring Carrier Supporting Carrier

Perform the tasks in this section to configure Carrier Supporting Carrier (CSC):

Identifying the Carrier Supporting Carrier Topology, page VPC-68 Configuring the Backbone Carrier Core, page VPC-69 Configuring the CSC-PE and CSC-CE Routers, page VPC-69 Configuring a Static Route to a Peer, page VPC-76

Identifying the Carrier Supporting Carrier Topology

Before you configure the MPLS VPN CSC with BGP, you must identify both the backbone and customer carrier topology.

Note

You can connect multiple CSC-CE routers to the same PE, or you can connect a single CSC-CE router to multiple CSC-PEs using more than one CSC-CE interface to provide redundancy and multiple path support in a CSC topology. Perform this task to identify the carrier supporting carrier topology.

SUMMARY STEPS
1. 2. 3. 4. 5.

Identify the type of customer carrier, ISP, or MPLS VPN service provider. Identify the CE routers. Identify the customer carrier core router configuration. Identify the customer carrier edge (CSC-CE) routers. Identify the backbone carrier router configuration.

DETAILED STEPS

Command or Action
Step 1 Step 2 Step 3

Purpose Sets up requirements for configuration of carrier supporting carrier network. Sets up requirements for configuration of CE to PE connections.

Identify the type of customer carrier, ISP, or MPLS VPN service provider. Identify the CE routers.

Identify the customer carrier core router configuration. Sets up requirements for configuration between core (P) routers and between P routers and edge routers (PE and CSC-CE routers). Identify the customer carrier edge (CSC-CE) routers. Identify the backbone carrier router configuration. Sets up requirements for configuration of CSC-CE to CSC-PE connections. Sets up requirements for configuration between CSC core routers and between CSC core routers and edge routers (CSC-CE and CSC-PE routers).

Step 4 Step 5

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

68

OL-24668-01

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Configuring the Backbone Carrier Core

Configuring the backbone carrier core requires setting up connectivity and routing functions for the CSC core and the CSC-PE routers. To do so, you must complete these high-level tasks:

Verify IP connectivity in the CSC core. Verify LDP configuration in the CSC core.

Note

This task is not applicable to CSC over IP tunnels.

Configure VRFs for CSC-PE routers. Configure multiprotocol BGP for VPN connectivity in the backbone carrier.

Configuring the CSC-PE and CSC-CE Routers

Perform these tasks to configure links between a CSC-PE router and the carrier CSC-CE router for an MPLS VPN CSC network that uses BGP to distribute routes and MPLS labels:

Configuring a CSC-PE Configuring a CSC-CE

Figure 6 shows the configuration for the peering with directly connected interfaces between CSC-PE and CSC-CE routers. This configuration is used as the example in the tasks that follow.
Figure 6 Configuration for Peering with Directly Connected Interfaces Between CSC-PE and CSC-CE Routers

CSC-CE

CSC-PE

Configuring a CSC-PE
Perform this task to configure a CSC-PE.

SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.

configure router bgp as-number address-family vpnv4 unicast neighbor A.B.C.D remote-as as-number update-source type interface-path-id address-family vpnv4 unicast vrf vrf-name rd {as-number:nn | ip-address:nn | auto}

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

121190

e1/0 10.0.0.1

e1/0 10.0.0.2

69

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

10. address-family ipv4 unicast 11. allocate-label all 12. neighbor A.B.C.D 13. remote-as as-number 14. address-family ipv4 labeled-unicast 15. route-policy route-policy-name in 16. route-policy route-policy-name out 17. end

or commit

DETAILED STEPS

Command or Action
Step 1
configure

Purpose Enters global configuration mode.

Example:
RP/0/RSP0/CPU0:router# configure

Step 2

router bgp as-number

Configures a BGP routing process and enters router configuration mode.

Example:
RP/0/RSP0/CPU0:router(config)# router bgp 2 RP/0/RSP0/CPU0:router(config-bgp)#

Range for 2-byte numbers is 1 to 65535. Range for 4-byte numbers is 1.0 to 65535.65535.

Step 3

address-family vpnv4 unicast

Configures VPNv4 address family.

Example:
RP/0/RSP0/CPU0:router(config-bgp)# address-family vpnv4 unicast RP/0/RSP0/CPU0:router(config-bgp-af)#

Step 4

neighbor A.B.C.D

Configures the IP address for the BGP neighbor.

Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# neighbor 10.10.10.0 RP/0/RSP0/CPU0:router(config-bgp-nbr)#

Step 5

remote-as as-number

Configures the AS number for the BGP neighbor.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 888

Step 6

update-source type interface-path-id

Allows BGP sessions to use the primary IP address from a particular interface as the local address.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# update-source loopback0

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

70

OL-24668-01

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Command or Action
Step 7
address-family vpnv4 unicast

Purpose Configures VPNv4 unicast address family.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family vpnv4 unicast RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#

Step 8

vrf vrf-name

Configures a VRF instance.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# vrf 9999 RP/0/RSP0/CPU0:router(config-bgp-vrf)#

Step 9

rd {as-number:nn | ip-address:nn | auto}

Configures a route distinguisher.

Note

Example:
RP/0/RSP0/CPU0:router(onfig-bgp-vrf)# rd auto

Use the auto keyword to automatically assign a unique route distinguisher.

Step 10

address-family ipv4 unicast

Configures IPv4 unicast address family.

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)# address-family ipv4 unicast RP/0/RSP0/CPU0:router(config-bgp-vrf-af)#

Step 11

allocate-label all

Allocate labels for all local prefixes and prefixes received with labels.

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# allocate-label all

Step 12

neighbor A.B.C.D

Configures the IP address for the BGP neighbor.

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# neighbor 10.10.10.0 RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)#

Step 13

remote-as as-number

Enables the exchange of information with a neighboring BGP router.

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# remote-as 888

Step 14

address-family ipv4 labeled-unicast

Configures IPv4 labeled-unicast address family.

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# address-family ipv4 labeled-unicast RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

71

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Command or Action
Step 15
route-policy route-policy-name in

Purpose Applies the pass-all policy to all inbound routes.

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# route-policy pass-all in

Step 16

route-policy route-policy-name out

Applies the pass-all policy to all outbound routes.

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# route-policy pass-all out

Step 17

end

Saves configuration changes.

or
commit

When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:

Example:
RP/0/RSP0/CPU0:router(cconfig-bgp-vrf-nbr-af)# end

or
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# commit

Entering yes saves configuration changes to the

running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and

returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current

configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

72

OL-24668-01

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Configuring a CSC-CE
Perform this task to configure a CSC-CE.

SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.

configure router bgp as-number address-family ipv4 unicast redistribute ospf instance-number allocate-label route-policy route-policy-name exit neighbor A.B.C.D remote-as as-number address-family ipv4 labeled-unicast

10. route-policy route-policy-name in 11. route-policy route-policy-name out 12. end

or commit

DETAILED STEPS

Command or Action
Step 1
configure

Purpose Enters global configuration mode.

Example:
RP/0/RSP0/CPU0:router# configure

Step 2

router bgp as-number

Configures a BGP routing process and enters router configuration mode.

Example:
RP/0/RSP0/CPU0:router(config)# router bgp 1

Range for 2-byte numbers is 1 to 65535. Range for 4-byte numbers is 1.0 to 65535.65535.

Step 3

address-family ipv4 unicast

Configures IPv4 unicast address-family.

Example:
RP/0/RSP0/CPU0:router(config-bgp)# address-family ipv4 unicast

Step 4

redistribute ospf instance-number

Redistributes OSPF routes into BGP.

Example:
RP/0/RSP0/CPU0:router(config-router-af)# redistribute ospf 1

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

73

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Command or Action
Step 5
allocate-label route-policy route-policy-name

Purpose Allocates labels for those routes that match the route policy. These labeled routes are advertised to neighbors configured with address-family ipv4 labeled-unicast.

Example:
RP/0/RSP0/CPU0:router(config-router-af)# allocate-label route-policy internal-routes

Step 6

exit

Exits the current configuration mode.

Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# exit

Step 7

neighbor A.B.C.D

Configures the IP address for the BGP neighbor.

Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor 10.0.0.1

Step 8

remote-as as-number

Enables the exchange of information with a neighboring BGP router.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 1

Step 9

address-family ipv4 labeled-unicast

Configures IPv4 labeled-unicast address family.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family ipv4 labeled-unicast RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#

Step 10

route-policy route-policy-name in

Applies the route-policy to all inbound routes.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pass-all in

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

74

OL-24668-01

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Command or Action
Step 11
route-policy route-policy-name out

Purpose Applies the route-policy to all outbound routes.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pass-all out

Step 12

end

Saves configuration changes.

or
commit

When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:

Example:
RP/0/RSP0/CPU0:router(config-bgp)# end

or
RP/0/RSP0/CPU0:router(config-bgp)# commit

Entering yes saves configuration changes to the

running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and

returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current

configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

75

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Configuring a Static Route to a Peer

Perform this task to configure a static route to an Inter-AS or CSC-CE peer. When you configure an Inter-AS or CSC peer, BGP allocates a label for a /32 route to that peer and performs a NULL label rewrite. When forwarding a labeled packet to the peer, the router removes the top label from the label stack; however, in such an instance, BGP expects a /32 route to the peer. This task ensures that there is, in fact, a /32 route to the peer. Please be aware of these facts before performing this task:

A /32 route is not required to establish BGP peering. A route using a shorter prefix length will also work. A shorter prefix length route is not associated with the allocated label; even though the BGP session comes up between the peers, without the static route, forwarding will not work.

Note

To configure a static route on a CSC-PE, you must configure the router under the VRF (as noted in the detailed steps).

SUMMARY STEPS
1. 2. 3. 4. 5.

configure router static address-family ipv4 unicast A.B.C.D/length next-hop end or commit

DETAILED STEPS

Command or Action
Step 1
configure

Purpose Enters global configuration mode.

Example:
RP/0/RSP0/CPU0:router(config)# configure

Step 2

router static

Enters router static configuration mode.

Example:
RP/0/RSP0/CPU0:router(config)# router static

Step 3

address-family ipv4 unicast

Enables an IPv4 address family.

Note

Example:
RP/0/RSP0/CPU0:router(config-static)# address-family ipv4 unicast

To configure a static route on a CSC-PE, you must first configure the VRF using the vrf command before address-family.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

76

OL-24668-01

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Command or Action
Step 4
A.B.C.D/length next-hop

Purpose Enters the address of the destination router (including IPv4 subnet mask).

Example:
RP/0/RSP0/CPU0:router(config-static-afi)# 10.10.10.10/32 10.9.9.9

Step 5

end

Saves configuration changes.

or
commit

When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:

Example:
RP/0/RSP0/CPU0:router(config-static-af)# end

or
RP/0/RSP0/CPU0:router(config-static-af)# commit

Entering yes saves configuration changes to the

running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and

returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current

configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

77

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Verifying the MPLS Layer 3 VPN Configuration

Perform this task to verify the MPLS Layer 3 VPN configuration.

SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.

show running-config router bgp as-number vrf vrf-name show running-config routes show ospf vrf vrf-name database show running-config router bgp as-number vrf vrf-name neighbor ip-address show bgp vrf vrf-name summary show bgp vrf vrf-name neighbors ip-address show bgp vrf vrf-name show route vrf vrf-name ip-address show bgp vpn unicast summary

10. show running-config router isis 11. show running-config mpls 12. show isis adjacency 13. show mpls ldp forwarding 14. show bgp vpnv4 unicast

show bgp vrf vrf-name

15. show bgp vrf vrf-name imported-routes 16. show route vrf vrf-name ip-address 17. show cef vrf vrf-name ip-address 18. show cef vrf vrf-name ip-address location node-id 19. show bgp vrf vrf-name ip-address 20. show ospf vrf vrf-name database

DETAILED STEPS

Command or Action
Step 1
show running-config router bgp as-number vrf vrf-name

Purpose Displays the specified VPN routing and forwarding (VRF) content of the currently running configuration.

Example:
RP/0/RSP0/CPU0:router# show running-config router bgp 3 vrf vrf_A

Step 2

show running-config routes

Displays the Open Shortest Path First (OSPF) routes table in the currently running configuration.

Example:
RP/0/RSP0/CPU0:router# show running-config routes

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

78

OL-24668-01

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Command or Action
Step 3
show ospf vrf vrf-name database

Purpose Displays lists of information related to the OSPF database for a specified VRF.

Example:
RP/0/RSP0/CPU0:router# show ospf vrf vrf_A database

Step 4

show running-config router bgp as-number vrf vrf-name neighbor ip-address

Displays the Border Gateway Protocol (BGP) VRF neighbor content of the currently running configuration.

Example:
RP/0/RSP0/CPU0:router# show running-config router bgp 3 vrf vrf_A neighbor 172.168.40.24

Step 5

show bgp vrf vrf-name summary

Displays the status of the specified BGP VRF connections.

Example:
RP/0/RSP0/CPU0:router# show bgp vrf vrf_A summary

Step 6

show bgp vrf vrf-name neighbors ip-address

Displays information about BGP VRF connections to the specified neighbors.

Example:
RP/0/RSP0/CPU0:router# show bgp vrf vrf_A neighbors 172.168.40.24

Step 7

show bgp vrf vrf-name

Displays information about a specified BGP VRF.

Example:
RP/0/RSP0/CPU0:router# show bgp vrf vrf_A

Step 8

show route vrf vrf-name ip-address

Displays the current routes in the Routing Information Base (RIB) for a specified VRF.

Example:
RP/0/RSP0/CPU0:router# show route vrf vrf_A 10.0.0.0

Step 9

show bgp vpn unicast summary

Displays the status of all BGP VPN unicast connections.

Example:
RP/0/RSP0/CPU0:router# show bgp vpn unicast summary

Step 10

show running-config router isis

Displays the Intermediate System-to-Intermediate System (IS-IS) content of the currently running configuration.

Example:
RP/0/RSP0/CPU0:router# show running-config router isis

Step 11

show running-config mpls

Displays the MPLS content of the currently running-configuration.

Example:
RP/0/RSP0/CPU0:router# show running-config mpls

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

79

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Command or Action
Step 12
show isis adjacency

Purpose Displays IS-IS adjacency information.

Example:
RP/0/RSP0/CPU0:router# show isis adjacency

Step 13

show mpls ldp forwarding

Displays the Label Distribution Protocol (LDP) forwarding state installed in MPLS forwarding.

Example:
RP/0/RSP0/CPU0:router# show mpls ldp forwarding

Step 14

show bgp vpnv4 unicast Example: RP/0/RSP0/CPU0:router# show bgp vpnv4 unicast

Displays entries in the BGP routing table for VPNv4 unicast addresses.

Step 15

show bgp vrf vrf-name

Displays entries in the BGP routing table for VRF vrf_A.

Example:
RP/0/RSP0/CPU0:router# show bgp vrf vrf_A

Step 16

show bgp vrf vrf-name imported-routes

Displays BGP information for routes imported into specified VRF instances.

Example:
RP/0/RSP0/CPU0:router# show bgp vrf vrf_A imported-routes

Step 17

show route vrf vrf-name ip-address

Displays the current specified VRF routes in the RIB.

Example:
RP/0/RSP0/CPU0:router# show route vrf vrf_A 10.0.0.0

Step 18

show cef vrf vrf-name ip-address

Displays the IPv4 Cisco Express Forwarding (CEF) table for a specified VRF.

Example:
RP/0/RSP0/CPU0:router# show cef vrf vrf_A 10.0.0.1

Step 19

show cef vrf vrf-name ip-address location node-id

Displays the IPv4 CEF table for a specified VRF and location.

Example:
RP/0/RSP0/CPU0:router# show cef vrf vrf_A 10.0.0.1 location 0/1/cpu0

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

80

OL-24668-01

Implementing MPLS Layer 3 VPNs How to Implement MPLS Layer 3 VPNs

Command or Action
Step 20
show bgp vrf vrf-name ip-address

Purpose Displays entries in the BGP routing table for VRF vrf_A.

Example:
RP/0/RSP0/CPU0:router# show bgp vrf vrf_A 10.0.0.0

Step 21

show ospf vrf vrf-name database

Displays lists of information related to the OSPF database for a specified VRF.

Example:
RP/0/RSP0/CPU0:router# show ospf vrf vrf_A database

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

81

Implementing MPLS Layer 3 VPNs Configuration Examples for Implementing MPLS Layer 3 VPNs

Configuration Examples for Implementing MPLS Layer 3 VPNs

This section provides these sample configurations for MPLS L3VPN features:

Configuring an MPLS VPN Using BGP: Example, page VPC-82 Configuring the Routing Information Protocol on the PE Router: Example, page VPC-83 Configuring the PE Router Using EIGRP: Example, page VPC-83 Configuration Examples for MPLS VPN CSC, page VPC-84

Configuring an MPLS VPN Using BGP: Example

This example shows the configuration for an MPLS VPN using BGP on vrf vpn1:
address-family ipv4 unicast import route-target 100:1 ! export route-target 100:1 ! ! ! route-policy pass-all pass end-policy ! interface Loopback0 ipv4 address 10.0.0.1 255.255.255.255 ! interface gigabitEthernet 0/1/0/0 vrf vpn1 ipv4 address 10.0.0.2 255.0.0.0 ! interface gigabitEthernet 0/1/0/1 ipv4 address 10.0.0.1 255.0.0.0 ! router ospf 100 area 100 interface loopback0 interface gigabitEthernet 0/1/0/1 ! ! router bgp 100 address-family vpnv4 unicast neighbor 10.0.0.3 remote-as 100 update-source Loopback0 address-family vpnv4 unicast ! vrf vpn1 rd 100:1 address-family ipv4 unicast redistribute connected ! neighbor 10.0.0.1 remote-as 200 address-family ipv4 unicast as-override route-policy pass-all in

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

82

OL-24668-01

Implementing MPLS Layer 3 VPNs Configuration Examples for Implementing MPLS Layer 3 VPNs

route-policy pass-all out ! advertisement-interval 5 ! ! ! mpls ldp route-id looback0 interface gigabitEthernet 0/1/0/1 !

Configuring the Routing Information Protocol on the PE Router: Example

This example shows the configuration for the RIP on the PE router:
vrf vpn1 address-family ipv4 unicast import route-target 100:1 ! export route-target 100:1 ! ! ! route-policy pass-all pass end-policy ! interface gigabitEthernet 0/1/0/0 vrf vpn1 ipv4 address 10.0.0.2 255.0.0.0 ! router rip vrf vpn1 interface GigabitEthernet0/1/0/0 ! timers basic 30 90 90 120 redistribute bgp 100 default-metric 3 route-policy pass-all in !

Configuring the PE Router Using EIGRP: Example

This example shows the configuration for the Enhanced Interior Gateway Routing Protocol (EIGRP) on the PE router:
Router eigrp 10 vrf VRF1 address-family ipv4 router-id 10.1.1.2 default-metric 100000 2000 255 1 1500 as 62 redistribute bgp 2000 interface Loopback0 ! interface GigabitEthernet0/6/0/0

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

83

Implementing MPLS Layer 3 VPNs Configuration Examples for Implementing MPLS Layer 3 VPNs

Configuration Examples for MPLS VPN CSC

Configuration examples for the MPLS VPN CSC include:

Configuring the Backbone Carrier Core: Examples, page VPC-84 Configuring the Links Between CSC-PE and CSC-CE Routers: Examples, page VPC-84 Configuring a Static Route to a Peer: Example, page VPC-85

Configuring the Backbone Carrier Core: Examples

Configuration examples for the backbone carrier core included in this section are as follows:

Configuring VRFs for CSC-PE Routers: Example, page VPC-84 Configuring the Links Between CSC-PE and CSC-CE Routers: Examples, page VPC-84

Configuring VRFs for CSC-PE Routers: Example

This example shows how to configure a VPN routing and forwarding instance (VRF) for a CSC-PE router:
config vrf vpn1 address-family ipv4 unicast import route-target 100:1 export route-target 100:1 end

Configuring the Links Between CSC-PE and CSC-CE Routers: Examples

This section contains these examples:

Configuring a CSC-PE: Example, page VPC-84 Configuring a CSC-CE: Example, page VPC-85

Configuring a CSC-PE: Example

In this example, a CSC-PE router peers with a PE router, 10.1.0.2, in its own AS. It also has a labeled unicast peering with a CSC-CE router, 10.0.0.1.
config router bgp 2 address-family vpnv4 unicast neighbor 10.1.0.2 remote-as 2 update-source loopback0 address-family vpnv4 unicast vrf customer-carrier rd 1:100 address-family ipv4 unicast allocate-label all redistribute static neighbor 10.0.0.1 remote-as 1 address-family ipv4 labeled-unicast route-policy pass-all in route-policy pass-all out as-override

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

84

OL-24668-01

Implementing MPLS Layer 3 VPNs Configuration Examples for Implementing MPLS Layer 3 VPNs

end

Configuring a CSC-CE: Example

This example shows how to configure a CSC-CE router. In this example, the CSC-CE router peers CSC-PE router 10.0.0.2 in AS 2.
config router bgp 1 address-family ipv4 unicast redistribute ospf 200 allocate-label all neighbor 10.0.0.2 remote-as 2 address-family ipv4 labeled-unicast route-policy pass-all in route-policy pass-all out end

Configuring a Static Route to a Peer: Example

This example shows how to configure a static route to an Inter-AS or CSC-CE peer:
config router static address-family ipv4 unicast 10.0.0.2/32 40.1.1.1 end

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

85

Implementing MPLS Layer 3 VPNs Additional References

Additional References
For additional information, refer to these documents:

Related Documents
Related Topic Cisco ASR 9000 Series Router L2VPN commands Document Title MPLS Virtual Private Network Commands on Cisco ASR 9000 Series Routers module in the Cisco ASR 9000 Series Aggregation Services Router MPLS Command Reference Cisco ASR 9000 Series Aggregation Services Router Routing Command Reference

Routing (BGP, EIGRP, OSPF, and RIP) commands: complete command syntax, command modes, command history, defaults, usage guidelines, and examples Routing (BGP, EIGRP, OSPF, and RIP) configuration MPLS LDP configuration: configuration concepts, task, and examples MPLS Traffic Engineering Resource Reservation Protocol configuration: configuration concepts, task, and examples Getting started material

Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide Implementing MPLS Label Distribution Protocol on Cisco ASR 9000 Series Routers module in this document. Implementing RSVP for MPLS-TE on Cisco ASR 9000 Series Routers module in this document. Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide

Standards
Standards Title

No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.

MIBs
MIBs MIBs Link To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at this URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

86

OL-24668-01

Implementing MPLS Layer 3 VPNs Additional References

RFCs
RFCs RFC 1700 RFC 1918 RFC 1966 RFC 2283 RFC 2547 RFC 2842 RFC 2858 RFC 3107 Title Assigned Numbers Address Allocation for Private Internets BGP Route Reflectors: An Alternative to Full Mesh iBGP Multiprotocol Extensions for BGP-4 BGP/MPLS VPNs Capabilities Advertisement with BGP-4 Multiprotocol Extensions for BGP-4 Carrying Label Information in BGP-4

Technical Assistance
Description Link

The Cisco Technical Support website contains http://www.cisco.com/techsupport thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

87

Implementing MPLS Layer 3 VPNs Additional References

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

88

OL-24668-01

Implementing IPv6 VPN Provider Edge Transport over MPLS

This module describes how to implement IPv6 VPN Provider Edge Transport over MPLS on Cisco ASR 9000 Series Aggregation Services Routers. IPv6 VPN Provider Edge (6PE/VPE) uses the existing MPLS IPv4 core infrastructure for IPv6 transport. 6PE/VPE enables IPv6 sites to communicate with each other over an MPLS IPv4 core network using MPLS label switched paths (LSPs). This feature relies heavily on multiprotocol Border Gateway Protocol (BGP) extensions in the IPv4 network configuration on the provider edge (PE) router to exchange IPv6 reachability information (in addition to an MPLS label) for each IPv6 address prefix. Edge routers are configured as dual-stack, running both IPv4 and IPv6, and use the IPv4 mapped IPv6 address for IPv6 prefix reachability exchange. For detailed information about the commands used to configure L2TP functionality, see the Cisco ASR 9000 Aggregation Services Router Routing Command Reference.
Feature History for Implementing 6PE on Cisco ASR 9000 Series Routers
Release Modification

Release 3.9.1 Release 4.0.0

This feature was introduced. Support was added for the 6PE and 6VPE features for IPv6 L3VPN on A9K-SIP-700. Support was added for the BGP per VRF/CE label allocation for 6PE feature. Support for the Open Shortest Path First version 3 (OSPFv3) IPv6 VPN Provider Edge (6VPE) feature was added.

Release 4.1.0

Contents

Prerequisites for Implementing 6PE/VPE, page VPC-90 Information About 6PE/VPE, page VPC-90 How to Implement 6PE/VPE, page VPC-93 Configuration Examples for 6PE, page VPC-106 Additional References, page VPC-108

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

89

Implementing IPv6 VPN Provider Edge Transport over MPLS Prerequisites for Implementing 6PE/VPE

Prerequisites for Implementing 6PE/VPE

These prerequisites are required to implement 6PE:

You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Familiarity with MPLS and BGP4 configuration and troubleshooting.

Information About 6PE/VPE

To configure the 6PE feature, you should understand the concepts that are described in these sections:

Overview of 6PE/VPE, page VPC-90 Benefits of 6PE/VPE, page VPC-91 Deploying IPv6 over MPLS Backbones, page VPC-91 IPv6 on the Provider Edge and Customer Edge Routers, page VPC-91 IPv6 Provider Edge Multipath, page VPC-92 OSPFv3 6VPE, page VPC-92

Overview of 6PE/VPE
Multiple techniques are available to integrate IPv6 services over service provider core backbones:

Dedicated IPv6 network running over various data link layers Dual-stack IPv4-IPv6 backbone Existing MPLS backbone leverage

These solutions are deployed on service providers backbones when the amount of IPv6 traffic and the revenue generated are in line with the necessary investments and the agreed-upon risks. Conditions are favorable for the introduction of native IPv6 services, from the edge, in a scalable way, without any IPv6 addressing restrictions and without putting a well-controlled IPv4 backbone in jeopardy. Backbone stability is essential for service providers that have recently stabilized their IPv4 infrastructure. Service providers running an MPLS/IPv4 infrastructure follow similar trends because several integration scenarios that offer IPv6 services on an MPLS network are possible. Cisco Systems has specially developed Cisco 6PE or IPv6 Provider Edge Router over MPLS, to meet all those requirements. Inter-AS support for 6PE requires support of Border Gateway Protocol (BGP) to enable address families and to allocate and distribute PE and ASBR labels.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

90

OL-24668-01

Implementing IPv6 VPN Provider Edge Transport over MPLS Information About 6PE/VPE

Benefits of 6PE/VPE
Service providers who currently deploy MPLS experience these benefits of Cisco 6PE:

Minimal operational cost and riskNo impact on existing IPv4 and MPLS services. Only provider edge routers upgradeA 6PE/VPE router can be an existing PE router or a new one dedicated to IPv6 traffic. No impact on IPv6 customer edge routersThe ISP can connect to any customer CE running Static, IGP or EGP. Production services readyAn ISP can delegate IPv6 prefixes. IPv6 introduction into an existing MPLS service6PE/VPE routers can be added at any time.

Deploying IPv6 over MPLS Backbones

Backbones enabled by 6PE (IPv6 over MPLS) allow IPv6 domains to communicate with each other over an MPLS IPv4 core network. This implementation requires no backbone infrastructure upgrades and no reconfiguration of core routers because forwarding is based on labels instead of the IP header itself. This provides a very cost-effective strategy for IPv6 deployment. Additionally, the inherent virtual private network (VPN) and traffic engineering (TE) services available within an MPLS environment allow IPv6 networks to be combined into VPNs or extranets over an infrastructure that supports IPv4 VPNs and MPLS-TE.

IPv6 on the Provider Edge and Customer Edge Routers

Service Provider Edge Routers
6PE is particularly applicable to service providers who currently run an MPLS network. One of its advantages is that there is no need to upgrade the hardware, software, or configuration of the core network, and it eliminates the impact on the operations and the revenues generated by existing IPv4 traffic. MPLS is used by many service providers to deliver services to customers. MPLS as a multiservice infrastructure technology is able to provide layer 3 VPN, QoS, traffic engineering, fast re-routing and integration of ATM and IP switching.

Customer Edge Routers

Using tunnels on the CE routers is the simplest way to deploy IPv6 over MPLS networks. It has no impact on the operation or infrastructure of MPLS, and requires no changes to the P routers in the core or to the PE routers. However, tunnel meshing is required as the number of CEs to connect increases, and it becomes difficult to delegate a global IPv6 prefix for an ISP. Figure 7 illustrates the network architecture using tunnels on the CE routers.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

91

Implementing IPv6 VPN Provider Edge Transport over MPLS Information About 6PE/VPE

Figure 7

IPv6 Using Tunnels on the CE Routers

Dual stack IPv4-IPv6 CE routers

Dual stack IPv4-IPv6 CE routers

IPv6 over IPv4 tunnels

v6 IPv6 PE v4 IPv4 PE OC-48/192 IPv6 P P v6 IPv6 v6

v6 IPv6 PE P P PE IPv4

v4

v4 IPv4
210608

IPv6 Provider Edge Multipath

Internal and external BGP multipath for IPv6 allows the IPv6 router to balance load between several paths (for example, the same neighboring autonomous system (AS) or sub-AS, or the same metrics) to reach its destination. The 6PE multipath feature uses multiprotocol internal BGP (MP-IBGP) to distribute IPv6 routes over the MPLS IPv4 core network and to attach an MPLS label to each route. When MP-IBGP multipath is enabled on the 6PE router, all labeled paths are installed in the forwarding table with available MPLS information (label stack). This functionality enables 6PE to perform load balancing.

OSPFv3 6VPE
The Open Shortest Path First version 3 (OSPFv3) IPv6 VPN Provider Edge (6VPE) feature adds VPN routing and forwarding (VRF) and provider edge-to-customer edge(PE-CE) routing support to Cisco IOS XR OSPFv3 implementation. This feature allows:

Multiple VRF support per OSPFv3 routing process OSPFV3 PE-CE extensions

Multiple VRF Support

OSPFv3 supports multiple VRFs in a single routing process that allows scaling to tens and hundreds of VRFs without consuming too much route processor (RP) resources.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

92

OL-24668-01

Implementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE

Multiple OSPFv3 processes can be configured on a single router. In large-scale VRF deployments, this allows partition VRF processing across multiple RPs. It is also used to isolate default routing table or high impact VRFs from the regular VRFs. It is recommended to use a single process for all the VRFs. If needed, a second OSPFv3 process must be configured for IPv6 routing.

Note

The maximum of four OSPFv3 processes are supported.

OSPFv3 PE-CE Extensions

IPv6 protocol is being vastly deployed in today's customer networks. Service Providers (SPs) need to be able to offer Virtual Private Network (VPN) services to their customers for supporting IPv6 protocol, in addition to the already offered VPN services for IPv4 protocol. In order to support IPv6, routing protocols require additional extensions for operating in the VPN environment. Extensions to OSPFv3 are required in order for OSPFv3 to operate at the PE-CE links.

VRF Lite
VRF lite feature enables VRF deployment without BGP or MPLS based backbone. In VRF lite, the PE routers are directly connected using VRF interfaces. For OSPFv3, the following needs to operate differently in the VRF lite scenario, as opposed to the deployment with BGP or MPLS backbone:

DN bit processingIn VRF lite environment, the DN bit processing is disabled. ABR statusIn VRF context (except default VRF), OSPFv3 router is automatically set as an ABR, regardless to its connectivity to area 0. This automatic ABR status setting is disabled in the VRF lite environment.

Note

To enable VRF Lite, issue the capability vrf-lite command in the OSPFv3 VRF configuration submode.

How to Implement 6PE/VPE

This section includes these implementation procedures:

Configuring 6PE/VPE, page VPC-93 Configuring PE to PE Core, page VPC-95 Configuring PE to CE Core, page VPC-99 Configuring OSPFv3 as the Routing Protocol Between the PE and CE Routers, page VPC-102

Configuring 6PE/VPE
This task describes how to configure 6PE/VPE on PE routers to transport the IPv6 prefixes across the IPv4 cloud. Ensure that you configure 6PE/VPE on PE routers participating in both the IPv4 cloud and IPv6 clouds.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

93

Implementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE

Note

For 6PE, you can use all routing protocols supported on Cisco IOS XR software such as BGP, OSPF, IS-IS, EIGRP, RIP, and Static to learn routes from both clouds. However, for 6VPE, you can use only the BGP, EIGRP and Static routing protocols to learn routes.

SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.

configure router bgp as-number neighbor ip-address address-family ipv6 labeled-unicast exit exit address-family ipv6 unicast allocate-label [all | route-policy policy_name] end or commit

DETAILED STEPS

Command or Action
Step 1
configure

Purpose Enters global configuration mode.

Example:
RP/0/RSP0/CPU0:router# configure

Step 2

router bgp as-number

Enters the number that identifies the autonomous system (AS) in which the router resides. Range for 2-byte numbers is 1 to 65535. Range for 4-byte numbers is 1.0 to 65535.65535. Enters neighbor configuration mode for configuring Border Gateway Protocol (BGP) routing sessions.

Example:
RP/0/RSP0/CPU0:router(config)# router bgp 1

Step 3

neighbor ip-address

Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor 1.1.1.1

Step 4

address-family ipv6 labeled-unicast

Specifies IPv6 labeled-unicast address prefixes.

Note

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family ipv6 labeled-unicast

This option is also available in IPv6 neighbor configuration mode and VRF neighbor configuration mode.

Step 5

exit

Exits BGP address-family submode.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# exit

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

94

OL-24668-01

Implementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE

Command or Action
Step 6
exit

Purpose Exits BGP neighbor submode.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# exit

Step 7

address-family ipv6 unicast

Specifies IPv6 unicast address prefixes.

Example:
RP/0/RSP0/CPU0:router(config-bgp)# address-family ipv6 unicast

Step 8

allocate-label [all | route-policy policy_name]

Allocates MPLS labels for specified IPv4 unicast routes.

Note

Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# allocate-label all

The route-policy keyword provides finer control to filter out certain routes from being advertised to the neighbor.

Step 9

end

Saves configuration changes.

or
commit

When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:

Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# end

or
RP/0/RSP0/CPU0:router(config-bgp-af)# commit

Entering yes saves configuration changes to the

running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and

returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current

configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Configuring PE to PE Core
This task describes how to configure a Provider Edge (PE) to PE Core. For information on configuring VPN Routing and Forwarding (VRF), refer to the Implementing BGP on Cisco ASR 9000 Series Router module of the Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide.

SUMMARY STEPS
1. 2. 3.

configure router bgp address-family vpnv6 unicast

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

95

Implementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE

4. 5. 6. 7. 8. 9.

bgp dampening [ half-life [ reuse suppress max-suppress-time ] | route-policy route-policy-name ] bgp client-to-client reflection { cluster-id | disable } neighbor ip-address remote-as as-number description text password { clear | encrypted } password

10. shutdown 11. timers keepalive hold-time 12. update-source type interface-id 13. address-family vpnv6 unicast 14. route-policy route-policy-name { in | out } 15. exit 16. vrf vrf-name 17. rd { as-number : nn | ip-address : nn | auto } 18. end

or commit

DETAILED STEPS

Command or Action
Step 1
configure

Purpose Enters global configuration mode.

Example:
RP/0/RSP0/CPU0:router# configure

Step 2

router bgp as-number

Example:
RP/0/RSP0/CPU0:router(config)# router bgp 10

Specifies the BGP AS number and enters the BGP configuration mode, allowing you to configure the BGP routing process. Specifies the vpnv6 address family and enters address family configuration submode.

Step 3

address-family vpnv6 unicast

Example:
RP/0/RSP0/CPU0:router(config-bgp)# address-family vpnv6 unicast

Step 4

bgp dampening [ half-life [ reuse suppress max-suppress-time ] | route-policy route-policy-name ]

Configures BGP dampening for the specified address family.

Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# bgp dampening 30 1500 10000 120

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

96

OL-24668-01

Implementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE

Command or Action
Step 5
bgp client-to-client reflection {cluster-id | disable }

Purpose Configures client to client route reflection.

Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# bgp client-to-client reflection disable

Step 6

exit

Exits the address family configuration submode.

Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# exit

Step 7

neighbor ip-address

Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor 10.1.1.1

Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer.

Step 8

remote-as as-number

Creates a neighbor and assigns a remote autonomous system number to it.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 100

Step 9

description text

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# description neighbor 172.16.1.1

Provides a description of the neighbor. The description is used to save comments and does not affect software function.

Step 10

password { clear | encrypted } password

Enables Message Digest 5 (MD5) authentication on the TCP connection between the two BGP neighbors.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# password encrypted 123abc

Step 11

shutdown

Terminates any active sessions for the specified neighbor and removes all associated routing information.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# router bgp 1

Step 12

timers keepalive hold-time

Set the timers for the BGP neighbor.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# timers 12000 200

Step 13

update-source type interface-id

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# update-source gigabitEthernet 0/1/5/0

Allows iBGP sessions to use the primary IP address from a specific interface as the local address when forming an iBGP session with a neighbor.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

97

Implementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE

Command or Action
Step 14
address-family vpnv6 unicast

Purpose Enters VPN neighbor address family configuration mode.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family vpvn6 unicast

Step 15

route-policy route-policy-name { in | out }

Specifies a routing policy for an inbound route. The policy can be used to filter routes or modify route attributes.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pe-pe-vpn-in in

Step 16

route-policy route-policy-name { in | out }

Specifies a routing policy for an outbound route. The policy can be used to filter routes or modify route attributes.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pe-pe-vpn-out out

Step 17

exit

Exits address family configuration and neighbor submode.

Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# exit

Step 18

vrf vrf-name

Configures a VRF instance.

Example:
RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf-pe

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

98

OL-24668-01

Implementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE

Command or Action
Step 19
rd { as-number : nn | ip-address : nn | auto }

Purpose Configures the route distinguisher. Use the auto keyword if you want the router to automatically assign a unique RD to the VRF.

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)# rd 345:567

Step 20

end

Saves configuration changes.

or
commit

When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)# end

or
RP/0/RSP0/CPU0:router(config-bgp-vrf)# commit

Entering yes saves configuration changes to the

running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and

returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current

configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Configuring PE to CE Core
This task describes how to configure a PE to Customer Edge (CE) core.

SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7. 8. 9.

configure router bgp vrf vrf-name bgp router-id ip-address label-allocation-mode { per-ce | per-vrf } address-family ipv6 unicast redistribute {connected | static | eigrp } neighbor ip-address remote-as as-number

10. ebgp-multihop { maximum hops | mpls } 11. address-family ipv6 unicast 12. site-of-origin [ as-number : nn | ip-address : nn ]

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

99

Implementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE

13. as-override 14. allowas-in [ as-occurrence-number ] 15. end

or commit

DETAILED STEPS

Command or Action
Step 1
configure

Purpose Enters global configuration mode.

Example:
RP/0/RSP0/CPU0:router# configure

Step 2

router bgp as-number

Example:
RP/0/RSP0/CPU0:router(config)# router bgp 10

Specifies the BGP AS number and enters the BGP configuration mode, allowing you to configure the BGP routing process. Configures a VRF instance.

Step 3

vrf vrf-name

Example:
RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf-pe

Step 4

bgp router-id ip-address

Configures a fixed router ID for a BGP-speaking router.

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)#bgp router-id 172.16.9.9

Step 5

label-allocation-mode { per-ce | per-vrf }

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)# label-allocation-mode per-ce

Configures the per-CE label allocation mode to avoid an extra lookup on the PE router and conserve label space (per-prefix is the default label allocation mode). In this mode, the PE router allocates one label for every immediate next-hop (in most cases, this would be a CE router). This label is directly mapped to the next hop, so there is no VRF route lookup performed during data forwarding. However, the number of labels allocated would be one for each CE rather than one for each VRF. Because BGP knows all the next hops, it assigns a label for each next hop (not for each PE-CE interface). When the outgoing interface is a multiaccess interface and the media access control (MAC) address of the neighbor is not known, Address Resolution Protocol (ARP) is triggered during packet forwarding. The per-vrf keyword configures the same label to be used for all the routes advertised from a unique VRF.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

100

OL-24668-01

Implementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE

Command or Action
Step 6
address-family ipv6 unicast

Purpose Specifies an IPv6 address family unicast and enters address family configuration submode. To see a list of all the possible keywords and arguments for this command, use the CLI help (?).

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)# address-family ipv6 unicast

Step 7

redistribute {connected | static | eigrp }

Causes routes from the specified instance to be redistributed into BGP.

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)#

Step 8

neighbor ip-address

Configures a CE neighbor. The ip-address argument must be a private address.

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)# neighbor 10.0.0.0

Step 9

remote-as as-number

Configures the remote AS for the CE neighbor.

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# remote-as 2

Step 10

ebgp-multihop { maximum hops | mpls }

Configures the CE neighbor to accept and attempt BGP connections to external peers residing on networks that are not directly connected.

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# ebgp-multihop 55

Step 11

address-family ipv6 unicast

Specifies an IPv6 address family unicast and enters address family configuration submode. To see a list of all the possible keywords and arguments for this command, use the CLI help (?).

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# address-family ipv6 unicast

Step 12

site-of-origin [as-number:nn | ip-address:nn ]

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# site-of-origin 234:111

Configures the site-of-origin (SoO) extended community. Routes that are learned from this CE neighbor are tagged with the SoO extended community before being advertised to the rest of the PEs. SoO is frequently used to detect loops when as-override is configured on the PE router. If the prefix is looped back to the same site, the PE detects this and does not send the update to the CE. Configures AS override on the PE router. This causes the PE router to replace the CEs ASN with its own (PE) ASN.
Note

Step 13

as-override

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# as-override

This loss of information could lead to routing loops; to avoid loops caused by as-override, use it in conjunction with site-of-origin.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

101

Implementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE

Command or Action
Step 14
allowas-in [ as-occurrence-number ]

Purpose Allows an AS path with the PE autonomous system number (ASN) a specified number of times. Hub and spoke VPN networks need the looping back of routing information to the HUB PE through the HUB CE. When this happens, due to the presence of the PE ASN, the looped-back information is dropped by the HUB PE. To avoid this, use the allowas-in command to allow prefixes even if they have the PEs ASN up to the specified number of times. Saves configuration changes.

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# allowas-in 5

Step 15

end

or
commit

When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:

Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# end

or
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# commit

Entering yes saves configuration changes to the

running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and

returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current

configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Configuring OSPFv3 as the Routing Protocol Between the PE and CE Routers

Perform this task to configure provider edge (PE)-to-customer edge (CE) routing sessions that use Open Shortest Path First version 3 (OSPFv3).

SUMMARY STEPS
1. 2. 3. 4. 5. 6. 7.

configure router ospfv3 process-name vrf vrf-name capability vrf-lite router-id {router-id | type interface-path-id} domain-id type {0005 | 0105 | 0205 | 8005} value domain-id redistribute bgp process-id [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

102

OL-24668-01

Implementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE

redistribute connected [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute static [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute eigrp process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value] or redistribute rip [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value]
8. 9.

area area-id interface type interface-path-id or commit

10. end

DETAILED STEPS

Command or Action
Step 1
configure

Purpose Enters global configuration mode.

Example:
RP/0/RSP0/CPU0:router# configure

Step 2

router ospf process-name

Enters OSPF configuration mode allowing you to configure the OSPF routing process.

Example:
RP/0/RSP0/CPU0:router(config)# router ospf 109

Step 3

vrf vrf-name

Configures a VPN routing and forwarding (VRF) instance and enters VRF configuration mode for OSPF routing.

Example:
RP/0/RSP0/CPU0:router(config-ospf)# vrf vrf_1

Step 4

capability vrf-lite

Enables VRF Lite feature.

Example:
RP/0/RSP0/CPU0:router(config-ospf-vrf)# capability vrf-lite

Step 5

router-id {router-id | type interface-path-id}

Configures the router ID for the VRF.

Note

Router ID configuration is required for each VRF.

Example:
RP/0/RSP0/CPU0:router(config-ospf-vrf)# router-id 172.20.10.10

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

103

Implementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE

Command or Action
Step 6
domain-id type {0005 | 0105 | 0205 | 8005} value domain-id

Purpose Specifies the domain ID.

Example:
RP/0/RSP0/CPU0:router(config-ospf-vrf)# domain-id type 0005 value CAFE00112233

Step 7

redistribute bgp process-id [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value]

Causes routes to be redistributed into OSPF. The routes that can be redistributed into OSPF are:

or
redistribute connected [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value]

Border Gateway Protocol (BGP) Connected Enhanced Interior Gateway Routing Protocol (EIGRP) OSPF Static Routing Information Protocol (RIP)

or
redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value]

or
redistribute static [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value]

or
redistribute eigrp process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]]}[metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value]

or
redistribute rip [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value]

Example:
RP/0/RSP0/CPU0:router(config-ospf-vrf)# redistribute connected

Step 8

area area-id

Configures the OSPF area as area 0.

Example:
RP/0/RSP0/CPU0:router(config-ospf-vrf)# area 0

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

104

OL-24668-01

Implementing IPv6 VPN Provider Edge Transport over MPLS How to Implement 6PE/VPE

Command or Action
Step 9
interface type interface-path-id

Purpose Associates interface GigabitEthernet 0/3/0/0 with area 0.

Example:
RP/0/RSP0/CPU0:router(config-ospf-vrf-ar)# interface GigabitEthernet 0/3/0/0

Step 10

end

Saves configuration changes.

or
commit

When you issue the end command, the system prompts you to commit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)? [cancel]:

Example:
RP/0/RSP0/CPU0:router(config-ospf-vrf-ar-if)# end

or
RP/0/RSP0/CPU0:router(config-ospf-vrf-ar-if)# commit

Entering yes saves configuration changes to the

running configuration file, exits the configuration session, and returns the router to EXEC mode.
Entering no exits the configuration session and

returns the router to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current

configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

105

Implementing IPv6 VPN Provider Edge Transport over MPLS Configuration Examples for 6PE

Configuration Examples for 6PE

This section includes these configuration example:

Configuring 6PE on a PE Router: Example, page VPC-106 Configuring 6VPE on a PE Router: Example, page VPC-106

Configuring 6PE on a PE Router: Example

This sample configuration shows the configuration of 6PE on a PE router:
interface GigabitEthernet0/3/0/0 ipv6 address 2001::1/64 ! router isis ipv6-cloud net 49.0000.0000.0001.00 address-family ipv6 unicast single-topology interface GigabitEthernet0/3/0/0 address-family ipv6 unicast ! ! router bgp 55400 bgp router-id 54.6.1.1 address-family ipv4 unicast ! address-family ipv6 unicast network 55:5::/64 redistribute connected redistribute isis ipv6-cloud allocate-label all ! neighbor 34.4.3.3 remote-as 55400 address-family ipv4 unicast ! address-family ipv6 labeled-unicast

Configuring 6VPE on a PE Router: Example

This sample configuration shows the configuration of 6VPE on a PE router:
vrf vpn1 address-family ipv6 unicast import route-target 200:2 ! export route-target 200:2 interface Loopback0 ipv4 address 10.0.0.1 255.255.255.255 interface GigabitEthernet0/0/0/1 vrf vpn1 ipv6 address 2001:c003:a::2/64

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

106

OL-24668-01

Implementing IPv6 VPN Provider Edge Transport over MPLS Configuration Examples for 6PE

router bgp 1 bgp router-id 10.0.0.1 bgp redistribute-internal bgp graceful-restart address-family ipv4 unicast ! address-family vpnv6 unicast ! neighbor 10.0.0.2 remote-as 1 update-source Loopback0 address-family ipv4 unicast ! address-family vpnv6 unicast route-policy pass-all in route-policy pass-all out ! vrf vpn1 rd 100:2 bgp router-id 140.140.140.140 address-family ipv6 unicast redistribute connected ! neighbor 2001:c003:a::1 remote-as 6502 address-family ipv6 unicast route-policy pass-all in route-policy pass-all out !

>>>> Remote peer loopback address.

Configuring OSPFv3 between PE to CE: Example:

This example shows you how to configure provider edge (PE)-to-customer edge (CE) routing sessions that use Open Shortest Path First version 3 (OSPFv3):
router ospfv3 0 vrf V1 router-id 100.0.0.2 domain-id type 0005 value CAFE00112233 domain-id secondary type 0105 value beef00000001 domain-id secondary type 0205 value beef00000002 capability vrf-lite redistribute bgp 1 area 0 interface POS0/3/0/1 vrf V2 router-id 200.0.0.2 capability vrf-lite area 1 interface POS0/3/0/2

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

107

Implementing IPv6 VPN Provider Edge Transport over MPLS Additional References

Additional References
For additional information related to this feature, refer to these references:

Related Document
Related Topic Getting started material Document Title Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide

Standards
Standards1 No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.
1. Not all supported standards are listed.

Title

MIBs
MIBs MIBs Link To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at this URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

RFCs
RFCs Title

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

108

OL-24668-01

Implementing IPv6 VPN Provider Edge Transport over MPLS Additional References

Technical Assistance
Description Link

http://www.cisco.com/techsupport The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

109

Implementing IPv6 VPN Provider Edge Transport over MPLS Additional References

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

110

OL-24668-01

INDEX

HC IC MCC MNC MPC QC RC SC SMC LSC

Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide Cisco ASR 9000 Series Aggregation Services Router Multicast Configuration Guide Cisco ASR 9000 Series Aggregation Services Router System Monitoring Configuration Guide Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide

B
BGP confederations
VPC-17

BGP (border gateway protocol) distributing routes routing information BGP4 configuration BGP multipath 6PE/VPE
VPC-92 VPC-21 VPC-20

messages and MPLS labels

VPC-20 VPC-90

C
CSC (Carrier Supporting Carrier) configuration examples
VPC-76

Numerics
6PE/VPE BGP multipath how to configure how to deploy overview prerequisites
VPC-90 VPC-90 VPC-90 VPC-92 VPC-90 VPC-93

configuration options for backbone and customer carriers VPC-23 configuring a CSC-PE link
VPC-69 VPC-76 VPC-23

conditions for use

configuring a static route to a peer customer carrier network options identifying topology
VPC-68 VPC-73 VPC-69

VPC-91

CSC-CE link, how to configure CSC-PE link, how to configure customer edge router 6PE/VPE
VPC-91 VPC-12

service provider considerations supported protocols

VPC-94

MPLS Layer 3 VPN customer edge router (CE)

A
automatic route distinguisher, MPLS Layer 3 VPN autonomous system
VPC-16 VPC-15

MPLS Layer 3 VPN

VPC-12

E
eBGP
VPC-10

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide OL-24668-01

111

Index

I
Inter-AS configurations BGP
VPC-17 VPC-16

P
PE router MPLS Layer 3 VPN
VPC-12

interprovider VPN supported

VPC-16

interprovider VPN, MPLS VPN

VPC-17

S
service provider edge routers, 6PE
VPC-91

M
MPLS Layer 3 VPN automatic route distinguisher autonomous system components concepts
VPC-11 VPC-11 VPC-12 VPC-16 VPC-15

service providers, 6PE static

VPC-90

router to a peer, how to configure

VPC-76

T
tunnel types 6PE
VPC-91

customer edge router customer router defined defining FIB

VPC-11 VPC-11

VPC-12

V
VPC-13

distributed routing information

VPC-10 VPC-11 VPC-15 VPC-14

verifying IP connectivity, CSC MPLS Layer 3 VPN

VPC-69

implementing

VRF (virtual routing and forwarding) configuring backbone carrier core

VPC-69

major components MPLS forwarding PE router

VPC-12

prerequisites provider router restrictions scalability security topology working MPLS VPN

VPC-10 VPC-12

VPC-10 VPC-12

VPC-12 VPC-12 VPC-14

VPN routing information

VPC-13

Inter-AS ASBRs major components

VPC-15 VPC-15

Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide

112

OL-24668-01