Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

BGP PE-CE Routing Protocol Overview In MPLS VPNs-Part II

[toc:faq]

Introduction:

In previous document we have seen implementation of MPLS VPN BGP PE-CE routing protocol in which customer was using different AS number between their sites. In this document we will see BGP PE-CE sites implementation using same AS numbers.

 

If customer use the same AS number between his sites, the BGP loop prevention mechanism disallows customer sites having identical AS numbers to be linked by another AS number. In other words, routing updates from one site would be dropped when the other site receives them; therefore, connectivity cannot be established between the sites without additional configuration on the Service provider PE routers.

 

Topology Diagram:

This configuration scenario demonstrates BGP PE-CE routing for VPN sites using same BGP AS numbers. The above topology shows Customer A is using BGP AS 65001 for Site-1 and 65001 at Sites 2.

 

12.jpg

BGP loop prevention Mechanism:

When CE1 send its routing information update Over BGP VPNv4 and reached to CE2 via PE2, CE2 checks the update and finds AS 65001 in the AS-PATH ; therefore due to BGP loop prevention mechanism CE2-B rejects the 192.168.2.0/24 update from PE2 because it finds its own AS in the update.

 

13.jpg

BGP AS Override feature:

To overcome above problem you can use BGP AS Override functionality on PE routers. The AS Override function causes all leading occurrences of the AS number of the receiving BGP router to be replaced with the AS number of the sending BGP router.

 

When you use BGP AS Override functionality, PE2 router will replace AS 65001 in the AS-PATH with its own AS number, which is 1 and send it to CE2 as shown below in diagram:

 

14.jpg

Configuration Overview:

 

Basic Configuration:

 

 

PE1 Router:

 

PE2 Router:

 

P Router

 

CE1 Router

 

CE2 Router

hostname PE1

ip cef

!

interface Loopback0

ip address 172.16.1.1 255.255.255.255

!

interface FastEthernet0/0

ip address 192.168.1.1 255.255.255.252

duplex auto

speed auto

!

interface FastEthernet1/0

ip address 10.1.1.1 255.255.255.252

speed 100

full-duplex

mpls ip

!

router ospf 100

log-adjacency-changes

network 10.1.1.1 0.0.0.0 area 0

network 172.16.1.1 0.0.0.0 area 0

!

router bgp 1

no synchronization

bgp log-neighbor-changes

neighbor 172.16.1.2 remote-as 1

no auto-summary

!

address-family vpnv4

  neighbor 172.16.1.2 activate

  neighbor 172.16.1.2 send-community extended

exit-address-family

!

mpls ldp router-id Loopback0

 

 

 

hostname PE2

ip cef

!

interface Loopback0

ip address 172.16.1.2 255.255.255.255

!

interface FastEthernet0/0

ip address 192.168.1.5 255.255.255.252

duplex auto

speed auto

!

interface FastEthernet1/0

ip address 10.1.1.6 255.255.255.252

speed 100

full-duplex

mpls ip

!

router ospf 100

log-adjacency-changes

network 10.1.1.6 0.0.0.0 area 0

network 172.16.1.2 0.0.0.0 area 0

!

router bgp 1

no synchronization

bgp log-neighbor-changes

neighbor 172.16.1.1 remote-as 1

neighbor 172.16.1.1 update-source Loopback0

no auto-summary

!

address-family vpnv4

  neighbor 172.16.1.1 activate

  neighbor 172.16.1.1 send-community extended

exit-address-family

!

mpls ldp router-id Loopback0

hostname P

ip cef

!

interface FastEthernet0/0

ip address 10.1.1.2 255.255.255.252

mpls ip

!

interface FastEthernet0/1

ip address 10.1.1.5 255.255.255.252

mpls ip

!

router ospf 100

log-adjacency-changes

network 10.1.1.0 0.0.0.7 area 0

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

hostname CE1

ip cef

!

interface FastEthernet0/0

ip address 192.168.1.2 255.255.255.252

!

interface FastEthernet0/1

ip address 192.168.2.1 255.255.255.0

!

router bgp 65001

no synchronization

bgp log-neighbor-changes

network 192.168.2.0 mask 255.255.255.0

neighbor 192.168.1.1 remote-as 1

no auto-summary

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

hostname CE2

ip cef

!

interface FastEthernet0/0

ip address 192.168.1.6 255.255.255.252

!

interface FastEthernet0/1

ip address 192.168.3.1 255.255.255.0

!

router bgp 65001

no synchronization

bgp log-neighbor-changes

network 192.168.3.0 mask 255.255.255.0

neighbor 192.168.1.5 remote-as 1

no auto-summary

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

We have BGP vpnv4 neighbors hip up between PE1 and PE2 can be verify as shown below:

 

PE1#sh ip bgp vpnv4 all summary | beg Nei

Neighbor       V   AS MsgRcvd MsgSent   TblVer InQ OutQ Up/Down State/PfxRcd

172.16.1.2     4     1     11     11       1    0   0 00:08:43       0

 

PE2#sh ip bgp vpnv4 all summary | beg Nei

Neighbor       V   AS MsgRcvd MsgSent   TblVer InQ OutQ Up/Down State/PfxRcd

172.16.1.1     4     1     11     11       1   0   0 00:08:21       0

 

Configuration Steps for BGP PE-CE routing:

 

Step 1:Define VRF Cust_A on PE Routers PE1 and PE2:

Define VRF Cust_A on PE Routers PE1 and PE2 and apply on VRF on Physical interface facing customer.

 

PE1#conf t

PE1(config)#ip vrf Cust_A

PE1(config-vrf)#description Customer-A

PE1(config-vrf)# rd 1:100

PE1config-vrf)# route-target both 1:100

PE1(config)#int fa0/0

PE1(config-if)#ip vrf forwarding Cust_A

PE1(config-if)#ip add 192.168.1.1 255.255.255.252

PE1(config-if)#exit

 

PE2#conf t

PE2(config)#ip vrf Cust_A

PE2(config-vrf)#description Customer-A

PE2(config-vrf)# rd 1:100

PE2config-vrf)# route-target both 1:100

PE2(config-vrf)#exit

PE2(config)#int fa0/0

PE2(config-if)#ip vrf forwarding Cust_A

PE2(config-if)#ip add 192.168.1.5 255.255.255.252

PE2(config-if)#exit

Step 2:Configure per VRF BGP routing context on PE routers; Define & Activate BGP CE neighbors:

 

Configure per VRF BGP routing for Cust_A under the BGP routing process on PE1 and PE2 and under the BGP VRF routing context mention the remote BGP CE neighbors and activated as shown below.

 

PE1#conf t

Enter configuration commands, one per line. End with CNTL/Z.

PE1(config)#router bgp 1

PE1(config-router)#address-family ipv4 vrf Cust_A

PE1(config-router-af)#neighbor 192.168.1.2 remote-as 65001

PE1(config-router-af)#neighbor 192.168.1.2 activate

PE1(config-router-af)#exit

 

PE2#conf t

Enter configuration commands, one per line. End with CNTL/Z.

PE2(config)#router bgp 1

PE2(config-router)#address-family ipv4 vrf Cust_A

PE2(config-router-af)#nei 192.168.1.6 remote-as 65001

PE2(config-router-af)#nei 192.168.1.6 activate

PE2(config-router-af)#exit

Step 3:Configure BGP AS Override command on PE1 and PE2 under BGP VRF address family:

 

 

PE1#conf t

Enter configuration commands, one per line. End with CNTL/Z.

PE1(config)#router bgp 1

PE1(config-router)#address-family ipv4 vrf Cust_A

PE1(config-router-af)#neighbor 192.168.1.2 as-override

PE1(config-router-af)#exit

 

PE2#conf t

Enter configuration commands, one per line. End with CNTL/Z.

PE2(config)#router bgp 1

PE2(config-router)#address-family ipv4 vrf Cust_A

PE2(config-router-af)#neighbor 192.168.1.6 as-override

PE2(config-router-af)#exit

Verification of BGP PE-CE Routing Implemention:

Step 1:Verify BGP neighbor relationship on PE1 and PE2 with CE1 and CE2 respectively:

 

Verify the BGP neighbor relationship between PE-CE routers. Below output shows that the BGP neighbor relationship is established between PE1 and CE1 and PE2 with CE2.

 

PE1#sh bgp vpnv4 unicast vrf Cust_A summary | beg Nei

Neighbor       V   AS MsgRcvd MsgSent   TblVer InQ OutQ Up/Down State/PfxRcd

192.168.1.2     4 65001     16     16       4   0   0 00:11:32       1

 

PE2#sh bgp vpnv4 unicast vrf Cust_A summary | beg Nei

Neighbor       V   AS MsgRcvd MsgSent   TblVer InQ OutQ Up/Down State/PfxRcd

192.168.1.6     4 65002     13     13      4   0   0 00:08:24       1

 

Step 2:Verify BGP VPNv4 routing table on PE1 and PE2:

PE1 has two prefixes in the BGP table from the remote PE router, 192.168.2.0 is learn from CE1 and 192.168.3.0 from PE2

 

PE1#sh bgp vpnv4 unicast vrf Cust_A

BGP table version is 4, local router ID is 172.16.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

             r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

 

   Network         Next Hop           Metric LocPrf Weight Path

Route Distinguisher: 1:100 (default for vrf Cust_A)

*> 192.168.2.0     192.168.1.2             0             0 65001 i

*>i192.168.3.0     172.16.1.2               0   100     0 65002 i

 

Similar output is also seen on PE2

 

PE2#sh bgp vpnv4 unicast vrf Cust_A

BGP table version is 4, local router ID is 172.16.1.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

             r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

 

   Network         Next Hop           Metric LocPrf Weight Path

Route Distinguisher: 1:100 (default for vrf Cust_A)

*>i192.168.2.0     172.16.1.1               0   100     0 65001 i

*> 192.168.3.0     192.168.1.6             0             0 65002 i

 

 

Step 3:Check the VRF routing table on both PE:

 

Check the routing table of VRF Cust_A must show routes learn from neigboring PE

 

PE1#sh ip route vrf Cust_A | beg Gate

Gateway of last resort is not set

 

     192.168.1.0/30 is subnetted, 1 subnets

C       192.168.1.0 is directly connected, FastEthernet0/0

B   192.168.2.0/24 [20/0] via 192.168.1.2, 00:28:37

B   192.168.3.0/24 [200/0] via 172.16.1.2, 00:24:58

 

PE2#sh ip route vrf Cust_A | beg Gate

Gateway of last resort is not set

 

     192.168.1.0/30 is subnetted, 1 subnets

C       192.168.1.4 is directly connected, FastEthernet0/0

B   192.168.2.0/24 [200/0] via 172.16.1.1, 00:28:56

B   192.168.3.0/24 [20/0] via 192.168.1.6, 00:25:31

 

Step 4:Verify end-to-end connectivity:

 

Verifying end-to-end connectivity between CE1 and CE2 by issuing a ping from CE1 to network 192.168.3.1/24 on CE2 and vice versa

 

CE1#ping 192.168.3.1 so 192.168.2.1

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds:

Packet sent with a source address of 192.168.2.1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 56/76/104 ms

 

CE2#ping 192.168.2.1 so 192.168.3.1

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:

Packet sent with a source address of 192.168.3.1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 52/84/104 ms

Related Information:

Configuring a Basic MPLS VPN

MPLS

Border Gateway Protocol (BGP)

Version history
Revision #:
1 of 1
Last update:
‎04-28-2013 12:23 PM
Updated by:
 
Labels (1)
Comments

Good work Ashish

Gold

Dear Thanveer,

"Thank you!  I truly appreciate your positive feedbacks."

Regards,

Ashish Shirkar

Technical community manager(Network Infrastructure)

New Member

i am studying CCIE lab exam and come across PE-CE configuration, thank you Ashish for this article, good job

Gold

Hello bahaa,

Thanks for your feedback,Keep learning and share your knowledge with others.

Best of luck for you CCIE certification journey

Regards,

Ashish

Technical Community Manager - Network Infrastructure

New Member

Very informative and good understanding .
Thanks Ashish

Gold

Hi Sandeep ,

Thanks for your feedback

Regards,

Ashish Shirkar

New Member

Hi Ashish thi is a very good walkthrough for a newbie in these topics. I a about to finish y simulation of this scenario, I got the same output of the show commands but unable to ping from end to end. Might I missed something in the vrf part?


Regards

Jorge

Gold

Hi Jorge,

I I’m not sure what you have missed in your config but if you are trying to ping from CE without using source ip address(CE1#ping 192.168.3.1)  then  you also need to advertise connected interface in BGP.

On PE configure,

router bgp 1

address-family ipv4 unicast vrf Cust_A

redistribute conncted

If your config is same as above then make sure you configure mpls ip command on each interface facing core.Also check your routing table on CE to ensure you have all routes.

Let me know still if you face any problem

Regards,

Ashish

New Member

Hi Ashish, 

 

what if i only want to forward a Default-route from CE1 (which is receiving it from another CE) to CE2. 

and CE2 doesnt need to know any specific prefixes from CE1 expect the default-route. 

 

well this is the multi-home. 

I am trying to play with the vrf import/export, but i am not able to figure it out. 

 

appreciate it if you share your thoughts/.

 

Ahmad

New Member

Got my answer :) thanks anyway 

New Member

nice guide

New Member

Excellent guide!!

 

Now I want to know if there's a way to implement load balancing connected with two ISP.

For example, CE1 and CE2 connected to another PE with BGP AS-2.

If you have another guide with that, would be great!!

 

Best regards

Gold

Hi ,

Thanks for you feedback,Checkout bgp peek for loadbalancing.

 

Regards,

Ashish 

New Member

Hi,

 

I'm quite similar configuration like this on my lab environment, but my CEs are receiving routes of others CEs through their PEs but can ping the internal route on those sites.

I've noticed on your PE1 configuration you don't show where you tell the router the AS of the peer CE, if don't put that information how the PE know what AS is its peer?

 

Thanks

 

New Member

Just to clarify, the information you mention is in the PE1 Basic Configuration.

router bgp 1

neighbor 172.16.1.2 remote-as 1

hi 

I have done similar config but I can not reach vrf sites between PE routers: 

PE2:

PE2#sh run | s bgp
router bgp 65006
bgp log-neighbor-changes
neighbor 172.56.17.7 remote-as 65006
!
address-family vpnv4
neighbor 172.56.17.7 activate
neighbor 172.56.17.7 send-community extended
exit-address-family
!
address-family ipv4 vrf Cust_A
neighbor 172.100.210.10 remote-as 65100
neighbor 172.100.210.10 activate
neighbor 172.100.210.10 as-override
exit-address-family

PE2#sh bgp vpnv4 unicast vrf Cust_A
BGP table version is 45, local router ID is 192.122.3.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:65100 (default for vrf Cust_A)
*> 172.10.12.0/24 172.100.210.10 153600 0 65100 ?
*> 172.19.5.0/24 172.100.210.10 153600 0 65100 ?
*> 172.19.102.0/24 172.100.210.10 0 0 65100 ?
*> 172.19.113.0/24 172.100.210.10 153600 0 65100 ?
*> 172.19.124.0/24 172.100.210.10 153600 0 65100 ?
*> 172.30.23.0/24 172.100.210.10 153600 0 65100 ?
*> 172.30.24.0/24 172.100.210.10 153600 0 65100 ?
*>i 172.30.100.0/22 172.56.17.7 0 100 0 65100 i
*> 172.100.79.0/24 172.100.210.10 153600 0 65100 ?
r> 172.100.210.0/24 172.100.210.10 0 0 65100 i
*> 192.122.3.2/32 172.100.210.10 153600 0 65100 ?
*>i 192.122.3.9/32 172.56.17.7 0 100 0 65100 i
*> 192.122.3.13/32 172.100.210.10 153600 0 65100 ?
Network Next Hop Metric LocPrf Weight Path
*> 192.122.3.15/32 172.100.210.10 153600 0 65100 ?

E2#sh ip ro vrf Cust_A

Routing Table: Cust_A
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is not set

172.10.0.0/24 is subnetted, 1 subnets
B 172.10.12.0 [20/153600] via 172.100.210.10, 01:23:34
172.19.0.0/24 is subnetted, 4 subnets
B 172.19.5.0 [20/153600] via 172.100.210.10, 01:23:34
B 172.19.102.0 [20/0] via 172.100.210.10, 01:23:34
B 172.19.113.0 [20/153600] via 172.100.210.10, 01:23:34
B 172.19.124.0 [20/153600] via 172.100.210.10, 01:23:34
172.30.0.0/16 is variably subnetted, 3 subnets, 2 masks
B 172.30.23.0/24 [20/153600] via 172.100.210.10, 01:23:34
B 172.30.24.0/24 [20/153600] via 172.100.210.10, 01:23:34
B 172.30.100.0/22 [200/0] via 172.56.17.7, 01:03:03
172.100.0.0/16 is variably subnetted, 3 subnets, 2 masks
B 172.100.79.0/24 [20/153600] via 172.100.210.10, 00:16:30
C 172.100.210.0/24 is directly connected, FastEthernet2/0.210
L 172.100.210.2/32 is directly connected, FastEthernet2/0.210
192.122.3.0/32 is subnetted, 4 subnets
B 192.122.3.2 [20/153600] via 172.100.210.10, 01:23:34
B 192.122.3.9 [200/0] via 172.56.17.7, 01:03:03
B 192.122.3.13 [20/153600] via 172.100.210.10, 01:23:34
B 192.122.3.15 [20/153600] via 172.100.210.10, 01:23:34

PE2#sh run int FastEthernet2/0.210
Building configuration...

Current configuration : 128 bytes
!
interface FastEthernet2/0.210
encapsulation dot1Q 210
ip vrf forwarding Cust_A
ip address 172.100.210.2 255.255.255.0
end

PE2#ping vrf Cust_A 172.30.100.9
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.30.100.9, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

PE7: 

PE7(config-router-af)#do sh run | s bgp
router bgp 65006
bgp log-neighbor-changes
neighbor 172.10.12.2 remote-as 65006
!
address-family vpnv4
neighbor 172.10.12.2 activate
neighbor 172.10.12.2 send-community extended
exit-address-family
!
address-family ipv4 vrf Cust_A
neighbor 172.100.79.9 remote-as 65100
neighbor 172.100.79.9 activate
neighbor 172.100.79.9 as-override

PE7#sh bgp vpnv4 unicast vrf Cust_A summary
BGP router identifier 192.122.3.7, local AS number 65006
BGP table version is 12, main routing table version 12
5 network entries using 780 bytes of memory
5 path entries using 400 bytes of memory
6/4 BGP path/bestpath attribute entries using 864 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
1 BGP extended community entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 2092 total bytes of memory
BGP activity 10/5 prefixes, 10/5 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
172.100.79.9 4 65100 80 88 12 0 0 01:09:25 2
PE7#sh bgp vpnv4 unicast vrf Cust_A
BGP table version is 12, local router ID is 192.122.3.7
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:65100 (default for vrf Cust_A)
*>i 172.10.12.0/24 172.10.12.2 153600 100 0 65100 ?
*> 172.30.100.0/22 172.100.79.9 0 0 65100 i
r>i 172.100.79.0/24 172.10.12.2 153600 100 0 65100 ?
*>i 172.100.210.0/24 172.10.12.2 0 100 0 65100 i
*> 192.122.3.9/32 172.100.79.9 0 0 65100 i
PE7#sh ip ro vrf Cust_A

Routing Table: Cust_A
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is not set

172.10.0.0/24 is subnetted, 1 subnets
B 172.10.12.0 [200/153600] via 172.10.12.2, 01:02:15
172.30.0.0/22 is subnetted, 1 subnets
B 172.30.100.0 [20/0] via 172.100.79.9, 01:19:13
172.100.0.0/16 is variably subnetted, 3 subnets, 2 masks
C 172.100.79.0/24 is directly connected, FastEthernet0/0.79
L 172.100.79.7/32 is directly connected, FastEthernet0/0.79
B 172.100.210.0/24 [200/0] via 172.10.12.2, 00:12:59
192.122.3.0/32 is subnetted, 1 subnets
B 192.122.3.9 [20/0] via 172.100.79.9, 01:19:13

PE7#sh run int FastEthernet0/0.79
Building configuration...

Current configuration : 125 bytes
!
interface FastEthernet0/0.79
encapsulation dot1Q 79
ip vrf forwarding Cust_A
ip address 172.100.79.7 255.255.255.0
end