Multi-AS VPN

In some networking scenarios, multiple sites of a VPN may be connected to multiple ISPs in different ASs, or to multiple ASs of an ISP. Such an application is called multi-AS VPN.
RFC 2547bis presents three inter-provider VPN solutions:

  • VRF-to-VRF: ASBRs manage VPN routes between them through subinterfaces. This solution is also called inter-provider VPN option A.
  •  EBGP advertisement of labeled VPN-IPv4 routes: ASBRs advertise labeled VPN-IPv4 routes to each other through MP-EBGP. This solution is also called inter-provider VPN option B.
  • Multi-hop EBGP advertisement of labeled VPN-IPv4 routes: PEs advertise labeled VPN-IPv4 routes to each other through MP-EBGP. This solution is also called inter-provider VPN option C.

The following describes these three solutions.

I. Inter-provider VPN option A
In this kind of solution, PEs of two ASs are directly connected and each PE is also the ASBR of its AS.
The PEs acting as ASBRs are connected through multiple subinterfaces. Each of them treats the other as a CE of its own and advertises IPv4 routes through conventional EBGP. Within an AS, packets are forwarded using two-level label forwarding as VPN packets. Between ASBRs, conventional IP forwarding is used.
Ideally, each inter-provider VPN has a pair of subinterfaces to exchange VPN routing information.


                           Network diagram for inter-provider VPN option A

This kind of solution is easy to carry out because no special configuration is required on the PEs acting as the ASBRs.
However, it has limited scalability because the PEs acting as the ASBRs have to manage all the VPN routes and create VPN instances on a per-VPN basis. This leads to excessive VPN-IPv4 routes on the PEs. Moreover, the requirement to create a separate subinterface for each VPN also calls for higher performance of the PEs.

II. Inter-provider VPN option B

In this kind of solution, two ASBRs use MP-EBGP to exchange labeled VPN-IPv4 routes that they have obtained from the PEs in their respective ASs.

The routes are advertised through the following steps:-

1) PEs in AS 100 advertise labeled VPN-IPv4 routes to the ASBR PE of AS 100 or the route reflector (RR) for the ASBR PE through MP-IBGP.

2) The ASBR PE advertises labeled VPN-IPv4 routes to the ASBR PE of AS 200 through MP-EBGP.

3) The ASBR PE of AS 200 advertises labeled VPN-IPv4 routes to PEs in AS 200 or to the RR for the PEs through MP-IBGP.
The ASBRs must perform the special processing on the labeled VPN-IPv4 routes, which is also called ASBR extension method.


                            Network diagram for inter-provider VPN option B

In terms of scalability, inter-provider VPN option B is better than option A.
When adopting MP-EBGP method, note that:

  • ASBRs perform no VPN target filtering on VPN-IPv4 routes that they receive from each other. Therefore, the ISPs in different ASs that exchange VPN-IPv4 routes need to agree on the route exchange.
  • VPN-IPv4 routes are exchanged only between VPN peers. A VPN user can exchange VPN-IPv4 routes neither with the public network nor with MP-EBGP peers with whom it has not reached agreement on the route exchange.

    III. Inter-provider VPN option C

      The above two kinds of solutions can satisfy the needs for inter-provider VPNs. However, they require that the ASBRs maintain and advertise VPN-IPv4 routes. When every AS needs to exchange a great amount of VPN routes, the ASBRs may become bottlenecks hindering network extension.
        One way to solve the above problem is to make PEs directly exchange VPN-IPv4 routes without the participation of ASBRs:
        • Two ASBRs advertise labeled IPv4 routes to PEs in their respective ASs through MP-IBGP.
        • The ASBRs neither maintain VPN-IPv4 routes nor advertise VPN-IPv4 routes to each other.
        • An ASBR maintains labeled IPv4 routes of the PEs in the AS and advertises them to the peers in the other ASs. The ASBR of another AS also advertises labeled IPv4 routes. Thus, an LSP is established between the ingress PE and egress PE.
        • Between PEs of different ASs, Multi-hop EBGP connections are established to exchange VPN-IPv4 routes.

                                    Network diagram for inter-provider VPN option C

        • To improve the scalability, you can specify an RR in each AS, making it maintain all VPN-IPv4 routes and exchange VPN-IPv4 routes with PEs in the AS. The RRs in two ASs establish an inter-provider VPNv4 connection to advertise VPN-IPv4 routes,

                                   Network diagram for inter-provider VPN option C using RRs

        No comments:

        Post a Comment

        Subscribe to: Post Comments (Atom)