Introduction
This document provides a sample configuration of a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) over ATM when Border Gateway Protocol (BGP) or Routing Information Protocol (RIP) is present on the customer's site.
When used with MPLS, the VPN feature allows several sites to interconnect transparently through a service provider's network. One service provider network can support several different IP VPNs. Each of these appears to its users as a private network, separate from all other networks. Within a VPN, each site can send IP packets to any other site in the same VPN.
Each VPN is associated with one or more VPN routing or forwarding instances (VRFs). A VRF consists of an IP routing table, a derived Cisco express forwarding (CEF) table, and a set of interfaces that use this forwarding table.
The router maintains a separate routing and CEF table for each VRF. This prevents information being sent outside the VPN and allows the same subnet to be used in several VPNs without causing duplicate IP address problems.
The router using Multiprotocol BGP (MP-BGP) distributes the VPN routing information using the MP-BGP extended communities.
For more information regarding the propagation of updates through a VPN, see the following URLs:
VPN Route Target Communities
BGP Distribution of VPN Routing Information
MPLS Forwarding
Conventions
The letters below represent the different types of routers and switches used.
P : Provider's core router
PE : Provider's edge router
CE : Customer's edge router
C : Customer's router
This diagram shows a typical configuration illustrating the conventions outlined above.
Hardware and Software Versions
This configuration was developed and tested using the software and hardware versions shown below.
P and PE routers:
Software - Cisco IOS?Software Release 12.1(3)T. Release 12.0(5)T includes the MPLS VPN feature.
Hardware - Any Cisco router from the 3600 series or higher, such as the Cisco 3660 or 7206.
C and CE routers: You can use any router that can exchange routing information with its PE router.
Network Diagram
Configuration Procedures
Enabling ip cef
Make sure that ip cef is enabled. For improved performance, use ip cef distributed (where available). Complete the following steps on the PEs after MPLS has been set up (configuring tag-switching ip on the interfaces).
Create one VRF for each VPN connected using the ip vrf command. When doing this:
Specify the correct route distinguisher used for that VPN. This is used to extend the IP address so that you can identify which VPN it belongs to.
rd
Set up the import and export properties for the MP-BGP extended communities. These are used for filtering the import and export process.
route-target [export|import|both]
Configure the forwarding details for the respective interfaces using the following command.
ip vrf forwarding
Remember to set up the IP address after doing this.
Depending on the PE-CE routing protocol you are using, you can configure static routes or routing protocols (RIP, Open Shortest Path First [OSPF], or BGP) between PE and CE. Detailed configurations are available on the MPLS over ATM Support Page.
Configuring MP-BGP
Configure MP-BGP between the PE routers. There are several ways to configure BGP, such as using the route reflector or confederation methods. The method used here?irect neighbor configuration?s the simplest and the least scalable.
Declare the different neighbors.
Enter the address-family ipv4 vrf command for each VPN present at this PE router. Carry out one or more of the following steps, as necessary:
Redistribute the static routing, RIP, or OSPF information.
Redistribute connected routing information.
Activate BGP neighboring with the CE routers.
Enter the address-family vpnv4 mode, and complete the following steps:
Activate the neighbors.
Specify that extended community must be used. This is mandatory.
Configurations
Configuration commands specific to Customer_A are in red, to Customer_B in blue, and to both in fuchsia.
---------------------------------------------------------------------------------------
Pescara
---------------------------------------------------------------------------------------
Current configuration:
!
version 12.0
!
hostname Pescara
!
ip cef
!
ip vrf Customer_A
rd 100:110
route-target export 100:1000
route-target import 100:1000
!
ip vrf Customer_B
rd 100:120
route-target export 100:2000
route-target import 100:2000
!
clns routing
mpls traffic-eng tunnels
!
interface Loopback0
ip address 10.10.10.4 255.255.255.255
ip router isis
clns router isis
!
interface Loopback101
ip vrf forwarding Customer_A
ip address 200.0.4.1 255.255.255.0
no ip directed-broadcast
!
interface Loopback102
ip vrf forwarding Customer_B
ip address 200.0.4.1 255.255.255.0
no ip directed-broadcast
!
interface Serial0/1
no ip address
no ip directed-broadcast
encapsulation frame-relay
no fair-queue
!
interface Serial0/1.1 point-to-point
description link to Pauillac
bandwidth 512
ip address 10.1.1.14 255.255.255.252
no ip directed-broadcast
ip router isis
tag-switching ip
clns router isis
frame-relay interface-dlci 401
!
router isis
net 49.0001.0000.0000.0004.00
is-type level-1
!
router bgp 100
bgp log-neighbor-changes
neighbor 10.10.10.6 remote-as 100
neighbor 10.10.10.6 update-source Loopback0
!
address-family vpnv4
neighbor 10.10.10.6 activate
neighbor 10.10.10.6 send-community both
exit-address-family
!
address-family ipv4 vrf Customer_B
redistribute connected
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf Customer_A
redistribute connected
no auto-summary
no synchronization
exit-address-family
!
ip classless
!
end
---------------------------------------------------------------------------------------
Pesaro
---------------------------------------------------------------------------------------
Current configuration:
!
version 12.1
!
hostname Pesaro
!
ip vrf Customer_A
rd 100:110
route-target export 100:1000
route-target import 100:1000
!
ip vrf Customer_B
rd 100:120
route-target export 100:2000
route-target import 100:2000
!
ip cef
clns routing
!
!
interface Loopback0
ip address 10.10.10.6