8 - Configuring a VPRN Nokia Router.pptx
baskoroyogip
156 views
14 slides
Jun 25, 2024
Slide 1 of 14
1
2
3
4
5
6
7
8
9
10
11
12
13
14
About This Presentation
Nokia Router VPRN
Slide Content
Configuring a VPRN This module will offer an introduction to configuring a VPRN on the Nokia 7750 SR platform. This module assumes the reader is familiar with the SR platform’s service architecture. This module also assumes the reader is familiar with the following concepts: LDP, MPLS, IGP, EGP. RFC 4364 - BGP/MPLS IP Virtual Private Networks (VPNs) https:// tools.ietf.org /html/rfc4364
Customer ID Service ID SDP VCID Transport Tunnel (Signaled via L-LDP, RSVP-TE, or GRE) SDP (Demultiplex) Subscriber not shown – The end user. SAP (Service Access Point) not shown – The interface that connects the subscriber to the Service Provider. Customer ID – A unique value used to group services together. Service ID – A unique value used to identify the service. SDP (Service Distribution Point) – A logical representation of the transport tunnel emulating a direct connection to a far-end PE router. Transport Tunnel – The LSP used to transport service data; labels signaled by L-LDP. Service Tunnel – Represented by service labels; labels signaled by T-LDP or BGP-LU. Demultiplex – The act of decapsulating data arriving at the egress PE router; typically a ‘POP’ operation of MPLS. SDP Service Tunnel (Signaled via T-LDP or BGP-LU/MP-BGP) Service Tunnel (Signaled via T-LDP or BGP-LU/MP-BGP) Service (e.g. VPWS, VPLS, VPRN )
N6 A 1/1/5:40 Gi0/0.40 VRF 1122 192.168.1.1/31 N1 VPRN Service IDs: 1122, 2233, 3344 N7 1/1/5:41 Gi0/0.41 VRF 2233 192.168.1.1/31 C 1/1/5:42 Gi0/0.42 VRF 3344 192.168.1.1/31 A 1/1/5:40 Gi0/0.40 VRF 1122 192.168.2.1/31 1/1/5:42 Gi0/0.42 VRF 3344 192.168.2.1/31 C B 1/1/5:41 Gi0/0.41 VRF 2233 192.168.3.1/31 C 1/1/5:42 Gi0/0.42 VRF 3344 192.168.3.1/31 B N1’s Routing Tables VPRN Subscriber Prefix 1122 A 192.168.1.0/31 1122 A 192.168.2.0/31 2233 B 192.168.1.0/31 2233 B 192.168.3.0/31 3344 C 192.168.1.0/31 3344 C 192.168.2.0/31 3344 C 192.168.3.0/31 N6’s Routing Tables VPRN Subscriber Prefix 1122 A 192.168.1.0/31 1122 A 192.168.2.0/31 3344 C 192.168.1.0/31 3344 C 192.168.2.0/31 3344 C 192.168.3.0/31 N7’s Routing Tables VPRN Subscriber Prefix 2233 B 192.168.1.0/31 2233 B 192.168.3.0/31 3344 C 192.168.1.0/31 3344 C 192.168.2.0/31 3344 C 192.168.3.0/31 SDP / MP-BGP SDP / MP-BGP SDP / MP-BGP
R1 R2 Subscriber C’s Network R3 Gi0/0.42 192.168.1.1/31 Loopback42 151.42.1.1/24 Service Provider IP/MPLS (Virtual Router) Gi0/0.42 192.168.3.1/31 Loopback42 24.137.88.1/24 Gi0/0.42 192.168.2.1/31 Loopback42 98.98.98.1/24 Subscriber Network (Los Angeles): 151.42.1.0/24 ASN: 65001 Subscriber Network (Dallas): 24.137.88.0/24 ASN: 65003 Subscriber Network (New York): 98.98.98.0/24 ASN: 65002
VPRN Components MP-BGP / Multiprotocol BGP – An enhancement of BGP-4 that allows different types of addresses ( AFIs / SAFIs ) to be distributed in parallel. VPNv4 unicast traffic has an AFI of 1, and a SAFI of 128 (1/128). RFC 4760 - Multiprotocol Extensions for BGP-4; https:// tools.ietf.org /html/rfc4760 BGP-LU / BGP Labeled Unicast – A MP-BGP extension used to distribute Service labels that are mapped to particular prefixes. RFC 3107 - Carrying Label Information in BGP-4; https:// tools.ietf.org /html/rfc3107 RFC 8277 - Using BGP to Bind MPLS Labels to Address Prefixes; https:// tools.ietf.org /html/rfc8277 VRF / VPN Routing & Forwarding Table – The virtual routing table on the PE router that contains the customer’s prefixes for the VPRN . VPNv4 Prefix – The combination of a customer’s prefix and their VRF’s Route Distinguisher. [ Route Distinguisher ] + [ IPv4 Prefix ] = [ VPN-IPv4 / VPNv4 Prefix ]. RD / Route Distinguisher – An additional string added to a customer’s prefixes so they can be distinguished from other prefixes within the Service Provider network. Type 0 – ASN:Assigned Number:Prefix (e.g.: { 0:7029:3344 : 151.41.3.1/32 } ). Type 1 – IPv4 Address:Assigned Number:Prefix (e.g.: { 1:6.6.6.6:3344 : 151.41.3.1/32 } ). Type 2 – ASN:Assigned Number:Prefix (e.g.: { 2:7029:3344 : 151.41.3.1/32 } ). Note: used explicitly to signal Multicast VPNs. RT / Route Target – A BGP-4 extended community attached to VPNv4 prefixes that identifies which VPRN the prefix belongs to. Type 0x00: Two-Octet AS Specific Extended Community – ASN:Assigned Number (e.g.: 7029:3344). Type 0x01: IPv4 Address Specific Extended Community – IPv4 Address:Assigned Number (e.g.: 6.6.6.6:3344). RFC 4360 - BGP Extended Communities Attribute; https:// tools.ietf.org /html/rfc4360
VPRN Components N6 N1 Service Provider IP/MPLS C C SDP / MP-BGP CE-to-PE Routing The CE router peers with and distributes routes to the local PE router. 2. PE-to-PE Routing The customer’s routes are distributed to the other PE routers using Multiprotocol BGP (MP-BGP). 3. PE-to-CE Routing The routes learned from other PE routers are distributed to the local customer network. 151.42.1.0/24 65000:3344 : 151.42.1.0/24 , label 3344 , target: 65000:3344 151.42.1.0/24 CE<>PE UPDATE message PE<>PE UPDATE message PE<>CE UPDATE message
Customer Payload Customer Payload N1 N6 N5 N2 N4 N3 R1 R2 1/1/5:42 Gi0/0.42 1/1/5:42 Gi0/0.42 Customer Payload VPN Label: 3344 Transport Label: 101 Customer Payload Multiplex Demultiplex Customer Payload VPN Label: 3344 Transport Label: 202 Customer Payload VPN Label: 3344 Transport Label: 404 VPN Label: 3344 Transport Label: 505
VPRN Configuration (Underlying Policies and Protocols) configure router policy-options begin policy-statement “MP- BGP_TO_BGP ” default-action reject entry 1 from protocol bgp- vpn to protocol bgp action accept /configure router policy-options commit Enters ‘edit’ mode via the CLI. The name of our routing policy. The default-action for this policy. The specific entry in this policy. ‘from’ the MP-BGP protocol. ‘to’ the BGP4 protocol. The action for this entry. Commit changes made to this policy. configure service sdp 17006 mpls create far-end 6.6.6.6 ldp sdp 17007 mpls create far-end 7.7.7.7 ldp Enters the ‘service’ context. Creates the SDP “17006.” Specifies a far-end of 6.6.6.6 (router N6). Instructs the SDP to use LDP-signaled LSPs .
VPRN Configuration: CE-to-PE (from the persepective of N1) configure service customer 42 create contact [email protected] description "Subscriber C, Inc." phone 305-999-9999 configure service vprn 3344 customer 42 create autonomous-system 65000 route-distinguisher 65000:3344 vrf-target target:65000:3344 interface "toR1-VRF3344" create address 192.168.1.0/31 sap 1/1/5:42 create bgp group "toR1-VRF3344“ export “MP- BGP_TO_BGP ” peer-as 65001 neighbor 192.168.1.1 spoke-sdp 17006 create Configure the Customer ID. All of this subscriber’s services will be grouped by the Customer ID of “42.“ Configure the Service. Service ID “3344" will represent the VPRN for the subscriber configured with the Customer ID of “42.“ SR-OS now recognizes this subscriber's VRF as “router 3344.” Configure the ASN, RD, and RT. Bind the SAP. The logical router interface used to peer with the CE will be called “toR1-VRF3344,” and utilize physical port "1/1/5" with a service-delimiting vlan tag of “42.“ Configure the CE-to-PE Protocol. In our example we utilize an external BGP neighborship to exchange routes. We also apply the “MP- BGP_TO_BGP ” policy-statement as an export policy. Bind the SDP. SDP “17006” is now bound to VPRN “3344.”
configure router autonomous-system 7029 bgp group “MP- BGP_PEERS “ family vpn-ipv4 peer-as 7029 neighbor 6.6.6.6 no shutdown neighbor 7.7.7.7 no shutdown Configure the Local ASN. We’ve arbitrarily chosen AS7029 to be our routing domain’s Autonomous System Number. Configure a Group. As a best-practice, the group “MP- BGP_PEERS ” will contain configuration for all of our MP-BGP peers. Enable MP-BGP. Specify the vpn-ipv4 address family, since we’ll be distributing VPNv4 prefixes. Configure the Peer ASN. Routers N6 and N7 will form a full mesh of internal BGP neighborships with N1, so all PEs will be in AS7029 (globally). Configure the Neighbors. We specify router N6 (6.6.6.6) and N7 (7.7.7.7) as neighbors of N1. VPRN Configuration: PE-to-PE (from the persepective of N1)
VPRN Configuration: PE-to-CE (from the persepective of N6) configure service customer 42 create contact [email protected] description "Subscriber C, Inc." phone 305-999-9999 configure service vprn 3344 customer 42 create autonomous-system 65000 route-distinguisher 65000:3344 vrf-target target:65000:3344 interface "toR2-VRF3344" create address 192.168.2.0/31 sap 1/1/5:42 create bgp group "toR2-VRF3344“ export “MP- BGP_TO_BGP ” peer-as 65002 neighbor 192.168.2.1 spoke-sdp 17001 create Configure the Customer ID. All of this subscriber’s services will be grouped by the Customer ID of “42.“ Configure the Service. Service ID “3344" will represent the VPRN for the subscriber configured with the Customer ID of “42.“ SR-OS now recognizes this subscriber's VRF as “router 3344.” Configure the ASN, RD, and RT. Bind the SAP. The logical router interface used to peer with the CE will be called “toR1-VRF3344,” and utilize physical port "1/1/5" with a service-delimiting vlan tag of “42.“ Configure the CE-to-PE Protocol. In our example we utilize an external BGP neighborship to exchange routes. We also apply the “MP- BGP_TO_BGP ” policy-statement as an export policy. Bind the SDP. SDP “17001” is now bound to VPRN “3344.”
VPRN Design R1 (AS65001) VRF RD RT Interface 1122 65001:1122 65001:1122 Gi0/0.40 Loopback40 192.168.1.1/31 151.40.1.1/24 2233 65001:2233 65001:2233 Gi0/0.41 Loopback41 192.168.1.1/31 151.41.1.1/24 3344 65001:3344 65001:3344 Gi0/0.42 Loopback42 192.168.1.1/31 151.42.1.1/24 R2 (AS65002) VRF RD RT Interface 1122 65002:1122 65002:1122 Gi0/0.40 Loopback40 192.168.2.1/31 151.40.2.1/24 3344 65002:3344 65002:3344 Gi0/0.42 Loopback42 192.168.2.1/31 98.98.98.1/24 R3 (AS65003) VRF RD RT Interface 2233 65003:2233 65003:2233 Gi0/0.41 Loopback41 192.168.3.1/31 151.41.3.1/24 3344 65003:3344 65003:3344 Gi0/0.42 Loopback42 192.168.3.1/31 24.137.88.1/24 N1 (AS7029) VPRN ASN RD RT Interface 1122 65000 65000:1122 65000:1122 toR1-VRF3344 192.168.1.0/31 2233 65000 65000:2233 65000:2233 toR1-VRF2233 192.168.1.0/31 3344 65000 65000:3344 65000:3344 toR1-VRF3344 192.168.1.0/31 N6 (AS7029) VPRN ASN RD RT Interface 1122 65000 65000:1122 65000:1122 toR2-VRF1122 192.168.2.0/31 3344 65000 65000:3344 65000:3344 toR2-VRF3344 192.168.2.0/31 N7 (AS7029) VPRN ASN RD RT Interface 2233 65000 65000:2233 65000:2233 toR3-VRF2233 192.168.3.0/31 3344 65000 65000:3344 65000:3344 toR3-VRF3344 192.168.3.0/31
IS-IS (49.00) BGP4 (65000 <> 65001) MP-BGP (7029 <> 7029) BGP4 (65000 <> 65002) BGP4 (65000 <> 65003)
Goals VPRN Underlying Requirements Configure a routing policy on each PE (N1, N6, N7) that will allow routes to be redistributed from MP-BGP into BGP4. Configure a full mesh of SDPs (T-LDP tunnels) between the PEs. CE-to-PE Routing Configure each CE to distribute a public IPv4 system address to the PE via eBGP. Each address MUST be in a separate broadcast domain. Configure a VPRN service for the subscriber on each PE. PE-to-PE Routing Configure a full mesh of MP-BGP (VPNv4 Unicast) neighborships between the PEs. PE-to-CE Routing Configure each CE to distribute a public IPv4 system address to the PE via eBGP. Configure a VPRN service for the subscriber on each PE. Verification Confirm IPv4 prefixes are being distributed from the CE to the PE. Confirm IPv4 prefixes are being converted into VPNv4 prefixes by the PE. Confirm VPNv4 prefixes are being redistributed to each PE with the appropriate RD. Confirm VPNv4 prefixes are being converted back into IPv4 prefixes, and redistributed from the PEs to the CEs. Confirm reachability between all CEs, pinging and sourcing only the public IPv4 system addresses.
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 156
- Slides 14
- Age 525 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
31 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
32 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
30 views
14
Fertility awareness methods for women in the society
Isaiah47
29 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
26 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
28 views