MPLS10S08-MPLS VPN Configuration On IOS Platforms

Module 8
MPLS VPN
Configuration on IOS
Platforms
© 2001, Cisco Systems, Inc.
Objectives
Upon completion of this lesson, you

will be able to perform the following
tasks:
• Configure Virtual Routing and
Forwarding tables
• Configure Multi-protocol BGP in MPLS
VPN backbone
• Configure PE-CE routing protocols
• Configure advanced MPLS VPN
features
• Monitor MPLS VPN operations
• Troubleshoot MPLS VPN
© 2001, Cisco Systems, Inc. MPLS v1.0—8-2
MPLS VPN
Mechanisms in Cisco
IOS

Objectives
Upon completion of this section, you

tasks:
• Describe the concept of Virtual
Routing and Forwarding tables
• Describe the concept of routing
protocol contexts
• Describe the interaction between PE-
CE routing protocols, backbone MP-
BGP, and virtual routing and
forwarding tables
VRF: Virtual Routing and
Forwarding Table
A VRF is the routing and forwarding
instance for a set of sites with identical
connectivity requirements.
Data structures associated with a VRF:
• IP routing table
• Cisco Express Forwarding (CEF)
forwarding table
• Set of rules and routing protocol
parameters
(routing protocol contexts)
• List of interfaces that use the VRF
Other information associated with a VRF:
• Route distinguisher
• Set of import and export route targets
Need for Routing
Protocol Contexts
VPN A
• There are two backbones with
10.1.1.0/24
overlapping addresses.
RI MPLS VPN Backbone
P
CE-VPN-A
VPN B RIP PE Router
CE-VPN-B • Routing Information Protocol (RIP)

10.1.1.0/24 is running in both VPNs.
• RIP in VPN A has to be different from RIP
in VPN B, but Cisco IOS software supports
only one RIP process per router.

VPN-Aware Routing Protocols
Routing context = routing protocol

run in one VRF
• Supported by VPN-aware routing
protocols:
– External BGP (EBGP), OSPF, RIP
version 2 (RIPv2), static routes
• Implemented as several instances of a
single routing process (EBGP, RIPv2) or
as several routing processes (OSPF)
• Independent per-instance router
variables for each instance
VRF Routing Table
Contains routes that should be available to

a particular set of sites
Analogues to standard Cisco IOS software
routing table; supports same set of
mechanisms
VPN interfaces (physical interface,
subinterfaces, logical interfaces) assigned
to VRFs
• Many interfaces per VRF
• Each interface assignable to only one VRF
Routing Contexts, VRF, and
MP-BGP Interaction: 1/9
RIP Routing Process VRF-A Routing Table BGP Routing Process
Instance for VRF-A Backbone
CE-RIP-A Multiprotocol
BGP
Instance for VRF-B VRF-B Routing Table
CE-RIP-B
Instance for VRF-A

CE-BGP-A
Instance for VRF-B

CE-BGP-B
• Two VPNs attached to the same PE router

• Each VPN represented by a VRF
• RIP and BGP running between PE and CE routers
BGP
CE-RIP-B
Instance for VRF-A

CE-BGP-A
Instance for VRF-B

CE-BGP-B
• RIP-speaking CE routers announce their prefixes to the PE router via RI

• Instance of RIP process associated with the VRF into which the PE-CE
interface belongs collects the routes and inserts them into VRF routing
table.
BGP
CE-RIP-B
Instance for VRF-A

CE-BGP-A
Instance for VRF-B

CE-BGP-B
BGP-speaking CE routers announce their prefixes to the PE router via BGP

Instance of BGP process associated with the VRF into which the PE-CE
interface belongs collects the routes and inserts them into VRF routing
table.
BGP
CE-RIP-B
Instance for VRF-A

CE-BGP-A
Instance for VRF-B

CE-BGP-B
• RIP routes entered in the VRF routing table are redistributed into BGP
for further propagation into the MPLS VPN backbone.
• Redistribution between RIP and BGP has to be configured for proper
MPLS VPN operation.
Instance for VRF-A
BGP
CE-RIP-B
Instance for VRF-A

CE-BGP-A
Instance for VRF-B

CE-BGP-B
• Route distinguisher is prepended during route export to the BGP routes

from VRF instance of BGP process to convert them into VPNv4 prefixes.
Route targets are attached to these prefixes.
• VPNv4 prefixes are propagated to other PE routers.
Instance for VRF-A
BGP
CE-RIP-B
Instance for VRF-A

CE-BGP-A
Instance for VRF-B

CE-BGP-B
• VPNv4 prefixes are received from other PE routers.

• The VPNv4 prefixes are inserted into proper VRF routing tables based
on their route targets and import route targets configured in VRFs.
• Route distinguisher is removed during this process.
BGP
CE-RIP-B
Instance for VRF-A

CE-BGP-A
Instance for VRF-B

CE-BGP-B
• Routes received from backbone MP-BGP and imported

into a VRF are forwarded as IPv4 routes to EBGP CE neighbors attached
to that VRF.
Instance for VRF-A
BGP
CE-RIP-B
Instance for VRF-A

CE-BGP-A
Instance for VRF-B

CE-BGP-B
• MP-IBGP routes imported into a VRF are redistributed into the instance
of RIP configured for that VRF.
• Redistribution between BGP and RIP has to be configured
for end-
to-end RIP routing between CE routers.
BGP
CE-RIP-B
Instance for VRF-A

CE-BGP-A
Instance for VRF-B

CE-BGP-B
• Routes redistributed from BGP into a VRF instance of RIP are sent to
RIP-speaking CE routers.

Summary
After completing this section, you

should be able to perform the following
tasks:
• Describe the concept of Virtual Routing
and Forwarding table
• Describe the concept of routing
protocol contexts
• Describe the interaction between PE-CE
routing protocols, backbone MP-BGP
and virtual routing and forwarding
tables
Review Questions
• Which data structures are associated with
a VRF?
• How many interfaces can be associated
with a VRF?
• How many VRFs can be associated with an
interface?
• What is a routing protocol context?
• How are routing protocol contexts
implemented
in RIP?
• How are routing protocol contexts
implemented
in OSPF?
Configuring Virtual
Routing and Forwarding
Table

Objectives
Upon completion of this section,

you will be able to perform the
following tasks:
• Create a Virtual Routing and
Forwarding Table
• Specify Routing Distinguisher and
Route Targets for the created VRF
• Associate interfaces with the VRF

Configuring VRF Tables
VRF configuration tasks:

• Create a VRF table
• Assign RD to the VRF
• Specify export and import route
targets
• Assign interfaces to VRFs

Creating VRF Tables and
Assigning RDs
router(config)#
ip vrf name
• Creates a new VRF or enters configuration of

an existing VRF.
• VRF names are case-sensitive.
• VRF is not operational unless you configure
RD.
• VRF names have only local significance.
router(config-vrf)#
rd route-distinguisher
• Assigns a route distinguisher to a VRF.

• You can use ASN:xx or A.B.C.D:xx format for
RD.
• Each VRF in a PE router has to have a unique
Specify Export and
Import RTs
router(config-vrf)#
route-target export RT
• Specifies an RT to be attached to every route

exported from this VRF to MP-BGP
• Allows specification to many export RTs—all to be
attached to every exported route
router(config-vrf)#
route-target import RT
• Specifies an RT to be used as an import filter—only

routes matching the RT are imported into the VRF
• Allows specification of many import RTs—any route
where at least one RT attached to the route matches
any import RT is imported into the VRF
Due to implementation issues, at least one export route target must
also be an import route target of the same VRF in Cisco IOS Releases 12.
Specify Export and
Import RTs
router(config-vrf)#
route-target both RT
• In cases where the export RT matches the

import RT, use this form of route-target
command.
Sample router configuration for simple

customer VPN:
ip vrf Customer_ABC
rd 12703:15
route-target export 12703:15
route-target import 12703:15

Assigning an Interface to
VRF Table
router(config-if)#
ip vrf forwarding vrf-name
• Associates an interface with the specified

VRF
• Existing IP address removed from the
interface when interface is put into VRF—IP
address must be reconfigured
• CEF switching must be enabled on interface
Sample router configuration:
ip cef
!
interface serial 0/0
ip vrf forwarding Customer_ABC
ip address 10.0.0.1 255.255.255.252

Sample VPN Network
MPLS VPN Backbone

CE-RIP-A1 CE-RIP-A2
CE-BGP-A1 CE-BGP-A2
PE-Site-X PE-Site-Y
CE-RIP-B1 CE-RIP-B2
•The network supports two VPN

customers.
•Customer A runs RIP and BGP with the
service provider; customer B uses only
RIP.
Sample VPN Network
VRF Configuration
MPLS VPN Backbone
ip vrf Customer_A
CE-RIP-A1 rd 115:43 CE-RIP-A2
route-target both 115:43
!
ip vrf Customer_B
CE-BGP-A1 rd 115:47 CE-BGP-A2
PE-Site-X PE-Site-Y
!
CE-RIP-B1 interface serial 1/0/1 CE-RIP-B2
ip forwarding vrf Customer_A
ip address 10.1.0.1 255.255.255.252
!
interface serial 1/0/2
ip vrf forwarding Customer_A
ip address 10.1.0.5 255.255.255.252
!
interface serial 1/1/3
ip vrf forwarding Customer_B
ip address 10.2.0.1 255.255.255.252

Summary

should be able to perform the
following tasks:
• Create a Virtual Routing and Forwarding
Table
• Specify Route Distinguisher and Route
Targets for the created VRF
• Associate interfaces with the VRF

Review Questions
• Which commands do you use to create a VRF?

• Which VRF parameters must be specified for a
VRF to become operational?
• How do you associate an interface with a
VRF?
• What happens to an existing interface
configuration when you associate the
interface with a VRF?
• How many formats can you use to specify RD
and RT? What are these formats?
• How many route targets can you configure on
a VRF?
• How many import route targets have to match
Configuring Multi-Protocol
BGP Session Between the
PE routers

Objectives
Upon completion of this section, you will be

able to perform the following tasks:
• Configure BGP address families
• Configure MP-BGP neighbors
• Configure inter-AS MP-BGP neighbors
• Configure additional mandatory
parameters on MP-BGP neighbors
• Configure propagation of standard and
extended BGP communities
• Selectively enable IPv4 and MP-BGP
sections between BGP neighbors
BGP Address Families
The BGP process in an MPLS VPN-

enabled router performs three
separate tasks:
• Global BGP routes (Internet routing) are
exchanged as in traditional BGP setup.
• VPNv4 prefixes are exchanged through
MP-BGP.
• VPN routes are exchanged with CE
routers through per-VRF EBGP sessions.
Address families (routing contexts) are
used to configure these three tasks in the
same BGP process.
Selecting the BGP
Address Family
router(config)#
router bgp as-number
• Selects global BGP routing process
router(config-router)#
address-family vpnv4
• Selects configuration of VPNv4 prefix

exchanges under MP-BGP sessions
address-family ipv4 vrf vrf-name
• Selects configuration of per-VRF PE-CE EBGP

parameters
BGP Neighbors
MP-BGP neighbors are configured

under the BGP routing process.
• These neighbors need to be
activated for each global address
family they support.
• Per-address-family parameters can
be configured for these neighbors.
VRF-specific EBGP neighbors are
configured under corresponding
address families.
Configuring MP-BGP
MPLS VPN MP-BGP configuration

steps:
• Configure MP-BGP neighbor under BGP
routing process
• Configure BGP address family VPNv4
• Activate configured BGP neighbor for
VPNv4 route exchange
• Specify additional parameters for
VPNv4 route exchange (filters, next
hops, and so forth)
Configuring MP-IBGP
router(config)#
router bgp AS-number
neighbor IP-address remote-as AS-number
neighbor IP-address update-source loopback-interface
• All MP-BGP neighbors have to be configured under

global BGP routing configuration.
• MP-IBGP sessions have to run between loopback
interfaces.
• Starts configuration of MP-BGP routing for VPNv4

route exchange.
• Parameters that apply only to MP-BGP exchange of
VPNv4 routes between already configured IBGP
neighbors are configured under this address family.

Configuring MP-IBGP
router(config-router-af)#
neighbor IP-address activate
• The BGP neighbor defined under BGP router

configuration has to be activated for VPNv4
route exchange.
neighbor IP-address next-hop-self
• The next-hop-self command must be

configured on the MP-IBGP session for
proper MPLS VPN configuration if EBGP is
being run with a CE neighbor.

Configuring MP-EBGP
router(config)#
neighbor IP-address remote-as another-AS-number
Cisco IOS Release 12.1(4)T
• Configure MP-EBGP under the global BGP routing
configuration.
• EBGP sessions should be run over directly connected
interfaces.
• MP-EBGP is supported from Cisco IOS Release
12.1(3)T onward.
neighbor IP-address activate
• This command activates the MP-EBGP neighbor for

VPNv4 route exchange.

Configuring EBGP Propagation
of all VPNv4 Routes
no bgp default route-target filter Cisco IOS Release 12.1(4)T
• By default, PE routers ignore VPNv4 routes

that do not match any configured import RT
(this rule does not apply to route reflectors).
• This command disables RT-based filters and
enables propagation of all VPNv4 routes
between Ass.

Configuring MP-BGP
BGP Community Propagation
neighbor IP-address send-community [extended | both]
• This command configures propagation of

standard and extended BGP communities
attached to VPNv4 prefixes.
• Default value: only extended communities
are sent.
Usage guidelines:
• Extended BGP communities attached to
VPNv4 prefixes have to be exchanged
between MP-BGP neighbors for proper MPLS
VPN operation.
• To propagate standard BGP communities
Sample VPN Network
MP-IBGP Configuration
MPLS VPN Backbone
CE-RIP-A1 CE-RIP-A2
CE-BGP-A1 CE-BGP-A2
PE-Site-X PE-Site-Y
interface loopback 0
CE-RIP-B1 ip address 172.16.1.1 255.255.255.255 CE-RIP-B2
!
router bgp 115
neighbor 172.16.1.2 remote-as 115
neighbor 172.16.1.2 update-source loopback 0
!
neighbor 172.16.1.2 activate
neighbor 172.16.1.2 next-hop-self
neighbor 172.16.1.2 send-community both
Configuring MP-BGP
Disabling IPv4 Route Exchange
no bgp default ipv4 unicast
• Exchange of IPv4 routes between BGP

neighbors is enabled by default—every
configured neighbor will also receive IPv4
routes.
• This command disables default exchange of
IPv4 routes—neighbors that need to receive
IPv4 routes have to be activated for IPv4
route exchange.
• Use this command when the same router
carries Internet and VPNv4 routes and you
don’t want to propagate Internet routes to
some PE neighbors.
Sample Router Configuration
Neighbor 172.16.32.14 receives only Internet routes.
Neighbor 172.16.32.15 receives only VPNv4 routes.
Neighbor 172.16.32.27 receives Internet and VPNv4
routes.
router bgp 12703
no bgp default ipv4 unicast
! Activate IPv4 route exchange
! Step#2 – VPNv4 route exchange
Summary

tasks:
• Configure BGP address families
• Configure MP-BGP neighbors
• Configure inter-AS MP-BGP neighbors
• Configure additional mandatory
parameters on MP-BGP neighbors
• Configure propagation of standard and
extended BGP communities
• Selectively enable IPv4 and MP-BGP
sections between BGP neighbors
Review Questions
• What is a BGP address family?
• How many BGP address families do you have to
configure on a PE router?
• In which address family is the MP-IBGP neighbor
configured?
• What are the mandatory parameters that you
have to configure on a MP-BGP neighbor?
• What additional parameters have to be configured
to support MP-EBGP neighbors?
• How do you enable community propagation for
VPNv4 MP-BGP sessions?
• Why would you want to disable propagation of
IPv4 routing updates between MP-BGP neighbors?
• How is the propagation of IPv4 routing updates
between MP-BGP neighbors disabled?
Configuring Routing
Protocols between PE and
CE routers

Objectives

tasks:
• Configure VRF address families in
routing protocols
• Configure per-VRF BGP parameters
• Configure static routes within a VRF
• Configure per-VRF OSPF process
• Propagate RIP, OSPF, and static routes
across a MP-BGP backbone
Configuring PE-CE
Routing Protocols
PE-CE routing protocols are configured
for individual VRFs.
Per-VRF routing protocols can be
configured in two ways:
• There is only one BGP or RIP process per
router,
per-VRF parameters are specified in
routing contexts, which are selected with
the address family command.
• A separate OSPF process has to be
started for each VRF.
Overall number of routing processes
per router is limited to 32.
Selecting VRF Routing
Context for BGP and RIP
router(config)#
... Per-VRF BGP definitions ...
• Per-VRF BGP context is selected with the address-family
command.
• CE EBGP neighbors are configured in VRF context, not in
the global BGP configuration.
router(config)#
router rip
... Per-VRF RIP definitions ...
• Similar to BGP, select per-VRF RIP context with the

address-family command.
• Configure all per-VRF RIP parameters there—starting with
network numbers.
Configuring per-VRF BGP
Routing Context
• CE neighbors have to be specified within

the per-VRF context, not in global BGP.
• CE neighbors have to be activated with
the neighbor activate command.
• All non-BGP per-VRF routes have to be
redistributed into per-VRF BGP context
to be propagated by MP-BGP to other PE
routers.
• Per-VRF BGP context has auto-
summarization and synchronization
disabled by default.
Sample VPN Network
PE-CE BGP Configuration
router bgp 65001
MPLS VPN Backbone
CE-RIP-A1 CE-RIP-A2
network 10.1.0.0 mask 255.255.0.0
CE-BGP-A1 CE-BGP-A2
PE-Site-X PE-Site-Y
CE-RIP-B1 CE-RIP-B2
router bgp 115

!
address-family ipv4 vrf Customer_A

Configuring RIP PE-CE
Routing
• A routing context is configured for each

VRF running RIP.
• RIP parameters have to be specified in the
VRF.
• Some parameters configured in the RIP
process are propagated to routing
contexts
(for example, RIP version).
• Only RIPv2 is supported.

RIP Metric Propagation
router(config)#
router rip
redistribute bgp metric transparent
• BGP routes have to be redistributed back

into RIP if you want to have end-to-end RIP
routing in the customer network.
• The RIP hop count is copied into BGP multi-
exit discriminator attribute (default BGP
behavior).
• The RIP hop count has to be manually set for
routes redistributed into RIP.
• With metric transparent option, BGP MED is
copied into the RIP hop count, resulting in a
consistent end-to-end RIP hop count.
Sample VPN Network
RIP Configuration
MPLS VPN Backbone
CE-RIP-A1 CE-RIP-A2
CE-BGP-A1 CE-BGP-A2
PE-Site-X PE-Site-Y
CE-RIP-B1 router rip CE-RIP-B2

version 2
address-family ipv4 vrf Customer_ABC
network 10.0.0.0
redistribute bgp 12703 metric transparent
!
router bgp 12703
redistribute rip

Configuring OSPF PE-CE
Routing
A separate OSPF routing process

is configured for each VRF
running OSPF.
OSPF route attributes are
attached as extended BGP
communities to OSPF routes
redistributed into MP-BGP.
Routes redistributed from MP-BGP
into OSPF get proper OSPF
attributes.
• No additional configuration is
Configuring PE-CE
OSPF Routing
router(config)#
router ospf process-id vrf name
... Standard OSPF parameters ...
• This command configures the per-VRF OSPF

routing process.
router ospf 123 vrf Customer_ABC

network 0.0.0.0 255.255.255.255 area 0
redistribute bgp 12703
!
router bgp 12703
redistribute ospf 123

Configuring Per-VRF
Static Routes
router(config)#
ip route vrf name static route parameters
• This command configures per-VRF static

routes.
• The route is entered in the VRF table.
• You must always specify the outgoing
interface, even if you specify the next hop.
ip route vrf Customer_ABC 10.0.0.0 255.0.0.0 10.250.0.2
serial 0/0
!
router bgp 12703
redistribute static

Summary

following tasks:
• Configure VRF address families in
routing protocols
• Configure per-VRF BGP parameters
• Configure static routes within a VRF
• Configure per-VRF OSPF process
• Propagate RIP, OSPF, and static routes
across a MP-BGP backbone
Review Questions
• How do you configure the routing context

in RIP?
• How do you configure the routing context
in OSPF?
• How many VPN OSPF processes can run
simultaneously in an MPLS VPN PE-router?
• Where do you configure a CE EBGP
neighbor?
• How do you propagate static VRF routes
between PE routers?
• How do you propagate RIP metric across
the MPLS VPN backbone?
Monitoring MPLS
VPN Operation

Objectives

following tasks:
• Monitor individual VRFs and routing
protocols running in them
• Monitor MP-BGP sessions between the
PE routers
• Monitor inter-AS MP-BGP sessions
between the PE routers
• Monitor MP-BGP table
• Monitor CEF and LFIB structures
associated with MPLS VPN
Monitoring VRF
router#
show ip vrf
• Displays the list of all VRFs configured in the

router
router#
show ip vrf detail
• Displays detailed VRF configuration
router#
show ip vrf interfaces
• Displays interfaces associated with VRFs

show ip vrf
Router#show ip vrf
Name Default RD Interfaces
SiteA2 103:30 Serial1/0.20
SiteB 103:11 Serial1/0.100
SiteX 103:20 Ethernet0/0
Router#

show ip vrf detail
Router#show ip vrf detail
VRF SiteA2; default RD 103:30
Interfaces:
Serial1/0.20
Connected addresses are not in global routing table
No Export VPN route-target communities
Import VPN route-target communities
RT:103:10
No import route-map
Export route-map: A2
VRF SiteB; default RD 103:11
Interfaces:
Serial1/0.100
Connected addresses are not in global routing table
Export VPN route-target communities
RT:103:11
Import VPN route-target communities
RT:103:11 RT:103:20
No import route-map
No export route-map

show ip vrf interfaces
Router#show ip vrf interfaces

Interface IP-Address VRF Protocol
Serial1/0.20 150.1.31.37 SiteA2 up
Serial1/0.100 150.1.32.33 SiteB up
Ethernet0/0 192.168.22.3 SiteX up

Monitoring VRF Routing
router#
show ip protocols vrf name
• Displays the routing protocols configured in

a VRF
router#
show ip route vrf name …
• Displays the VRF routing table
router#
show ip bgp vpnv4 vrf name …
• Displays per-VRF BGP parameters

(PE-CE neighbors …)

show ip protocol vrf
Router#show ip protocol vrf SiteX

Routing Protocol is "rip"
Sending updates every 30 seconds, next due in 10 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Outgoing update filter list for all interfaces is
Incoming update filter list for all interfaces is
Redistributing: rip, bgp 3
Default version control: send version 2, receive version 2
Interface Send Recv Triggered RIP Key-chain
Ethernet0/0 2 2
Routing for Networks:
192.168.22.0
Routing Information Sources:
Gateway Distance Last Update
Distance: (default is 120)

show ip route vrf
Router#show ip route vrf SiteA2

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
O 203.1.20.0/24 [110/782] via 150.1.31.38, 02:52:13, Serial1/0.20

203.1.2.0/32 is subnetted, 1 subnets
O 203.1.2.1 [110/782] via 150.1.31.38, 02:52:13, Serial1/0.20
203.1.1.0/32 is subnetted, 1 subnets
B 203.1.1.1 [200/1] via 192.168.3.103, 01:14:32
B 203.1.135.0/24 [200/782] via 192.168.3.101, 02:05:38
B 203.1.134.0/24 [200/1] via 192.168.3.101, 02:05:38
B 203.1.10.0/24 [200/1] via 192.168.3.103, 01:14:32
… rest deleted …

show ip bgp vpnv4 vrf
neighbor
Router#show ip bgp vpnv4 vrf SiteB neighbors
BGP neighbor is 150.1.32.34, vrf SiteB, remote AS 65032, external link
BGP version 4, remote router ID 203.2.10.1
BGP state = Established, up for 02:01:41
Last read 00:00:56, hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received
Address family IPv4 Unicast: advertised and received
Received 549 messages, 0 notifications, 0 in queue
Sent 646 messages, 0 notifications, 0 in queue
Route refresh request: received 0, sent 0
Minimum time between advertisement runs is 30 seconds
For address family: VPNv4 Unicast

Translates address family IPv4 Unicast for VRF SiteB
BGP table version 416, neighbor version 416
Index 4, Offset 0, Mask 0x10
Community attribute sent to this neighbor
2 accepted prefixes consume 120 bytes
Prefix advertised 107, suppressed 0, withdrawn 63
… rest deleted …

Monitoring MP-BGP Sessions
router#
show ip bgp neighbor
• Displays global BGP neighbors and the

protocols negotiated with these neighbors

Router#show ip bgp neighbor 192.168.3.101

BGP neighbor is 192.168.3.101, remote AS 3, internal link
BGP version 4, remote router ID 192.168.3.101
BGP state = Established, up for 02:15:33
Last read 00:00:33, hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received
Address family IPv4 Unicast: advertised and received
Address family VPNv4 Unicast: advertised and received
Received 1417 messages, 0 notifications, 0 in queue
Sent 1729 messages, 2 notifications, 0 in queue
Route refresh request: received 9, sent 29
Minimum time between advertisement runs is 5 seconds
For address family: IPv4 Unicast

... Continued

Router#show ip bgp neighbor 192.168.3.101
... Continued
For address family: VPNv4 Unicast

NEXT_HOP is always this router
Community attribute sent to this neighbor
Connections established 7; dropped 6

Last reset 02:18:33, due to Peer closed the session
... Rest deleted

Monitoring an MP-BGP
VPNv4 Table
router#
show ip bgp vpnv4 all
• Displays whole VPNv4 table

router#
show ip bgp vpnv4 vrf name
• Displays only BGP parameters (routes or

neighbors) associated with specified VRF
• Any BGP show command can be used with
these parameters
router#
show ip bgp vpnv4 rd value
• Displays only BGP parameters (routes or

neighbors) associated with specified RD
show ip bgp vpnv4 vrf …
Router#show ip bgp vpnv4 vrf SiteA2

BGP table version is 416, local router ID is 192.168.3.102
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 103:30 (default for vrf SiteA2)
*> 150.1.31.36/30 0.0.0.0 0 32768 ?
*>i150.1.31.128/30 192.168.3.101 0 100 0 ?
*>i150.1.31.132/30 192.168.3.101 0 100 0 ?
*>i203.1.1.1/32 192.168.3.103 1 100 0 65031 i
*> 203.1.2.1/32 150.1.31.38 782 32768 ?
*>i203.1.10.0 192.168.3.103 1 100 0 65031 i
*> 203.1.20.0 150.1.31.38 782 32768 ?
*>i203.1.127.3/32 192.168.3.101 1 100 0 ?
*>i203.1.127.4/32 192.168.3.101 782 100 0 ?
*>i203.1.134.0 192.168.3.101 1 100 0 ?
*>i203.1.135.0 192.168.3.101 782 100 0 ?

show ip bgp vpnv4 rd …
Router#show ip bgp vpnv4 rd 103:30 203.1.127.3

BGP routing table entry for 103:30:203.1.127.3/32, version 164
Paths: (1 available, best #1, table SiteA2)
Not advertised to any peer
Local, imported path from 103:10:203.1.127.3/32
192.168.3.101 (metric 10) from 192.168.3.101 (192.168.3.101)
Origin incomplete, metric 1, localpref 100, valid,
internal, best
Extended Community: RT:103:10

Monitoring per-VRF CEF
and LFIB Structures
router#
show ip cef vrf name
• Displays per-VRF CEF table

router#
show ip cef vrf name prefix detail
• Displays details of an individual CEF entry,

including label stack
router#
show tag-switching forwarding vrf name
• Displays labels allocated by MPLS VPN for

routes in specified VRF

show ip cef vrf
Router#show ip cef vrf SiteA2 203.1.1.1 255.255.255.255 detail

203.1.1.1/32, version 57, cached adjacency to Serial1/0.2
0 packets, 0 bytes
tag information set
local tag: VPN-route-head
fast tag rewrite with Se1/0.2, point2point, tags imposed: {26
39}
via 192.168.3.103, 0 dependencies, recursive
next hop 192.168.3.10, Serial1/0.2 via 192.168.3.103/32
valid cached adjacency
tag rewrite with Se1/0.2, point2point, tags imposed: {26 39}
The show ip cef command can also

display the label stack associated with
the MP-IBGP route.
show tag-switching
forwarding vrf
Router#show tag-switching forwarding vrf SiteA2

Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
26 Aggregate 150.1.31.36/30[V] 0
37 Untagged 203.1.2.1/32[V] 0 Se1/0.20 point2point
Router#show tag-switching forwarding vrf SiteA2 tags 37 detail

Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
MAC/Encaps=0/0, MTU=1504, Tag Stack{}
VPN route: SiteA2
Per-packet load-sharing

Monitoring Labels Associated
with VPNv4 Routes
router#
show ip bgp vpnv4 [ all | rd value | vrf name ] tags
• Displays labels associated with VPNv4

routes
Router#show ip bgp vpnv4 all tags
Network Next Hop In tag/Out tag

Route Distinguisher: 100:1 (vrf1)
2.0.0.0 10.20.0.60 34/notag
10.0.0.0 10.20.0.60 35/notag
12.0.0.0 10.20.0.60 26/notag
10.20.0.60 26/notag
13.0.0.0 10.15.0.15 notag/26

Other MPLS VPN Monitoring
Commands
router#
telnet host /vrf name
• Performs PE-CE Telnet through specified

VRF
router#
ping vrf name …
• Performs ping based on VRF routing table
router#
trace vrf name …
• Performs VRF-based traceroute

Summary

following tasks:
• Monitor individual VRFs and routing
protocols running in them
• Monitor MP-BGP sessions between the
PE routers
• Monitor inter-AS MP-BGP sessions
between the PE routers
• Monitor MP-BGP table
• Monitor CEF and LFIB structures
associated with MPLS VPN
Review Questions
• How would you verify the contents of a VRF routing

table?
• How would you display an individual entry in a VRF CEF
table?
• How would you display routing protocols running in a
VRF?
• Why is the BGP protocol always running in every VRF?
• How would you inspect the label stack associated with a
remote MPLS VPN route?
• How would you verify VPNv4 information exchange with
a MP-BGP neighbor?
• How would you display all routes with a specified route
distinguisher?
• How would you display all labels associated with a VRF?
• Why do you only see labels for routes learned from CE
routers?
Troubleshooting
MPLS VPN

Objectives

following tasks:
• Verify proper PE-to-PE connectivity
• Verify proper redistribution of VPN
routes and creation of MPLS labels
• Verify VPN route propagation and data
forwarding

MPLS VPN Troubleshooting
Preliminary steps
Perform basic MPLS

troubleshooting:
• Is CEF enabled?
• Are labels for IGP routes generated and
propagated?
• Are large labeled packets propagated
across the MPLS backbone (maximum
transmission unit issues)?

Verify the routing information flow:

• Are CE routes received by PE?
• Are routes redistributed into MP-BGP with
proper extended communities?
• Are VPNv4 routes propagated to other PE
routers?
• Is the BGP route selection process working
correctly?
• Are VPNv4 routes inserted into VRFs on other
PE routers?
• Are VPNv4 routes redistributed from BGP into
the PE-CE routing protocol?
• Are VPNv4 routes propagated to other CE
MPLS VPN Routing Information
Flow Troubleshooting (1/7)
P-Network
CE-Spoke CE-Spoke
PE-1 PE-2
CE-Spoke CE-Spoke
Are CE routes received by PE?

• Verify with show ip route vrf name on PE-1.
• Perform traditional routing protocol
troubleshooting if needed.

P-Network
CE-Spoke CE-Spoke
PE-1 PE-2
CE-Spoke CE-Spoke
Are routes redistributed into MP-BGP with

proper extended communities?
• Verify with show ip bgp vrf name prefix on
PE-1.
• Troubleshoot with debug ip bgp commands.

P-Network
CE-Spoke CE-Spoke
PE-1 PE-2
CE-Spoke CE-Spoke
Are VPNv4 routes propagated to other PE

routers?
• Verify with show ip bgp vpnv4 all prefix.
• Troubleshoot PE-PE connectivity with
traditional BGP troubleshooting tools.

P-Network
CE-Spoke CE-Spoke
PE-1 PE-2
CE-Spoke CE-Spoke
Is BGP route selection process working correctly on

PE-2?
• Verify with show ip bgp vrf name prefix.
• Change local preference or weight settings if needed.
• Do not change MED if you’re using BGP-to-IGP
redistribution on PE-2.

P-Network
CE-Spoke CE-Spoke
PE-1 PE-2
CE-Spoke CE-Spoke
Are VPNv4 routes inserted into VRFs on PE-2?

• Verify with show ip route vrf.
• Troubleshoot with show ip bgp prefix and show ip
vrf detail.
• Perform additional BGP troubleshooting if needed.

P-Network
CE-Spoke CE-Spoke
PE-1 PE-2
CE-Spoke CE-Spoke
Are VPNv4 routes redistributed from BGP into PE-CE

routing protocol?
• Verify redistribution configuration—is the IGP metric
specified?
• Perform traditional routing protocol troubleshooting.

P-Network
CE-Spoke CE-Spoke
PE-1 PE-2
CE-Spoke CE-Spoke
Are VPNv4 routes propagated to other CE routers?

• Verify with show ip route on CE-Spoke.
• Alternatively, does CE-Spoke have a default route
toward PE-2?
• Perform traditional routing protocol
troubleshooting if needed.

Verify proper data flow:

• Is CEF enabled on the ingress PE router
interface?
• Is the CEF entry correct on the ingress
PE router?
• Is there an end-to-end label switched
path tunnel (LSP tunnel) between PE
routers?
• Is the LFIB entry on the egress PE router
correct?
MPLS VPN Data Flow
Troubleshooting )1/4)
P-Network
CE-Spoke CE-Spoke
PE-1 PE-2
CE-Spoke CE-Spoke
Is CEF enabled on the ingress PE router interface?

• Verify with show cef interface.
• MPLS VPN needs CEF enabled on the ingress PE router
interface for proper operation.
• CEF might become disabled due to additional features
deployed on the interface.

show cef interface
Router#show cef interface serial 1/0.20

Serial1/0.20 is up (if_number 18)
Internet address is 150.1.31.37/30
ICMP redirects are always sent
Per packet loadbalancing is disabled
IP unicast RPF check is disabled
Inbound access list is not set
Outbound access list is not set
IP policy routing is disabled
Interface is marked as point to point interface
Hardware idb is Serial1/0
Fast switching type 5, interface type 64
IP CEF switching enabled
IP CEF VPN Fast switching turbo vector
VPN Forwarding table "SiteA2"
Input fast flags 0x1000, Output fast flags 0x0
ifindex 3(3)
Slot 1 Slot unit 0 VC -1
Transmit limit accumulator 0x0 (0x0)
IP MTU 1500

MPLS VPN Data Flow
Troubleshooting (2/4)
P-Network
CE-Spoke CE-Spoke
PE-1 PE-2
CE-Spoke CE-Spoke
Is the CEF entry correct on the ingress PE

router?
• Display the CEF entry with show ip cef vrf
name prefix detail.
• Verify the label stack in the CEF entry.

MPLS VPN Data Flow
P-Network
CE-Spoke CE-Spoke
PE-1 PE-2
CE-Spoke CE-Spoke
Is there an end-to-end label switched path tunnel (LSP

tunnel) between PE routers?
• Check summarization issues—BGP next hop should
be reachable as host route.
• Quick check—if time-to-live (TTL) propagation is
disabled, the trace from PE-2 to PE-1 should
contain only one hop.
• If needed, check LFIB values hop-by-hop.
• Check for MTU issues on the path—MPLS VPN
requires a larger label header than pure MPLS.
MPLS VPN Data Flow
P-Network
CE-Spoke CE-Spoke
PE-1 PE-2
CE-Spoke CE-Spoke
Is the LFIB entry on the egress PE router

correct?
• Find out the second label in the label stack
on PE-2 with show ip cef vrf name prefix
detail
• Verify correctness of LFIB entry on PE-1
with show tag forwarding vrf name tag value
detail
Summary

following tasks:
• Verify proper PE-to-PE connectivity
• Verify proper redistribution of VPN
routes and creation of MPLS labels
• Verify VPN route propagation and data
forwarding

Review Questions
• What are the preliminary MPLS VPN troubleshooting

steps?
• How would you verify routing information exchange
between PE routers?
• How would you verify that the VPNv4 routes are entered
in the proper VRF?
• How would you verify redistribution of VPNv4 routes
into PE-CE routing protocol?
• How would you test end-to-end data flow between PE
routers?
• How would you verify that the CE routes get
redistributed into MP-BGP with proper route targets?
• How would you check for potential MTU size issues on
the path taken by PE-to-PE LSP?
• How would you verify that the PE router ingress
interface supports CEF switching?
Advanced VRF
Import/Export
Features

Objectives

tasks:
• Configure import and export route
maps within VRFs
• Configure limits on the number of
routes accepted from a BGP neighbor
• Configure limits on the total number of
routes in a VRF

Advanced VRF Features
Selective import:
• Specify additional criteria for importing
routes into the VRF.
Selective export:
• Specify additional RTs attached to
exported routes.
VRF route limit:
• Specify the maximum number of routes
in a VRF to prevent memory exhaustion
on PE routers or denial-of-service
attacks.
Selective VRF Import
VRF import criteria might be

more specific than just the
match on RT—for example:
• Import only routes with specific BGP
attributes (community, and so forth).
• Import routes with specific prefixes
or subnet masks (only loopback
addresses).
A route map can be configured in
VRF
to make route import more
specific
Configuring Selective
VRF import
router(config-vrf)#
import map route-map-name
• This command attaches a route map to VRF
import process.
• A route is imported into the VRF only if at
least one RT attached to route matches one
RT configured in the VRF and the route is
accepted by the route map.

Selective Import Example
Site A AS 115 VPN-IPv4 update: VPN-IPv4 update:

AS 213 RD:192.168.30.3/3
2
RD:192.168.31.0/
24
RT=115:317 RT=115:317
CE-BGP-A1 The second update has a

PE-Site-X matching RT but is not
accepted by the route
map.
ip vrf Site_A The first update has a
rd 115:317 matching RT and is
import map RTMAP accepted by the route
route-target both 115:317 map.
!
access-list 10 permit 192.168.30.0 0.0.0.255
!
route-map RTMAP permit 10
match ip address 10
Selective Export
Routes from a VRF might have to be

exported with different RTs:
• An example would be export management routes
with particular RTs.
An export route map can be configured on
VRF.
• This route map can set extended community
RTs.
• No other set operations might be performed by
this route map.

Configuring Selective
VRF Export
router(config)#
route-map name permit seq
match condition
set extcommunity RT value [additive]
• This command creates a route map that

matches routes based on any route map
conditions and sets RTs.
router(config-vrf)#
export map name
• This command attaches a route map to the

VRF export process.
• All exported routes always get RTs
configured with route-target export in the
VRF.
• A route that is matched by the export route
map will have additional RTs attached.
Selective Export Example
Site A AS 115 VPN-IPv4

VPN-IPv4 update:
AS 213 update:
RD:192.168.30.0/24
RD:192.168.0.5/
RT=115:317
32
115:273
RT=115:317
CE-BGP-A1
PE-Site-X
ip vrf Site_A
rd 115:317
export map RTMAP
!
access-list 10 permit 192.168.30.0 0.0.0.0
!
route-map RTMAP permit 10
match ip address 10
set extcommunity rt 115:273 additive
Limiting the Number of
Routes in a VRF
Service Providers offering MPLS VPN
services are at risk of denial-of-service
attacks similar to those aimed at
Internet service providers (ISPs) offering
BGP connectivity.
• Any customer can generate any number of
routes, using resources in the PE routers.
Therefore, resources used by a single
customer have to be limited.
Cisco IOS software offers two solutions.
• It can limit the number of routes received
from a BGP neighbor.
• It can limit the total number of routes in a
Limiting the Number of Prefixes
Received from a BGP Neighbor
router(config-
router-af)#
neighbor ip-address maximum-prefix maximum
[threshold] [warning-only]
• Controls how many prefixes can be received

from a neighbor
• Optional threshold parameter specifies the
percentage where a warning message is
logged (default is 75%)
• Optional warning-only keyword specifies the
action on exceeding the maximum number
(default is to drop neighborship)

VRF Route Limit
The VRF route limit limits the number of

routes that are imported into a VRF:
• Routes coming from CE routers
• Routes coming from other PEs
(imported routes)
The route limit is configured for each
VRF.
If the number of routes exceeds the route
limit:
• Syslog message is generated
• (Optional) routes are not inserted into
VRF anymore
Configuring VRF Route Limit
router(config-vrf)#
maximum route number { warning-percent | warn-only}
• This command configures the maximum
number of routes accepted into a VRF:
• Number is the route limit for the VRF.
• Warning-percent is the percentage value
over
which a warning message is sent to syslog.
• With warn-only the PE continues accepting
routes after the configured limit.
• Syslog messages generated by this
command are rate-limited.

VRF Route Limit Example
Site A AS 115
AS 213
VPN-IPv4 VPN-IPv4
update: update:
IPv4 update: IPv4 update: RD:192.168.60.0/ RD:192.168.70.0/
192.168.0.5/ 192.168.50.0/ 24 24
CE-BGP-A1
32 24 RT=100:1 RT=100:1
PE-Site-X PE-Site-Y
IPv4 update:
192.168.55.0/
24 ip vrf Site_A
rd 115:317
maximum-routes 4 75
%IPRT-3-ROUTELIMITWARNING: IP routing table limit warning - vpn01

%IPRT-3-ROUTELIMITWARNING: IP routing table limit warning
- vpn01
%IPRT-3-ROUTELIMITEXCEEDED: IP routing table limit exceeded -Site_A, 192.168.55.0/24

Summary

tasks:
• Configure import and export route maps
within VRFs
• Configure limits on the number of routes
accepted from a BGP neighbor
• Configure limits on the total number of
routes in a VRF

Review Questions
• Why would you need the selective VRF import

command?
• How does the import route-map affect VRF import
process?
• Why would you need the selective VRF export
command?
• How does the export route-map affect VRF export
process?
• Which BGP attributes can be set with an export
route-map?
• Why would you need the VRF route limit command?
• How many VRF route-limiting options does IOS offer?
• When would you want to use the BGP maximum-
prefix parameter?
Advanced PE-CE
BGP Configuration

Objectives

tasks:
• Describe and properly use the AS-
Override feature
• Describe and properly use the
Allowas-in feature
• Configure Site-Of-Origin (SOO) on
incoming interface or BGP neighbor

Sample VPN Network
Reusing AS Number Across
Sites
Site A P-Network Site B
AS 213 AS 115 AS 213
CE-BGP-A1 CE-BGP-A2
PE-Site-X PE-Site-Y
i 10.1.0.0/16 10.1.0.0/16 115
10.1.0.0/16 213 213 213
The customer wants to reuse the same

AS number on several sites:
• CE-BGP-A1 announces network 10.1.0.0/16 to PE-Site-X
• The prefix announced by CE-BGP-A1 is propagated to PE-Site-Y
as internal route through MP-BGP
• PE-Site-Y prepends AS115 to the AS path and propagates the prefix
to CE-BGP-A2
• CE-BGP-A2 drops the update because the AS213 is already in AS Path
AS-Override Overview
• New AS path update procedures have

been implemented in order to reuse the
same AS number on all VPN sites.
• The procedures allow the use of private
as well as public AS number.
• The same AS number may be used for
all sites, whatever is their VPN.

AS-Override Implementation
With AS-Override configured, the AS

path update procedure on the PE
router is as follows:
• If the first AS number in AS path is equal
to the neighboring one, it is replaced
with the provider AS number.
• If the first AS number has multiple
occurrences (due to AS path prepend),
all occurrences are replaced with the
provider AS number.
• After this operation, the provider AS
number is prepended to the AS path.
Configuring AS-Override
neighbor ip-address as-override
• This command configures the AS-override AS

path update procedure for the specified
neighbor.
• AS-override is configured for CE EBGP
neighbors in the VRF address family of the
BGP process.

AS-Override in Action
router bgp 115

neighbor 10.200.2.1 as-override
Site A AS 115 Site B

AS 213 AS 213
CE-BGP-A1 CE-BGP-A2
PE-Site-X PE-Site-Y
i 10.1.0.0/16 10.1.0.0/16 115
10.1.0.0/16 213 213 115
• PE-Site-Y replaces AS213 with AS115 in the AS path, prepends anothe

copy of AS115 to the AS path, and propagates the prefix.
AS-Override with AS-Path
Prepending
router bgp 115

neighbor 10.200.2.1 as-override
Site A AS 115 Site B

AS 213 AS 213
CE-BGP-A1 CE-BGP-A2
PE-Site-X PE-Site-Y
10.1.0.0/16 213 i 10.1.0.0/16 213 10.1.0.0/16 115 115
213 213 115
• PE-Site-Y replaces all occurrences of AS213 with AS115 in the AS path,

prepends another copy of AS115 to the AS path, and propagates
the prefix.
Sample VPN Network
Customer Site Linking Two
VPNs
VPN-A VPN-B
CE-BGP-A1
•Customer site links two VPNs

•Not a usual setup—traffic between VPNs
should not flow over the customer site
•Sometimes used for enhanced security

Customer Site Linking VPNs
Various Perspectives
VPN-A VPN-B
PE-1 CE-BGP-A1 PE-2
P-Network C-Network P-Network

AS 115 AS 213 AS 115
• VPN perspective: VPN-A connected to VPN-B via CE-BGP-A1

• Physical topology: CE router is connected to two PE routers
• MPLS VPN perspective: CE router has two links into the P-network
• BGP perspective: CE router has two connections to AS 115

Customer Site Linking VPNs
BGP Loop Prevention Issues
VPN-A VPN-B
10.1.0.0/16 115 10.1.0.0/16 213 115

PE-1 CE-BGP-A1 PE-2
… …
P-Network C-Network P-Network

AS 115 AS 213 AS 115
• PE-1 announces network 10.1.0.0/16 to CE-BGP-A1.

• CE-BGP-A1 prepends its AS number to the AS path and propagates
the prefix to PE-2.
• PE-2 drops the update because its AS number is already in the AS
path.
• AS-override is needed on CE-BGP-A1, but that would require Cisco
IOS software upgrade on the CE router.
Allowas-in
The allowas-in BGP option disables

the AS path check on the PE router.
• The number of occurrences of router’s
own AS number is limited to suppress
real routing loops.
• The limit has to be configured.
• The PE router will only reject the
update only if its AS number appears
in the AS path more often than the
configured limit.

Configuring Allowas-in
neighbor ip-address allowas-in limit
• This command disables traditional BGP AS

path check.
• An incoming update is only rejected only if
the router’s own AS number appears in the
AS path more often than the configured limit.

Additional BGP Loop
Prevention Mechanisms
AS path-based BGP loop prevention

is bypassed with AS-override and
allowas-in features
SOO (extended BGP community)
can be used to prevent loops in
these scenarios.
• SOO is needed only for multihomed
sites.
• SOO is not needed for stub sites.

Setting Site of Origin
• When EBGP is run between PE and CE

routers, SOO is configured through a
route map command.
• For other routing protocols, SOO can be
applied to routes learned through a
particular VRF interface during the
redistribution
into BGP.

Filters Based on SOO
• Route maps are used on EBGP PE-CE

connections to filter on SOO values.
• For other routing protocols, routes
redistributed from BGP are filtered
based on SOO values configured on
outgoing interfaces.

Setting Site-of-Origin on
Inbound EBGP Update
router(config)#
match conditions
set extcommunity soo value
• Creates a route map that sets SOO attribute
neighbor ip-address route-map name in
• Applies inbound route map to CE EBGP

neighbor

Setting SOO on Other
Inbound Routing Updates
router(config)#
match conditions
set extcommunity soo value
• Creates a route map that sets SOO attribute
router(config-if)#
ip vrf sitemap route-map-name
• Applies route map that sets SOO to inbound

routing updates received from this interface

SOO-based Filter of Outbound
EBGP Updates
router(config)#
ip extcommunity-list number permit soo value
!
route-map name deny seq
match extcommunity number
!
route-map name permit 9999
• Defines a route map that discards routes

with desired SOO value
neighbor ip-address route-map name out
• Applies the route map to outbound updates

sent to EBGP CE neighbor

Summary

following tasks:
• Describe and properly use the AS-
Override feature
• Describe and properly use the Allowas-
in feature
• Configure Site-Of-Origin (SOO) on
incoming interface or BGP neighbor
Review Questions
• When would you need the AS-override feature?
• How does the AS-override feature work?
• When would you need the Allowas-In feature?
• Why can’t you use the AS-override feature
instead of Allowas-In feature?
• How do you prevent BGP loops when using AS-
override?
• How do you prevent BGP loops when using
Allowas-in?
• When would you have to use Site-of-Origin?
• What is Site-of-Origin?
• Where can you set the Site-of-Origin?
• How do you implement filters based on Site-of-
Origin?
Summary
After completing this lesson, you should

be able to perform the following tasks:
• Configure Virtual Routing and Forwarding
tables
• Configure Multi-protocol BGP in MPLS VPN
backbone
• Configure PE-CE routing protocols
• Configure advanced MPLS VPN features
• Monitor MPLS VPN operations
• Troubleshoot MPLS VPN implementation


MPLS10S08-MPLS VPN Configuration On IOS Platforms

Uploaded by

Copyright:

Available Formats

MPLS10S08-MPLS VPN Configuration On IOS Platforms

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

MPLS10S08-MPLS VPN Configuration On IOS Platforms

Uploaded by

Copyright:

Available Formats

Module 8

Upon completion of this lesson, you

© 2001, Cisco Systems, Inc. MPLS v1.0—8-3

Upon completion of this section, you

VPN B RIP PE Router

CE-VPN-B • Routing Information Protocol (RIP)

© 2001, Cisco Systems, Inc. MPLS v1.0—8-6

Routing context = routing protocol

Contains routes that should be available to

Instance for VRF-A

Instance for VRF-B

• Two VPNs attached to the same PE router

Instance for VRF-A

Instance for VRF-B

• RIP-speaking CE routers announce their prefixes to the PE router via RI

Instance for VRF-A

Instance for VRF-B

BGP-speaking CE routers announce their prefixes to the PE router via BGP

Instance for VRF-A

Instance for VRF-B

Instance for VRF-A

Instance for VRF-B

• Route distinguisher is prepended during route export to the BGP routes

Instance for VRF-A

Instance for VRF-B

• VPNv4 prefixes are received from other PE routers.

Instance for VRF-A

Instance for VRF-B

• Routes received from backbone MP-BGP and imported

Instance for VRF-A

Instance for VRF-B

Instance for VRF-A

Instance for VRF-B

© 2001, Cisco Systems, Inc. MPLS v1.0—8-17

After completing this section, you

© 2001, Cisco Systems, Inc. MPLS v1.0—8-20

Upon completion of this section,

© 2001, Cisco Systems, Inc. MPLS v1.0—8-21

VRF configuration tasks:

© 2001, Cisco Systems, Inc. MPLS v1.0—8-22

• Creates a new VRF or enters configuration of

• Assigns a route distinguisher to a VRF.

• Specifies an RT to be attached to every route

• Specifies an RT to be used as an import filter—only

• In cases where the export RT matches the

Sample router configuration for simple

© 2001, Cisco Systems, Inc. MPLS v1.0—8-25

• Associates an interface with the specified

© 2001, Cisco Systems, Inc. MPLS v1.0—8-26

MPLS VPN Backbone

•The network supports two VPN

© 2001, Cisco Systems, Inc. MPLS v1.0—8-28

After completing this section, you

© 2001, Cisco Systems, Inc. MPLS v1.0—8-29

• Which commands do you use to create a VRF?

© 2001, Cisco Systems, Inc. MPLS v1.0—8-31

Upon completion of this section, you will be

The BGP process in an MPLS VPN-

• Selects global BGP routing process