Definitive MPLS Network Designs [Electronic resources] نسخه متنی

Layer 3 MPLS VPN Services Across Autonomous System Boundaries

[2547bis] defines them as follows:

(A) VRF-to-VRF connections at the autonomous system boundary

(B) Multiprotocol external BGP redistribution of labeled VPNv4 routes from an AS to a neighboring AS

(C) Multihop external BGP redistribution of labeled VPNv4 routes between source and destination autonomous systems, with external BGP redistribution of labeled IPv4 routes from an AS to a neighboring AS

These three connectivity models are often referred to as options A, B, and C. Options A and B generally are used between two different operators, although A is by far the most widely deployed. Therefore, they normally are associated with inter-provider connectivity. Option C, on the other hand, is generally used between different autonomous systems of the same operator and therefore is normally associated with inter-AS connectivity. Option B is also appropriate for inter-AS connectivity, although with more limited scalability characteristics when compared with Option C.

Note

To avoid confusion between the terms inter-provider and inter-AS, we will use inter-AS for all future references.

Inter-AS Back-to-Back VRFs (Option A)

This model assumes direct connectivity between PE routers of different autonomous systems. The PE routers are attached via multiple physical or logical interfaces, each of which is associated with a given VPN (via a VRF). Each PE router therefore treats the adjacent PE router like a CE router, and the standard Layer 3 MPLS VPN mechanisms are used for route distribution within each autonomous system. Figure 1-15 provides an example of this model.

This model has become popular for connectivity between different VPN providers because each autonomous system is essentially isolated from the other. This provides better control over routing exchanges and security between the two networks. This model offers other advantages (as you will see in the design studies later in this book), although it is considered the least scalable of all the inter-AS connectivity options.

Inter-AS VPNv4 Exchange (Option B)

This model allows Autonomous System Boundary Routers (ASBR routers) to use external MP-BGP to advertise VPNv4 routes between autonomous systems. The receiving ASBR router then distributes the VPNv4 routes into the local autonomous system.

External MP-BGP provides the functionality to advertise VPNv4 prefix/label information across the service provider boundaries. The advertising ASBR router replaces the two-level label stack (which it uses to reach the originating PE router and VPN destination in the local AS) with a locally allocated label before advertising the VPNv4 route. This is necessary because the next-hop attribute of all routes advertised between the two service providers is reset to the ASBR router peering address, so the ASBR router becomes the termination point of the LSP for the advertised routes. To preserve the label-switching path between ingress and egress PE routers, the ASBR router must allocate a local label that may be used to identify the label stack of the route within the local VPN network. This newly allocated label is set on packets sent toward the prefix from the adjacent service provider. This inter-AS model is illustrated in Figure 1-16.

This model is also popular from a theoretical perspective for connectivity between different service providers because it again isolates both autonomous systems but with the added advantage that it scales to a higher degree than Option A. However, this model has a number of security and QoS considerations, as you will see in the design studies.

Inter-AS VPNv4 Exchange Between Route Reflectors (Option C)

This model combines external MP-BGP exchange of VPNv4 routes between route reflectors of different autonomous systems with the next hops for these routes exchanged between corresponding ASBR routers. Because route reflectors of different autonomous systems will not be directly connected, multihop functionality is required to allow for the establishment of the external MP-BGP sessions. The exchange of next hops is necessary because the route reflectors do not reset the next-hop attribute of the VPNv4 routes when advertising them to any adjacent autonomous systems. The reason for this is that they do not want to attract the traffic for the destinations that they advertise. They are not the original endpointjust a relay station between the source and destination PE routers.

The PE router next-hop addresses for the VPNv4 routes are exchanged between ASBR routers. The exchange of these addresses between autonomous systems can be accomplished by redistributing the PE router/32 addresses between the two autonomous systems or by using [BGP+Label], which lets you run BGP-4 with label information between the ASBR routers. Figure 1-17 shows this model.