Orhan Ergun No Comments

BGP in MPLS Layer 3 VPN – BGP as a PE-CE Routing Protocol

BGP can be used as a PE-CE routing protocol in MPLS Layer 3 VPN. Also Service Providers run MP-BGP (Multiprotocol BGP) if they have MPLS Layer 3 VPN.

In this article, MP-BGP will not be explained since it has been explained here earlier in detail.

When BGP is used as a PE-CE routing protocol between the customer and its MPLS Layer 3 VPN Provider, it is important to say that there is no need to redistribute on the Service Provider PE. All the other routing protocol require redistribution from MP-BGP into the routing protocol and vice versa.

In this post, I will explained what are the design considerations when BGP is used as PE-CE routing protocol in MPLS Layer 3 VPN and the how you can mitigate possible routing loop problems.

Last but not least, I will share when CE (Customer Equipment) is multihomed to two PEs (Provider Edge Device), what would be the design considerations if BGP is used in MPLS Layer VPN. Read more

Orhan Ergun No Comments

Dual Carrier MPLS VPN Design

For the purpose of high availability, critical locations of company A – a customer of VPN service provider – is connected to two different carriers. However, this connectivity requires an important design consideration.

Read more

Orhan Ergun No Comments

Single Vs. Dual Carrier Design

Companies don’t always have high availability. What’s more, there is always a concern of budget and complexity with the high availability even though a number of factors need to be considered during network design.

If the applications of the company do not require high availability, dual carrier or two links to the same carrier is not necessary.

Multihoming refers to a connection to the two different carriers/service providers even though two routers via two links to the same provider is not considered multihomed.

Read more

Orhan Ergun 15 Comments

What does really MPLS layer 2 VPN mean ?

Couple days before I received an email from one of my readers ( Ahmet Eris )  related with his design. He designed a network infrastructure for his customer and wanted me to take a look as well.

But I realized that Ahmet has some misunderstanding on the usage of MPLS layer 2 VPNs and I thought just briefly mentioning about it can help to my other readers as well. Read more

Orhan Ergun 2 Comments

MPLS Layer 2 and Layer 3 VPN

RFC 2547 defines standard MPLS VPN to carry customer prefixes over the MPLS backbone.

In February 2006 RFC 4364 was published for Inter AS VPNs which is known as Multi AS VPNs. RFC 4364 obsoleted RFC 2547 and  defined many other applications for MPLS VPNs such as CSC which is also known as Carrier Supporting Carrier with the Cisco terminology and Carrier of Carrier with the Juniper definition.

With basic Layer 3 MPLS VPN , Enterprise customers can carry their prefixes from multiple sites over SP backbone . It is multi point to multipoint connection. With the ATOM based MPLS solution which is Cisco’s E-Line solution , customer sites are connected as point to point and with VPLS multipoint to multipoint.

Basic difference with the VPLS and IP/VPN from customer point of view , with VPLS all attached sites share the same L3 network.Service Provider acts as a big switch for the customer. IP/MPLS VPNs use different IP address at each site.

With the IP/VPN also known as BGP or L3 VPN , customer runs IP routing protocol or static route with the Service provider and Customer equipment which is known as CE don’t see other CE as connected like in VPLS or ATOM based MPLS.

Depending on expectations of the customer from the Service Provider , for the MPLS L3/VPN case, customer can run any of the IGP routing protocols including EIGRP, OSPF, IS-IS , BGP or static route. You may want to talk with your Service Provider before you decide since some Service Providers don’t service every routing protocols. Most of them if not all supports BGP.

If customer wants very granular policy control, dual homed site connectivity, and customer network stuff well trained , best choice would be BGP.

In the past fast convergence was an issue with BGP and maybe still with the vanilla BGP configuration, recent enhancements allow BGP to converge super fast thanks to BGP Fast Reroute Mechanism which is BGP PIC.

All IGP protocol’s metric information can be carried over SP MPLS backbone end to end. In this case SP core behaves differently. For OSPF there is Superbackbone and for ISIS there is L3 backbone concepts. This is out of the scope of this post so I will not explain further.But if you want to learn and interested please comment, so I definitely write about them.

One another caveat for PE-CE protocol , for almost all protocol , if customer has backdoor link to another customer site, loop or suboptimal path usage may occur. We prefer generally MPLS link when it is necessary to have low latency , secure , reliable connection compare to Internet based option.

If customer has backup Internet link (Not MPLS but maybe DSL, 3G/LTE, Satellite,Microwave, Cable) and its requirement is low latency , predictable delay variation which is called as jitter , reliable and secure ( Relative ) connection, probably wants to use MPLS connection as primary and Internet connection as a backup although LTE is much cheaper and provides very high bandwidth nowadays and started to take its place as a primary connection on some networks or part of the network such as remote offices.

 

Orhan Ergun 20 Comments

Inter AS Option A Design Considerations and Comparison

Inter AS Option A is the easiest, most flexible, most secure Inter autonomous system MPLS VPN technology.

In the below topology VPN Customers A and B are connected to two different service providers via MPLS Layer 3 VPN. In order to have end to end MPLS VPN service, Service Providers use special mechanisms. In this article, I will explain the most basic one which is Inter-AS Option A, though there are many other things you need to know about Inter-AS Option A.

Our aim is to carry all the customer routes between the service providers.

There are many different ways of handling this case. In this post, I will explain Inter AS Option A MPLS/VPN, also known as VRF-to-VRF approach.

 

 

option a

 

 Figure 1: Inter-AS OptionA

I will use the topology depicted in fig. 1 throughout this post to explain Inter AS Option A operation.

In the above diagram, we have two service providers and the two customers which require Inter-AS MPLS VPN service.

The PE routers that connect the two providers are also known as ASBR (Autonomous System Boundary Router).

Inter AS Option A: an ASBR router in one Autonomous System attaches directly to an ASBR router in another Autonomous System.

The two ASBR routers are attached to multiple sub-interfaces; at least one of the VPNs whose routes need to be passed from one AS to the other AS is attached. In addition, those sub interfaces associate with the VRF table.

For each customer, service providers could use separate physical connection, instead of sub interface. However, doing that would not produce optimal result for resource utilization.

PE routers connected to the CE devices run MP-IBGP, either through full mesh or through RR (route reflector).

 

Inter AS Option A allows ASBR routers to keep all the VRFs for customers who require Inter AS service.

 

SP-A and SP-B ASBR routers maintain VPN forwarding table in LFIB. Furthermore, they keep routing information in RIB and FIB.

Compared to other AS options, ASBRs have high memory usage in Inter AS Option A.

However, other Inter AS VPN options do not have these capabilities.

ASBRs can either run the same routing protocol with the customer on the VRFs or use just EBGP.

For example if the requirement for customer A, is to keep routing information, such as metric end to end, SP-A and SP-B runs  same routing protocol on the ASBRs and the PE devices where the Customer CE device is attached to.

SP-A and SP-B: Inter AS Option A will have to manage redistribution at the ASBRs because the routes appear to the ASBR as BGP route from remote PEs. For customer A, those routes need to be redistributed  from BGP to Customer A PE-CE Routing protocol, and from the Customer A PE-CE routing protocol to BGP.

ASBRs associate each such sub-interface with a VRF.

Inter AS Option A does not require MPLS at the ASBRs unlike the other Inter AS options.

Since we need to have a separate VRF and sub interface for each customer VPN, separate routing protocol, dealing with redistribution for each protocol,  it is operationally cumbersome thus hard to scale.

Among all other Inter AS options since there is only IP routing between the AS, Option A is considered as most secure one.

In addition, it is the easiest option to implement between the AS because Option A does not require another control plane mechanism between service provider ASBRs such as LDP, BGP+label, or BGP-VPNv4.

Between the service providers on ASBRs, either IGP protocols or EBGP is used.

More importantly, other Inter AS Options (Inter AS Option B and Inter AS Option C) require additional control-plane protocols to advertise the customer or infrastructure prefixes between the ASBRs.

Since only IP traffic passes (Not MPLS) between the service providers, most granular QoS implementation is achieved with Option A. (Per sub-interface and IP DSCP vs. MPLS EXP)

For all Inter AS Options, it is very common that customers have to trust to the service provider for data integrity, confidentiality, and availability.

MPLS does not encrypt the packets because if a customer need end-to-end encryption, the user can deploy an IPSEC.

Below Inter AS MPLS VPN Options Comparison Table gives you most comprehensive analysis. In real life and also for the design exams it will be very useful since the comparison are done from the design point of view.

 

Inter-AS MPLS VPN s

Inter AS MPLS VPN Options Comparison

 

Do you use MPLS VPN service? Is it from one provider or multiple providers?

Let’s talk about your design in the comment section.