Inter-AS VPRN Model C
This chapter provides information about virtual private routed network (VPRN) inter-autonomous system (AS) virtual private network (VPN) model C.
Topics in this chapter include:
Applicability
This chapter was initially written for SR OS Release 7.0. The MD-CLI in the current edition corresponds to SR OS Release 22.2.R1. There are no prerequisites for this configuration.
Overview
Introduction
Section 10 of RFC 4364, BGP/MPLS IP Virtual Private Networks (VPNs), describes three potential methods for service providers to interconnect their IP-VPN (Internet Protocol — Virtual Private Network) backbones to provide an end-to-end MPLS-VPN where one or more sites of the VPN are connected to different service provider autonomous systems (ASs). The purpose of this chapter is to describe the configuration and troubleshooting for inter-AS VPN model C.
In this architecture, VPN prefixes are neither held, nor re-advertised by the Autonomous System Border Router – Provider Edge (ASBR-PE) routers, which makes Model C more scalable than Model B (where the only prefixes exchanged between ASs are VPN-IPv4). In Model C, the only MPLS data plane resources consumed in the ASBRs are for infrastructure addresses of PEs and RRs rather than VPN prefixes.
In this example, an export policy is configured to ensure that the nodes advertise their system IP addresses (IPv4 /32 addresses) in labeled BGP to all their BGP peers within the AS. Therefore, the ASBR-PE maintains labeled IPv4 /32 BGP routes to other PE routers within its own AS. These BGP routes are inactive, because for each destination within the AS, an IGP route exists which is preferred to BGP routes. The ASBR redistributes these inactive /32 IPv4 prefixes in external Border Gateway Protocol (EBGP) to the ASBR-PE in other service providers ASs, because advertise-inactive is configured in EBGP. No export policy is required in EBGP.
At the same time, the ASBR programs a label switch for the received and advertised BGP labels. The receiving ASBR advertises the received IP system prefixes to its IBGP peers (in this case, a Route Reflector (RR)) within their AS, and eventually, all PEs in the AS learn the system IP prefixes of the peer AS. However, there is no need to learn the system IP address of the ASBRs in peer ASs, because they do not exchange customer VPN prefixes.
After the system IP addresses have been learned in the peer AS, it is possible for PE routers in different ASs to establish multi-hop Multi Protocol – external Border Gateway Protocol (MP-EBGP) sessions for address family VPN-IPv4 to each other to exchange customer VPN prefixes over those connections. The multihop sessions can be established between the RR in the ASs, but these RRs should not modify the next-hop attribute of the BGP update across the EBGP session.
A three-level label stack is imposed on the ingress PE. The bottom-level label is assigned by the egress PE (advertised in multi-hop MP-EBGP without next-hop override) and is commonly referred to as the VPN-label. The middle label is assigned by the local ASBR-PE and corresponds to the /32 route of the egress PE (in a different AS) using BGP-LBL (RFC 3107, Carrying Label Information in BGP-4). The top level label is the label assigned by the local ASBR-PE /32 loopback address, which is assigned by the IGP next-hop of the ingress PE. This label is referred to as the LDP-LBL.
Inter-AS VPN Model C illustrates this mechanism. The VPN-LBL is assigned by PE-5, the BGP-LBL is assigned by PE-4 and the LDP-LBL is also assigned by PE-4. The BGP-LBL is swapped in both ASBRs. The label stack contains three labels in each AS: VPN-LBL, BGP-LBL, and LDP-LBL) and two labels on the EBGP link between the ASs: VPN-LBL and BGP-LBL.
This configuration that uses advertise-inactive is preferred to a configuration where the BGP routes are not exchanged within their AS and the ASBRs use an export policy with a prefix list for all local system prefixes to be advertised to the peer ASs. The routes for those prefixes are taken from the RTM, where these routes are not known via BGP, but via IS-IS. In that case, IS-IS routes are effectively redistributed into labeled BGP (which most operators do not want) and as a result, the ASBR is not programming a label switch for the BGP label. Furthermore, the label stack is asymmetrical: three labels in the originating AS (VPN-LBL, BGP-LBL, and LDP-LBL) and only two labels in the target AS (VPN-LBL, LDP-LBL), because the local routes are not known via labeled BGP in this scenario. This scenario is not described in this chapter; only the preferred scenario with local labeled BGP routes in each AS is described.
The VPN connectivity is established using Labeled VPN route exchange using MP-EBGP without next-hop override. The PE connectivity is established as follows.
EBGP PE /32 loopback leaking routing exchange using EBGP LBL (RFC 3107) at the ASBR-PE. The /32 PE routes learned from the other AS through the ASBR-PE are further distributed into the local AS using IBGP and optionally through Route Reflectors (RRs). This model uses a three label stack and is referred to as Model C. Resilience for ASBR-PE failures depends on BGP.
Protocol overview shows the protocols used when implementing Inter-AS Model C. Inside each AS, there is an IS-IS adjacency and a link LDP session between each pair of adjacent nodes. As an alternative, OSPF can be used as IGP. There is also an IBGP session between each PE and the RR. The address family is both VPN-IPv4 for the exchange of customer VPN prefixes and Labeled IPv4 for the exchange of labeled IPv4 prefixes. Between the RR and the ASBR, only Labeled IPv4 is required, because the ASBR does not exchange any customer VPN prefixes. When no RR is used, a full mesh of IBGP sessions can be established in each AS.
Between the ASBRs, there is an EBGP session for the exchange of labeled IPv4 prefixes. The ASBRs override the next-hop for those prefixes. Between the RRs in the different ASs, there is a multihop EBGP session for the exchange of VPN-IPv4 customer prefixes. The RRs do not override the next-hop for those prefixes.
The main advantage of this model is that no VPN routes need to be held on the ASBR-PEs and therefore, it scales the best among all the three Inter-AS IP-VPN models. However, leaking /32 PE addresses between service providers raises some security concerns. Therefore, we see Model C typically deployed within a service provider network.
Inter-AS VPN Model C shows the example topology which consists of four SR OS nodes in AS 64496 and four SR OS nodes in AS 64497. There is an AS interconnection between ASBR PE-4 to ASBR PE-8. PE-3 and PE-7 act as RRs for their AS. An IP-VPN is configured in each AS. The initial configuration includes the following:
-
IS-IS or OSPF on all interfaces within each of the ASs.
-
LDP on all interfaces within each of the ASs.
-
MP-IBGP sessions between the PE routers and the RRs in each of the ASs, as shown in the following section.
-
IP-VPN on PE-1 and on PE-5 with identical route targets.
-
A loopback interface in the VRF on PE-1 and PE-5.
Configuration
The first step is to configure an MP-IBGP session between the PEs in both ASs. An export policy is configured to export the system prefixes from the PEs in labeled BGP.
PE-3 and PE-7 act as RR in the ASs. In AS 64496, PE-1 and PE-2 are peered with RR PE-3 for the labeled IPv4 and VPN-IPv4 address families; ASBR PE-4 is peered with RR PE-3 for the labeled IPv4 address family only. In AS 64497, PE-5 and PE-6 are peered with RR PE-7 for the labeled IPv4 and VPN-IPv4 address families; ASBR PE-8 is peered with RR PE-7 for the labeled IPv4 address family only.
Address family label-ipv4 is required to advertise labeled IPv4 routes toward each neighbor PE. Address family vpn-ipv4 is required to advertise IPv4 customer VPN routes within the AS.
The initial BGP configuration for RR PE-3 is as follows:
# on RR PE-3:
configure {
router "Base" {
autonomous-system 64496
bgp {
split-horizon true
group "IBGP" {
peer-as 64496
cluster {
cluster-id 192.0.2.3
}
export {
policy ["export-bgp"]
}
}
neighbor "192.0.2.1" {
advertise-inactive true
group "IBGP"
family {
vpn-ipv4 true
label-ipv4 true
}
}
neighbor "192.0.2.2" {
advertise-inactive true
group "IBGP"
family {
vpn-ipv4 true
label-ipv4 true
}
}
neighbor "192.0.2.4" {
advertise-inactive true
group "IBGP"
family {
label-ipv4 true
}
}
The export policy exports the system IP address and is defined as follows:
# on PE-1, PE-2, PE-3, PE-5, PE-6, PE-7:
configure {
policy-options {
prefix-list "PE-sys" {
prefix 192.0.2.0/28 type longer {
}
}
policy-statement "export-bgp" {
entry 10 {
from {
prefix-list ["PE-sys"]
protocol {
name [direct]
}
}
action {
action-type accept
}
}
}
On the ASBRs in both ASs, EBGP and IBGP need to be configured. The EBGP session is configured with advertise-inactive and is used to redistribute labeled IPv4 routes for the /32 system IP addresses between the ASs, even if those routes are not the most preferred routes within the system for a specific destination.
The configuration for ASBR PE-4 is as follows. The address family label-ipv4 is required to enable the advertising of labeled IPv4 routes. This address family is also required on the RR neighbor to propagate the labeled IPv4 routes toward the other PEs in the AS.
# on ASBR PE-4:
configure {
router "Base" {
autonomous-system 64496
bgp {
split-horizon true
group "EBGP" {
}
group "IBGP" {
peer-as 64496
}
neighbor "192.0.2.3" {
group "IBGP"
family {
label-ipv4 true
}
}
neighbor "192.168.48.2" {
advertise-inactive true
group "EBGP"
peer-as 64497
family {
label-ipv4 true
}
ebgp-default-reject-policy {
import false
export false
}
}
}
On the remaining PE nodes in AS 64496, PE-1 and PE-2, the address families label-ipv4 and vpn-ipv4 must be enabled, as follows:
# on PE-1, PE-2:
configure {
router "Base" {
autonomous-system 64496
bgp {
split-horizon true
group "IBGP" {
peer-as 64496
export {
policy ["export-bgp"]
}
}
neighbor "192.0.2.3" {
group "IBGP"
family {
vpn-ipv4 true
label-ipv4 true
}
}
}
The configuration for the nodes in AS 64497 is similar. The IP addresses can be derived from Inter-AS VPN Model C.
The following command on ASBR PE-4 verifies that the EBGP and IBGP sessions for the labeled IPv4 address family are up:
[/]
A:admin@PE-4# show router bgp summary all
===============================================================================
BGP Summary
===============================================================================
Legend : D - Dynamic Neighbor
===============================================================================
Neighbor
Description
ServiceId AS PktRcvd InQ Up/Down State|Rcv/Act/Sent (Addr Family)
PktSent OutQ
-------------------------------------------------------------------------------
192.0.2.3
Def. Inst 64496 11 0 00h02m36s 3/0/3 (Lbl-IPv4)
9 0
192.168.48.2
Def. Inst 64497 7 0 00h01m40s 3/3/3 (Lbl-IPv4)
8 0
-------------------------------------------------------------------------------
On ASBR PE-4, three inactive labeled IPv4 routes have been received from the IBGP peers and three active labeled IPv4 routes have been received via EBGP, as follows:
[/]
A:admin@PE-4# show router bgp routes label-ipv4
===============================================================================
BGP Router ID:192.0.2.4 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP LABEL-IPV4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
*i 192.0.2.1/32 100 None
192.0.2.1 None 20
No As-Path 524283
*i 192.0.2.2/32 100 None
192.0.2.2 None 10
No As-Path 524283
*i 192.0.2.3/32 100 None
192.0.2.3 None 10
No As-Path 524283
u*>i 192.0.2.5/32 None None
192.168.48.2 None 0
64497 524283
u*>i 192.0.2.6/32 None None
192.168.48.2 None 0
64497 524282
u*>i 192.0.2.7/32 None None
192.168.48.2 None 0
64497 524281
-------------------------------------------------------------------------------
Routes : 6
===============================================================================
The following three routes have been received from EBGP peer PE-8: one for each system IP address in the remote AS, except for the ASBR itself:
[/]
A:admin@PE-4# show router bgp neighbor 192.168.48.2 routes received-routes family label-ipv4
===============================================================================
BGP Router ID:192.0.2.4 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP LABEL-IPV4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 192.0.2.5/32 n/a None
192.168.48.2 None 0
64497 524283
u*>i 192.0.2.6/32 n/a None
192.168.48.2 None 0
64497 524282
u*>i 192.0.2.7/32 n/a None
192.168.48.2 None 0
64497 524281
-------------------------------------------------------------------------------
Routes : 3
===============================================================================
In this example, the IP prefix for PE-8 itself is not included. The prefix of the ASBR need not be advertised in labeled BGP to the remote AS, because ASBRs do not advertise VPN-IPv4 prefixes.
More detailed information about the advertised route from PE-5 can be seen with following command on PE-4:
[/]
A:admin@PE-4# show router bgp routes 192.0.2.5/32 label-ipv4 hunt
===============================================================================
BGP Router ID:192.0.2.4 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP LABEL-IPV4 Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
Network : 192.0.2.5/32
Nexthop : 192.168.48.2
Path Id : None
From : 192.168.48.2
Res. Nexthop : 192.168.48.2
Local Pref. : None Interface Name : int-PE-4-PE-8
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 0
Connector : None
Community : No Community Members
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.8
Fwd Class : None Priority : None
IPv4 Label : 524283
Flags : Used Valid Best IGP In-TTM In-RTM
Route Source : External
AS-Path : 64497
Route Tag : 0
Neighbor-AS : 64497
Orig Validation: NotFound
Source Class : 0 Dest Class : 0
Add Paths Send : Default
RIB Priority : Normal
Last Modified : 00h03m58s
-------------------------------------------------------------------------------
RIB Out Entries
-------------------------------------------------------------------------------
Network : 192.0.2.5/32
Nexthop : 192.0.2.4
Path Id : None
To : 192.0.2.3
Res. Nexthop : n/a
Local Pref. : 100 Interface Name : NotAvailable
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 0
Connector : None
Community : No Community Members
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.3
IPv4 Label : 524283 Label Type : SWAP
Lbl Allocation : NEXT-HOP
Origin : IGP
AS-Path : 64497
Route Tag : 0
Neighbor-AS : 64497
Orig Validation: NotFound
Source Class : 0 Dest Class : 0
-------------------------------------------------------------------------------
Routes : 2
===============================================================================
In the RIB In entries, the received label from PE-8 can be seen (524283). In the RIB Out entries, the locally assigned (Advertised) label for this prefix can be seen (524283). These labels need not match. The ASBR PE-4 swaps BGP labels, according to the following label mapping:
[/]
A:admin@PE-4# show router bgp inter-as-label
===============================================================================
BGP Inter-AS labels
Flags: B - entry has backup, P - entry is promoted
===============================================================================
NextHop Received Advertised Label
Label Label Origin
-------------------------------------------------------------------------------
192.0.2.1 524283 524280 Internal
192.0.2.2 524283 524279 Internal
192.0.2.3 524283 524278 Internal
192.168.48.2 524281 524281 External
192.168.48.2 524282 524282 External
192.168.48.2 524283 524283 External
-------------------------------------------------------------------------------
Total Labels allocated: 6
===============================================================================
The route from PE-1 toward PE-5 uses received label 524283 and advertised label 524283, as indicated on the sixth row in the table. The BGP label in the label stack sent by PE-1 contains BGP label 524283 toward ASBR PE-4, where it is swapped to BGP label 524283 toward ASBR PE-8.
ASBR PE-8 swaps BGP label 524283 to BGP label 524283 toward PE-5, as follows:
[/]
A:admin@PE-8# show router bgp inter-as-label
===============================================================================
BGP Inter-AS labels
Flags: B - entry has backup, P - entry is promoted
===============================================================================
NextHop Received Advertised Label
Label Label Origin
-------------------------------------------------------------------------------
192.0.2.5 524283 524283 Internal
192.0.2.6 524283 524282 Internal
192.0.2.7 524283 524281 Internal
192.168.48.1 524278 524278 External
192.168.48.1 524279 524279 External
192.168.48.1 524280 524280 External
-------------------------------------------------------------------------------
Total Labels allocated: 6
===============================================================================
On ASBR PE-4, the routes toward PE-5, PE-6, and PE-7 in the remote AS have been installed in the route table, as follows:
[/]
A:admin@PE-4# show router route-table
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
192.0.2.1/32 Remote ISIS 00h07m04s 18
192.168.24.1 20
192.0.2.2/32 Remote ISIS 00h07m04s 18
192.168.24.1 10
192.0.2.3/32 Remote ISIS 00h07m04s 18
192.168.34.1 10
192.0.2.4/32 Local Local 00h07m05s 0
system 0
192.0.2.5/32 Remote BGP_LABEL 00h05m08s 170
192.168.48.2 0
192.0.2.6/32 Remote BGP_LABEL 00h05m08s 170
192.168.48.2 0
192.0.2.7/32 Remote BGP_LABEL 00h05m08s 170
192.168.48.2 0
192.168.24.0/30 Local Local 00h07m05s 0
int-PE-4-PE-2 0
192.168.34.0/30 Local Local 00h07m05s 0
int-PE-4-PE-3 0
192.168.48.0/30 Local Local 00h07m05s 0
int-PE-4-PE-8 0
-------------------------------------------------------------------------------
No. of Routes: 10
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The BGP labeled routes for the remote PE system prefixes are further advertised toward all the PEs in the AS (through the RR) and are installed in the routing table on all PEs.
At this point, all PEs in one AS have the /32 system IPs of the remote PEs in their routing table, for example for PE-1:
[/]
A:admin@PE-1# show router route-table
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
192.0.2.1/32 Local Local 00h07m25s 0
system 0
192.0.2.2/32 Remote ISIS 00h07m18s 18
192.168.12.2 10
192.0.2.3/32 Remote ISIS 00h07m12s 18
192.168.13.2 10
192.0.2.4/32 Remote ISIS 00h07m05s 18
192.168.12.2 20
192.0.2.5/32 Remote BGP_LABEL 00h04m42s 170
192.0.2.4 (tunneled) 20
192.0.2.6/32 Remote BGP_LABEL 00h04m42s 170
192.0.2.4 (tunneled) 20
192.0.2.7/32 Remote BGP_LABEL 00h04m42s 170
192.0.2.4 (tunneled) 20
192.168.12.0/30 Local Local 00h07m25s 0
int-PE-1-PE-2 0
192.168.13.0/30 Local Local 00h07m25s 0
int-PE-1-PE-3 0
-------------------------------------------------------------------------------
No. of Routes: 9
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
All PEs in one AS have also received labels for all /32 system IP addresses of the remote PEs. Therefore, an MP-EBGP session can be created between the RRs in the different ASs to exchange VPN-IPv4 routes.
The additional BGP configuration for RR PE-3 is as follows. The configuration for RR PE-7 is similar. The IP addresses can be derived from Protocol overview.
# on RR PE-3:
configure {
router "Base" {
bgp {
group "peer-AS-RR" {
peer-as 64497
local-address 192.0.2.3
family {
vpn-ipv4 true
}
}
neighbor "192.0.2.7" {
group "peer-AS-RR"
multihop 10
vpn-apply-export true
vpn-apply-import true
import {
policy ["import-ebgp-vpn"]
}
export {
policy ["export-ebgp-vpn"]
}
}
}
Policies can be applied on the peering session using the export or import command followed by a policy name, together with the vpn-apply-export or vpn-apply-import command necessary to enforce base BGP instance policy on VPN-IPv4 prefixes.
On the RRs, the MP-EBGP session is up, as follows:
[/]
A:admin@PE-3# show router bgp neighbor 192.0.2.7
===============================================================================
BGP Neighbor
===============================================================================
-------------------------------------------------------------------------------
Peer : 192.0.2.7
Description : (Not Specified)
Group : peer-AS-RR
-------------------------------------------------------------------------------
Peer AS : 64497 Peer Port : 179
Peer Address : 192.0.2.7
Local AS : 64496 Local Port : 51192
Local Address : 192.0.2.3
Peer Type : External Dynamic Peer : No
State : Established Last State : Active
Last Event : recvOpen
Last Error : Unrecognized Error
Local Family : VPN-IPv4
Remote Family : VPN-IPv4
---snip---
The EBGP session between the two RRs is established.
The VPRNs on PE-1 in AS 64496 and PE-5 in AS 64497 are now interconnected. The route table for VPRN 1 shows that the remote PE can be reached via a BGP tunnel, as follows:
[/]
A:admin@PE-1# show router 1 route-table
===============================================================================
Route Table (Service: 1)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.1.1.1/32 Local Local 00h09m51s 0
loopback 0
10.2.2.2/32 Remote BGP VPN 00h00m29s 170
192.0.2.5 (tunneled:BGP) 1000
-------------------------------------------------------------------------------
No. of Routes: 2
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
Packets originating in AS 64496 with a destination in AS 64497 have three labels in AS 64496 (and in AS 64497). Originate a VPRN ping on PE-1 toward the VPRN loopback IP address on PE-5:
[/]
A:admin@PE-1# ping 10.2.2.2 router-instance "VPRN1"
PING 10.2.2.2 56 data bytes
64 bytes from 10.2.2.2: icmp_seq=1 ttl=64 time=5.80ms.
64 bytes from 10.2.2.2: icmp_seq=2 ttl=64 time=5.89ms.
64 bytes from 10.2.2.2: icmp_seq=3 ttl=64 time=6.00ms.
64 bytes from 10.2.2.2: icmp_seq=4 ttl=64 time=6.54ms.
64 bytes from 10.2.2.2: icmp_seq=5 ttl=64 time=6.11ms.
---- 10.2.2.2 PING Statistics ----
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min = 5.80ms, avg = 6.07ms, max = 6.54ms, stddev = 0.257ms
The top label is the LDP label to reach the exit point of the AS (PE-4). This label has value 524284, as can be seen with following command on PE-1:
[/]
A:admin@PE-1# show router ldp bindings active prefixes prefix 192.0.2.4/32
===============================================================================
LDP Bindings (IPv4 LSR ID 192.0.2.1)
(IPv6 LSR ID ::)
===============================================================================
Label Status:
U - Label In Use, N - Label Not In Use, W - Label Withdrawn
WP - Label Withdraw Pending, BU - Alternate For Fast Re-Route
e - Label ELC
FEC Flags:
LF - Lower FEC, UF - Upper FEC, M - Community Mismatch,
BA - ASBR Backup FEC
(S) - Static (M) - Multi-homed Secondary Support
(B) - BGP Next Hop (BU) - Alternate Next-hop for Fast Re-Route
(I) - SR-ISIS Next Hop (O) - SR-OSPF Next Hop
(C) - FEC resolved with class-based-forwarding
===============================================================================
LDP IPv4 Prefix Bindings (Active)
===============================================================================
Prefix Op
IngLbl EgrLbl
EgrNextHop EgrIf/LspId
-------------------------------------------------------------------------------
192.0.2.4/32 Push
-- 524284
192.168.12.2 1/1/1
192.0.2.4/32 Swap
524284 524284
192.168.12.2 1/1/1
-------------------------------------------------------------------------------
No. of IPv4 Prefix Active Bindings: 2
===============================================================================
This LDP label is popped by ASBR PE-4. No LDP label is used between the ASBRs. ASBR PE-8 pushes another LDP label.
To reach a PE in the remote AS, a BGP transport label is required, which is the middle label in the stack. The tunnel table on PE-1 shows a BGP tunnel toward PE-5, as follows:
[/]
A:admin@PE-1# show router tunnel-table
===============================================================================
IPv4 Tunnel Table (Router: Base)
===============================================================================
Destination Owner Encap TunnelId Pref Nexthop Metric
Color
-------------------------------------------------------------------------------
192.0.2.2/32 ldp MPLS 65537 9 192.168.12.2 10
192.0.2.3/32 ldp MPLS 65538 9 192.168.13.2 10
192.0.2.4/32 ldp MPLS 65539 9 192.168.12.2 20
192.0.2.5/32 bgp MPLS 262145 12 192.0.2.4 1000
192.0.2.6/32 bgp MPLS 262146 12 192.0.2.4 1000
192.0.2.7/32 bgp MPLS 262147 12 192.0.2.4 1000
-------------------------------------------------------------------------------
Flags: B = BGP or MPLS backup hop available
L = Loop-Free Alternate (LFA) hop available
E = Inactive best-external BGP route
k = RIB-API or Forwarding Policy backup hop
===============================================================================
The BGP label is assigned by the next hop, in this case by the local ASBR PE-4. This IPv4 label can be seen with following command on PE-1:
[/]
A:admin@PE-1# show router bgp routes 192.0.2.5/32 label-ipv4 hunt
===============================================================================
BGP Router ID:192.0.2.1 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP LABEL-IPV4 Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
Network : 192.0.2.5/32
Nexthop : 192.0.2.4
Path Id : None
From : 192.0.2.3
Res. Nexthop : 192.0.2.4 (LDP)
Local Pref. : 100 Interface Name : NotAvailable
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 20
Connector : None
Community : No Community Members
Cluster : 192.0.2.3
Originator Id : 192.0.2.4 Peer Router Id : 192.0.2.3
Fwd Class : None Priority : None
IPv4 Label : 524283
Flags : Used Valid Best IGP In-TTM In-RTM
Route Source : Internal
AS-Path : 64497
Route Tag : 0
Neighbor-AS : 64497
Orig Validation: NotFound
Source Class : 0 Dest Class : 0
Add Paths Send : Default
RIB Priority : Normal
Last Modified : 00h10m56s
-------------------------------------------------------------------------------
RIB Out Entries
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
This BGP label is swapped by ASBR PE-4 in AS 64496 and by ASBR PE-8 in AS 64497.
The bottom label is the VPN label assigned by the remote PE in the remote AS for the destination network. This VPN label is retrieved on PE-1, as follows:
[/]
A:admin@PE-1# show router bgp routes 10.2.2.2/32 vpn-ipv4 hunt
===============================================================================
BGP Router ID:192.0.2.1 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP VPN-IPv4 Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
Network : 10.2.2.2/32
Nexthop : 192.0.2.5
Route Dist. : 64497:1 VPN Label : 524282
Path Id : None
From : 192.0.2.3
Res. Nexthop : n/a
Local Pref. : 100 Interface Name : NotAvailable
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 0
Connector : None
Community : target:64497:1
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.3
Fwd Class : None Priority : None
Flags : Used Valid Best IGP
Route Source : Internal
AS-Path : 64497
Route Tag : 0
Neighbor-AS : 64497
Orig Validation: N/A
Source Class : 0 Dest Class : 0
Add Paths Send : Default
Last Modified : 00h02m23s
VPRN Imported : 1
-------------------------------------------------------------------------------
RIB Out Entries
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
Conclusion
Inter-AS option C allows the delivery of Layer 3 VPN services to customers who have sites connected in different ASs. This example shows the configuration of inter-AS option C (specific to this feature) together with the associated show output which can be used for verification and troubleshooting.