Thursday, May 31, 2012

Configuring MPLS VPN - Easiest L3VPN Ever

When I used to hear the term MPLS, it would strike fear through my heart. Why? Natural reaction of humans is to fear the unknown or dislike the unknown. In this blogtorial, I will attempt to simplify MPLS as much as possible. And hopefully after going through this blogtorial you'll feel much more comfortable with MPLS and how to configure it.

I will present a brief overview of the router roles involved in MPLS and create a checklist for 'How to configure MPLS L3VPN'. I have browsed various articles and read numerous books on MPLS and none of which gave me what I was looking for -- a basic checklist that went step by step and configured MPLS. Most of them jumped around and wasn't organized in any fashion I liked. So I created my own and I hope you find it as useful as I did. 

Consider this topology and let's get started. 

This will be the checklist for the rest of the blogtorial. 
  1. Brief overview on Provider, Provider Edge, and Customer Edge router roles.
  2. Basic interface configurations on all the routers including IP address and descriptions.
  3. IGP (OSPF) in the SP core (P, PE) routers
  4. Enable MPLS and get interfaces configured for MPLS
  5. VRF creation on the PE for customers
  6. Configure interfaces for the VRFs on the PE
  7. OSPF VRF for customers
    • Redistribute BGP into VRF OSPF on the PE
  8. Configure CE OSPF
  9. PE to PE MP-BGP (Multiprotocol BGP) session - VPNv4 and VRF address-family
    • Redistribute VRF OSPF into BGP on the PE 
  10. Verify everything
  11. Conclusion
Now with this checklist, let's get started. 

Brief overview on Provider, Provider Edge, and Customer Edge router roles.
    • P Router - Stands for Provider router. A LSR (Label Switch Router) which typically just runs MPLS, and IGP. Completely transparent to the CE routes, does not usually connect directly to CE routers (remember there is an exception to everything :-*) and is considered part of the SP Core infrastructure. 
    • PE Router - Stands for Provider Edge Router. A LSR (Label Switch Router) which typically runs MPLS, IGP, and MP-BGP. It usually connects directly to CE routers, and is aware of the customer routes and typically is the edge of the VPN. 
    • CE Router - Stands for Customer Edge Router. This is not a LSR (Label Switch Router) and is completely unaware of MPLS. It is usually deployed at the customer site and runs customer services.   
Basic interface configurations on all the routers including IP address and descriptions.


R7 and R3 Provider (P) Routers
R2 and R4 Provider Edge (PE) Routers
R6 and R5 Customer Edge (CE) Routers
IGP (OSPF) in the SP core (P, PE) routers

OSPF on P Routers
OSPF on PE Routers
Enable MPLS and get interfaces configured for MPLS.
  • Notice the LDP neighbor relationship is forming soon as you configure the interface for MPLS. Note: LDP router-id must be reachable or else LDP neighbor relationship will not form. 
R7 P Router
R3 P Router
R2 and R4 PE Routers
VRF creation on the PE for customers
  • RD - Stands for Route Distinguisher. It helps BGP with carrying duplicate prefixes. It is a 64bit ID. 
  • RT - Stands for Route Target. It helps the PE place the routes in the proper VRF tables. 
  • RD and RT theory can get very complex and is outside the scope of this blogtorial. Please read docs if you are still interested. 

Configure interfaces for the VRFs on the PE

When you enable 'ip vrf forward <VRF>', if there are any IP addresses on that interface it will be removed so watch out!


OSPF VRF for customers
This is a completely separate instance of OSPF and has nothing to do with OSPF process id 1.


Configure CE OSPF


PE to PE MP-BGP (Multiprotocol BGP) session - VPNv4 and VRF address-family
  • First basic BGP configuration with loopback as the update-source.
  • Next get the vpnv4 address-family configured and send the community since BGP uses communities to exchange RD (Route Distinguisher) information.
  • Finally get vrf address-family configured with redistribution of the VRF OSPF learned routes.   

Verify everything
  • First let's see if we can ping the loopback on R6 and R5. 
    • Note that you are able to see the PE routers and P routers and everything in the middle during a traceroute. Well there is something called 'MPLS TTL Propogation' which I will post about later. Most ISPs will disable 'mpls ttl propogation'. 
  • Next let's check out the BGP tables on the PE routers.
    • As you can see all the routes are propagated and placed in the proper VRF. The main routing table has no knowledge of these routes. 
  • Few commands to verify the MPLS forwarding-table and the LDP neighbor relationship.
    • Labels are outside the scope of this blogtorial. However keep in mind that labels are exchanged using LDP, local labels which the router locally assigns to a prefix and advertises to other LDP neighbors and remote labels which are labels learned from other LDP neighbors. 

Conclusion

MPLS is a fairly complex and an advanced subject. I wish I could have gone more indepth about how labels are distributed and the theory behind local labels, remote labels, bindings, troubleshooting etc. However, I wanted to keep this blogtorial as easy as possible so you can get a topology up and running in little or no time. I hope that this blogtorial has shed some light on MPLS concepts, and configuration.

Please be sure to subscribe, leave comments, +1 as it definitely motivates me to write more :).

All the router configurations are posted here and can be downloaded.