- How it works?
- Separation of customer routing information.
- VRF
- Different customers have different routing tables.
- IGP/BGP run inside the VRF between the customer and SP.
- Exchange of customer’s routing info inside SP.
- MP-BGP through the SP network.
- Traffic is label switched towards BGP next-hops.
- Separation of customer routing information.
- VRF Lite vs. MPLS VPNs
- In VRF Lite all devices in transit path must carry all routes in all VRF tables.
- In MPLS VPNs only PE routers need customer routes
- Accomplished via the following:
- VPNv4 BGP
- Route Distinguisher + Prefix makes VPN routes globally unique.
- MPLS VPN Tag/Label
- P routers only need to know how to reach BGP next-hop.
- BGP free core logic.
- VPNv4 BGP
- High Level
- Establish Label Switched Path (LSP) between PEs.
- IGP and LDP
- Exchange routes with customer.
- PE-CE IGP or BGP
- Exchange customer routes between PEs.
- iBGP and MPLS VPN labels
- Label Switch from PE to PE.
- Data follows the IGP and LDP transport label.
- Establish Label Switched Path (LSP) between PEs.
- Multi-protocol BGP
- How do PE routers exchange VRF info?
- RFC 4364 MPLS IP VPNs
- MP-BGP Defines AFI 1 and SAFI 128 as VPN-IPv4 or VPNv4
- 8 byte Route Distinguisher (RD)
- Unique per VPN or per VPN site.
- ASN:nn or IP-address:nn
- 4 byte IPv4 address
- Unique per VPN
- Implies globally unique routes.
- 8 byte Route Distinguisher (RD)
- VPNv4 includes MPLS VPN label
- How do PE routers exchange VRF info?
- NLRI Format
- VPNv4 NLRI main attributes include…
- 8 byte RD
- Unique per VPN or per VPN site.
- ASN:nn or IP-address:nn
- IPv4 prefix and length
- Unique per VPN because of RD
- Next hop
- MPLS VPN label
- 8 byte RD
- Regular BGP attributes stay the same.
- VPNv4 NLRI main attributes include…
- VPNv4 Routes
- Route Distinguisher used solely to make route unique.
- Allows for overlapping IPv4 addresses between customers.
- New BGP extended community ‘route-target’ used to control what enters/exits VRF table.
- export route-target
- What routes will go from VRF into BGP
- import route-target
- What routes will go from BGP into VRF
- export route-target
- Allows granular control over what sites have what routes.
- Route Distinguisher used solely to make route unique.
- Route Distinguisher vs. Route Target
- Route Distinguisher
- Makes route unique
- Only one RD per VPNv4 route.
- Route Target
- Controls the route’s VPN memberships
- Can be multiple RTs per VPNv4 route.
- Route Distinguisher
- Route Target
- 8 byte field
- RFC 4360
- Format similar to route distinguisher
- ASN:nn or IP-address:nn
- VPNv4 speakers only accept VPNv4 routes with a route-target matching a local VRF
- Some exceptions, eg. route-reflectors.
- VPNv4 routes can have more than one RT
- Allows complex VPN topologies.
- Full mesh
- Hub and spoke
- 8 byte field
- Transport label vs. VPN label
- L3VPN needs at least 2 labels to deliver traffic.
- can be more with applications like MPLS TE, FRR, etc.
- Transport label
- Tells SP core routers which PE traffic is destined for.
- Who is exit point.
- Typically derived from LDP
- Sometimes called IGP label.
- Tells SP core routers which PE traffic is destined for.
- VPN Label
- Tells PE router which CE traffic is destined for.
- Derived from VPNv4 advertisements of PEs.
- In general, VPN label used for final destination/VRF connectivity and Transport label used for label switching through SP core.
- L3VPN needs at least 2 labels to deliver traffic.
mickx009.org 