Use case

In this post we will explain Cisco version of configuration for Inter-AS MPLS Option C that was defined in RFC4364. Albeit rarely implemented, this option is the most scalable one. Typical use case for it is usually an enterprise merger.

Configuration

There are 2 ways to configure Option C. Today we will explain "2 label stack" version. In this type of setup loopback addresses learned via BGP on ASBR are redistributed to IGP and known to every P and PE router inside AS. Thus, only 2 labels are used to transport packet from CE to CE.
In this example, first AS will be comprised of IOS-XE boxes and second AS will be using IOS-XR. PE-CE routing protocol will be BGP and all 4 sites will use their own unique AS numbers to avoid "allow-as in" and "as-override" BGP hacks. Some important specific configuration parameters will be explained in more detail.

CE1

Interface configuration

interface Loopback0
ip address 1.1.1.1 255.255.255.255
interface GigabitEthernet2.12
description PE_CE_LINK
encapsulation dot1Q 12
ip address 10.12.0.1 255.255.255.0

Routing protocol configuration

router bgp 65100
bgp log-neighbor-changes
network 1.1.1.1 mask 255.255.255.255
neighbor 10.12.0.2 remote-as 65001

PE1

Interface configuration

interface Loopback0
ip address 2.2.2.2 255.255.255.255
ip router isis 1
interface GigabitEthernet2.12
encapsulation dot1Q 12
vrf forwarding CUSTOMER_A
ip address 10.12.0.2 255.255.255.0
interface GigabitEthernet2.23
encapsulation dot1Q 23
ip unnumbered Loopback0
ip router isis 1

VRF configuration

vrf definition CUSTOMER_A
rd 2.2.2.2:65001
!
address-family ipv4
route-target export 65001:100
route-target import 65001:100
exit-address-family

Routing protocols configuration

router isis 1
net 49.0000.0000.0002.00
is-type level-2-only
metric-style wide
mpls ldp autoconfig
!
router bgp 65001
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 3.3.3.3 remote-as 65001
neighbor 3.3.3.3 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family vpnv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
exit-address-family
!
address-family ipv4 vrf CUSTOMER_A
neighbor 10.12.0.1 remote-as 65100
neighbor 10.12.0.1 activate
exit-address-family

P1 (RR)

Interface configuration

interface Loopback0
ip address 3.3.3.3 255.255.255.255
ip router isis 1
interface GigabitEthernet2.23
encapsulation dot1Q 23
ip unnumbered Loopback0
ip router isis 1
interface GigabitEthernet2.34
encapsulation dot1Q 34
ip unnumbered Loopback0
ip router isis 1

Routing protocols configuration

router isis 1
net 49.0000.0000.0003.00
is-type level-2-only
metric-style wide
mpls ldp autoconfig
!
router bgp 65001
template peer-policy IBGP
route-reflector-client
send-community extended
exit-peer-policy
!
template peer-session IBGP
remote-as 65001
update-source Loopback0
exit-peer-session
!
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 2.2.2.2 inherit peer-session IBGP
neighbor 4.4.4.4 inherit peer-session IBGP
neighbor 12.12.12.12 remote-as 65002
neighbor 12.12.12.12 ebgp-multihop 5
neighbor 12.12.12.12 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
neighbor 2.2.2.2 inherit peer-policy IBGP
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-community extended
neighbor 4.4.4.4 inherit peer-policy IBGP
neighbor 12.12.12.12 activate
neighbor 12.12.12.12 send-community extended
neighbor 12.12.12.12 next-hop-unchanged
exit-address-family
Hint: eBGP session between route reflectors must preserve next-hop for VPNv4 routes. Otherwise, RR's will be put into data-plane and connectivity will be broken because VPNv4 routes are not programmed into LFIB.

ASBR1

Interface configuration

interface Loopback0
ip address 4.4.4.4 255.255.255.255
ip router isis 1
interface GigabitEthernet2.34
encapsulation dot1Q 34
ip unnumbered Loopback0
ip router isis 1
interface GigabitEthernet2.114
encapsulation dot1Q 114
ip address 192.168.0.4 255.255.255.0
mpls bgp forwarding
Hint: Last command in this output is a result of a macro that is used in IOS-XE when you enable labeled-unicast address family in BGP. Also, very important fact to understand is that IOS-XE automatically adds peer /32 host route to the routing table because otherwise LSP will be broken (this /32 IP is a next hop for all loopbacks advertised via labeled IPv4 unicast eBGP session on ASBR).
ASBR1#show ip cef 13.13.13.13/32
13.13.13.13/32
nexthop 192.168.0.11 GigabitEthernet2.114 label 24001
ASBR1#show ip route 192.168.0.11
Routing entry for 192.168.0.11/32
Known via "connected", distance 0, metric 0 (connected, via interface)
Routing Descriptor Blocks:
* directly connected, via GigabitEthernet2.114
Route metric is 0, traffic share count is 1

Routing protocols configuration

router bgp 65001
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 3.3.3.3 remote-as 65001
neighbor 3.3.3.3 update-source Loopback0
neighbor 192.168.0.11 remote-as 65002
!
address-family ipv4
redistribute isis 1 level-2 route-map ISIS_TO_BGP
neighbor 192.168.0.11 activate
neighbor 192.168.0.11 send-label
exit-address-family
!
address-family vpnv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
exit-address-family

Route-maps and prefix-lists

ip prefix-list LOOPBACKS seq 5 permit 0.0.0.0/0 ge 32
!
route-map ISIS_TO_BGP permit 10
match ip address prefix-list LOOPBACKS
Hint: Of course, in a real life deployment nobody sane would redistribute BGP into IGP without a tight control of what is being redistributed, but for brevity we will omit this part in our configuration.

ASBR2

Interface configuration

interface Loopback0
ipv4 address 11.11.11.11 255.255.255.255
!
interface GigabitEthernet0/0/0/0.114
ipv4 address 192.168.0.11 255.255.255.0
encapsulation dot1q 114
!
interface GigabitEthernet0/0/0/0.1112
ipv4 address 10.11.12.11 255.255.255.0
encapsulation dot1q 1112

Routing protocols configuration

router static
address-family ipv4 unicast
192.168.0.4/32 GigabitEthernet0/0/0/0.114
!
!
Hint: Host route to an eBGP neighbor is not added automatically in IOS-XR, therefore it has to be done manually or label switched path will be broken.
router isis 1
is-type level-2-only
net 00.0000.0000.0011.00
address-family ipv4 unicast
metric-style wide
advertise passive-only
redistribute bgp 65002
mpls ldp auto-config
!
interface Loopback0
passive
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/0.1112
point-to-point
address-family ipv4 unicast
!
!
!
router bgp 65002
address-family ipv4 unicast
redistribute isis 1 route-policy ACCEPT_LOOPBACKS
allocate-label all
!
address-family vpnv4 unicast
!
neighbor 12.12.12.12
remote-as 65002
update-source Loopback0
address-family vpnv4 unicast
!
!
neighbor 192.168.0.4
remote-as 65001
address-family ipv4 labeled-unicast
route-policy ACCEPT_LOOPBACKS in
route-policy ACCEPT_LOOPBACKS out
!
!
!
Hint: Unless told explicitly, BGP process will not allocate labels to IPv4 routes even if labeled IPv4 session was configured.

Routing policy language configuration

prefix-set LOOPBACKS
0.0.0.0/0 eq 32
end-set
!
route-policy ACCEPT_LOOPBACKS
if destination in LOOPBACKS then
done
endif
end-policy
!

P2 (RR)

Interface configuration

interface Loopback0
ipv4 address 12.12.12.12 255.255.255.255
!
interface GigabitEthernet0/0/0/0.1112
ipv4 address 10.11.12.12 255.255.255.0
encapsulation dot1q 1112
!
interface GigabitEthernet0/0/0/0.1213
ipv4 address 10.12.13.12 255.255.255.0
encapsulation dot1q 1213

Routing protocols configuration

router isis 1
is-type level-2-only
net 00.0000.0000.0012.00
log adjacency changes
address-family ipv4 unicast
metric-style wide
advertise passive-only
mpls ldp auto-config
!
interface Loopback0
passive
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/0.1112
point-to-point
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/0.1213
point-to-point
address-family ipv4 unicast
!
!
!
router bgp 65002
address-family vpnv4 unicast
!
neighbor 3.3.3.3
remote-as 65001
ebgp-multihop 5
update-source Loopback0
address-family vpnv4 unicast
route-policy PASS_ALL in
route-policy PASS_ALL out
next-hop-unchanged
!
!
neighbor 11.11.11.11
remote-as 65002
update-source Loopback0
address-family vpnv4 unicast
route-reflector-client
!
!
neighbor 13.13.13.13
remote-as 65002
update-source Loopback0
address-family vpnv4 unicast
route-reflector-client
!
!
!

Routing policy language configuration

route-policy PASS_ALL
done
end-policy

PE2

Interface configuration

interface Loopback0
ipv4 address 13.13.13.13 255.255.255.255
!
interface GigabitEthernet0/0/0/0.1213
ipv4 address 10.12.13.13 255.255.255.0
encapsulation dot1q 1213
!
interface GigabitEthernet0/0/0/0.1314
vrf CUSTOMER_A
ipv4 address 10.13.14.13 255.255.255.0
encapsulation dot1q 1314
!

VRF configuration

vrf CUSTOMER_A
address-family ipv4 unicast
import route-target
65001:100
!
export route-target
65001:100
!
!
!

Routing protocols configuration

router isis 1
is-type level-2-only
net 00.0000.0000.0013.00
log adjacency changes
address-family ipv4 unicast
metric-style wide
advertise passive-only
mpls ldp auto-config
!
interface Loopback0
passive
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/0.1213
point-to-point
address-family ipv4 unicast
!
!
!
router bgp 65002
address-family ipv4 unicast
!
address-family vpnv4 unicast
!
neighbor 12.12.12.12
remote-as 65002
update-source Loopback0
address-family vpnv4 unicast
!
!
vrf CUSTOMER_A
rd 13.13.13.13:65002
address-family ipv4 unicast
!
neighbor 10.13.14.14
remote-as 65200
address-family ipv4 unicast
route-policy CUSTOMER_A in
route-policy CUSTOMER_A out
!
!
!
!

Routing policy language configuration

route-policy CUSTOMER_A
done
end-policy

CE2

Interface configuration

interface Loopback0
ipv4 address 14.14.14.14 255.255.255.255
!
interface GigabitEthernet0/0/0/0.1314
ipv4 address 10.13.14.14 255.255.255.0
encapsulation dot1q 1314
!

Routing protocol configuration

router bgp 65200
address-family ipv4 unicast
network 14.14.14.14/32
!
neighbor 10.13.14.13
remote-as 65002
address-family ipv4 unicast
route-policy PASS_ALL in
route-policy PASS_ALL out
!
!
!