Professional Documents
Culture Documents
Section 8 Basic Services: Do Not Delete This Graphic Elements in Here
Section 8 Basic Services: Do Not Delete This Graphic Elements in Here
85
Section 8
Basic Services
Module 5
VPRN Configuration
TOS36013-0807 Issue 1.0
5620 SAM
5620 SAM (Service Aware Manager) R7.0 Operator
TOS36010 Issue 1.0
Document History
RI-1 PE A PE C CE C
RI-2
CE A IP / MPLS RI-1
Network VPRN Service
RI-2
Red
VPRN Service
PE D Green
RI-1
RI-2
CE D As of R4.0, inter-AS VPRNs are supported.
In Feb. 2006, Internet Draft RFC2547bis was moved to standard status, as RFC 4364.
A Virtual Private Routed Network (VPRN) service allows service providers to use their IP backbone to
provide a Layer 3 VPN service to their customers. VPRNs are also known as BGP/MPLS VPNs because
BGP is used to distribute VPN routing information across the provider's backbone and MPLS is used
to forward VPN traffic from one VPN site to another.
From the customers perspective it looks as if all sites are connected to a routed domain
Service provider can reuse the IP/MPLS infrastructure to offer multiple services
Each VPRN appears like an additional routing instance, routes for a service between the various
PEs are exchanged using MP-BGP
Customer data is encapsulated using MPLS or GRE encapsulation
Each CE router becomes a peer of the PE router that it is directly connected to, not a peer to the
other CE routers. A CE router provides the PE router with route information for the private
customer network. Each associated PE router maintains a separate IP forwarding table for each
VPRN. Additionally, the PE routers exchange the routing information configured or learned from
all customer sites via MP-BGP peering. Each route exchanged via the MP-BGP protocol includes a
Route Distinguisher (RD), which makes the router unique and a Route Target, which identifies the
VPRN association.
MPLS handles the forwarding between the PE routers. This means that the routers in the core of the
network need not know about the routes connecting the private networks. A VPRN service uses a
two-level label stack the ingress PE router pushes both an inner VC label and an outer tunnel
label onto a packet. After reaching the egress PE router via one or more MPLS Label Switched
Paths (LSPs), the PE router pops the MPLS headers and delivers a normal IP packet to the
customer.
Highly scalable:
VPN routing and forwarding (VRF) tables
Total routes
BGP Peerings
IP Interfaces
PE-CE routing supports:
Static Routes
BGP
RIP
OSPF
Statistics, billing and accounting data:
Per IP-VPN (VPRN)
Current routes
Current routes per protocol source (Static, Local, BGP (PE-CE or Network), OSPF
Maximum number of routes (high watermark)
Per IP-VPN Interface:
Packets (In/Out)
Bytes (In/Out)
Errors In/Out
Tunneling Mechanisms:
RSVP-TE
LDP CE
PE PE
GRE
CE
CE
CE Customer 1
VPN
CE
PE
Customer 2
PE
VPN CE
CE
Core Network
CE CE
CE to PE Routing:
BGP
RIP VPN Instance #1 VRF for Customer 1 VPRN
Static VPN Instance #2 VRF for Customer 2 VPRN
OSPF
856 All Rights Reserved Alcatel-Lucent 2009
Basic Services VPRN Configuration
5620 SAM 5620 SAM (Service Aware Manager) R7.0 Operator
In a Virtual Private Routed Network (VPRN) the service provider network distributes its customers routing
information using MP-BGP and forwards their data packets using MPLS or GRE tunnels.
The routers in the service providers network perform one of two possible roles:
Provider (P) routers in the core. These routers simply support the switching of LSPs. They do not have any
knowledge of the existence of the VPRNs.
Provider Edge (PE) routers at the edge of the service providers network. These devices provide the MPLS
signaling and forwarding and partitioned IP routing and forwarding capabilities to partition customer data
flows received from or destined to the various customer sites.
The routers in the customers network which connect to the PEs are known as CE (Customer Edge) devices and
are simple IP routers that forward and receive IP packets and distribute routing information using standard
IP routing protocols or configured static routes and
are VPRN unaware. The architecture of the VPRN service is shown on the above diagram.
Learning
SwitchRoutes from
to notes Local CEs
view!
A PE learns the routes from a CE through static routes or a dynamic routing protocol such as BGP. Locally
reachable IPv4 addresses as well as remote routes learned from other PEs are stored in the appropriate VRF.
Distributing Routes
The PEs establish MP-BGP sessions with each other to distribute the routes they have learned from locally
connected CEs. The PEs maintain one or more VRF for each VPRN it is involved with, depending on the VPN
topology (mesh or hub and spoke, intranet or extranet).
When the destination PE receives a data packet it determines the appropriate VRF to use to forward the
packet onward to the correct CE based on the inner label associated to a given VRF. The inner label is
allocated by the local PE and advertised to the peer PE as part of a VPN-IPv4 route update.
Each PE involved in a given VPRN service must be configured with a tunnel to every other PE participating in
Switch to notes view!
the same VPRN service to transport a customers VPN traffic from one site to another.
The tunnel is created either through the configuration of a SDP or using the auto-bind option when creating a
VPRN service instance. For VPRN services, SDP tunnels can be created using MPLS with RSVP-TE or GRE
encapsulation. The auto-bind method for creating tunnels can be used with LDP or GRE.
If SDP tunnels are used, they must be created prior to the creation of the VPRN services. The configuration of
a SDP includes specifying the far-end PE and the type of encapsulation used, GRE or MPLS with RSVP-TE.
When RSVP-TE signaling is used, the outer LSP tunnels must be explicitly configured in addition to the
creation of the SDPs. When the outer tunnels are created using auto-bind with LDP there is no need to
explicitly configure the LSP tunnels. It is only necessary to enable LDP signaling on the appropriate
interfaces and once the MP-BGP sessions have been established, the LSP is automatically established.
Similarly, outer tunnels created using auto-bind with GRE do not require any preliminary configuration the
VPRN service only needs to be auto-bound to GRE.
When the auto-bind option is used traffic from all VPRN services (configured with the auto-bind option)
traverse the same LSPs. In this case it is not possible to have alternate tunneling mechanisms (like GRE) or
the ability to configure sets of LSP's with bandwidth reservations for specific customers as is available with
explicit SDPs for the service. If LSPs with reserved bandwidth are needed then SDPs with RSVP-TE signaling
should be used for the outer tunnels.
If distinct tunnels per VPRN service are desired, then SDPs with GRE or RSVP-TE signaling should be used so
that VPRN instances can be explicitly bound to specific SDPs.
Outer Label
Each PE in the VPRN connected by a tunnel
Tunnels created by:
Creating an SDP (RSVP-TE or GRE)
Auto-bind (LDP or GRE)
Each PE involved in a given VPRN service must be configured with a tunnel to every other PE participating in
the same VPRN service to transport a customers VPN traffic from one site to another.
The tunnel is created either through the configuration of a SDP or using the auto-bind option when creating a
VPRN service instance. For VPRN services, SDP tunnels can be created using MPLS with RSVP-TE or GRE
encapsulation. The auto-bind method for creating tunnels can be used with LDP or GRE.
If SDP tunnels are used, they must be created prior to the creation of the VPRN services. The configuration of
a SDP includes specifying the far-end PE and the type of encapsulation used, GRE or MPLS with RSVP-TE.
When RSVP-TE signaling is used, the outer LSP tunnels must be explicitly configured in addition to the
creation of the SDPs. When the outer tunnels are created using auto-bind with LDP there is no need to
explicitly configure the LSP tunnels. It is only necessary to enable LDP signaling on the appropriate
interfaces and once the MP-BGP sessions have been established, the LSP is automatically established.
Similarly, outer tunnels created using auto-bind with GRE do not require any preliminary configuration the
VPRN service only needs to be auto-bound to GRE.
When the auto-bind option is used traffic from all VPRN services (configured with the auto-bind option)
traverse the same LSPs. In this case it is not possible to have alternate tunneling mechanisms (like GRE) or
the ability to configure sets of LSP's with bandwidth reservations for specific customers as is available with
explicit SDPs for the service. If LSPs with reserved bandwidth are needed then SDPs with RSVP-TE signaling
should be used for the outer tunnels.
If distinct tunnels per VPRN service are desired, then SDPs with GRE or RSVP-TE signaling should be used so
that VPRN instances can be explicitly bound to specific SDPs.
Static Routes
Switch to notes view!
All routes to be advertised by the CE to other CEs belonging to the VPRN are configured as static routes in the
VPRN service instance.
eBGP Routing
eBGP is configured between the PE and each attached CE belonging to the same VPRN in the VPRN service
instance.
The explicit configuration of the autonomous system number and router-id is optional. If omitted, these
values simply inherit the routers global AS number and router-id. The local address is also an optional
parameter. When it is not specified, it inherits the system IP address when communicating with IBGP peers
and the interface address for directly connected eBGP peers.
If no import route policy is specified, then all BGP routes advertised by the CE are accepted by the PE.
An export policy is needed for the PE to advertise the routes learned from other PE sites in the VPRN instance
via MP-BGP to the CE router via eBGP.
RIP Routing
When RIP is used as the PE-CE routing protocol, a RIP instance must be enabled on the PE router in the router
context. Subsequently RIP can be configured on the PE-CE interface during the configuration of the VPRN
service. RIP is configured between the PE and each attached CE belonging to the same VPN in the VPRN
service
8 5 10instance. All Rights Reserved Alcatel-Lucent 2009
Basic Services VPRN Configuration
By default RIP
5620 SAM 5620 doesAware
SAM (Service notManager)
export routes it has learned to its neighbors. Therefore it is necessary to configure an
R7.0 Operator
export policy to enable MP-BGP routes learned from remote CEs belonging to the VPN, to be redistributed
into RIP and to the local CE.
OSPF Routing
As of R4.0 of the 7X50 routers, OSPF can be used at the PE-CE routing protocol. This provides a way for a
network to continue using a single protocol as it is migrated to an IP-VPN backbone.
OSPF LSA information is not transmitted natively across the IP-VPN. The OSPF routes are imported into MP-
BGP as AS externals. As a result, other OSPF-attached VPRN sites on remote PEs will receive these via type
5 LSA. This process is not automatic and requires the configuration of (existing) Route Policies.
Stub areas, OSPF-TE and sham links are not currently supported.
Configure
Configure BGP
BGP Configure an BGP mesh among participating sites
Create
Create aa
Create a Customer
Customer
Customer
5. Select Protocols
6. Verify that BGP is enabled
The following steps will cover the configuration of an iBGP mesh, which will be used for the
advertisement of VPRN routes from each customers VRFs.
An BGP mesh will be required among all participating sites in the VPRN service.
Configure BGP AS
Select the the Routing view in the tree window
Select each Router in turn where a VPRN site is required
Select the Routing instance-1 and then Properties.
Select the Routing tab, and enter the Autonomous System Number; 100 is used here as an
example.
Leave all other entries as the defaults.
Enable BGP
On the Protocols tab
Check that BGP is enabled; if not, select the BGP Enabled check box, select OK or Apply.
Select the BGP routing instance for your router from the Navigation Tree Routing view, right
click and select Properties.
In the General tab, verify the Site ID is the system interface IP address.
Select the AS properties tab, and verify that the AS number is 100; 100 is used here as an
example.
In the VPN tab, enable Family: VPN-IPV4 and IPv4.
It is essential that you enable the VPN-IPV4 family as this is required to carry VPRN routes. Click
Apply or OK.
Select the Group tab. Select Add. Specify the Name. Click Apply and OK.
Select the AS Properties tab and set the Peer AS to 100. Other parameters will be inherited
from the global configuration. Select OK, OK, Apply and Yes.
Select the Peer tab, and create a BGP peer to one of the PE routers.
Select Add, and enter the system ID for the other router in the Peer Address field.
Under Routing Instance Group: choose Select.
Repeat the steps on the previous two pages for all PE routers in your network.
Your peering relationships will be up when all objects and aggregated alarms have cleared.
Double click on each peer and check that the connection state is Established.
1.Select ManageCustomers
2.Select
Create
3.Define the
Customer
Attributes
Services must be associated with a customer. Though a service may only have one customer, that
customer may have more than one associated to them.
To create a Customer using the 5620 SAM, the network administrator or operator will use the
following sequence:
From the Main Menu, select Manage Customers
In the new window, click on the Create button
Complete the customers details as provided in the configuration window
Click on the OK button.
Description (optional)
To create a service, select the service type and assign the managed devices upon which the
service will terminate, referred to as the Service Sites.
To create a VPRN:
Select Create Service VPRN from the Main Menu
Click the Select button in the Customer block
Select a customer from the list that appears and click the OK button
Complete the remaining parameters, as required. Though optional, providing a service name and
relevant description will enable the network administrator or operator to find the service using the
Search filter.
Click Apply
Click on the Routing tab. This enables us to configure the virtual router instance. Configure the
following properties:
Router id = the system address of the router
AS number = 100
Route Distinguisher Type = Type 0 (use an assigned value as a route distinguisher)
Type 0 Administrative Value = 100
Type 0 Assigned Value = a unique identifier in order to make the network address unique to
this VPRN; 60 is used as an example.
Click on the VRF-Target sub tab and set the VRF route target properties as follows:
VRF Target Type = Define Default
Target Format = AS
Target AS Value = 100
Target Extended Community Value = unique value, which must match each distant end Route
Target Value of the other sites participating in the service in order to allow the population of
network addresses in the VRF; 95 is used as an example.
Click on the Auto-Bind tab and set the Transport to MPLS:LDP. This will enable the use of LDP
signaled LSPs to reach each remote site, rather than SDPs.
Click OK and OK.
1.Choose Select
2.Click OK
3.Click Search
4. Select a Port
5. Click OK
Port Selection
Add a SAP to the interface via the Port tab
In the Port tab, Choose Select in the Terminating Port Region. Click OK.
In the Select Terminating Port window, select Search.
1.Select a port
2.Click OK
Configure the IP
address for a specific
site as shown.
IP Address Assignment
Select the Address tab. Click Add. Configure an address on the interface of the specific router.
Note: Unlike IES, it does not matter if customer address spaces overlap on each VPRN service as
the route distinguisher keeps them unique.
In the IP Address window, type in the IP Address and Prefix Length, and click OK, OK, OK, OK.
Repeat all of the previous steps, starting with assigning a Name and Description for the other
site(s) participating in the service. In this example, the other site is node 146.
Final Steps
In the Components window, select Apply, Yes and then Topology View to view the newly
created VPRN.
?
8 5 33 All Rights Reserved Alcatel-Lucent 2009
Basic Services VPRN Configuration
5620 SAM 5620 SAM (Service Aware Manager) R7.0 Operator
1. What method does a VPRN service use to differentiate overlapping customer address space?
a. Router target
b. Policies
c. Route Distinguisher
d. Filters
1. What method does a VPRN service use to differentiate overlapping customer address space?
Switch to notes view!
a. Router target
b. Policies
c. Route Distinguisher
d. Filters
4. What method
Basic Services is used to exchange routes between PEs?
VPRN Configuration
5620 SAM 5620 SAM (Service Aware Manager) R7.0 Operator
a. OSPF
b. RIP
c. Static
d. MP-BGP