Service Provider Design Workshop
With many real world examples !
(Online 2 days, 10 hours Workshop !)
Last 10 days for the Service Provider Design Workshop
Companies don’t always have high availability. What’s more, there is always a concern of budget and complexity with the high availability even though a number of factors need to be considered during network design.
If the applications of the company do not require high availability, dual carrier or two links to the same carrier is not necessary.
Multihoming refers to a connection to the two different carriers/service providers even though two routers via two links to the same provider is not considered multihomed.
Inter AS Option A is the easiest, most flexible, most secure Inter autonomous system MPLS VPN technology.
In the below topology VPN Customers A and B are connected to two different service providers via MPLS Layer 3 VPN. In order to have end to end MPLS VPN service, Service Providers use special mechanisms. In this article, I will explain the most basic one which is Inter-AS Option A, though there are many other things you need to know about Inter-AS Option A.
Our aim is to carry all the customer routes between the service providers.
There are many different ways of handling this case. In this post, I will explain Inter AS Option A MPLS/VPN, also known as VRF-to-VRF approach.
Figure 1: Inter-AS OptionA
I will use the topology depicted in fig. 1 throughout this post to explain Inter AS Option A operation.
In the above diagram, we have two service providers and the two customers which require Inter-AS MPLS VPN service.
The PE routers that connect the two providers are also known as ASBR (Autonomous System Boundary Router).
Inter AS Option A: an ASBR router in one Autonomous System attaches directly to an ASBR router in another Autonomous System.
The two ASBR routers are attached to multiple sub-interfaces; at least one of the VPNs whose routes need to be passed from one AS to the other AS is attached. In addition, those sub interfaces associate with the VRF table.
For each customer, service providers could use separate physical connection, instead of sub interface. However, doing that would not produce optimal result for resource utilization.
PE routers connected to the CE devices run MP-IBGP, either through full mesh or through RR (route reflector).
Inter AS Option A allows ASBR routers to keep all the VRFs for customers who require Inter AS service.
SP-A and SP-B ASBR routers maintain VPN forwarding table in LFIB. Furthermore, they keep routing information in RIB and FIB.
Compared to other AS options, ASBRs have high memory usage in Inter AS Option A.
However, other Inter AS VPN options do not have these capabilities.
ASBRs can either run the same routing protocol with the customer on the VRFs or use just EBGP.
For example if the requirement for customer A, is to keep routing information, such as metric end to end, SP-A and SP-B runs same routing protocol on the ASBRs and the PE devices where the Customer CE device is attached to.
SP-A and SP-B: Inter AS Option A will have to manage redistribution at the ASBRs because the routes appear to the ASBR as BGP route from remote PEs. For customer A, those routes need to be redistributed from BGP to Customer A PE-CE Routing protocol, and from the Customer A PE-CE routing protocol to BGP.
ASBRs associate each such sub-interface with a VRF.
Inter AS Option A does not require MPLS at the ASBRs unlike the other Inter AS options.
Since we need to have a separate VRF and sub interface for each customer VPN, separate routing protocol, dealing with redistribution for each protocol, it is operationally cumbersome thus hard to scale.
Among all other Inter AS options since there is only IP routing between the AS, Option A is considered as most secure one.
In addition, it is the easiest option to implement between the AS because Option A does not require another control plane mechanism between service provider ASBRs such as LDP, BGP+label, or BGP-VPNv4.
Between the service providers on ASBRs, either IGP protocols or EBGP is used.
Since only IP traffic passes (Not MPLS) between the service providers, most granular QoS implementation is achieved with Option A. (Per sub-interface and IP DSCP vs. MPLS EXP)
For all Inter AS Options, it is very common that customers have to trust to the service provider for data integrity, confidentiality, and availability.
MPLS does not encrypt the packets because if a customer need end-to-end encryption, the user can deploy an IPSEC.
Below Inter AS MPLS VPN Options Comparison Table gives you most comprehensive analysis. In real life and also for the design exams it will be very useful since the comparison are done from the design point of view.
Inter AS MPLS VPN Options Comparison
Do you use MPLS VPN service? Is it from one provider or multiple providers?
Let’s talk about your design in the comment section.