Mpls-vpn is widely used in large enterprises and operators, and it is the combination of MPLS technology and VPN. The essence of MPLS is the fast tag exchange, which can greatly accelerate the packet transmission by replacing the traditional routing table recursive query with the lookup tag list. Using MPLS within an operator's network that needs to deal with large amounts of data is an ideal choice, and operators often need to ensure that customer data is secretive (multinationals sometimes need to secure segregation between branch networks) Mpls-vpn.
Mpls-vpn includes many optimization services, such as: Route reflector, load balancing, loop avoidance, flow engineering, etc. This article can only achieve the simplest communication across the MPLS network for customers. The author of the article on more optimization services will be issued shortly.
Some nouns used by Mpls-vpn:
PE: The boundary router of operator network
P: Routers within the carrier
CE: Border Router for customer network
VRF: Operators to ensure the security of customer information for each VPN user assigned a separate routing table, that is VRF
How does the RD:VPN network identify which VPN the route belongs to when it is transferred within the carrier network? Use Rd to add a 64-bit identity to the header of each IP message, which is Rd, and usually Rd is represented in x:x, and for each VRF, RD is the only
VPNV4: Obviously, in the CE-PE packet format for IP packets, but in the PE (that is, the operator network) transmission of the message head has been added Rd, such a message we call VPN message, from IPV4, IPV6 derived VPNV4, VPNV6 message
RT: Outbound PE needs to know which VRF will be forwarded to the message, to realize this function needs to know the received VPNV4 messages belong to which VRF, obviously, can be identified by Rd to the inbound PE settings. Just imagine, if you want to allow messages from multiple VPNs into the same vrf how to implement? At this time we need a mechanism to identify these VPNV4 messages and inject vrf,rt came into being. The function of RT is to control the transmission direction of the message. Rd can have only one, and RT may be multiple.
MP-BGP: The ordinary IGP protocol can only carry IPV4 messages, obviously it is not enough, because we already know that need a protocol to host the VPN message, perhaps in other areas also need to host the IPV6 message, MP-BGP message was born to solve this problem. It is used to host the VPN message that is transmitted in the carrier network and carry some necessary extended attributes, such as Rt.
Introduction to Configuration
1, first of all, Mpls-vpn label Exchange can only be based on OSPF, so all the routers in the PE must first establish the OSPF neighbor relationship, and the LDP neighbor relationship
2, the PE router must establish the BGP neighbor relation to carry the VPN message, and enters the VPN address family to activate the neighbor
3, the PE router needs to assign the independent VRF routing table for each VPN user, first needs to establish the VRF, specifies the RD and the RT, and assigns the interface which connects the CE to the corresponding VRF
4, PE needs and CE to establish IGP neighbor relationship (can also establish EBGP relationship, but Cisco equipment currently does not support the establishment of IBGP neighbors in pe-ce), for different IGP protocol, need to use a different way to establish a neighbor relationship in the CE. ①OSPF, (config) #routerospf2vrfdevilman ②eigrp, (config-router) #address-familyipv4vrfdevilman, into the IPv4 address family. In addition, EIGRP must assign an autonomous system number to each VRF (a PE may maintain multiple VRF, when establishing a neighbor relationship with the CE, it is necessary to ③rip the same as the EIGRP in the corresponding VRF to the same as the same as the same as the CE, and to establish the neighbor relationship in the address family. The difference is that RIP does not require an as number, and RIP must specify a default measure, otherwise the BGP cannot be republished to rip.
5, we already know the PE equipment VRF table contains, PE-CE routing protocol. It is also necessary to include MP-BGP routing, which is accomplished by the redistribution of PE-CE routing protocols under the BGP IPv4 address family.
6, now we need to configure the release of the CE can be found in the remote CE equipment. First of all, we need to make it clear that the PE must exchange VRF routing table, this work is done by MP-BGP, so it is necessary to pe-ce IGP redistribution into MP-BGP in PE, and then redistribution BGP to IGP. (Redistribution in a random order)
Mpls-vpn Configuration steps
Pe-ce Room IGP
Backbone IGP
Inter-PE BGP
PE room M-BGP
Redistribution of IGP between Pe-ce to BGP
BGP redistribution to Pe-ce IGP