Appendix B

Large-Scale MPLS
VPN Deployment

© 2001, Cisco Systems, Inc.

 Objectives

Upon completion of this chapter,

you will be able to perform the
following tasks:
• Understand the MP-BGP scaling
issues in large-scale MPLS VPN
backbones
• Describe the built-in scalability
mechanisms
• Design and implement networks using
partitioned BGP route reflectors

© 2001, Cisco Systems, Inc. MPLS v1.0—B-2

 MP-BGP Scalability
Mechanisms

© 2001, Cisco Systems, Inc. MPLS v1.0—B-3

 Objectives

Upon completion of this section, you

will be able to perform the following
tasks:
• Understand MP-BGP scaling issues
• Describe the automatic filtering in MP-
BGP
• Describe the functions of the BGP
Route Refresh feature
• Describe the Outbound Route Filter
feature and its benefits
© 2001, Cisco Systems, Inc. MPLS v1.0—B-4
 Scaling

• Existing BGP techniques can be used

to scale route distribution: route
reflectors.
• Each edge PE router needs only the
information for the VPNs it supports.
– Only routes for VRFs are configured on
the PE router.
• Route reflectors are used to distribute
VPN routing information.

© 2001, Cisco Systems, Inc. MPLS v1.0—B-5

 Automatic MP-BGP
Update Filtering

• The nonreflecting PE router discards

any VPNv4 route that does not have a
route target (RT) configured to be
imported into any of the attached VPN
routing/forwarding instances (VRFs).
• This reduces significantly the amount of
information each PE has to store.
• The size of the BGP table is
proportional to the number of VRFs
configured on the
PE router.

© 2001, Cisco Systems, Inc. MPLS v1.0—B-6

 Automatic MP-BGP Update
Filtering
Import RT=Yellow VPN-IPv4 update:
RD:Net1, Next-hop=PE-
X
VRFs for VPNs PE SOO=Site1, RT=Green,
yellow Label=XYZ
green
MP-iBGP sessions VPN-IPv4 update:
RD:Net1, Next-hop=PE-
X
Import RT=Green SOO=Site1, RT=Red,
Label=XYZ

• Each VRF has an import and export policy

based on an RT-extended BGP community.
• If the RT in an incoming MP-BGP update is
equal to any of the import values configured in
this PE router, the update is accepted;
otherwise it is silently discarded.
• The automatic filtering works only for
nonreflecting routers; when the first route
reflector client is configured, the update
filtering is disabled.
© 2001, Cisco Systems, Inc. MPLS v1.0—B-7
 MPLS VPN Scaling
Route Refresh
VPN-IPv4 update:
2. PE issues a route RD:Net1, Next-hop=PE-
Import RT=Yellow refresh to all X
PE neighbors to ask for SOO=Site1, RT=Green,
retransmission Label=XYZ
VPN-IPv4 update:
Import RT=Green RD:Net1, Next-hop=PE-
X
SOO=Site1, RT=Red,
1. PE does not have Label=XYZ
Import
RT=Red Red routes (previously
filtered out) 3. Neighbors resend
updates and Red RT
is accepted

• VPN policies may change based on VRF

modifications
– New VRFs, removal of VRFs, change of import RTs
• PE router may not have stored routing information,
which becomes useful after a change
• PE router requests a retransmission MP-BGP of
updates from its neighbors
– Route refresh BGP extension
© 2001, Cisco Systems, Inc. MPLS v1.0—B-8
 MPLS VPN Scaling—
Outbound Route Filters
(ORFs)
VPN-IPv4 update:
2. PE issues a ORF RD:Net1, Next-hop=PE-
Import RT=Yellow message to all X
PE neighbors in order not SOO=Site1, RT=Green,
to receive Red routes Label=XYZ
VPN-IPv4 update:
RD:Net1, Next-hop=PE-
Import RT=Green X
SOO=Site1, RT=Red,
Label=XYZ
1. PE does not 3. Neighbors
need Red routes dynamically
configure the
outbound filter and
send updates
accordingly

• Nonreflecting PE routers will discard updates

with unused RTs.
• To optimize resource utilization, these
updates should not be sent.
• An outbound route filter (ORF) allows a PE
router to tell its neighbors which routes to
filter in outbound BGP updates.

© 2001, Cisco Systems, Inc. MPLS v1.0—B-9

 Summary

After completing this section, you

should be able to perform the
following tasks:
• Understand the MP-BGP scaling issues
• Describe automatic filtering in MP-BGP
• Describe the functions of the BGP Route
Refresh feature
• Describe the Outbound Route Filter
feature and its benefits
© 2001, Cisco Systems, Inc. MPLS v1.0—B-10
 Review Questions

• Describe BGP scaling issues in a MPLS VPN

network
• Describe built-in MP-BGP scalability
mechanisms
• Why does the automatic filtering of inbound
VPNv4 updates increase MPLS VPN
scalability?
• What are the implications of automatic
inbound filtering on BGP route-reflector
design?
• Why do you need route-refresh functionality?
• When would a router send a route-refresh
request to its neighbors?
• What is an outbound route filter (ORF)?
© 2001, Cisco Systems, Inc. MPLS v1.0—B-11
 Partitioned Route
Reflectors

© 2001, Cisco Systems, Inc. MPLS v1.0—B-12

 Objectives

Upon completion of this section,

you will be able to perform the
following tasks:
• Describe the partitioned route reflector
design
• Design MPLS VPN networks using the
partitioned route reflector design
• Implement partitioned route reflectors
in a MPLS VPN network

© 2001, Cisco Systems, Inc. MPLS v1.0—B-13

 Additional MPLS VPN Scaling

MPLS VPN architecture is highly

scalable:
– Architecture supports 100,000+ VPNs,
10,000,000+ sites
No single BGP router can hold all
Internet and VPN routing information
– Additional routing information
segmentation is essential.
– Partitioned route reflectors improve
MPLS VPN scalability.
© 2001, Cisco Systems, Inc. MPLS v1.0—B-14
 Steps to MPLS VPN Route
Reflector Partitioning

Backbones carrying Internet and

VPN routes:
• Deploy dedicated route reflectors for
VPN routes
• Remove Internet routes from PE
routers
Additional steps for large-scale
MPLS VPN backbones:
• Partition VPN routing information
based on RTs or other BGP attributes
© 2001, Cisco Systems, Inc. MPLS v1.0—B-15
 Dedicated VPNv4 Route
Reflectors
• Route reflectors supporting Internet
routes can also reflect VPN routes
– Enables fast deployment of pilot
services
– Does not scale as the number of VPN
customers increases
• Dedicated VPNv4 route reflectors can
be deployed to improve scalability
– PE routers still carry Internet routes
and a subset of VPN routes
– Selectively activate IPv4 and VPNv4
sessions on PE routers
© 2001, Cisco Systems, Inc. MPLS v1.0—B-16
 Dedicated VPNv4 Route
Reflectors

VPN-A VPN-B
VPN-A VPN-A

Route Reflector
Internet PE-A VPN Routes PE-C VPN-B

Route Reflector
VPN-B Internet Routes VPN-A

Internet PE-B PE-D VPN-B

Internet

• Dedicated VPNv4 route reflectors are deployed to

improve scalability.
• Route reflectors for each address family must be
redundant to avoid single point of failure.

© 2001, Cisco Systems, Inc. MPLS v1.0—B-17

 Dedicated VPNv4 Route
Reflectors—Configuration
VPN-A VPN-B
VPN-A VPN-A

Route Reflector
Internet PE-A VPN Routes PE-C VPN-B
router bgp 115
no bgp default ipv4Route-
unicast
VPN-B Reflector VPN-A
neighbor 172.16.1.2 remote-as 115 ! IPv4 RR
Internet routes
neighbor 172.16.1.2 activate
Internet PE-B 172.17.2.3 remote-as 115
neighbor PE-D ! VPN-B RR
VPNv4
Internet
!
address-family vpnv4
neighbor 172.17.2.3 activate
• Disable automatic activation of IPv4 BGP sessions.
• Enable IPv4 or VPNv4 sessions only with proper
route reflectors.

© 2001, Cisco Systems, Inc. MPLS v1.0—B-18

 Removing Internet Routes
from PE Routers

With the growing number of VPN

customers, PE routers cannot carry
full Internet routing together with VPN
routes.
• Remove full Internet routing from PE
routers:
– Deploy additional routers dedicated to
Internet (or VPN) customers or
– Use default Internet routing on PE
routers or
– Put Internet customers in a VPN and use
default VPN route pointing to a global
next hop
© 2001, Cisco Systems, Inc. MPLS v1.0—B-19
 Partitioned VPN Route
Reflectors

With the additional growth of VPN

customers, VPN route reflectors
cannot handle all VPN routes.
• Deploy partitioned VPN route reflectors:
– Partition VPN routes based on RT (for
example, dedicated route reflectors
for large customers) or
– Partition VPN routes based on other
BGP attributes (for example, BGP
community)

© 2001, Cisco Systems, Inc. MPLS v1.0—B-20

 Partitioned VPNv4 Route
Reflectors

VPN-A VPN-B
VPN-A VPN-A

Route Reflector
VPN-C PE-A for VPN-A and VPN-B PE-C VPN-B

Route Reflector
VPN-B for VPN-C VPN-C

VPN-C PE-B PE-D

VPN-C

• No BGP router needs to store all VPN

information.
• (Optional) PE routers will peer with route
reflectors according to the VPNs that are
connected to the PE routers.
© 2001, Cisco Systems, Inc. MPLS v1.0—B-21
 Partitioned Route Reflector
Implementation Options
• Partitioned route reflector design
requires additional BGP filters:
– Outbound filters on PE routers or
– Inbound filters on route reflectors
• Three different implementation
options:
– Route map-based filter matching on an
RT-extended community
– Route map-based filter matching on
standard communities
– Inbound RT filter with bgp rr-group
command
© 2001, Cisco Systems, Inc. MPLS v1.0—B-22
 BGP Route Reflector Group

router(config-router)#
bgp rr-group extcommunity-access-list
• Configures an RT-based inbound filter on a route
reflector
• Easier to configure than an inbound route map
• Can be transformed into an outbound filter at other
PE routers through ORF functionality

© 2001, Cisco Systems, Inc. MPLS v1.0—B-23

 Partitioned Route Reflector
Inbound Versus Outbound
Filters
• Outbound filters reduce bandwidth usage and
CPU utilization on route reflectors:
– Require manual configuration on all PE
routers
– Require constant maintenance on PE
routers
• Inbound filters on route reflectors reduce
maintenance costs:
– Increase CPU utilization on route reflectors
• bgp rr-group filter is an optimal solution:
– Filter maintenance performed on route
reflector
© 2001, Cisco Systems, Inc. MPLS v1.0—B-24
 Partitioned Route Reflectors
with Standard Communities
• Outbound filters (PE ➜ Route Reflector)
– Each PE may color the route with a standard
community
– Each PE performs outbound filtering based
on standard BGP communities
• Inbound filters (PE ➜ Route Reflector)
– Route reflector might perform inbound
filtering based on standard communities
• Inbound filters (Route Reflector ➜ PE)
– Each PE might peer only with selected route
reflectors according to the routes it has to
receive
– Filtering of inbound updates is automatic
© 2001, Cisco Systems, Inc. MPLS v1.0—B-25
 Partitioned Route Reflectors
with Standard Communities
VPN-IPv4 update:
RD:Net1, Next-hop=PE-
X
SOO=Site1, RT=100:1,
Label=XYZ
StdComm=100:1
Import RT=Yellow

VRFs for VPNs PE

yellow
green

Import RT=Green
VPN-IPv4 update:
RD:Net1, Next-hop=PE-
X
SOO=Site1, RT=100:2,
Label=XYZ
StdComm=100:2

• PE sets a standard community

attribute according to the VRF’s
membership of the route

© 2001, Cisco Systems, Inc. MPLS v1.0—B-26

 Partitioned Route Reflectors
with Standard Communities

VPN-IPv4 update:
RD:Net1, Next- RR-Yellow
hop=PE-X
SOO=Site1, RT=100:1,
Label=XYZ
StdComm=100:1
Import RT=Yellow

PE
BGP routes are sent
to selected RR
according to outbound
filters based on
standard communities
Import RT=Green
VPN-IPv4 update:
RD:Net1, Next-
hop=PE-X RR-Green
SOO=Site1, RT=100:2,
Label=XYZ
StdComm=100:2

• PE advertises routes to route

reflector with outbound filters based
on standard community values

© 2001, Cisco Systems, Inc. MPLS v1.0—B-27

 Summary

• Partitioning of the BGP database is

required in large MPLS VPN backbones
• Partitioning can be done with standard
communities
– More configuration effort, increased
flexibility
• Optimum solution is the bgp rr-group
– Enables partitioning with ORF and route
refresh

© 2001, Cisco Systems, Inc. MPLS v1.0—B-28

 Summary

After completing this section, you

should be able to perform the following
tasks:
• Describe the partitioned route
reflector design
• Design MPLS VPN networks that use
partitioned route reflector design
• Implement partitioned route reflectors
in a MPLS VPN network

© 2001, Cisco Systems, Inc. MPLS v1.0—B-29

 Review Questions

• What is the basic function of partitioned route

reflectors?
• What are the benefits of partitioned route
reflectors?
• Why are partitioned route reflectors needed in
very large MPLS VPN backbones?
• How can you implement partitioned route
reflectors?
• What are the benefits of using bgp rr-group
functionality?
• Why would you choose implementation based
on standard BGP communities?
• Why would you choose bgp rr-group
© 2001, Cisco Systems, Inc. MPLS v1.0—B-30
 Summary

After completing this chapter, you

should be able to perform the
following tasks:
• Understand the MP-BGP scaling issues
in large-scale MPLS VPN backbones
• Describe the built-in scalability
mechanisms
• Design and implement networks using
partitioned BGP route reflectors
© 2001, Cisco Systems, Inc. MPLS v1.0—B-31
© 1999, Cisco Systems, Inc. www.cisco.co Chapter#-32