Friends,

Just a few minutes ago, I got my first MPLS-VPN cloud working on GNS3. Feels good to see
routes propagate from CE to CE router. I have attached a simple diagram below. I do have a
question about configuration but I'll go ahead and describe what I have first.

My topology has 5 routers in order of: CE1->PE1->P->PE2->CE2. They are connected

physically in a line as described. I have IPv4 addresses configured on all devices. The Provider
devices have EIGRP, MBGP and MPLS configured. The CE routers peer with the vrf-interfaces
on the PE routers via BGP. The provider's AS is 10000. One side of the customer has AS 10001
and the other side has AS 10002. I know eventually I can go on to configure both sides as the
same customer AS number but one thing at a time. I created loopbacks to simulate customer
routers on each CE device and MBGP properly delivers those routes and can be both verified and
pinged from the opposite CE router.

Regarding my question...I have provided two sections of the PE1 and PE2 configuration.

PE1

ip vrf CustA

rd 10000:1

route-target export 1:1

route-target import 1:1

router bgp 10000

no synchronization
bgp log-neighbor-changes
neighbor 1.1.1.3 remote-as 10000
neighbor 1.1.1.3 update-source Loopback0
no auto-summary
!
address-family vpnv4
  neighbor 1.1.1.3 activate
  neighbor 1.1.1.3 send-community both
exit-address-family
!
address-family ipv4 vrf CustA
  redistribute connected
  neighbor 192.168.1.1 remote-as 10001
  neighbor 192.168.1.1 activate
  no synchronization
exit-address-family
PE2
!
ip vrf CustA
rd 10000:1
route-target export 1:1
route-target import 1:1
!
router bgp 10000
no synchronization
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 10000
neighbor 1.1.1.1 update-source Loopback0
no auto-summary
!
address-family vpnv4
  neighbor 1.1.1.1 activate
  neighbor 1.1.1.1 send-community both
exit-address-family
!
address-family ipv4 vrf CustA
  redistribute connected
  neighbor 192.168.2.2 remote-as 10002
  neighbor 192.168.2.2 activate
  no synchronization
exit-address-family
!
Okay, what is the point of the red configuration? These commands seem redundant as the default
IP routing/BGP process already has this information and peering is setup. This doesn't seem to
have any specific VPN relationship to VRF CustA. Can anyone elaborate on this?
Thanks,
Mike
Attachments:

 mpls vpn.JPG (13.1 K)

Correct Answer by toor  on Sep 27, 2010 9:05 AM

Hi Michael,

When BGP routers open session they don't tell neighbor that they are VPNv4 capable by default.
neighbor activate command tells routers to include VPNv4 capabilities in the OPEN message to
the neighbor.

BTW you need neighbor send-community both only if you are intended to send standard
communities to the peer. Extended communities are sent by default for VPNv4 AF.

HTH,

Toor

See the answer in context

Okay, I rebuilt the same topology as follows:

CE1 - configured with BGP AS 10001

PE1 - configured with BGP AS 10000, MPLS, EIGRP 1, VRF CustA

RR1 - configured with BGP AS 10000, MPLS, EIGRP 1 and route reflector for PE1 and PE2.

RR2 - configured with BGP AS 10000, MPLS, EIGRP 1 and route reflector for PE1 and PE2.

PE2 - configured with BGP AS 10000, MPLS, EIGRP 1, VRF CustA

CE1 - configured with BGP AS 10002

All networks are ping-able across the MPLS cloud.

 

Configuration for PE1:

router bgp 10000

no synchronization

bgp log-neighbor-changes

neighbor 2.2.2.2 remote-as 10000

neighbor 2.2.2.2 update-source Loopback0

neighbor 3.3.3.3 remote-as 10000

neighbor 3.3.3.3 update-source Loopback0

no auto-summary

address-family vpnv4

  neighbor 2.2.2.2 activate

  neighbor 2.2.2.2 send-community extended

  neighbor 3.3.3.3 activate

  neighbor 3.3.3.3 send-community extended

exit-address-family

address-family ipv4 vrf CustA

  redistribute connected

  neighbor 192.168.1.2 remote-as 10001

  neighbor 192.168.1.2 activate

  no synchronization

exit-address-family

Configuration for RR1:

router bgp 10000
no synchronization
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 10000
neighbor 1.1.1.1 update-source Loopback0
neighbor 1.1.1.1 route-reflector-client
neighbor 4.4.4.4 remote-as 10000
neighbor 4.4.4.4 update-source Loopback0
neighbor 4.4.4.4 route-reflector-client
no auto-summary
!
address-family vpnv4
  neighbor 1.1.1.1 activate
  neighbor 1.1.1.1 send-community extended
  neighbor 1.1.1.1 route-reflector-client
  neighbor 4.4.4.4 activate
  neighbor 4.4.4.4 send-community extended
  neighbor 4.4.4.4 route-reflector-client
exit-address-family

Configuration for PE2:

router bgp 10000

no synchronization

bgp log-neighbor-changes

neighbor 2.2.2.2 remote-as 10000

neighbor 2.2.2.2 update-source Loopback0

neighbor 3.3.3.3 remote-as 10000

neighbor 3.3.3.3 update-source Loopback0

no auto-summary
!

address-family vpnv4

  neighbor 2.2.2.2 activate

  neighbor 2.2.2.2 send-community extended

  neighbor 3.3.3.3 activate

  neighbor 3.3.3.3 send-community extended

exit-address-family

address-family ipv4 vrf CustA

  redistribute connected

  neighbor 192.168.2.2 remote-as 10002

  neighbor 192.168.2.2 activate

  no synchronization

exit-address-family

I did not add any ip extcommunity-list or bgp rr-group commands and it worked the same as
before when I added them. Since, I only had one customer vpn and therefore one rd and rt, yy
previous ip extcommunity-list command included just rt 1:1. Does this command filter particular
route-targets so you can load balance route-targets per route reflector? Also, this time I did not
type 'neighbor #.#.#.# send-community both" command so it auto added the command with the
extended keyword which may be normal.
Mike

Yes, bgp rr-group balances load on RRs. But there is no redundancy. So if you use that you need
to have several RRs in each group.

Regards,

 
Toor