Inter-AS Option AB Guide to Connect MPLS L3VPN Networks
Table of Contents
- What is MPLS inter-AS option AB? ‹
- Inter-AS option AB advantages ‹
- How to configure MPLS inter-AS option AB? ‹
- Download section ‹
What is MPLS inter-AS option AB?
Inter-AS option AB provides a mechanism to interconnect two Service Provider networks and allow VPN services such as MPLS L3VPN to function across autonomous system boundaries. Inter-AS option AB combines features from option A and B. The interconnection between the SP networks is not label switched and each customer receives one or more dedicated VRF-aware subinterfaces. Meanwhile, there is a single interface (not VRF-aware) dedicated to control plane BGP VPNv4 traffic.
Inter-AS option AB is also referred to as inter-AS option D, and it is described in the informational Internet Draft titled "Inter-AS Option D for BGP/MPLS IP VPN". The following packet capture is taken between the ASBR PE routers, and shows that a customer-dedicated VLAN is assigned between VRF-aware subinterfaces, but traffic is not label switched.
Inter-AS option AB advantages
The following three benefits apply to inter-AS option AB when compared to inter-AS options A and B separately.
- Granular QoS control can be configured on the dedicated customer VRF-subinterfaces over the interconnection between the SP networks. Because the inter-AS link is not label switched, each customer's VRF-aware subinterface can use a service policy to apply QoS with the DSCP field in the IP header.
- With inter-AS option AB a single BGP VPNv4 neighborship is established which carries control plane traffic (VPN route updates) for all customer prefixes. This means, only one BGP VPNv4 neighborship is needed on the inter-AS link between the ASBR PE routers.
- Additionally, the Route Target (RT) values are assigned by the ASBR PE routers with import/export rules for each customer VRF. This means, the RT value is not inherited from the neighboring ASBR PE and is not passed along between SP MPLS domains. Instead, a route is imported and exported on each ASBR PE based on RT value configurations.
How to configure MPLS inter-AS option AB?
In the following example topology Inter-AS option AB is configured between the ASBR PE R5 and PE R6. With this method, the two sites that belong to the same customer can use VRF Gold to communicate with each other through different Service Provider MPLS networks.
Inter-AS option AB uses an unlabbeled VRF-aware subinterface for the customer traffic, this is essentially the data plane. Each customer needs a subinterface on the inter-AS link, and the interconnection is not label switched. Additionally, there is a single control plane eBGP neighborship configured between the inter-AS PE R5 and PE R6 using another subinterface. The subinterface used for control plane traffic is not VRF-aware.
Configuration:
R5 (ASBR PE)
R5#show run all | sec ^mpls ip__ mpls ip R5#show run | sec ^mpls mpls label range 500 599 mpls ldp router-id Loopback10 force R5#show run int Lo10 | sec int interface Loopback10 ip address 5.5.5.5 255.255.255.255 R5#show run | sec ^vrf vrf definition Gold rd 65010:2 ! address-family ipv4 route-target export 65010:2 route-target import 65010:1 route-target import 65020:2 inter-as-hybrid next-hop 172.16.2.2 exit-address-family R5#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to R4 ** ip address 10.3.0.2 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 mpls ip isis circuit-type level-2-only isis network point-to-point R5#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to ASBR PE R6 ** no ip address duplex auto speed auto R5#show run int Gi0/1.10 | sec int interface GigabitEthernet0/1.10 description ** control plane BGP VPNv4 ** encapsulation dot1Q 10 ip address 172.16.1.1 255.255.255.252 mpls bgp forwarding R5#show run int Gi0/1.20 | sec int interface GigabitEthernet0/1.20 description ** data plane customer VRF Gold ** encapsulation dot1Q 20 vrf forwarding Gold ip address 172.16.2.1 255.255.255.252 R5#show run | sec ^router router isis net 49.0010.0000.0000.0005.00 is-type level-2-only advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10 router bgp 65010 bgp router-id 5.5.5.5 bgp log-neighbor-changes neighbor 1.1.1.1 remote-as 65010 neighbor 1.1.1.1 update-source Loopback10 neighbor 172.16.1.2 remote-as 65020 ! address-family vpnv4 neighbor 1.1.1.1 activate neighbor 1.1.1.1 send-community extended neighbor 1.1.1.1 next-hop-self neighbor 172.16.1.2 activate neighbor 172.16.1.2 send-community extended neighbor 172.16.1.2 inter-as-hybrid exit-address-family
R6 (ASBR PE)
R6#show run all | sec ^mpls ip__ mpls ip R6#show run | sec ^mpls mpls label range 600 699 mpls ldp router-id Loopback10 force R6#show run int Lo10 | sec int interface Loopback10 ip address 6.6.6.6 255.255.255.255 R6#show run | sec ^vrf vrf definition Gold rd 65020:2 ! address-family ipv4 route-target export 65020:2 route-target import 65020:1 route-target import 65010:2 inter-as-hybrid next-hop 172.16.2.1 exit-address-family R6#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to R7 ** ip address 10.4.0.2 255.255.255.252 ip ospf network point-to-point duplex auto speed auto media-type rj45 mpls ip R6#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to ASBR PE R5 ** no ip address duplex auto speed auto R6#show run int Gi0/1.10 | sec int interface GigabitEthernet0/1.10 description ** control plane BGP VPNv4 ** encapsulation dot1Q 10 ip address 172.16.1.2 255.255.255.252 mpls bgp forwarding R6#show run int Gi0/1.20 | sec int interface GigabitEthernet0/1.20 description ** data plane customer VRF Gold ** encapsulation dot1Q 20 vrf forwarding Gold ip address 172.16.2.2 255.255.255.252 R6#show run | sec ^router router ospf 10 router-id 6.6.6.6 network 6.6.6.6 0.0.0.0 area 0 network 10.4.0.0 0.0.0.3 area 0 router bgp 65020 bgp router-id 6.6.6.6 bgp log-neighbor-changes neighbor 9.9.9.9 remote-as 65020 neighbor 9.9.9.9 update-source Loopback10 neighbor 172.16.1.1 remote-as 65010 ! address-family vpnv4 neighbor 9.9.9.9 activate neighbor 9.9.9.9 send-community extended neighbor 9.9.9.9 next-hop-self neighbor 172.16.1.1 activate neighbor 172.16.1.1 send-community extended neighbor 172.16.1.1 inter-as-hybrid exit-address-family
R1 (RR)
R1#show run int Lo10 | sec int interface Loopback10 ip address 1.1.1.1 255.255.255.255 R1#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to PE R2 ** ip address 10.1.0.1 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 isis circuit-type level-2-only isis network point-to-point R1#show run | sec ^router router isis net 49.0010.0000.0000.0001.00 is-type level-2-only advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10 router bgp 65010 bgp router-id 1.1.1.1 bgp log-neighbor-changes neighbor 2.2.2.2 remote-as 65010 neighbor 2.2.2.2 update-source Loopback10 neighbor 5.5.5.5 remote-as 65010 neighbor 5.5.5.5 update-source Loopback10 ! address-family vpnv4 neighbor 2.2.2.2 activate neighbor 2.2.2.2 send-community extended neighbor 2.2.2.2 route-reflector-client neighbor 5.5.5.5 activate neighbor 5.5.5.5 send-community extended neighbor 5.5.5.5 route-reflector-client exit-address-family
R9 (RR)
R9#show run int Lo10 | sec int interface Loopback10 ip address 9.9.9.9 255.255.255.255 R9#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to PE R8 ** ip address 10.6.0.1 255.255.255.252 ip ospf network point-to-point duplex auto speed auto media-type rj45 R9#show run | sec ^router router ospf 10 router-id 9.9.9.9 network 9.9.9.9 0.0.0.0 area 0 network 10.6.0.0 0.0.0.3 area 0 router bgp 65020 bgp router-id 9.9.9.9 bgp log-neighbor-changes neighbor 6.6.6.6 remote-as 65020 neighbor 6.6.6.6 update-source Loopback10 neighbor 8.8.8.8 remote-as 65020 neighbor 8.8.8.8 update-source Loopback10 ! address-family vpnv4 neighbor 6.6.6.6 activate neighbor 6.6.6.6 send-community extended neighbor 6.6.6.6 route-reflector-client neighbor 8.8.8.8 activate neighbor 8.8.8.8 send-community extended neighbor 8.8.8.8 route-reflector-client exit-address-family
R2 (PE)
R2#show run all | sec ^mpls ip__ mpls ip R2#show run | sec ^mpls mpls label range 200 299 mpls ldp router-id Loopback10 force R2#show run | sec ^vrf vrf definition Gold rd 65010:1 ! address-family ipv4 route-target export 65010:1 route-target import 65010:2 exit-address-family R2#show run int Lo10 | sec int interface Loopback10 ip address 2.2.2.2 255.255.255.255 R2#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to CE R3 ** no ip address duplex auto speed auto media-type rj45 R2#show run int Gi0/0.10 | sec int interface GigabitEthernet0/0.10 description ** to CE R3 in VRF Gold ** encapsulation dot1Q 10 vrf forwarding Gold ip address 10.0.1.1 255.255.255.252 R2#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to RR R1 ** ip address 10.1.0.2 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 isis circuit-type level-2-only isis network point-to-point R2#show run int Gi0/2 | sec int interface GigabitEthernet0/2 description ** to R4 ** ip address 10.2.0.1 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 mpls ip isis circuit-type level-2-only isis network point-to-point R2#show run | sec ^router router isis net 49.0010.0000.0000.0002.00 is-type level-2-only advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10 router bgp 65010 bgp router-id 2.2.2.2 bgp log-neighbor-changes neighbor 1.1.1.1 remote-as 65010 neighbor 1.1.1.1 update-source Loopback10 ! address-family vpnv4 neighbor 1.1.1.1 activate neighbor 1.1.1.1 send-community extended exit-address-family ! address-family ipv4 vrf Gold network 10.0.1.0 mask 255.255.255.252 neighbor 10.0.1.2 remote-as 65001 neighbor 10.0.1.2 activate exit-address-family
R8 (PE)
R8#show run all | sec ^mpls ip__ mpls ip R8#show run | sec ^mpls mpls label range 800 899 mpls ldp router-id Loopback10 force R8#show run | sec ^vrf vrf definition Gold rd 65020:1 ! address-family ipv4 route-target export 65020:1 route-target import 65020:2 exit-address-family R8#show run int Lo10 | sec int interface Loopback10 ip address 8.8.8.8 255.255.255.255 R8#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to CE R10 ** no ip address duplex auto speed auto media-type rj45 R8#show run int Gi0/0.10 | sec int interface GigabitEthernet0/0.10 description ** to CE R10 in VRF Gold ** encapsulation dot1Q 10 vrf forwarding Gold ip address 10.0.2.1 255.255.255.252 R8#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to RR R9 ** ip address 10.6.0.2 255.255.255.252 ip ospf network point-to-point duplex auto speed auto media-type rj45 R8#show run int Gi0/2 | sec int interface GigabitEthernet0/2 description ** to R7 ** ip address 10.5.0.1 255.255.255.252 ip ospf network point-to-point duplex auto speed auto media-type rj45 mpls ip R8#show run | sec ^router router ospf 10 router-id 8.8.8.8 network 8.8.8.8 0.0.0.0 area 0 network 10.5.0.0 0.0.0.3 area 0 network 10.6.0.0 0.0.0.3 area 0 router bgp 65020 bgp router-id 8.8.8.8 bgp log-neighbor-changes neighbor 9.9.9.9 remote-as 65020 neighbor 9.9.9.9 update-source Loopback10 ! address-family vpnv4 neighbor 9.9.9.9 activate neighbor 9.9.9.9 send-community extended exit-address-family ! address-family ipv4 vrf Gold network 10.0.2.0 mask 255.255.255.252 neighbor 10.0.2.2 remote-as 65002 neighbor 10.0.2.2 activate exit-address-family
R4
R4#show run all | sec ^mpls ip__ mpls ip R4#show run | sec ^mpls mpls label range 400 499 mpls ldp router-id Loopback10 force R4#show run int Lo10 | sec int interface Loopback10 ip address 4.4.4.4 255.255.255.255 R4#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to PE R2 ** ip address 10.2.0.2 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 mpls ip isis circuit-type level-2-only isis network point-to-point R4#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to ASBR PE R5 ** ip address 10.3.0.1 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 mpls ip isis circuit-type level-2-only isis network point-to-point R4#show run | sec ^router router isis net 49.0010.0000.0000.0004.00 is-type level-2-only advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10
R7
R7#show run all | sec ^mpls ip__ mpls ip R7#show run | sec ^mpls mpls label range 700 799 mpls ldp router-id Loopback10 force R7#show run int Lo10 | sec int interface Loopback10 ip address 7.7.7.7 255.255.255.255 R7#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to PE R8 ** ip address 10.5.0.2 255.255.255.252 ip ospf network point-to-point duplex auto speed auto media-type rj45 mpls ip R7#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to ASBR PE R6 ** ip address 10.4.0.1 255.255.255.252 ip ospf network point-to-point duplex auto speed auto media-type rj45 mpls ip R7#show run | sec ^router router ospf 10 router-id 7.7.7.7 network 7.7.7.7 0.0.0.0 area 0 network 10.4.0.0 0.0.0.3 area 0 network 10.5.0.0 0.0.0.3 area 0
R3 (CE)
R3#show run | sec ^vrf vrf definition Gold rd 1:1 ! address-family ipv4 exit-address-family R3#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to Host1 ** no ip address duplex auto speed auto media-type rj45 R3#show run int Gi0/0.1 | sec int interface GigabitEthernet0/0.1 description ** to Host1 in VRF Gold (VLAN 1) ** encapsulation dot1Q 1 native vrf forwarding Gold ip address 192.168.1.2 255.255.255.0 R3#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to PE R2 ** no ip address duplex auto speed auto media-type rj45 R3#show run int Gi0/1.10 | sec int interface GigabitEthernet0/1.10 description ** to PE R2 in VRF Gold ** encapsulation dot1Q 10 vrf forwarding Gold ip address 10.0.1.2 255.255.255.252 R3#show run | sec ^router router bgp 65001 bgp router-id 3.3.3.3 bgp log-neighbor-changes ! address-family ipv4 vrf Gold network 192.168.1.0 neighbor 10.0.1.1 remote-as 65010 neighbor 10.0.1.1 activate exit-address-family
R10 (CE)
R10#show run | sec ^vrf vrf definition Gold rd 1:1 ! address-family ipv4 exit-address-family R10#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to Host2 ** no ip address duplex auto speed auto media-type rj45 R10#show run int Gi0/0.1 | sec int interface GigabitEthernet0/0.1 description ** to Host2 in VRF Gold (VLAN 1) ** encapsulation dot1Q 1 native vrf forwarding Gold ip address 192.168.2.2 255.255.255.0 R10#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to PE R8 ** no ip address duplex auto speed auto media-type rj45 R10#show run int Gi0/1.10 | sec int interface GigabitEthernet0/1.10 description ** to PE R8 in VRF Gold ** encapsulation dot1Q 10 vrf forwarding Gold ip address 10.0.2.2 255.255.255.252 R10#show run | sec ^router router bgp 65002 bgp router-id 10.10.10.10 bgp log-neighbor-changes ! address-family ipv4 vrf Gold network 192.168.2.0 neighbor 10.0.2.1 remote-as 65020 neighbor 10.0.2.1 activate exit-address-family
Host1
Host1#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to CE R3 ** ip address 192.168.1.1 255.255.255.0 duplex auto speed auto media-type rj45 Host1#show run | sec ^ip route ip route 0.0.0.0 0.0.0.0 192.168.1.2
Host2
Host2#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to CE R10 ** ip address 192.168.2.1 255.255.255.0 duplex auto speed auto media-type rj45 Host2#show run | sec ^ip route ip route 0.0.0.0 0.0.0.0 192.168.2.2
Host1#trace 192.168.2.1 probe 1 Type escape sequence to abort. Tracing the route to 192.168.2.1 VRF info: (vrf in name/id, vrf out name/id) 1 192.168.1.2 2 msec 2 10.0.1.1 23 msec 3 10.2.0.2 [MPLS: Labels 402/508 Exp 0] 52 msec 4 172.16.2.1 [MPLS: Label 508 Exp 0] 26 msec 5 172.16.2.2 46 msec « Inter-AS link is not label switched 6 10.4.0.1 [MPLS: Labels 703/807 Exp 0] 69 msec 7 10.0.2.1 [MPLS: Label 807 Exp 0] 49 msec 8 10.0.2.2 70 msec 9 192.168.2.1 71 msec Host1#ping 192.168.2.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 69/70/72 ms Host2#trace 192.168.1.1 probe 1 Type escape sequence to abort. Tracing the route to 192.168.1.1 VRF info: (vrf in name/id, vrf out name/id) 1 192.168.2.2 2 msec 2 10.0.2.1 24 msec 3 10.5.0.2 [MPLS: Labels 702/609 Exp 0] 46 msec 4 172.16.2.2 [MPLS: Label 609 Exp 0] 24 msec 5 172.16.2.1 46 msec 6 10.3.0.1 [MPLS: Labels 403/206 Exp 0] 69 msec 7 10.0.1.1 [MPLS: Label 206 Exp 0] 48 msec 8 10.0.1.2 70 msec 9 192.168.1.1 70 msec Host2#ping 192.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 71/72/74 ms
As visible in the above outputs, the inter-AS interconnection is not label switched. With inter-AS option AB routing information is exchanged on a single and separate subinterface using eBGP. Due to the VRF configurations appplied on the ASBR PE routers the Route Target (RT) values are assigned by each ASBR PE router. As a result, they need not be changed (rewritten) when advertising inter-AS routes into the local MPLS network. This is shown in the following outputs.
R5#show ip bgp vpnv4 all sum | beg Ne Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 1.1.1.1 4 65010 19 18 9 0 0 00:10:44 2 172.16.1.2 4 65020 18 18 9 0 0 00:12:24 2 « Two prefixes received from ASBR PE R6 R5#show ip bgp vpnv4 all | beg Ne Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 65010:1 *>i 10.0.1.0/30 2.2.2.2 0 100 0 i *>i 192.168.1.0 2.2.2.2 0 100 0 65001 i Route Distinguisher: 65010:2 (default for vrf Gold) *>i 10.0.1.0/30 2.2.2.2 0 100 0 i *> 10.0.2.0/30 172.16.1.2 0 65020 i *>i 192.168.1.0 2.2.2.2 0 100 0 65001 i *> 192.168.2.0 172.16.1.2 0 65020 65002 i Route Distinguisher: 65020:2 *> 10.0.2.0/30 172.16.1.2 0 65020 i *> 192.168.2.0 172.16.1.2 0 65020 65002 i « Site 2 prefix received from ASBR PE R6 R5#show ip bgp vpnv4 rd 65010:2 192.168.2.0 BGP routing table entry for 65010:2:192.168.2.0/24, version 9 Paths: (1 available, best #1, table Gold) Advertised to update-groups: 2 Refresh Epoch 1 65020 65002, imported path from 65020:2:192.168.2.0/24 (global) « Site 2 prefix with RT 65020:2 is imported into BGP table on ASBR PE R5 172.16.1.2 (via default) from 172.16.1.2 (6.6.6.6) Origin IGP, localpref 100, valid, external, best Extended Community: RT:65020:2 « RT value 65020:2 is assigned by ASBR PE R6 during route export mpls labels in/out 508/610 rx pathid: 0, tx pathid: 0x0 R1#show ip bgp vpnv4 all 192.168.2.0 BGP routing table entry for 65010:2:192.168.2.0/24, version 5 « ASBR PE R5 exports prefixes with RD/RT 65010:2 Paths: (1 available, best #1, no table) Flag: 0x100 Advertised to update-groups: 1 Refresh Epoch 1 65020 65002, (Received from a RR-client) 5.5.5.5 (metric 30) (via default) from 5.5.5.5 (5.5.5.5) Origin IGP, metric 0, localpref 100, valid, internal, best Extended Community: RT:65010:2 « Thus, the RR R1 receives Site 2 prefix with RT 65010:2 from ASBR PE R5 mpls labels in/out nolabel/508 rx pathid: 0, tx pathid: 0x0
As visible above, the RD/RT value is assigned by the ASBR PE routers, and it is not inherited from the remote Service Provider, in other words it is not passed along within the local MPLS networks. This creates a more predictable control plane environmnet when compared to inter-AS option B, because there is no need to rewrite RT values.