Inter-AS VPN Option-A Configuration
This chapter explain about Inter-AS VPN Option-A. Option A is the simplest of the options to inter-connect the ASBRs Option A has the following characteristics:
• Each customer VRF requires either a physical interface or more likely a subinterface.
• Each ASBR thinks the other is a CE.
• One logical interface per VPN.
• Link may use any supported PE-CE protocol.
• Packets are sent unlabelled between the ASBRs.
• The most secure and easy option to provision.
• Does not scale well to a large number of VPNs.
Topology
InterAS-VPN Option-A
PE1
#configure terminal | Enter configure mode. |
(config)#interface lo | Enter interface mode. |
(config-if)#ip address 2.2.2.2/32 secondary | Assign the IPv4 address. |
(config-if)#exit | Exit interface mode. |
(config)#ip vrf vrf1 | Create a new VRF named vrf1. |
(config-vrf)#rd 1:1 | Assign the route distinguisher (RD) value as 1:1. |
(config-vrf)#route-target both 1:1 | Import routes between route target (RT) ext-communities. |
(config-vrf)#exit | Exit interface mode. |
(config)#interface xe22 | Enter interface mode. |
(config-if)#ip vrf forwarding vrf1 | Bind the interface connected to the CE router with VRF vrf1 |
(config-if)#ip address 10.1.1.2/24 | Assign the IPv4 address. |
(config-if)#exit | Exit interface mode |
(config)#interface xe20 | Enter interface mode |
(config-if)#ip address 11.1.1.2/24 | Assign the IPv4 address. |
(config-if)#exit | Exit interface mode |
(config)#router ospf 1 | Enter router OSPF mode. |
(config-router)#ospf router-id 2.2.2.2 | Configure OSPF router id same as loopback ip address. |
(config-router)#network 2.2.2.2/32 area 0 | Define the network on which OSPF runs and associate area id. |
(config-router)#network 11.1.1.0/24 area 0 | Define the network on which OSPF runs and associate area id. |
(config-router)#exit | Exit OSPF router mode. |
(config)#router ldp | Enter router LDP mode. |
(config-router)#router-id 2.2.2.2 | Configure the router ID same as loopback IP address. |
(config-router)#transport-address ipv4 2.2.2.2 | Configure LDP transport address same as loopback address. |
(config-router)#exit | Exit LDP mode. |
(config)#interface xe20 | Enter interface mode. |
(config-if)#label-switching | Enable label switching in interface. |
(config-if)#enable-ldp ipv4 | Enable LDP in interface. |
(config-if)#exit | Exit interface mode. |
(config)#router bgp 65000 | Enter BGP router mode. |
(config-router)#bgp router-id 2.2.2.2 | Configure BGP router-id. |
(config-router)#neighbor 41.41.41.41 remote-as 65000 | Configure PE2-ASBR1 as an iBGP peer. |
(config-router)#neighbor 41.41.41.41 update-source lo | Update the source as loopback for iBGP peering with the remote PE2 router. |
(config-router)#address-family vpnv4 | Enter VPNv4 address family mode. |
(config-router-af)#neighbor 41.41.41.41 activate | Activate the PE neighbor so that it can accept VPN IPv4 routes. |
(config-router-af)#exit | Exit VPNv4 address family mode. |
(config-router)#address-family ipv4 vrf vrf1 | Enter the IPv4 address family for VRF vrf1. |
(config-router-af)#redistribute connected | Redistribute connected route. |
(config-router-af)#commit | Commit the transaction. |
(config-router-af)#exit | Exit VPNv4 address family mode. |
(config-router)#exit | Exit OSPF router mode. |
(config)#commit | Commit candidate configuration to be running configuration. |
(config)#exit | Exit the config mode. |
P1 Configuration
#configure terminal | Enter configure mode. |
(config)#interface lo | Enter interface mode. |
(config-if)#ip address 31.31.31.31/32 secondary | Assign the IPv4 address. |
(config-if)#exit | Exit interface mode. |
(config)#interface xe21 | Enter interface mode. |
(config-if)#ip address 11.1.1.31/24 | Assign the IPv4 address. |
(config-if)#exit | Exit interface mode. |
(config)#interface xe15 | Enter interface mode. |
(config-if)#ip address 12.1.1.31/24 | Assign the IPv4 address. |
(config-if)#exit | Exit interface mode. |
(config)#router ospf 1 | Enter router OSPF mode. |
(config-router)#ospf router-id 31.31.31.31 | Configure OSPF router ID same as loopback IP address. |
(config-router)#network 31.31.31.31/32 area 0 | Define the network on which OSPF runs and associate area id. |
(config-router)#network 11.1.1.0/24 area 0 | Define the network on which OSPF runs and associate area id. |
(config-router)#network 12.1.1.0/24 area 0 | Define the network on which OSPF runs and associate area id. |
(config-router)#exit | Exit OSPF router mode. |
(config)#router ldp | Enter router LDP mode. |
(config-router)#router-id 31.31.31.31 | Configure the router id same as loopback ip address. |
(config-router)#transport-address ipv4 31.31.31.31 | Configure LDP transport address same as loopback address. |
(config-router)#exit | Exit LDP mode. |
(config)#interface xe21 | Enter interface mode. |
(config-if)#label-switching | Enable label switching in interface. |
(config-if)#enable-ldp ipv4 | Enable LDP in interface. |
(config-router)#exit | Exit interface mode. |
(config)#interface xe15 | Enter interface mode. |
(config-if)#label-switching | Enable label switching in interface. |
(config-if)#enable-ldp ipv4 | Enable LDP in interface. |
(config-if)#commit | Commit the transaction. |
(config-if)#exit | Exit interface mode. |
(config)#commit | Commit candidate configuration to be running configuration. |
(config)#exit | Exit the config mode. |
PE2-ASBR1
#configure terminal | Enter configure mode. |
(config)#interface lo | Enter interface mode. |
(config-if)#ip address 41.41.41.41/32 secondary | Assign the IPv4 address. |
(config-if)#exit | Exit interface mode. |
(config)#ip vrf vrf1 | Create a new VRF named vrf1. |
(config-vrf)#rd 1:1 | Assign the route distinguisher (RD) value as 1:1. |
(config-vrf)#route-target both 1:1 | Import routes between route target (RT) ext-communities. |
(config-vrf)#exit | Exit interface mode. |
(config)#interface xe21 | Enter interface mode. |
(config-if)#ip vrf forwarding vrf1 | Bind the interface connected to the CE router with VRF vrf1. |
(config-if)#ip address 20.1.1.41/24 | Assign the IPv4 address. |
(config-if)#exit | Exit interface mode. |
(config)#interface xe15 | Enter interface mode. |
(config-if)#ip address 12.1.1.41/24 | Assign the IPv4 address. |
(config-if)# | Exit interface mode. |
(config)#router ospf 1 | Enter router OSPF mode. |
(config-router)#ospf router-id 41.41.41.41 | Configure OSPF router ID same as loopback IP address. |
(config-router)#network 41.41.41.41/32 area 0 | Define the network on which OSPF runs and associate area id. |
(config-router)#network 12.1.1.0/24 area 0 | Define the network on which OSPF runs and associate area id. |
(config-router)#exit | Exit OSPF router mode. |
(config)#router ldp | Enter router LDP mode. |
(config-router)#transport-address ipv4 41.41.41.41 | Configure LDP transport address same as loopback address. |
(config-router)#exit | Exit LDP mode. |
(config)#interface xe15 | Enter interface mode. |
(config-if)#label-switching | Enable label switching in interface. |
(config-if)#enable-ldp ipv4 | Enable LDP in interface. |
(config-router)#exit | Exit interface mode. |
(config)#router bgp 65000 | Enter BGP router mode. |
(config-router)#bgp router-id 41.41.41.41 | Configure BGP router-id. |
(config-router)#neighbor 2.2.2.2 remote-as 65000 | Configure PE1 as an iBGP peer. |
(config-router)#neighbor 2.2.2.2 update-source lo | Update the source as loopback for iBGP peering with the remote PE2 router. |
(config-router)#address-family vpnv4 | Enter VPNv4 address family mode. |
(config-router-af)#neighbor 2.2.2.2 activate | Activate the PE neighbor so that it can accept VPN IPv4 routes. |
(config-router-af)#exit | Exit VPNv4 address family mode. |
(config-router)#address-family ipv4 vrf vrf1 | Enter the IPv4 address family for VRF vrf1. |
(config-router-af)#neighbor 20.1.1.3 remote-as 65001 | Configure eBGP neighbor. |
(config-router-af)#redistribute connected | Redistribute connected route. |
(config-router-af)#commit | Commit the transaction. |
(config-router-af)#exit-address-family | Exit address family mode. |
(config-router)#exit | Exit the router mode. |
(config)#commit | Commit candidate configuration to be running configuration. |
(config)#exit | Exit the config mode. |
PE3-ASBR2
#configure terminal | Enter configure mode. |
(config)#interface lo | Enter interface mode. |
(config-if)#ip address 3.3.3.3/32 secondary | Assign the IPv4 address. |
(config-if)#exit | Exit interface mode. |
(config)#ip vrf vrf1 | Create a new VRF named vrf1. |
(config-vrf)#rd 1:1 | Assign the route distinguisher (RD) value as 1:1. |
(config-vrf)#route-target both 1:1 | Import routes between route target (RT) ext-communities. |
(config-vrf)#exit | Exit interface mode. |
(config)#interface xe21 | Enter interface mode. |
(config-if)#ip vrf forwarding vrf1 | Bind the interface connected to the CE router with VRF vrf1. |
(config-if)#ip address 20.1.1.3/24 | Assign the IPv4 address. |
(config-if)#exit | Exit interface mode. |
(config)#interface xe15 | Enter interface mode. |
(config-if)#ip address 21.1.1.3/24 | Assign the IPv4 address. |
(config-if)#exit | Exit interface mode |
(config)#router ospf 1 | Enter router OSPF mode. |
(config-router)#ospf router-id 3.3.3.3 | Configure OSPF router id same as loopback ip address. |
(config-router)#network 3.3.3.3/32 area 0 | Define the network on which OSPF runs and associate area id. |
(config-router)#network 21.1.1.0/24 area 0 | Define the network on which OSPF runs and associate area id. |
(config-router)#exit | Exit OSPF router mode. |
(config)#router ldp | Enter router LDP mode. |
(config-router)#router-id 3.3.3.3 | Configure the router ID same as loopback IP address. |
(config-router)#transport-address ipv4 3.3.3.3 | Configure LDP transport address same as loopback address. |
(config-router)#exit | Exit LDP mode. |
(config)#interface xe15 | Enter interface mode. |
(config-if)#label-switching | Enable label switching in interface. |
(config-if)#enable-ldp ipv4 | Enable LDP in interface. |
(config-router)#exit | Exit interface mode. |
(config)#router rsvp | Enter router RSVP mode. |
(config-router)#rsvp-trunk lsp1 | Create an RSVP trunk lsp1 and enter the Trunk mode. |
(config-trunk)#to 5.5.5.5 | Specify the IPv4 egress (destination point-PE4 loopback address) for the LSP. |
(config-trunk)#exit | Exit interface mode. |
(config)#router bgp 65001 | Enter BGP router mode. |
(config-router)#bgp router-id 3.3.3.3 | Configure BGP router-id. |
(config-router)#neighbor 5.5.5.5 remote-as 65001 | Configure PE4 as an iBGP peer. |
(config-router)#neighbor 5.5.5.5 update-source lo | Update the source as loopback for iBGP peering with the remote PE2 router. |
(config-router)#address-family vpnv4 | Enter VPNv4 address family mode. |
(config-router-af)#neighbor 5.5.5.5 activate | Activate the PE neighbor so that it can accept VPN IPv4 routes. |
(config-router-af)#exit | Exit VPNv4 address family mode. |
(config-router)#address-family ipv4 vrf vrf1 | Enter the IPv4 address family for VRF vrf1. |
(config-router-af)#neighbor 20.1.1.41 remote-as 65000 | Configure eBGP neighbor. |
(config-router-af)#neighbor 20.1.1.41 activate | Activate the eBGP neighbor under address family. |
(config-router-af)#redistribute connected | Redistribute connected route. |
(config-router-af)#commit | Commit the transaction. |
(config-router-af)#exit-address-family | Exit address family mode. |
(config-router)#exit | Exit the router mode. |
(config)#commit | Commit candidate configuration to be running configuration. |
(config)#exit | Exit the config mode. |
P2
#configure terminal | Enter configure mode. |
(config)#interface lo | Enter interface mode. |
(config-if)#ip address 40.40.40.40/32 secondary | Assign the IPv4 address. |
(config-if)#exit | Exit interface mode. |
(config)#interface xe21 | Enter interface mode. |
(config-if)#ip address 21.1.1.40/24 | Assign the IPv4 address. |
(config-if)#exit | Exit interface mode. |
(config)#interface xe15 | Enter interface mode. |
(config-if)#ip address 22.1.1.40/24 | Assign the IPv4 address. |
(config-if)#exit | Exit interface mode. |
(config)#router ospf 1 | Enter router OSPF mode. |
(config-router)#ospf router-id 40.40.40.40 | Configure OSPF router ID same as loopback IP address. |
(config-router)#network 40.40.40.40/32 area 0 | Define the network on which OSPF runs and associate area id. |
(config-router)#network 21.1.1.0/24 area 0 | Define the network on which OSPF runs and associate area id. |
(config-router)#network 22.1.1.0/24 area 0 | Define the network on which OSPF runs and associate area id. |
(config-router)#exit | Exit OSPF router mode |
(config)#router ldp | Enter router LDP mode. |
(config-router)#router-id 40.40.40.40 | Configure the router ID same as loopback IP address. |
(config-router)#transport-address ipv4 40.40.40.40 | Configure LDP transport address same as loopback address. |
(config-router)#exit | Exit LDP mode. |
(config)#interface xe21 | Enter interface mode. |
(config-if)#label-switching | Enable label switching in interface. |
(config-if)#enable-ldp ipv4 | Enable LDP in interface. |
(config-if)#exit | Exit interface mode. |
(config)#interface xe15 | Enter interface mode. |
(config-if)#label-switching | Enable label switching in interface. |
(config-if)#enable-ldp ipv4 | Enable LDP in interface. |
(config-if)#commit | Commit the transaction. |
(config-if)#exit | Exit interface mode. |
(config)#commit | Commit candidate configuration to be running configuration. |
(config)#exit | Exit the config mode. |
PE4
#configure terminal | Enter configure mode. |
(config)#interface lo | Enter interface mode. |
(config-if)#ip address 5.5.5.5/32 secondary | Assign the IPv4 address. |
(config-if)#exit | Exit interface mode. |
(config)#ip vrf vrf1 | Create a new VRF named vrf1. |
(config-vrf)#rd 1:1 | Assign the route distinguisher (RD) value as 1:1. |
(config-vrf)#route-target both 1:1 | Import routes between route target (RT) ext-communities. |
(config-vrf)#exit | Exit VRF mode. |
(config)#interface xe22 | Enter interface mode. |
(config-if)#ip vrf forwarding vrf1 | Bind the interface connected to the CE router with VRF vrf1. |
(config-if)#ip address 30.1.1.5/24 | Assign the IPv4 address. |
(config-if)#exit | Exit interface mode. |
(config)#interface xe15 | Enter interface mode. |
(config-if)#ip address 22.1.1.5/24 | Assign the IPv4 address. |
(config-if)#exit | Exit interface mode. |
(config)#router ospf 1 | Enter router OSPF mode. |
(config-router)#ospf router-id 5.5.5.5 | Configure OSPF router ID same as loopback IP address. |
config-router)#network 5.5.5.5/32 area 0 | Define the network on which OSPF runs and associate area id. |
(config-router)#network 22.1.1.0/24 area 0 | Define the network on which OSPF runs and associate area id. |
(config-router)#exit | Exit router OSPF mode. |
(config)#router ldp | Enter router LDP mode. |
(config-router)#router-id 5.5.5.5 | Configure the router ID same as loopback IP address. |
(config-router)#transport-address ipv4 5.5.5.5 | Configure LDP transport address same as loopback address. |
(config-router)#exit | Exit LDP mode. |
(config)#interface xe15 | Enter interface mode. |
(config-if)#label-switching | Enable label switching in interface. |
(config-if)#enable-ldp ipv4 | Enable LDP in interface. |
(config-if)#exit | Exit interface mode. |
(config)#router bgp 65001 | Enter BGP router mode. |
(config-router)#bgp router-id 5.5.5.5 | Configure BGP router-id. |
(config-router)#neighbor 3.3.3.3 remote-as 65001 | Configure PE2-ASBR1 as an iBGP peer. |
(config-router)#neighbor 3.3.3.3 update-source lo | Update the source as loopback for iBGP peering with the remote PE2 router. |
(config-router)#address-family vpnv4 | Enter VPNv4 address family mode. |
(config-router-af)#neighbor 3.3.3.3 activate | Activate neighbor. |
(config-router-af)#exit | Exit VPNv4 Address Family mode. |
(config-router)#address-family ipv4 vrf vrf1 | Enter IPv4 VRF Address Family mode. |
(config-router-af)#redistribute connected | Redistribute connected route. |
(config-router-af)#commit | Commit the transaction. |
(config-router-af)#exit-address-family | Exit address family mode. |
(config-router)#exit | Exit the router mode |
(config)#commit | Commit candidate configuration to be running configuration. |
(config)#exit | Exit the config mode. |
Validation
PE1
#show ip route vrf vrf1 database
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
> - selected route, * - FIB route, p - stale info
IP Route Table for VRF "vrf1"
C *> 10.1.1.0/24 is directly connected, xe22, 01:05:28
B *> 20.1.1.0/24 [200/0] via 41.41.41.41, 00:01:18
B *> 30.1.1.0/24 [200/0] via 41.41.41.41, 00:00:24
C *> 127.0.0.0/8 is directly connected, lo.vrf1, 01:06:20
Gateway of last resort is not set
#show ip bgp vpnv4 all
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, l - labeled
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (Default for VRF vrf1)
*> l 10.1.1.0/24 0.0.0.0 0 100 32768 ?
*>i 20.1.1.0/24 41.41.41.41 0 100 0 ?
*>i 30.1.1.0/24 41.41.41.41 0 100 0 65001 ?
Announced routes count = 1
Accepted routes count = 2
Route Distinguisher: 1:1
*>i 20.1.1.0/24 41.41.41.41 0 100 0 ?
*>i 30.1.1.0/24 41.41.41.41 0 100 0 65001 ?
Announced routes count = 0
Accepted routes count = 2
PE2-ASBR1
#show ip route vrf vrf1 database
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
> - selected route, * - FIB route, p - stale info
IP Route Table for VRF "vrf1"
C *> 20.1.1.0/24 is directly connected, xe22, 01:05:28
B *> 10.1.1.0/24 [200/0] via 2.2.2.2, 00:01:18
B *> 30.1.1.0/24 [20/0] via 20.1.1.3, xe2, 00:54:13
C *> 127.0.0.0/8 is directly connected, lo.vrf1, 01:06:20
Gateway of last resort is not set
#show ip bgp vpnv4 all
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, l - labeled
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (Default for VRF vrf1)
*>i 10.1.1.0/24 2.2.2.2 0 100 0 ?
*> l 20.1.1.0/24 0.0.0.0 0 100 32768 ?
* 20.1.1.0/24 20.1.1.3 0 100 0 65001 ?
*> l 30.1.1.0/24 20.1.1.3 0 100 0 65001 ?
Announced routes count = 3
Accepted routes count = 1
Route Distinguisher: 1:1
*>i 10.1.1.0/24 2.2.2.2 0 100 0 ?
Announced routes count = 0
Accepted routes count = 1
PE3-ASBR2
#show ip route vrf vrf1 database
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
> - selected route, * - FIB route, p - stale info
IP Route Table for VRF "vrf1"
B *> 10.1.1.0/24 [20/0] via 20.1.1.41, xe22, 00:55:54
C *> 20.1.1.0/24 is directly connected, xe22, 01:05:28
B *> 30.1.1.0/24 [200/0] via 5.5.5.5, 00:01:18
C *> 127.0.0.0/8 is directly connected, lo.vrf1, 01:06:20
Gateway of last resort is not set
#show ip bgp vpnv4 all
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, l - labeled
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (Default for VRF vrf1)
*> l 10.1.1.0/24 20.1.1.41 0 100 0 65000 ?
*> l 20.1.1.0/24 0.0.0.0 0 100 32768 ?
* 20.1.1.0/24 20.1.1.41 0 100 0 65000 ?
*>i 30.1.1.0/24 5.5.5.5 0 100 0 ?
Announced routes count = 3
Accepted routes count = 1
Route Distinguisher: 1:1
*>i 30.1.1.0/24 5.5.5.5 0 100 0 ?
Announced routes count = 0
Accepted routes count = 1
PE4
#show ip route vrf vrf1 database
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
> - selected route, * - FIB route, p - stale info
IP Route Table for VRF "vrf1"
B *> 10.1.1.0/24 [200/0] via 3.3.3.3, 00:00:08
B *> 20.1.1.0/24 [200/0] via 3.3.3.3, 00:02:45
C *> 30.1.1.0/24 is directly connected, xe18, 01:02:20
C *> 127.0.0.0/8 is directly connected, lo.vrf1, 01:05:36
Gateway of last resort is not set
#show ip bgp vpnv4 all
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, l - labeled
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (Default for VRF vrf1)
*>i 10.1.1.0/24 3.3.3.3 0 100 0 65000 ?
*>i 20.1.1.0/24 3.3.3.3 0 100 0 ?
*> l 30.1.1.0/24 0.0.0.0 0 100 32768 ?
Announced routes count = 1
Accepted routes count = 2
Route Distinguisher: 1:1
*>i 10.1.1.0/24 3.3.3.3 0 100 0 65000 ?
*>i 20.1.1.0/24 3.3.3.3 0 100 0 ?
Announced routes count = 0
Accepted routes count = 2