Configuring Inter-Provider VPN

If the MPLS backbone on which the VPN routes rely spans multiple ASs, you need to configure inter-provider VPN.
There are three inter-provider VPN solutions. You can choose them as required.

Configuration Prerequisites

Before configuring inter-provider VPN, complete these tasks:

• Configuring IGP for the MPLS backbones in each AS to implement IP connectivity of the backbones in the AS
• Configuring basic MPLS capabilities for the MPLS backbones of each AS
• Configuring MPLS LDP for the MPLS backbones so that LDP LSPs can be established
• Configuring basic MPLS L3VPN for each AS

Note:

When configuring basic MPLS L3VPN for each AS, specific configurations may be required on PEs or ASBR-PEs. This depends on the inter-provider VPN solution selected.

Configuring Inter-Provider VPN Option A

Inter-provider VPN option A applies to scenarios where the number of VPNs and that of VPN routes on the PEs are relatively small. It is simple to implement.

To configure inter-provider VPN option A, you only need to:

• Configure basic MPLS L3VPN on each AS.
•  Configure each ASBR, taking the peer ASBR PE as its CE.

In other words, configure VPN instances for PEs and ASBR PEs respectively. The VPN instance for PE is used to allow CEs to access the network, while that for ASBR-PE is used to access its peer ASBR-PE.

(Refer to Configuring Basic MPLS L3VPN.)

Note:

In the inter-provider VPN option A solution, for the same VPN, the VPN targets for the VPN instances of the PEs must match those for the VPN instances of the ASBR-PEs in the same AS. It is not required for PEs in different ASs.

Configuring Inter-Provider VPN Option B

Follow these steps to configure inter-provider VPN option B on ASBR PEs:

In the inter-provider VPN option B solution, the ASBR PEs need to maintain all VPNv4 routing information and advertise the information to peer ASBR PEs. In this case, the ASBR PEs must receive all VPNv4 routing information without performing VPN target filtering.

Note:

In the inter-provider VPN option B solution, for the same VPN, the VPN targets for the VPN instances of the PEs must match those for the VPN instances of the ASBR-PEs in the same AS. This is true for PEs in different ASs.

• Do not change the next hop on an ASBR. With this method, you still need to configure MPLS LDP between ASBRs.
• Change the next hop on an ASBR. With this method, MPLS LDP is not required between ASBRs.

Currently, only the second method is supported. Therefore, MP-EBGP routes will get their next hops changed by default before being redistributed to MP-IBGP. On conventional BGP, however, EBGP routes to be advertised to IBGP do not have their next hops changed by default. If the next hops need to be changed to the local addresses, you can configure the peer { ip-address | group-name } next-hop-local command. For information about the command, refer to BGP Configuration in the IP Routing Volume.

Configuring Inter-Provider VPN Option C

I. Configuring the PEs

You need to establish ordinary IBGP peer relationship between PEs and ASBR PEs in an AS and MP-EBGP peer relationship between PEs of different ASs.

The PEs and ASBR PEs in an AS must be able to exchange labeled IPv4 routes.

Follow these steps to configure a PE for inter-provider VPN option C:

II. Configuring the ASBR PEs

In the inter-provider VPN option C solution, an inter-provider VPN LSP is required, and the routes advertised between the relevant PEs and ASBRs must carry MPLS label information.

An ASBR-PE establishes common IBGP peer relationship with PEs in the same AS, and common EBGP peer relationship with the peer ASBR PE. All of them exchange labeled IPv4 routes.

The public routes carrying MPLS labels are advertised through MP-BGP. According to RFC 3107 “Carrying Label Information in BGP-4”, the label mapping information for a particular route is piggybacked in the same BGP update message that is used to distribute the route itself. This capability is implemented through BGP extended attributes and requires that the BGP peers can handle labeled IPv4 routes.

Follow these steps to configure an ASBR PE for inter-provider VPN option C:

III. Configuring the routing policy

After you configure and apply a routing policy on an ASBR PE, it:

• Assigns MPLS labels to the routes received from the PEs in the same AS before advertising them to the peer ASBR PE.
• Assigns new MPLS labels to the labeled IPv4 routes to be advertised to the PEs in the same AS.

Which IPv4 routes are to be assigned with MPLS labels depends on the routing policy. Only routes that satisfy the criteria are assigned with labels. All the other routes are still common IPv4 routes.

Follow these steps to configure a routing policy for inter-provider VPN option C on an ASBR PE:

Note:

For information about routing policy configuration, refer to Routing Policy Configuration in the IP Routing Volume.