Use case

For more information about option C please go to one of our previous posts.

Configuration

Our topic today is a "3 label stack" version of Inter-AS MPLS VPN Option C. This scenario assumes that loopback addresses learned via eBGP session between ASBR's are not redistributed to IGP. It makes it impossible to use only 2 labels because intermediate hops (P routers) do not know how to reach remote PE's. Traffic has to be tunneled from PE to ASBR using transport label, "VPN" label advertised via iBGP labeled unicast session and "VPN" label advertised by remote PE for particular VRF.
Only difference in configuration compared to "2 label stack" will be shown in this example.
Brief description of overall architecture:
  • new address family is activated inside AS, namely IPv4 AF with labeled routes
  • loopback addresses are not redistributed to IS-IS
  • these IPs are advertised from ASBR to RR with labels attached
  • PE pushes 3 labels to traffic received from CE

PE1

Routing protocols configuration

router bgp 65001
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 3.3.3.3 remote-as 65001
neighbor 3.3.3.3 update-source Loopback0
!
address-family ipv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-label
exit-address-family
!
address-family vpnv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
exit-address-family
!
address-family ipv4 vrf CUSTOMER_A
neighbor 10.12.0.1 remote-as 65100
neighbor 10.12.0.1 activate
exit-address-family

Control plane verification

Let's confirm that loopback IP of remote PE was received via BGP with a label:
PE1#show ip bgp 13.13.13.13
BGP routing table entry for 13.13.13.13/32, version 63
Paths: (1 available, best #1, table default)
Not advertised to any peer
Refresh Epoch 2
65002
4.4.4.4 (metric 30) from 3.3.3.3 (3.3.3.3)
Origin incomplete, metric 20, localpref 100, valid, internal, best
Originator: 4.4.4.4, Cluster list: 3.3.3.3
mpls labels in/out nolabel/24
rx pathid: 0, tx pathid: 0x0
Label to reach next hop of this BGP route will be:
PE1#show ip cef 4.4.4.4/32
4.4.4.4/32
nexthop 3.3.3.3 GigabitEthernet2.23 label 17
VPN label advertised by remote PE is:
PE1#show bgp vpnv4 uni all 14.14.14.14/32
------output omitted for brevity------
BGP routing table entry for 13.13.13.13:65002:14.14.14.14/32, version 51
Paths: (1 available, best #1, no table)
Not advertised to any peer
Refresh Epoch 2
65002 65200
13.13.13.13 (metric 30) (via default) from 3.3.3.3 (3.3.3.3)
Origin IGP, metric 0, localpref 100, valid, internal, best
Extended Community: RT:65001:100
mpls labels in/out nolabel/24004
rx pathid: 0, tx pathid: 0x0
And the last ultimate check to see the data plane:
PE1#show ip cef vrf CUSTOMER_A 14.14.14.14/32
14.14.14.14/32
nexthop 3.3.3.3 GigabitEthernet2.23 label 17 24 24004

P1 (RR)

Routing protocols configuration

router bgp 65001
address-family ipv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 route-reflector-client
neighbor 2.2.2.2 send-label
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 route-reflector-client
neighbor 4.4.4.4 send-label
exit-address-family

ASBR1

Routing protocols configuration

router isis 1
net 49.0000.0000.0004.00
is-type level-2-only
metric-style wide
mpls ldp autoconfig

ASBR2

Routing protocols configuration

router isis 1
is-type level-2-only
net 00.0000.0000.0011.00
address-family ipv4 unicast
metric-style wide
advertise passive-only
mpls ldp auto-config
!
interface Loopback0
passive
address-family ipv4 unicast
!
!
interface GigabitEthernet0/0/0/0.1112
point-to-point
address-family ipv4 unicast
!
!
!

P2 (RR)

Routing protocols configuration


router bgp 65002
address-family ipv4 unicast
!
address-family vpnv4 unicast
!
neighbor 11.11.11.11
remote-as 65002
update-source Loopback0
address-family ipv4 labeled-unicast
route-reflector-client
!
address-family vpnv4 unicast
route-reflector-client
!
!
neighbor 13.13.13.13
remote-as 65002
update-source Loopback0
address-family ipv4 labeled-unicast
route-reflector-client
!
address-family vpnv4 unicast
route-reflector-client
!
!
!

PE2


Routing protocols configuration

router bgp 65002
address-family ipv4 unicast
allocate-label all
!
address-family vpnv4 unicast
!
neighbor 12.12.12.12
remote-as 65002
update-source Loopback0
address-family ipv4 labeled-unicast
!
address-family vpnv4 unicast
!
!
!
Hint: Contrary to IOS-XE, by default, IOS-XR will not use BGP learned next hops for VPNv4 routes. "Allocate label" command is required to allow PE router to do recursion for BGP routes and install the route in LFIB.
RP/0/0/CPU0:PE2#show cef vrf CUSTOMER_A 1.1.1.1/32 detail
Wed Sep 30 18:34:34.896 UTC
1.1.1.1/32, version 15, internal 0x5000001 0x0 (ptr 0xa140c8f4) [1], 0x0 (0x0), 0x208 (0xa156d140)
Updated Sep 30 15:44:58.204
Prefix Len 32, traffic index 0, precedence n/a, priority 3
gateway array (0xa12a0888) reference count 1, flags 0x4038, source rib (7), 0 backups
[1 type 1 flags 0x40089 (0xa158726c) ext 0x0 (0x0)]
LW-LDI[type=0, refc=0, ptr=0x0, sh-ldi=0x0]
gateway array update type-time 5 Sep 30 18:09:09.111
LDI Update time Sep 30 18:09:09.111
via 2.2.2.2, 3 dependencies, recursive [flags 0x6000]
path-idx 0 NHID 0x0 [0xa15d57f4 0x0]
recursion-via-/32
next hop VRF - 'default', table - 0xe0000000
next hop 2.2.2.2 via 24003/0/21
next hop 10.12.13.12/32 Gi0/0/0/0.1213 labels imposed {24001 24003 18}

Load distribution: 0 (refcount 1)

Hash OK Interface Address
0 Y Unknown 24003/0

Without "allocate label" command, next hop for VPNv4 cannot be resolved:

RP/0/0/CPU0:PE2#show cef vrf CUSTOMER_A 1.1.1.1/32 detail 
Wed Sep 30 17:59:41.819 UTC
1.1.1.1/32, version 15, internal 0x5000001 0x0 (ptr 0xa140c8f4) [1], 0x0 (0x0), 0x208 (0xa156d140)
Updated Sep 30 15:44:58.203
Prefix Len 32, traffic index 0, precedence n/a, priority 3
gateway array (0xa12a0888) reference count 1, flags 0x403a, source rib (7), 0 backups
[1 type 1 flags 0x140089 (0xa158726c) ext 0x0 (0x0)]
LW-LDI[type=0, refc=0, ptr=0x0, sh-ldi=0x0]
gateway array update type-time 3 Sep 30 17:59:38.839
LDI Update time Sep 30 17:36:07.056
via 2.2.2.2, 0 dependencies, recursive [flags 0x6000]
path-idx 0 NHID 0x0 [0xa0f07254 0x0]
recursion-via-/32
next hop VRF - 'default', table - 0xe0000000
unresolved
labels imposed {18}

Load distribution: 0 (refcount 1)

Hash OK Interface Address
0 Y Unknown drop