Professional Documents
Culture Documents
VRF, MPLS
and MP-BGP
Fundamentals
Jason Gooley, CCIEx2 (RS, SP) #38759
Technical Solutions Architect
Worldwide Enterprise Networking Sales, Cisco
BRKCRT-2601
#CLMEL
Cisco Webex Teams
Questions?
Use Cisco Webex Teams (formerly Cisco Spark)
to chat with the speaker after the session
How
1 Open the Cisco Events Mobile App
2 Find your desired session in the “Session Scheduler”
3 Click “Join the Discussion”
4 Install Webex Teams or go directly to the team space
5 Enter messages/questions in the team space
cs.co/ciscolivebot#BRKCRT-2601
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Agenda
• Introduction to Virtualisation
• VRF-Lite
• MPLS & BGP Free Core
• Multiprotocol BGP (MP-BGP)
• Conclusion
• Q&A
#CLMEL BRKCRT-2601 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
3 Networks Walk into a…
#CLMEL BRKCRT-2601 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
What is a VRF?
#CLMEL BRKCRT-2601 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Enterprise Network Virtualisation
Key Building Blocks
Si
VRF
VRF
Global
#CLMEL BRKCRT-2601 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Device Partioning
Layer 2 vs. Layer 3 Virtualisation
VRF VRF
VRF
Global
#CLMEL BRKCRT-2601 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Path Isolation
Functional Components
Per VRF:
Device Virtualisation Virtual Routing Table
Virtual Forwarding Table
Control plane Virtualisation
MPLS-VPN 802.1q
#CLMEL BRKCRT-2601 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
VRF-Lite
What is VRF-Lite? Per VRF:
Functional Components Virtual Routing Table
Virtual Forwarding Table
WAN/Campus
VRF VRF
VRF VRF
VRF VRF
A VRF supports it’s own Routing Information Base (RIB) and Forwarding Information Base (FIB)
Leverages “Virtual” encapsulation for separation:
Ethernet/802.1Q, GRE, Frame Relay
Routing protocols are “VRF aware”
RIP/v2, EIGRP, OSPF, BGP, static (per VRF)
Layer 3 interfaces can only belong to a single VRF
#CLMEL BRKCRT-2601 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
VRF-Lite
Things to Remember
VLAN 10
VLAN 20
number of VRFs
VLAN 16
VLAN 15 VLAN 26
VLAN 25
#CLMEL BRKCRT-2601 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
VRF-Lite Per VRF:
Sub-interface Example Virtual Routing Table
Virtual Forwarding Table
Locally Significant
Lo1 R1 R2 Lo1
.1 .2
VLAN 12
VRF-R VRF-R
1.1.1.1 Lo2 VLAN 112 Lo2 2.2.2.2
VRF-E VRF-E
VLAN 212
VRF-O VRF-O
Lo3 .1 .2 Lo3
F0/0.X IGPs:
VLAN X
VRF-R = RIP
VLAN 114
VLAN 214
VLAN 223
VLAN 123
VLAN 14
VLAN 23
10.1.X.0/24
VRF-E = EIGRP
Sub-interface/VLAN/VRF Mapping
VRF-O = OSPF
.4 .3
Lo1 Lo1
VLAN 34
VRF-R VRF-R
4.4.4.4 Lo2 VRF-E
VLAN 134
VRF-E Lo2 3.3.3.3
VLAN 234
VRF-O VRF-O
.4 .3
Lo3 R4 R3 Lo3
#CLMEL BRKCRT-2601 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
VRF-Lite Sub-interface Configuration
Command Line Interface (CLI) Review
ip vrf VRF-R
rd 1:1
interface FastEthernet0/0.12
ip vrf forwarding VRF-R
interface Loopback1
ip vrf forwarding VRF-R
ip vrf VRF-E
rd 2:2
interface FastEthernet0/0.112
ip vrf forwarding VRF-E
VRF
interface Loopback2
ip vrf forwarding VRF-E VRF
ip vrf VRF-O VRF
rd 3:3
interface FastEthernet0/0.212
ip vrf forwarding VRF-O
interface Loopback3
ip vrf forwarding VRF-O
#CLMEL BRKCRT-2601 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
VRF-Lite Sub-interface Configuration
Command Line Interface (CLI) Review – VRF Definition Example
vrf definition VRF-R
rd 1:1
address-family ipv4
interface FastEthernet0/0.12
vrf forwarding VRF-R
interface Loopback1
vrf forwarding VRF-R
interface Loopback3
vrf forwarding VRF-O
#CLMEL BRKCRT-2601 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Multiprotocol VRF Conversion Configuration
Command Line Interface (CLI) Review
vrf upgrade-cli multi-af-mode {common-policies
| non-common-policies} [vrf vrf-name]
#CLMEL BRKCRT-2601 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
VRF Aware RIP Configuration
Command Line Interface (CLI) Review
Leverage what you already know!
router rip
version 2
network 1.0.0.0
network 10.0.0.0
no auto-summary
router rip
!
address-family ipv4 vrf VRF-R
network 1.0.0.0
network 10.0.0.0
no auto-summary
version 2
exit-address-family
VRF
RIP leverages address-family ipv4 vrf ______
#CLMEL BRKCRT-2601 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
VRF Aware EIGRP Configuration
Command Line Interface (CLI) Review
Leverage what you already know!
router eigrp 10
network 1.1.1.1 0.0.0.0
network 10.1.112.0 0.0.0.255
no auto-summary
router eigrp 10 (AS can be the same or different as one of the VRFs!!!)
auto-summary
!
address-family ipv4 vrf VRF-E
network 1.1.1.1 0.0.0.0
network 10.1.112.0 0.0.0.255
no auto-summary
autonomous-system 10
exit-address-family
VRF
EIGRP leverages address-family ipv4 vrf ______
#CLMEL BRKCRT-2601 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
VRF Aware OSPF Configuration
Command Line Interface (CLI) Review
Leverage what you already know!
router ospf 1
log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 1
network 10.1.212.0 0.0.0.255 area 0
VRF
OSPF leverages vrf ______ after the unique
process number
#CLMEL BRKCRT-2601 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Live Exploration
No Sub-interface Support? No Problem!
GRE Example
VRF-Lite can also leverage GRE tunnels
Lo11 R1 R2 as a segmentation technology Lo1
.1 .2
Tunnel 12
Each VRF uses a unique GRE tunnel
VRF-R VRF-R
1.1.1.1 Lo12 Tunnel 112
Lo13 .1 .2 Lo13
Tunnel X
Tunnel 114 10.1.X.0/24
Tunnel 214
Tunnel 223
Tunnel 123
Tunnel 14
Tunnel 23
Tunnel/VRF Mapping
.4 .3
Lo11 Lo11
Tunnel 34
VRF-R VRF-R
4.4.4.4 Lo12 VRF-E
Tunnel 134
VRF-E Lo12 3.3.3.3
Tunnel 234
VRF-O VRF-O
.4 .3
Lo13 R4 R3 Lo13
Configuration Note: Each GRE Tunnel Could Require Unique Source/Destination IP (Platform Dependent)
#CLMEL BRKCRT-2601 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
VRF-Lite Tunnel Configuration
Command Line Interface (CLI) Review
ip vrf VRF-S
Leverage what you already know!
rd 11:11
interface Tunnel12
ip vrf forwarding VRF-S
ip address 10.1.12.1 255.255.255.0
tunnel source Loopback101
tunnel destination 22.22.22.22
ip vrf VRF-S
rd 22:22
VRF
interface Loopback102
ip address 22.22.22.22 255.255.255.255 (Global Routing Table)
interface Tunnel12
ip vrf forwarding VRF-S ip route vrf VRF-S 1.1.1.1 255.255.255.255 10.1.12.1
ip address 10.1.12.2 255.255.255.0
tunnel source Loopback102
tunnel destination 11.11.11.11
#CLMEL BRKCRT-2601 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Layer 2 Serial Link? No Problem?
Back-to-Back Frame Relay Example
VRF-Lite can also leverage Frame Relay
Lo111 R1 R2 Sub-interfaces
Lo1
as a segmentation
.1 .2 technology
Serial1/0.12
1.1.1.1 Lo112
VRF-R
VRF-E
Serial1/0.112
VRF-R
VRF-E
Each VRF uses a unique Frame-Relay
Serial1/0.212
VRF-O VRF-O
sub-interface and DLCI
Lo113 .1 .2 Lo3
Serial1/0.X
Serial1/1.114 Serial1/1.X Frame Relay sub-interface is “VRF aware”
Serial1/1.214
Serial1/1.223
Serial1/1.123
Serial1/1.14
Serial1/1.23
10.1.X.0/24
FR VC/VRF Mapping
.4 .3
Lo111 Lo111
Serial1/0.34
VRF-R VRF-R
4.4.4.4 Lo112 VRF-E
Serial1/0.134
VRF-E Lo112 3.3.3.3
Serial1/0.234
VRF-O VRF-O
.4 .3
Lo113 R4 R3 Lo113
#CLMEL BRKCRT-2601 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
VRF-Lite Back-to-Back Frame Relay Configuration
Command Line Interface (CLI) Review
ip vrf VRF-B
Leverage what you already know!
rd 111:111 router bgp 1
address-family ipv4 vrf VRF-B
interface Serial1/0 neighbor 10.1.12.2 remote-as 2
encapsulation frame-relay neighbor 10.1.12.2 activate
no keepalive no synchronisation
network 1.1.1.1 mask 255.255.255.255
Interface Serial1/0.12 point-to-point exit-address-family
ip vrf forwarding VRF-B
ip address 10.1.12.1 255.255.255.0
frame-relay interface-dlci 201
ip vrf VRF-B
rd 222:222
interface Serial1/0
encapsulation frame-relay VRF
no keepalive
router bgp 2
Interface Serial1/0.12 point-to-point address-family ipv4 vrf VRF-B
ip vrf forwarding VRF-B neighbor 10.1.12.1 remote-as 1
ip address 10.1.12.2 255.255.255.0 neighbor 10.1.12.1 activate
frame-relay interface-dlci 201 no synchronisation
network 2.2.2.2 mask 255.255.255.255
exit-address-family
#CLMEL BRKCRT-2601 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Live Exploration
VRF-Lite
Summary
#CLMEL BRKCRT-2601 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
MPLS & BGP Free Core
What Is MPLS?
Most
Painful
Learn
Study
#CLMEL BRKCRT-2601 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
What Is MPLS?
Multi Multi-Protocol: The ability to carry any payload
#CLMEL BRKCRT-2601 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
MPLS
Component Overview
#CLMEL BRKCRT-2601 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
IP Routing
• IGP vs. BGP
F0/0 PE2
F0/0
PE1 BGP Update:
P You Can Reach 10.2.1.1 Thru Me
You Can Reach 2.2.2.2 Through Me By routing towards 2.2.2.2
#CLMEL BRKCRT-2601 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
MPLS Label Switched Path (LSP) Setup with LDP
• Assignment of Remote Labels
• Local label mappings are sent to Forwarding Table Forwarding Table Forwarding Table
connected nodes In Address Out Out In Address Out Out In Address Out Out
Label Prefix I’faceLabel Label Prefix I’faceLabel Label Prefix I’faceLabel
• Receiving nodes update forwarding table - 2.2.2.2 F0/0 20 20 2.2.2.2 F0/0 30 30 10.2.1.1 F0/0 -
- … … … … … … …
• Out label … … … … … … … … … … … …
Label Distribution
Protocol (LDP) BGP Update:
(Downstream You Can Reach 10.2.1.1 Thru Me
Allocation) By routing towards 2.2.2.2
#CLMEL BRKCRT-2601 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
MPLS Traffic Forwarding with LDP
• Hop-by-hop Traffic Forwarding Using Labels
• Ingress PE node adds labels to packet Forwarding Table Forwarding Table Forwarding Table
(push) In Address Out Out
Label Prefix I’faceLabel
In Address Out Out In Address Out Out
Label Prefix I’faceLabel Label Prefix I’faceLabel
• Via MPLS forwarding table - 2.2.2.2 F0/0 20 20 2.2.2.2 F0/0 30 30 10.2.1.1 F0/0 -
- … … … - … … …
• Transport label … … … … … … … … … … … …
• VPN label (VRF)
F0/0 10.2.1.1
• Downstream P node uses label for F0/0
PE2
VRF
forwarding decision (swap) F0/0
PE1
• Outgoing interface P
10.2.1.1 Data 20 V 2.2.2.2 Data 30 V 2.2.2.2 Data 10.2.1.1 Data
• Out label
• Egress PE removes label and forwards Forwarding based on Label towards BGP
original packet (pop) Next-Hop (Loopback of far end router) BGP Update:
You Can Reach 10.2.1.1 Thru Me
By routing towards 2.2.2.2
#CLMEL BRKCRT-2601 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
BGP Free Core
Component Overview
Site 1
VPNv4 iBGP Relationship Site 2
10.1.1.0/24 10.2.1.0/24
CE1 CE2
P1 P2
PE1 PE2
P3 P4
OSPF Area 0
Redistribute Redistribute
IGP/Static Into BGP IGP/Static Into BGP
End-to-End BGP and redistribution of routes into OSPF core not necessary!
#CLMEL BRKCRT-2601 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Multiprotocol BGP
(MP-BGP)
Multiprotocol BGP (MP-BGP)
Bringing It All Together
10.1.1.0/24 10.2.1.0/24
Site 1 Next-Hop=CE1
VPNv4 iBGP Relationship
Next-Hop=CE2 Site 2
10.1.1.0/24 10.2.1.0/24
CE1 CE2
VRF VRF
10.2.1.0/24 P1 P2 10.1.1.0/24
Next-Hop=PE1 PE1 PE2 Next-Hop=PE2
P3 P4
OSPF Area 0
Redistribute Redistribute
IGP/Static Into BGP IGP/Static Into BGP
VRF A P1 P2 VRF A
PE1 PE2
Cust B Site 1 VRF B VRF B Cust B Site 2
10.1.1.0/24 P3 P4 10.2.1.0/24
CE1 OSPF Area 0 222:1:10.1.1.0/24 CE2
10.1.1.0/24 10.2.1.0/24
222:1:10.2.1.0/24
VPNv4 prefixes are the combination of a 64-bit RD and a 32-bit IPv4 prefix. VPNv4 prefixes are 96-bits in length
#CLMEL BRKCRT-2601 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Why are Route Targets Important?
Use Case VPNv4 iBGP Relationship
VRF A
VRF B
Cust A Site 1 Import 222:1 Cust A Site 2
Import 333:1 Import 111:1
10.1.1.0/24 Export 222:1 10.1.2.0/24
CE1 Import 444:1 CE1
Export 111:1
VRF A P1 P2 VRF B
PE1 PE2
Cust A Site 3 VRF C VRF D Cust A Site 4
10.1.3.0/24 VRF C P3 P4 10.1.4.0/24
CE1 VRF D
Import 111:1 OSPF Area 0 CE1
Import 111:1
Export 333:1
Export 444:1
Route Targets are a 64-bit value and are carried in BGP as an extended community
#CLMEL BRKCRT-2601 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
MPLS VPN and MP-BGP
Command Line Interface (CLI) Review
CE
Customer 1 VRF VRF-1 P P VRF VRF-1
PE PE CE
EIGRP, OSPF, RIPv2, BGP, Static
VPN Backbone IGP
CE P CE
Customer 2 P
VRF VRF-2
VRF VRF-2
VRF Configuration (PE)
! PE Router – Multiple VRFs MP-iBGP – VPNv4
ip vrf VRF-1 MP-iBGP Configuration (PE) Label Exchange
! PE router
rd 65100:10
router bgp 65102
route-target import 65102:10
no bgp default ipv4-unicast
route-target export 65102:10
ip vrf VRF-2 neighbor 2.2.2.2 remote-as 65102
rd 65100:20 !
route-target import 65102:20 address-family vpnv4
route-target export 65102:20 neighbor 2.2.2.2 activate
! neighbor 2.2.2.2 send-community extended
Interface FastEthernet0/1.10 exit-address-family
ip vrf forwarding VRF-1 !
Interface FastEthernet0/1.20 address-family ipv4 vrf VRF-1
ip vrf forwarding VRF-2 redistribute rip
exit-address-family
#CLMEL BRKCRT-2601 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Live Exploration
MPLS VPN Technology Summary
MPLS VPN Connection Model
Global Address Space
CE P P
VPN 2 VRF Green PE
PE
EIGRP, OSPF, RIPv2, BGP, Static
VPN Backbone IGP
VPN 1 P P
VRF Blue
CE
#CLMEL BRKCRT-2601 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Q&A
#CLMEL
Continue
your Cisco
Demos in
Labs Meet The
Expert
Related
sessions
education the World
of
Solutions
#CLMEL © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Complete Your Online Session Evaluation
#CLMEL © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Thank you
#CLMEL
#CLMEL
Live Exploration Diagrams
VRF-Lite Per VRF:
Sub-interface Example Virtual Routing Table
Virtual Forwarding Table
Locally Significant
Lo1 R1 R2 Lo1
.1 .2
VLAN 12
VRF-R VRF-R
1.1.1.1 Lo2 VLAN 112 Lo2 2.2.2.2
VRF-E VRF-E
VLAN 212
VRF-O VRF-O
Lo3 .1 .2 Lo3
F0/0.X IGPs:
VLAN X
VRF-R = RIP
VLAN 114
VLAN 214
VLAN 223
VLAN 123
VLAN 14
VLAN 23
10.1.X.0/24
VRF-E = EIGRP
Sub-interface/VLAN/VRF Mapping
VRF-O = OSPF
.4 .3
Lo1 Lo1
VLAN 34
VRF-R VRF-R
4.4.4.4 Lo2 VRF-E
VLAN 134
VRF-E Lo2 3.3.3.3
VLAN 234
VRF-O VRF-O
.4 .3
Lo3 R4 R3 Lo3
#CLMEL BRKCRT-2601 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
No Sub-interface Support? No Problem!
GRE Example
VRF-Lite can also leverage GRE tunnels
Lo11 R1 R2 as a segmentation technology Lo1
.1 .2
Tunnel 12
Each VRF uses a unique GRE tunnel
VRF-R VRF-R
1.1.1.1 Lo12 Tunnel 112
Lo13 .1 .2 Lo13
Tunnel X
Tunnel 114 10.1.X.0/24
Tunnel 214
Tunnel 223
Tunnel 123
Tunnel 14
Tunnel 23
Tunnel/VRF Mapping
.4 .3
Lo11 Lo11
Tunnel 34
VRF-R VRF-R
4.4.4.4 Lo12 VRF-E
Tunnel 134
VRF-E Lo12 3.3.3.3
Tunnel 234
VRF-O VRF-O
.4 .3
Lo13 R4 R3 Lo13
Configuration Note: Each GRE Tunnel Could Require Unique Source/Destination IP (Platform Dependent)
#CLMEL BRKCRT-2601 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Layer 2 Serial Link? No Problem?
Back-to-Back Frame Relay Example
VRF-Lite can also leverage Frame Relay
Lo111 R1 R2 Sub-interfaces
Lo1
as a segmentation
.1 .2 technology
Serial1/0.12
1.1.1.1 Lo112
VRF-R
VRF-E
Serial1/0.112
VRF-R
VRF-E
Each VRF uses a unique Frame-Relay
Serial1/0.212
VRF-O VRF-O
sub-interface and DLCI
Lo113 .1 .2 Lo3
Serial1/0.X
Serial1/1.114 Serial1/1.X Frame Relay sub-interface is “VRF aware”
Serial1/1.214
Serial1/1.223
Serial1/1.123
Serial1/1.14
Serial1/1.23
10.1.X.0/24
FR VC/VRF Mapping
.4 .3
Lo111 Lo111
Serial1/0.34
VRF-R VRF-R
4.4.4.4 Lo112 VRF-E
Serial1/0.134
VRF-E Lo112 3.3.3.3
Serial1/0.234
VRF-O VRF-O
.4 .3
Lo113 R4 R3 Lo113
#CLMEL BRKCRT-2601 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
Multiprotocol BGP (MP-BGP)
Bringing It All Together
10.1.1.0/24 10.2.1.0/24
Site 1 Next-Hop=CE1
VPNv4 iBGP Relationship
Next-Hop=CE2 Site 2
10.1.1.0/24 10.2.1.0/24
CE1 CE2
VRF VRF
10.2.1.0/24 P1 P2 10.1.1.0/24
Next-Hop=PE1 PE1 PE2 Next-Hop=PE2
P3 P4
OSPF Area 0
Redistribute Redistribute
IGP/Static Into BGP IGP/Static Into BGP
• Implementing Cisco IP Routing v2.0 Professional level instructor led trainings to prepare candidates for the CCNP® Routing & Switching
• Implementing Cisco IP Switched CCNP R&S exams (ROUTE, SWITCH and TSHOOT). Also available in
Networks V2.0 self study eLearning formats with Cisco Learning Labs.
• Troubleshooting and Maintaining
Cisco IP Networks v2.0
Interconnecting Cisco Networking Devices: Builds on ICND1 to provide capabilities needed to configure, implement CCNA® Routing & Switching
Part 2 (or combined) and troubleshoot a small enterprise network. Including: understanding of
Quality of Service (QoS), how virtualised and cloud services interact and
impact enterprise networks, along with an overview of network
programmability and the related controller types and tools that are
available to support software-defined network architectures.
Also available in self study eLearning format with Cisco Learning Lab.
Interconnecting Cisco Networking Devices: Understand layer 2 and layer 3 networking fundamentals needed to CCENT® Routing & Switching
Part 1 install, configure, and provide basic support of small/branch networks.
Covers network device security and IPv6 basics. Also available in self
study eLearning format with Cisco Learning Lab.
#CLMEL BRKCRT-2601 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
#CLMEL