Configuring IP-VPN services
IP-VPN services use a combination of MP-BGP and MPLS to distribute IPv4/v6 routing information and provide Layer 3 VPN services.
Each IP-VPN consists of a set of customer end points connected to one or more PE routers. Each associated PE router maintains a separate IP forwarding table for each IP-VPN instance. Additionally, the PE routers exchange the routing information configured or learned from all customer sites via MP-BGP peering. Each route exchanged via the MP-BGP protocol includes a Route Distinguisher (RD), which identifies the IP-VPN association and handles any potential IP address overlap.
Multi-Protocol BGP (MP-BGP) is used to exchange the routes of a particular VPN among the PE routers that are attached to that VPN. This route exchange is done in a way that ensures that routes from different VPNs remain distinct and separate, even if two VPNs have an overlapping address space. When BGP distributes a VPN route it also distributes an MPLS label for that route to identify the advertising IP-VPN instance.
Before a customer data packet travels across the service provider's backbone, it is encapsulated with the MPLS label that corresponds, in the customer's IP-VPN, to the route that best matches the packet's destination address. The MPLS packet is further encapsulated with one or more MPLS labels corresponding to the resolving MPLS path to deliver the packet to the intended egress PE router. The following figure displays an IP-VPN network diagram example.
IP-VPN configuration
The following is an example of an IP-VPN configuration.
--{ * candidate shared default }--[ ]--
A:srl1# info interface ethernet-1/2
interface ethernet-1/2 {
admin-state enable
subinterface 1 {
type routed
admin-state enable
ipv4 {
address 10.30.30.1/24 {
}
}
}
}
A:srl1# info network-instance Base
network-instance Base {
type default
protocols {
bgp {
admin-state enable
autonomous-system 65550
router-id 10.10.10.1
afi-safi l3vpn-ipv4-unicast {
admin-state enable
}
group base-group {
}
neighbor 10.10.10.2 {
peer-group base-group
}
}
}
}
--{ * candidate shared default }--[ ]--
A:srl1# info network-instance ip-vrf-red
network-instance ip-vrf-red {
type ip-vrf
interface ethernet-1/2 {
interface-ref {
interface ethernet-1/2
subinterface 1
}
}
protocols {
bgp-ipvpn {
bgp-instance 1 {
admin-state enable
ecmp 8
mpls {
next-hop-resolution {
allowed-tunnel-types [
ldp
sr-isis
]
}
}
}
}
bgp {
admin-state enable
autonomous-system 65551
router-id 10.10.10.1
afi-safi ipv4-unicast {
admin-state enable
}
group ip-vrf-red-peers {
admin-state enable
afi-safi ipv4-unicast {
}
}
neighbor 10.10.10.3 {
peer-group ip-vrf-red-peers
}
}
}
bgp-vpn {
bgp-instance 1 {
route-distinguisher {}
route-target {}
}
}
}