Professional Documents
Culture Documents
50467565
1
Agenda
Day3
Module 3
o L3 VPN
L3 VPN
3
VPN Classification
VPN
IP-VPN
Network
Page 4 Learning Centre 4
Proprietary & Confidential 4
4
VPN Tunnel
5
VPN Type (1)
• Virtual Leased Line (VLL): It provides point-to-
point connection service between two pieces of
CPE equipment for the user via the edge node
of the operator.
VLL
VLL is an emulation of the traditional leased line. By emulating
the leased line through IP network, it provides asymmetric, low cost
"DDN" service. For users at both VLL ends, VLL is similar to traditional
leased line.
VPDN
VPDN realizes VPNs by employing the dial-up function of public
networks (such as ISDN and PSTN) and access networks. VPDN is
often used to provide access service for enterprises, small ISPs, and
mobile workforce.
6
VPN Type (2)
VPLS
VPLS connects LANs together through a virtual private network
segment in the IP public network. It is an extension of LANs in IP public
network.
VPRN
VPRN connects headquarters, branches and remote offices together
through network management virtual router in the IP public network. There
are two ways to implement VPRN services. One way is through traditional
VPN protocols (such as IPSec and GRE) and another is through MPLS.
7
Example: Constructing VPN via GRE
Tunnel (Generic Routing Encapsulation)
10.0.1.2/24
10.0.1.1/24
10.0.0.0/24 GRE tunnel 129.0.2.2/30
129.0.0.2/30
129.0.2.1/30
129.0.0.1/30 HQ1
Public IP 129.0.3.1/30
129.0.1.1/30 network
Rt1 Rt2
129.0.1.2/30 129.0.3.2/30
GRE tunnel
10.0.0.0/24 10.0.1.1/24 10.0.1.2/24
HQ2
8
MPLS VPN Network Structure
z CE (Custom Edge Router): The user equipment directly connected with the service
provider.
z PE (Provider Edge Router): The edge router on the backbone network, connected with CE
and mainly responsible for access of the VPN service.
z P (Provider Router): The core router on the backbone network, mainly responsible for the
routing and fast forwarding functions.
Network
Page 9 Learning Centre 9
Proprietary & Confidential 9
9
Relationship Between PE and CE
C
CE
VPNA Site - 1 PE
• PE and CE routers exchange information via the EBGP, RIP or static route. CE runs the
standard routing protocol.
• PE maintains separate routing tables of the public network and private network.
– Routing table of public network, including the routes of all PE and P routers, generated by
the backbone network IGP of VPN.
– VRF (VPN routing & forwarding), including tables of routing & forwarding to one or
multiple directly connected CEs.
Network
Page 10 Learning Centre 10
Proprietary & Confidential 10
10
VRF Detail
• If (and only if) two sites have identical forwarding table, they share a VRF.
• The routes in VRF will be distributed to the sites (usually connected on other PEs)
belonging to the same VPN.
Network
Page 11 Learning Centre 11
Proprietary & Confidential 11
11
Distribution of VRF Routes
P Router
CE Route
r PE CE Router
PE
Site iBGP
Site
• The PE router distributes the local VPN route information via the
backbone network. the transmitting via BGP
Network
Page 12 Learning Centre 12
Proprietary & Confidential 12
When PE distribute the VRF VPN route information with IBGP, there
have a question?
PE and PE set up IBGP session and exchange routing information,
while some VPN may have the same private IP address space, when BGP
transfer the routing information on the public network, there get address
overlapped problem, how to solve it?
By adding a prefix to the IP address to uniquely identify the IP address,
just like to extend IP address length 32 bits to longer, here the prefix we
called RD. and so the new IP address family we called IP VPNv4 address
family.
The RD does not by itself impose any semantics; it contains no
information about the origin of the route or about the set of VPNs to which
the route is to be distributed. The purpose of the RD is solely to allow one to
create distinct routes to a common IPv4 address prefix。
12
VPNv4 and IPv4 Address Families
VPNV4 ad
dress stru
cture:
RD struc
ture:
TYPE Assigned
(2-byte) Administrator Field Number Field
2-byte
0 ASN 4-byte assigned number
Network
Page 14 Learning Centre 14
Proprietary & Confidential 14
14
MBGP
Network
Page 15 Learning Centre 15
Proprietary & Confidential 15
The only three pieces of information carried by BGP-4 that are IPv4
specific are the NEXT_HOP attribute (expressed as an IPv4 address),
AGGREGATOR (contains an IPv4 address), and NLRI (expressed as IPv4
address prefixes). This document assumes that any BGP speaker has to
have an IPv4 address Therefore, to enable BGP-4 to support routing for
multiple Network Layer protocols the only two things that have to be added
to BGP-4 are the ability to associate a particular Network Layer protocol
with the next hop information, and the ability to associated a particular
Network Layer protocol with NLRI.
The first one (MP_REACH_NLRI) is used to carry the set of reachable
destinations together with the next hop information to be used for forwarding
to these destinations. The second one (MP_UNREACH_NLRI) is used to
carry the set of unreachable destinations. Both of these attributes are
optional and non- transitive. This way a BGP speaker that doesn't support
the multiprotocol capabilities will just ignore the information carried in these
attributes, and will not pass it to other BGP speakers
MP_REACH_NLRI: Multiprotocol Reachable Network Layer
Reachability Information
MP_UNREACH_NLRI: Multiprotocol Unreachable Network Layer
Reachability Information
15
MBGP: MP_REACH_NLRI
Network
Page 16 Learning Centre 16
Proprietary & Confidential 16
17
Question
Network
Page 18 Learning Centre 18
Proprietary & Confidential 18
18
Route Target
Network
Page 19 Learning Centre 19
Proprietary & Confidential 19
19
Route Target
Network
Page 20 Learning Centre 20
Proprietary & Confidential 20
20
Typical Network Topology-1
site10
site1 site3
site20 site30
site2
Network
Page 21 Learning Centre 21
Proprietary & Confidential 21
21
Typical Network Topology-2
site4
site1
Intranet
site5
site2 site3
Extranet
Network
Page 22 Learning Centre 22
Proprietary & Confidential 22
22
Application of RT
Extranet
Network
Page 23 Learning Centre 23
Proprietary & Confidential 23
Think about that import attribute and export attribute just used to control
the route import and export, some like route policy, then it is easy to
understand it.
Hub-spoke mode: as for Hub node, import Hub attribute and export
spoke attribute, as for spoke node, import spoke attribute and export Hub
attribute.
Tradition mode: the import attribute and export attribute is the same.
Other modes: just the compound usage of import and export attributes,
export target and import target can be configured with several attributes.
23
Function of RT
P Router
SITE-
SITE-2 SITE-
SITE-4
Site1-routes VPNA
Site1-routes VPNA
VPN B Site3-routes VPN B
Site3-routes
Site2-routes VPNB
Site2-routes VPNB
Site4-routes
Site4-routes
Network
Page 24 Learning Centre 24
Proprietary & Confidential 24
From the previous slides we have got that RT used to separate the
route information and control the route distribution. RT have two types:
import RT and export RT. From the distribution of VRF routing information
procedure we get that when PE getting the local VRF routing information
and sending them out to PE neighbors, the routing information will carry the
export RT attributes, and the receiving PE will use each VPN’s import RT to
match the received routing information’s export RT attributes, if they
matched, the routing information will be accepted and be stored in the
related VPN VRF table. If not matched, it will be discarded.
24
Question
• After the completion of exchanging routing information between PEs,
now site3 want to access site1, the right PE look for the VRF table and
find out the nexthop-left PE, forward the packet to the left PE using
MPLS. When the packet arrived the left PE, the public MPLS label is
removed, which VPN the packet belongs to? And how to get the correct
nexthop?
VPN A
VPN A
SITE-
SITE-1 SITE-
SITE-3
P Router
SITE-
SITE-2 Site1-routes VPNA Site1-routes SITE-
SITE-4
Site3-routes VPNA
Site3-routes
VPN B VPN B
Site2-routes Site2-routes
Site4-routes VPNB Site4-routes VPNB
Network
Page 25 Learning Centre 25
Proprietary & Confidential 25
25
Private Label
• Multiple labels can be attached. The first 20 bits of each label refer to the label
domain, while of the last 4 bits, the first three refer to the EXP domain and the last
one indicates whether it is the stack base.
• Note that this label must be assigned by the LSR referred to in the Next-Hop of the
MP_REACH_NLRI attribute.
• There are two methods to cancel the route information (meanwhile to release label
binding).
– Re-distribute a different route (and a new Label) for the same destination.
– Use the Withdraw message to include the destination in MP_UNREACH_NLRI.
Network
Page 26 Learning Centre 26
Proprietary & Confidential 26
26
Network Layer Reachability Information
• Followed is RT list:
Extended_Communities(RT1)
Extended_Communities(RT2)
……
Network
Page 27 Learning Centre 27
Proprietary & Confidential 27
27
VRF Route Distribute
Step 1: Importing VRF Routes to MP-iBGP
MP-iBGP
PE-1
PE-2
VPN-v4 update:
RD:1:27:149.27.2.0/24,
BGP, RIPv2 update Next-hop=PE-1
for 149.27.2.0/24,NH=CE-1 RT=VPN-A
Label=( 28)
CE-1 CE-2
Site-1 Site-2
• Importing VRF route to MP-iBGP: PE router converts the route (in the VRF
routing table) received from CE into the VPN-V4 route; labels it with RD
and RT based on the configuration; changes the next hop as PE itself
(loopback); assigns the label based on the interface; finally sends the MP-
iBGP update packet to all PE neighbors.
Network
Page 28 Learning Centre 28
Proprietary & Confidential 28
28
VRF Route Distribute
Step 2: Importing MP-iBGP Routes to VRF
MP-iBGP
PE-1 PE-2 ip vrf VPN-A
VPN-v4 update:
RD:1:27:149.27.2.0/24, vpn -target import VPN-A
Next-hop=PE-1
RT=VPN-A
Label=(28)
Site-1 Site-2
Network
Page 29 Learning Centre 29
Proprietary & Confidential 29
29
Basic Intranet Model
P Router
SITE-
SITE-2 Site-
Site-1 routes Site-
Site-1 routes SITE-
SITE-4
Site-
Site-2 routes Site-
Site-2 routes
VPN A Site-
Site-3 routes Site-
Site-3 routes VPN A
Site-
Site-4 routes Site-
Site-4 routes
Network
Page 30 Learning Centre 30
Proprietary & Confidential 30
As mentioned before, by using the same import RT and export RT, it can
construct the typical network model: intranet. All the site can access each other in
the same VPN.
30
MPLS/VPN Label Distribution
In Label FEC Out Label In Label FEC Out Label In Label FEC Out Label
PE-1
P router
VPN-v4 update:
RD:1:27 :149.27.2.0/24,
Site-1
NH= 197.26.15.1
149.27.2.0/24 Site-2
RT=VPN-A -
Label=(28)
Network
Page 31 Learning Centre 31
Proprietary & Confidential 31
1. PE and P routers are provided with the reachability to the next hop of BGP via
the backbone network IGP.
2. Run IGP and LDP to distribute the label and establish LSP, and obtain the LSP
channel to the next hop of BGP.
3. The label stack is for packet forwarding. The external layer label indicates how
to reach the next hop of BGP, and the internal layer label indicates the outgoing
interface of the packet or the home VRF (home VPN).
4. MPLS node forwarding is based on the external layer label regardless of the
internal layer label.
31
MPLS/VPN Packet Forwarding-1
- 197.26.15.1/32 41
VPN-A VRF
149.27.2.0/24,
NH=197.26.15.1
PE-1 Label=(28)
41 28 149.27.2.27
149.27.2.27
Site-1
149.27.2.0/24 Site-2
Network
Page 32 Learning Centre 32
Proprietary & Confidential 32
32
MPLS/VPN Packet Forwarding-2
28 149.27.2.27 41 28 149.27.2.27
149.27.2.27
149.27.2.27
Site-1 Site-2
149.27.2.0/24
Network
Page 33 Learning Centre 33
Proprietary & Confidential 33
1. The second last hop router pops up the external layer label and sends it to the
egress PE according to the next hop.
2. The egress PE router judges the CE that the packet will go to based on the
internal layer label.
3. Pop up the internal layer label and forward the packet to the destination CE as
an ordinary IP packet.
Question: VPN packets from Site-2 to Site-1, when arrived PE-1, how PE-1 know
that the MPLS label is private label and need to execute private label
forwarding?
Answer: system only have one label forwarding table, as the labels distributed are
platform-wide, it is uniquely whether public or private label, by using a label
can find out the corresponding output interface and next-hop, PE no need to
separate the label is private or public.
33
Demo- Private Label Distribution
MP-BGP
IBGP Peer
VPN-v4 update:
CE A2 CE B2
RD:1:27:149.27.2.0/24,
Next-hop=PE-C
RT=VPN-A, Label=(28)
PE-A
149.27.2.0/24 Out 28 NH: PE-C
IN 28 149.27.2.0/24 NH: CE A2
Network
Page 34 Learning Centre 34
Proprietary & Confidential 34
Process steps:
1. CE A2 send a update route item to PE-C with route protocol.
2. PE-C received the update route item and store it in the corresponding VRF
3. PE-C redistribute the VRF route into MP-BGP, add RD, change the next hop to
itself, usually use the loopback address, add RT list and generate a private label
for it. Via MP-BGP transmit the route item to all its neighbors.
4. The neighbor PE-A receive the route item and judge whether the received
export is equal to the import of the local VRF. If yes, it will be added to the
corresponding VRF routing table, and also the private label will be kept;
otherwise, it will be discarded
5.PE-A corresponding VRF update the route item to CE A1 with route protocol.
From CE A1 to CE A2, the process vice versa.
34
Demo- Public Label Distribution
MPLS
20
PE-A
IGP
1.1.1.1/32 3
Out 20 P-B
149.27.2.0/24 Out 28 NH: PE-C IGP
In 20 1.1.1.1/32 PE-C
out 3
1.1.1.1/32
IN 28 149.27.2.0/24 NH: CE A2
Network
Page 35 Learning Centre 35
Proprietary & Confidential 35
35
Demo- Packet Forwarding
20 28
CE A2 CE B2
PE-A
1.1.1.1/32 out 20 3
MPLS
149.27.2.0/24 Out 28 NH: PE-C
PE-C
CE A1 1.1.1.1/3
CE B1 2
IN 28 149.27.2.0/24 NH: CE A2
Network
Page 36 Learning Centre 36
Proprietary & Confidential 36
36
MPLS L3 VPN Configuration Steps
IP address, IGP,
make sure that PE-PE
IP reachable
Basic Configuration
Eanble MPLS with
system and interface
MPLS Function
Enable LDP with
system and interface
LDP Function
VPN name and RD,
RT, bind to interface
Define VPN
BGP Peer, Active
remote PE and route
PE-PE MP-BGP Function import
37
Cross-AS MPLS VPN
Origin of cross-
cross-AS VPN
• In the technical system of MPLS, an MPLS domain and a router AS
overlap each other. In actual networking, however, an MPLS domain
frequently crosses multiple ASs:
– The carrier defines one province as one AS of the carrier network but
requires to provide cross-province MPLS VPN services.
– Carriers cooperate with each other (especially with international
carriers to provide international services).
• To implement these services, cross-AS MPLS VPN solutions must be
applied to solve the following two problems:
– Technical problem: how can VPN-IPv4 routes and VPN labels be
distributed to another AS.
– Managerial problem: Normally, cross-AS LSPs are not allowed (this
is especially important in the case of carrier cooperation).
Network
Page 38 Learning Centre 38
Proprietary & Confidential 38
zFirst review the technical uses of MPLS VPN. Then introduce the application
scenarios of cross-domain solutions. As MPLS VPN solutions become more and
more popular, the end user scale and scope are increasing. More and more VPN
sites are built in an enterprise network. The possibility of connection with another
SP at certain points becomes clearer and clearer. For example, MANs or backbone
networks of different carriers are in bad need of service provisioning across
autonomous systems. All these require an interconnection model different from the
basic MPLS VPN structure, the cross-domain MPLS VPN. To enable inter-SP
VPN route information exchange, a new mechanism is needed so that route
prefixes and labels can be broadcast over the inter-SP links. As a traditional MPLS
VPN usually operates within an AS, any VPN route information can be distributed
in the one AS as requested. However, the traditional MPLS VPN solution does not
support the distribution of VPN route information to the AS of another SP.
Therefore, to support cross-domain VPN, extensions must be included to the
current protocol framework and modifications must be introduced to the MPLS
VPN system framework.
38
Cross-AS MPLS VPN
Three Solutions
Network
Page 39 Learning Centre 39
Proprietary & Confidential 39
Cross-AS MPLS VPN
Multi-hop MP-eBGP
PE-1
AS #100 AS #200 PE-2
CE-1 CE-2
VPN1-CE1 VPN1-CE2
ASBR-1 ASBR-2 MP-iBGP
MP-iBGP
PE PE
AS#100 AS#200
PE
PE MP-iBGP MP-iBGP
VPN2-CE1 One VRF and one VPN2-CE2
logical interface
are created for
VPN-LSP1 each VPN. VPN-LSP2
LSP-1 LSP-2
IP Forwarding
PE ASBR-1 ASBR-2 PE
• An ASBR considers the peer ASBR its CE, and creates a VRF for each VPN. IP forwarding
is applied between the ASBRs and MPLS forwarding is applied within the AS.
• Advantages: Simple with no need of protocol extension or special configuration, natural
support; applicable in the case of a small number of cross-domain VPNs.
• Disadvantages: The ASBR must create a VRF for each VPN. To cross multiple domains,
large configuration efforts are needed. The scalability is poor.
Network
Page 41 Learning Centre 41
Proprietary & Confidential 41
41
Cross-AS solution 1: VRF-to-VRF
VPN-v4
VPN-v4 update:
update: VPN-v4
VPN-v4 update:
update:
RD:1:27:161.10.1.0/24,
RD:1:27:161.10.1.0/24, RD:1:27:161.10.1.0/24,
RD:1:27:161.10.1.0/24,
VPN1-CE1 NH=PE-1
NH=PE-1 NH=ASBR-2
NH=ASBR-2 VPN1-CE2
RT=100:1,
RT=100:1, Label=(L1)
Label=(L1) RT=100:1,
RT=100:1, Label=(L2)
Label=(L2)
VPN-LSP1 VPN-LSP2
IP Forwarding
LSP-1 LSP-2
PE ASBR-1 ASBR-2 PE
Network
Page 42 Learning Centre 42
Proprietary & Confidential 42
42
Cross-AS solution 1: VRF-to-VRF
161.10.1.1
161.10.1.1
VPN1-CE1 161.10.1.1
161.10.1.1 VPN1-CE2
MP-iBGP ASBR-1 ASBR-2 MP-iBGP
Lx L2 161.10.1.1
PE Ly
Ly L1
L1 161.10.1.1
161.10.1.1
Lx L2 161.10.1.1PE
AS#100 AS#200
PE
PE 161.10.1.1
161.10.1.1
VPN2-CE1 MP-iBGP
Create a VRF and a
MP-iBGP VPN2-CE2
logical interface for
each VPN
VPN-LSP1 VPN-LSP2
IP Forwarding
LSP-1 LSP-2
PE ASBR-1 ASBR-2 PE
Network
Page 43 Learning Centre 43
Proprietary & Confidential 43
LX and LY are public network labels. L1 and L2 are private network labels.
43
Cross-AS Solution 2: MP-eBGP for
VPNV4
MP-
MP-eBGP for VPNV4 overview
VPN1-CE1 VPN1-CE2
ASBR-1 ASBR-2 MP-iBGP
MP-iBGP
PE PE
AS#100 MP-EBGP AS#200
(VPN-V4) PE
PE MP-iBGP MP-iBGP
VPN2-CE1 VPN2-CE2
PE ASBR-1 ASBR-2 PE
• EBGP is used to advertise VPN-IPv4 routes between ASBRs. 。
• Advantages :
– No need of creating a VRF for each VPN on ASBR.
– No need of cross-domain extension protocol, easy to manage and configure
• Disadvantages: All VPN routes need be stored on the ASBR. This imposes high requirements on the
router
Network
Page 44 Learning Centre 44
Proprietary & Confidential 44
MP-
MP-EBGP runs between two ASBRs to transfer the VPN information of one one AS to
the other AS. The private network route and label information is transferred. The
peer ASBR receives the VPN routing information from MP- MP-EBGP and stores it
locally. Then it distributes the information to the PEs in its domain.
domain. When this
ASBR broadcasts routes to MP- MP-IBGP neighbors in its domain, it can choose not to
change the next hop or change the next hop to itself. If the next
next hop is changed, as
the label assignment rules introduced previously, new labels needneed be assigned to
the VPN routes. Thus local label switching operations are performed.
performed. When
packets are forwarded, a label switching is needed for the VPN LSP LSP at both
ASBRs. In this solution, the ASBR receives all VPN route information
information sent from
inside and outside the local domain and then distributes the VPN routes. However,
as required by the MPLS VPN structure, a VPN route is saved only when a VPN
that matches the VPN route is configured on the PE. Therefore, special
special
configurations must be so made (because no VPN is configured on the ASBR) as to
enable the ASBR to save all VPN routes received regardless of the the presence of a
matched local VPN.
As this solution requires the ASBR to save all VPN routes, high
high requirements are
imposed on the router itself and the ASBR is therefore easier to become faulty.
However, if the number of VPN routes is small, this solution can still be a simple
and practical choice.
44
Cross-AS Solution 2: MP-eBGP for
VPNV4
Distribution of routing information
BGP,
BGP, OSPF,
OSPF, RIPv2
RIPv2
BGP,
BGP, OSPF,
OSPF, RIPv2
RIPv2 161.10.1.0/24,NH=PE-3
161.10.1.0/24,NH=PE-3
161.10.1.0/24,NH=CE-1
161.10.1.0/24,NH=CE-1
VPN-v4
VPN-v4 update:
update: VPN-v4
VPN-v4 update:
update:
RD:1:27:161.10.1.0/24,
RD:1:27:161.10.1.0/24, RD:1:27:161.10.1.0/24,
VPN1-CE1 NH=PE-1
NH=PE-1
RD:1:27:161.10.1.0/24,
NH=PE-ASBR-2
NH=PE-ASBR-2
VPN1-CE2
RT=100:1,
RT=100:1, Label=(L1)
Label=(L1) RT=100:1,
RT=100:1, Label=(L3)
Label=(L3)
LSP-1 LSP-2
PE ASBR-1 ASBR-2 PE
Network
Page 45 Learning Centre 45
Proprietary & Confidential 45
45
Cross-AS Solution 2: MP-eBGP for
VPNV4
Label switching procedure
VPN1-CE1 VPN1-CE2
161.10.1.1
161.10.1.1
161.10.1.1
161.10.1.1 Lx
Lx L3
L3 161.10.1.1
161.10.1.1
L1
L1 161.10.1.1
161.10.1.1
PE-3
PE-1
L3
L3 161.10.1.1
161.10.1.1
Ly
Ly L1
L1 161.10.1.1
161.10.1.1
MP-iBGP
MP-iBGP ASBR-1 ASBR-2
AS#100 MP-EBGP AS#200
(VPN-V4) PE-4
PE-2
VPN2-CE1 MP-iBGP L2
L2 161.10.1.1
161.10.1.1
MP-iBGP
VPN2-CE2
Network
Page 46 Learning Centre 46
Proprietary & Confidential 46
Lx and Ly are public network labels. L1, L2, and L3 are private network labels.
46
Cross-AS Solution 3: Multi-Hop eBGP
Multi-
Multi-Hop eBGP overview
Multi-Hop MP-EBGP(VPN V4)
Here, we must note: 1) private labels are assigned by the VPN-LSP. This is easy. 2)
BGP labels are assigned by the BGP-LSP, which mainly functions to exchange
loopback information between two PEs. The BGP-LSP consists of two parts: MP-
IBGP and BGP4+. MP-IBGP is used inside an AS. Between ASBRs runs the
ordinary EBGP: BGP4+ (which functions to transfer labels between the ASBRs).
3) Another layer is the public label. This is also easy. Please note, if BGP-LSP is
established from the left PE to the right PE, the BGP-LSP is made up of BGP4+
and the MP-IBGP in AS200. In AS100, common LDP LSP is used. If from the
right PE to the left, the opposite applies. That is why this figure distinguishes
between real lines and broken lines.
47
Cross-AS Solution 3: Multi-Hop eBGP
VPN-v4
VPN-v4 update:
update:
RD:1:27:162.11.1.0/24,
VPN1-CE1 RD:1:27:162.11.1.0/24,
NH=PE-1
NH=PE-1 VPN1-CE2
RT=100:1,
RT=100:1, Label=(L3)
Label=(L3)
Network=PE-1
Network=PE-1
NH=ASBR-2
NH=ASBR-2 BGP,
BGP, OSPF,
OSPF, RIPv2
RIPv2
BGP,
BGP, OSPF,
OSPF, RIPv2
RIPv2 Label=(L10)
Label=(L10) 162.11.1.0/24,
162.11.1.0/24,
162.11.1.0/24,
162.11.1.0/24, NH=PE-2
NH=PE-2
NH=CE-1
NH=CE-1
PE-1 ASBR-1 ASBR-2 PE-2
AS#100 EBGP AS#200
PE-4
PE-3 Network=PE-1
Network=PE-1
VPN2-CE1 NH=ASBR-1
NH=ASBR-1 VPN2-CE2
Label=(L9)
Label=(L9)
Network
Page 48 Learning Centre 48
Proprietary & Confidential 48
zPrivate network labels are unchangeable because remote peers are established
between PE-1 and PE-2. MP-BGP runs between the peers. L10 and L9 are BGP-
LSP labels. The BGP-LSP consists of two parts: MP-IBGP and BGP4+.
48
Cross-AS Solution 3: Multi-Hop eBGP
VPN1-CE1 VPN1-CE2
161.10.1.1
161.10.1.1
Lx L10 L3 161.10.1.1
L3 161.10.1.1
PE-3
PE-1
L10 L3 161.10.1.1
Ly L3 161.10.1.1
ASBR-1 ASBR-2
AS#100 EBGP AS#200
PE-4
PE-2 L9 L3 161.10.1.1
VPN2-CE1 VPN2-CE2
Network
Page 49 Learning Centre 49
Proprietary & Confidential 49
zLx and Ly are public network labels. L10 and L9 are BGP LSP labels. L3 is a
VPN label. BGP-LSP has no next hop concept. Therefore label switching must be
carried out on ASBR-2 so that ASBR-1 pops the BGP-LSP labels.
49
ThankYou