Cisco NCS 540 Series Configuration Manual

L3VPN Configuration Guide for Cisco NCS 540 Series Routers, IOS XR Release 6.3.x

First Published: 2018-03-30

Americas Headquarters

Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000

800 553-NETS (6387)

Fax: 408 527-0883

THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.

THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.

The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright©1981, Regents of the University of California.

NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.

IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com

go trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any

other company. (1721R)

For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What's New in Cisco Product

Documentation.

To receive new and revised Cisco technical content directly to your desktop, you can subscribe to the . RSS feeds are a free service.

CONTENTS

PREFACE

CHAPTER 1

Preface ix

Changes to this Document ix

Obtaining Documentation and Submitting a Service Request ix

MPLS L3VPN Overview 1

How MPLS L3VPN Works 2

Major Components of MPLS L3VPN 2

Restrictions for MPLS L3VPN 3

Inter-AS Support for L3VPN 3

Inter-AS Support: Overview 3

Inter-AS and ASBRs 4

Confederations 5

MPLS VPN Inter-AS BGP Label Distribution 6

Exchanging IPv4 Routes with MPLS labels 7

How to Implement MPLS Layer 3 VPNs 8

Prerequisites for Implementing MPLS L3VPN 9

Configure the Core Network 9

Assess the Needs of MPLS VPN Customers 9

Configure Routing Protocols in the Core 10

Configure MPLS in the Core 11

Determine if FIB is Enabled in the Core 12

Configure Multiprotocol BGP on the PE Routers and Route Reflectors 12

Connect MPLS VPN Customers 15

Define VRFs on PE Routers to Enable Customer Connectivity 16

Configure VRF Interfaces on PE Routers for Each VPN Customer 17

Configure Routing Protocol Between the PE and CE Routers 18

L3VPN Configuration Guide for Cisco NCS 540 Series Routers, IOS XR Release 6.3.x

Contents

Verify MPLS L3VPN Configuration 25

Verify the L3VPN Traffic Flow 25

Verify the Underlay (transport) 26

Verify the Overlay (L3VPN) 28

Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS VPN Inter-AS with

ASBRs Exchanging IPv4 Routes and MPLS Labels 30

Concept 30

Configuring ASBRs to Exchange IPv4 Routes and MPLS Labels 30

Configuring the Route Reflectors to Exchange VPN-IPv4 Routes 32

Configure the Route Reflectors to Reflect Remote Routes in its AS 34

Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS VPN Inter-AS with

ASBRs Exchanging VPN-IPv4 Addresses 35

Configuring the ASBRs to Exchange VPN-IPv4 Addresses for IP Tunnels 35

Configuring a Static Route to an ASBR Peer 38

Configuring EBGP Routing to Exchange VPN Routes Between Subautonomous Systems in a

Confederation 39

Configuring MPLS Forwarding for ASBR Confederations 41

Configuring a Static Route to an ASBR Confederation Peer 42

VRF-lite 43

Configure VRF-lite 43

MPLS L3VPN Services using Segment Routing 47

Configure MPLS L3VPN over Segment Routing 47

Configure Segment Routing in MPLS Core 48

Verify MPLS L3VPN Configuration over Segment Routing 51

Implementing MPLS L3VPNs - References 52

MPLS L3VPN Benefits 52

Major Components of MPLS L3VPN—Details 52

Virtual Routing and Forwarding Tables 52

VPN Routing Information: Distribution 53

BGP Distribution of VPN Routing Information 53

MPLS Forwarding 53

Automatic Route Distinguisher Assignment 54

CHAPTER 2

Implementing IPv6 VPN Provider Edge Transport over MPLS 55

L3VPN Configuration Guide for Cisco NCS 540 Series Routers, IOS XR Release 6.3.x

Overview of 6PE/VPE 55

Benefits of 6PE/VPE 56

Deploying IPv6 over MPLS Backbones 56

IPv6 on the Provider Edge and Customer Edge Routers 56

OSPFv3 6VPE 57

Configuring 6PE/VPE 58

Configuring OSPFv3 as the Routing Protocol Between the PE and CE Routers 60

Contents

L3VPN Configuration Guide for Cisco NCS 540 Series Routers, IOS XR Release 6.3.x

vii

Contents

L3VPN Configuration Guide for Cisco NCS 540 Series Routers, IOS XR Release 6.3.x

viii

Preface

This preface contains these sections:

• Changes to this Document, on page ix

• Obtaining Documentation and Submitting a Service Request, on page ix

Changes to this Document

Table 1: Changes to this Document

SummaryDate

Initial release of this document.March 2018

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What's New in Cisco Product Documentation.

To receive new and revised Cisco technical content directly to your desktop, you can subscribe to the . RSS feeds are a free service.

L3VPN Configuration Guide for Cisco NCS 540 Series Routers, IOS XR Release 6.3.x

Obtaining Documentation and Submitting a Service Request

Preface

L3VPN Configuration Guide for Cisco NCS 540 Series Routers, IOS XR Release 6.3.x

CHAPTER 1

MPLS L3VPN Overview

Before defining an MPLS VPN, VPN in general must be defined. A VPN is:

• An IP-based network delivering private network services over a public infrastructure

• A set of sites that are allowed to communicate with each other privately over the Internet or other public or private networks

Conventional VPNs are created by configuring a full mesh of tunnels or permanent virtual circuits (PVCs) to all sites in a VPN. This type of VPN is not easy to maintain or expand, as adding a new site requires changing each edge device in the VPN.

MPLS-based VPNs are created in Layer 3 and are based on the peer model. The peer model enables the service provider and the customer to exchange Layer 3 routing information. The service provider relays the data between the customer sites without customer involvement.

MPLS VPNs are easier to manage and expand than conventional VPNs. When a new site is added to an MPLS VPN, only the edge router of the service provider that provides services to the customer site needs to be updated.

The following figure depicts a basic MPLS VPN topology.

Figure 1: Basic MPLS VPN Topology

These are the basic components of MPLS VPN:

L3VPN Configuration Guide for Cisco NCS 540 Series Routers, IOS XR Release 6.3.x

How MPLS L3VPN Works

MPLS L3VPN Overview

• Provider (P) router—Router in the core of the provider network. P routers run MPLS switching and do not attach VPN labels to routed packets. VPN labels are used to direct data packets to the correct private network or customer edge router.

• PE router—Router that attaches the VPN label to incoming packets based on the interface or sub-interface on which they are received, and also attaches the MPLS core labels. A PE router attaches directly to a CE router.

• Customer (C) router—Router in the Internet service provider (ISP) or enterprise network.

• Customer edge (CE) router—Edge router on the network of the ISP that connects to the PE router on the network. A CE router must interface with a PE router.

• How MPLS L3VPN Works, on page 2

• How to Implement MPLS Layer 3 VPNs, on page 8

• VRF-lite, on page 43

• MPLS L3VPN Services using Segment Routing, on page 47

• Implementing MPLS L3VPNs - References, on page 52

How MPLS L3VPN Works

MPLS VPN functionality is enabled at the edge of an MPLS network. The PE router performs the following tasks:

• Exchanges routing updates with the CE router

• Translates the CE routing information into VPN version 4 (VPNv4) routes

• Exchanges VPNv4 routes with other PE routers through the Multiprotocol Border Gateway Protocol (MP-BGP)

Major Components of MPLS L3VPN

An MPLS-based VPN network has three major components:

• VPN route target communities—A VPN route target community is a list of all members of a VPN community. VPN route targets need to be configured for each VPN community member.

• Multiprotocol BGP (MP-BGP) peering of the VPN community PE routers—MP-BGP propagates VRF reachability information to all members of a VPN community. MP-BGP peering needs to be configured in all PE routers within a VPN community.

• MPLS forwarding—MPLS transports all traffic between all VPN community members across a VPN service-provider network.

A one-to-one relationship does not necessarily exist between customer sites and VPNs. A given site can be a member of multiple VPNs. However, a site can associate with only one VRF. A customer-site VRF contains all the routes available to the site from the VPNs of which it is a member.

Read more at Major Components of MPLS L3VPN—Details, on page 52.

L3VPN Configuration Guide for Cisco NCS 540 Series Routers, IOS XR Release 6.3.x

MPLS L3VPN Overview

Restrictions for MPLS L3VPN

Implementing MPLS L3VPN in Cisco NCS 540 Series Routers is subjected to these restrictions:

• The Cisco NCS 540 Series router supports only 16 ECMP paths.

• Fragmentation of MPLS packets that exceed egress MTU is not supported. Fragmentation is not supported for IP->MPLS imposition as well. Hence, it is recommended to use Maximum MTU (9216) value on all interfaces in the MPLS core.

• L3VPN prefix lookup always yields a single path. In case of multiple paths at IGP or BGP level, path selection at each level is done using the prefix hash in control plane. The selected path is programmed in the data plane.

• TTL propagation cannot be disabled. TTL propagation always happens from IP->MPLS and MPLS->IP.

Apart from the specific ones mentioned above, these generic restrictions for implementing MPLS L3VPNs also apply for Cisco NCS 540 Series Routers:

• Multihop VPN-IPv4 eBGP is not supported for configuring eBGP routing between autonomous systems or subautonomous systems in an MPLS VPN.

Restrictions for MPLS L3VPN

• MPLS VPN supports only IPv4 address families.

The following platform restrictions apply only to Cisco NCS 540 Series router:

• MPLS-TE stats is not supported.

• MPLS stats is not supported on show mpls forwarding command output and does not show any MPLS stats.

The following restrictions apply when configuring MPLS VPN Inter-AS with ASBRs exchanging IPv4 routes and MPLS labels:

• For networks configured with eBGP multihop, a label switched path (LSP) must be configured between non adjacent routers.

Note

The physical interfaces that connect the BGP speakers must support FIB and MPLS.

Inter-AS Support for L3VPN

This section contains the following topics:

Inter-AS Support: Overview

An autonomous system (AS) is a single network or group of networks that is controlled by a common system administration group and uses a single, clearly defined routing protocol.

As VPNs grow, their requirements expand. In some cases, VPNs need to reside on different autonomous systems in different geographic areas. In addition, some VPNs need to extend across multiple service providers (overlapping VPNs). Regardless of the complexity and location of the VPNs, the connection between autonomous systems must be seamless.

L3VPN Configuration Guide for Cisco NCS 540 Series Routers, IOS XR Release 6.3.x

Inter-AS and ASBRs

MPLS L3VPN Overview

An MPLS VPN Inter-AS provides the following benefits:

• Allows a VPN to cross more than one service provider backbone.

Service providers, running separate autonomous systems, can jointly offer MPLS VPN services to the same end customer. A VPN can begin at one customer site and traverse different VPN service provider backbones before arriving at another site of the same customer. Previously, MPLS VPN could traverse only a single BGP autonomous system service provider backbone. This feature lets multiple autonomous systems form a continuous, seamless network between customer sites of a service provider.

• Allows a VPN to exist in different areas.

A service provider can create a VPN in different geographic areas. Having all VPN traffic flow through one point (between the areas) allows for better rate control of network traffic between the areas.

• Allows confederations to optimize iBGP meshing.

Internal Border Gateway Protocol (iBGP) meshing in an autonomous system is more organized and manageable. You can divide an autonomous system into multiple, separate subautonomous systems and then classify them into a single confederation. This capability lets a service provider offer MPLS VPNs across the confederation, as it supports the exchange of labeled VPN-IPv4 Network Layer Reachability Information (NLRI) between the subautonomous systems that form the confederation.

Inter-AS and ASBRs

Separate autonomous systems from different service providers can communicate by exchanging IPv4 NLRI and IPv6 in the form of VPN-IPv4 addresses. The ASBRs use eBGP to exchange that information. Then an Interior Gateway Protocol (IGP) distributes the network layer information for VPN-IPV4 prefixes throughout each VPN and each autonomous system. The following protocols are used for sharing routing information:

• Within an autonomous system, routing information is shared using an IGP.

• Between autonomous systems, routing information is shared using an eBGP. An eBGP lets service providers set up an interdomain routing system that guarantees the loop-free exchange of routing information between separate autonomous systems.

The primary function of an eBGP is to exchange network reachability information between autonomous systems, including information about the list of autonomous system routes. The autonomous systems use EBGP border edge routers to distribute the routes, which include label switching information. Each border edge router rewrites the next-hop and MPLS labels.

Inter-AS configurations supported in an MPLS VPN can include:

• Interprovider VPN—MPLS VPNs that include two or more autonomous systems, connected by separate border edge routers. The autonomous systems exchange routes using eBGP. No IGP or routing information is exchanged between the autonomous systems.

• BGP Confederations—MPLS VPNs that divide a single autonomous system into multiple subautonomous systems and classify them as a single, designated confederation. The network recognizes the confederation as a single autonomous system. The peers in the different autonomous systems communicate over eBGP sessions; however, they can exchange route information as if they were iBGP peers.

L3VPN Configuration Guide for Cisco NCS 540 Series Routers, IOS XR Release 6.3.x

MPLS L3VPN Overview

Confederations

A confederation is multiple subautonomous systems grouped together. A confederation reduces the total number of peer devices in an autonomous system. A confederation divides an autonomous system into subautonomous systems and assigns a confederation identifier to the autonomous systems. A VPN can span service providers running in separate autonomous systems or multiple subautonomous systems that form a confederation.

In a confederation, each subautonomous system is fully meshed with other subautonomous systems. The subautonomous systems communicate using an IGP, such as Open Shortest Path First (OSPF) or Intermediate System-to-Intermediate System (IS-IS). Each subautonomous system also has an eBGP connection to the other subautonomous systems. The confederation eBGP (CEBGP) border edge routers forward next-hop-self addresses between the specified subautonomous systems. The next-hop-self address forces the BGP to use a specified address as the next hop rather than letting the protocol choose the next hop.

You can configure a confederation with separate subautonomous systems two ways:

• Configure a router to forward next-hop-self addresses between only the CEBGP border edge routers (both directions). The subautonomous systems (iBGP peers) at the subautonomous system border do not forward the next-hop-self address. Each subautonomous system runs as a single IGP domain. However, the CEBGP border edge router addresses are known in the IGP domains.

• Configure a router to forward next-hop-self addresses between the CEBGP border edge routers (both directions) and within the iBGP peers at the subautonomous system border. Each subautonomous system runs as a single IGP domain but also forwards next-hop-self addresses between the PE routers in the domain. The CEBGP border edge router addresses are known in the IGP domains.

Note

eBGP Connection Between Two Subautonomous Systems in a Confederation figure illustrates how two autonomous systems exchange routes and forward packets. Subautonomous systems in a confederation use a similar method of exchanging routes and forwarding packets.

The figure below illustrates a typical MPLS VPN confederation configuration. In this configuration:

• The two CEBGP border edge routers exchange VPN-IPv4 addresses with labels between the two autonomous systems.

• The distributing router changes the next-hop addresses and labels and uses a next-hop-self address.

• IGP-1 and IGP-2 know the addresses of CEBGP-1 and CEBGP-2.

L3VPN Configuration Guide for Cisco NCS 540 Series Routers, IOS XR Release 6.3.x

MPLS VPN Inter-AS BGP Label Distribution

Figure 2: eBGP Connection Between Two Subautonomous Systems in a Confederation

In this confederation configuration:

MPLS L3VPN Overview

• CEBGP border edge routers function as neighboring peers between the subautonomous systems. The subautonomous systems use eBGP to exchange route information.

• Each CEBGP border edge router (CEBGP-1 and CEBGP-2) assigns a label for the router before distributing the route to the next subautonomous system. The CEBGP border edge router distributes the route as a VPN-IPv4 address by using the multiprotocol extensions of BGP. The label and the VPN identifier are encoded as part of the NLRI.

• Each PE and CEBGP border edge router assigns its own label to each VPN-IPv4 address prefix before redistributing the routes. The CEBGP border edge routers exchange IPV-IPv4 addresses with the labels. The next-hop-self address is included in the label (as the value of the eBGP next-hop attribute). Within the subautonomous systems, the CEBGP border edge router address is distributed throughout the iBGP neighbors, and the two CEBGP border edge routers are known to both confederations.

MPLS VPN Inter-AS BGP Label Distribution

Note

This section is not applicable to Inter-AS over IP tunnels.

You can set up the MPLS VPN Inter-AS network so that the ASBRs exchange IPv4 routes with MPLS labels of the provider edge (PE) routers. Route reflectors (RRs) exchange VPN-IPv4 routes by using multihop, multiprotocol external Border Gateway Protocol (eBGP). This method of configuring the Inter-AS system is often called MPLS VPN Inter-AS BGP Label Distribution.

Configuring the Inter-AS system so that the ASBRs exchange the IPv4 routes and MPLS labels has the following benefits:

• Saves the ASBRs from having to store all the VPN-IPv4 routes. Using the route reflectors to store the VPN-IPv4 routes and forward them to the PE routers results in improved scalability compared with configurations in which the ASBR holds all the VPN-IPv4 routes and forwards the routes based on VPN-IPv4 labels.

L3VPN Configuration Guide for Cisco NCS 540 Series Routers, IOS XR Release 6.3.x

MPLS L3VPN Overview

• Having the route reflectors hold the VPN-IPv4 routes also simplifies the configuration at the border of the network.

• Enables a non-VPN core network to act as a transit network for VPN traffic. You can transport IPv4 routes with MPLS labels over a non-MPLS VPN service provider.

• Eliminates the need for any other label distribution protocol between adjacent label switch routers (LSRs). If two adjacent LSRs are also BGP peers, BGP can handle the distribution of the MPLS labels. No other label distribution protocol is needed between the two LSRs.

Exchanging IPv4 Routes with MPLS labels

Note

This section is not applicable to Inter-AS over IP tunnels.

You can set up a VPN service provider network to exchange IPv4 routes with MPLS labels. You can configure the VPN service provider network as follows:

• Route reflectors exchange VPN-IPv4 routes by using multihop, multiprotocol eBGP. This configuration also preserves the next-hop information and the VPN labels across the autonomous systems.

Exchanging IPv4 Routes with MPLS labels

• A local PE router (for example, PE1 in the figure below) needs to know the routes and label information for the remote PE router (PE2).

This information can be exchanged between the PE routers and ASBRs in one of two ways:

• Internal Gateway Protocol (IGP) and Label Distribution Protocol (LDP): The ASBR can redistribute the IPv4 routes and MPLS labels it learned from eBGP into IGP and LDP and from IGP and LDP into eBGP.

• Internal Border Gateway Protocol (iBGP) IPv4 label distribution: The ASBR and PE router can use direct iBGP sessions to exchange VPN-IPv4 and IPv4 routes and MPLS labels.

Alternatively, the route reflector can reflect the IPv4 routes and MPLS labels learned from the ASBR to the PE routers in the VPN. This reflecting of learned IPv4 routes and MPLS labels is accomplished by enabling the ASBR to exchange IPv4 routes and MPLS labels with the route reflector. The route reflector also reflects the VPN-IPv4 routes to the PE routers in the VPN. For example, in VPN1, RR1 reflects to PE1 the VPN-IPv4 routes it learned and IPv4 routes and MPLS labels learned from ASBR1. Using the route reflectors to store the VPN-IPv4 routes and forward them through the PE routers and ASBRs allows for a scalable configuration.

Figure 3: VPNs Using eBGP and iBGP to Distribute Routes and MPLS Labels

L3VPN Configuration Guide for Cisco NCS 540 Series Routers, IOS XR Release 6.3.x

BGP Routing Information

BGP routing information includes the following items:

• Network number (prefix), which is the IP address of the destination.

• Autonomous system (AS) path, which is a list of the other ASs through which a route passes on the way to the local router. The first AS in the list is closest to the local router; the last AS in the list is farthest from the local router and usually the AS where the route began.

• Path attributes, which provide other information about the AS path, for example, the next hop.

BGP Messages and MPLS Labels

MPLS labels are included in the update messages that a router sends. Routers exchange the following types of BGP messages:

• Open messages—After a router establishes a TCP connection with a neighboring router, the routers exchange open messages. This message contains the number of the autonomous system to which the router belongs and the IP address of the router that sent the message.

• Update messages—When a router has a new, changed, or broken route, it sends an update message to the neighboring router. This message contains the NLRI, which lists the IP addresses of the usable routes. The update message includes any routes that are no longer usable. The update message also includes path attributes and the lengths of both the usable and unusable paths. Labels for VPN-IPv4 routes are encoded in the update message, as specified in RFC 2858. The labels for the IPv4 routes are encoded in the update message, as specified in RFC 3107.

MPLS L3VPN Overview

• Keepalive messages—Routers exchange keepalive messages to determine if a neighboring router is still available to exchange routing information. The router sends these messages at regular intervals. (Sixty seconds is the default for Cisco routers.) The keepalive message does not contain routing data; it contains only a message header.

• Notification messages—When a router detects an error, it sends a notification message.

Sending MPLS Labels with Routes

When BGP (eBGP and iBGP) distributes a route, it can also distribute an MPLS label that is mapped to that route. The MPLS label mapping information for the route is carried in the BGP update message that contains the information about the route. If the next hop is not changed, the label is preserved.

When you issue the show bgp neighbors ip-address command on both BGP routers, the routers advertise to each other that they can then send MPLS labels with the routes. If the routers successfully negotiate their ability to send MPLS labels, the routers add MPLS labels to all outgoing BGP updates.

How to Implement MPLS Layer 3 VPNs

Implementing MPLS L3VPNs involves these main tasks:

• Configure the Core Network, on page 9

• Connect MPLS VPN Customers, on page 15

L3VPN Configuration Guide for Cisco NCS 540 Series Routers, IOS XR Release 6.3.x

MPLS L3VPN Overview

Prerequisites for Implementing MPLS L3VPN

These are the prerequisites to configure MPLS L3VPN:

• You must be in a user group associated with a task group that includes the proper task IDs for these commands:

• • BGP

• IGP

• MPLS

• MPLS Layer 3 VPN

• If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

• To configure MPLS Layer 3 VPNs, routers must support MPLS forwarding and Forwarding Information Base (FIB).

Prerequisites for Implementing MPLS L3VPN

Configure the Core Network

Consider a network topology where MPLS L3VPN services are transported over MPLS LDP core.

Figure 4: L3VPN over MPLS LDP

Configuring the core network involves these main tasks:

• Assess the Needs of MPLS VPN Customers, on page 9

• Configure Routing Protocols in the Core, on page 10

• Configure MPLS in the Core, on page 11

• Determine if FIB is Enabled in the Core, on page 12

• Configure Multiprotocol BGP on the PE Routers and Route Reflectors, on page 12

Assess the Needs of MPLS VPN Customers

Before configuring an MPLS VPN, the core network topology must be identified so that it can best serve MPLS VPN customers. The tasks listed below helps to identify the core network topology.

• Identify the size of the network:

Identify the following to determine the number of routers and ports required:

L3VPN Configuration Guide for Cisco NCS 540 Series Routers, IOS XR Release 6.3.x

Configure Routing Protocols in the Core

• How many customers to be supported?

• How many VPNs are required for each customer?

• How many virtual routing and forwarding (VRF) instances are there for each VPN?

• Determine the routing protocols required in the core.

• Determine if BGP load sharing and redundant paths in the MPLS VPN core are required.

Configure Routing Protocols in the Core

You can use RIP, OSPF or IS-IS as the routing protocol in the core.

Figure 5: OSPF as Routing Protocol in the Core

Configuration Example

MPLS L3VPN Overview

This example lists the steps to configure OSPF as the routing protocol in the core.

Router-PE1#configure Router-PE1(config)#router ospf dc-core Router-PE1(config-ospf)#address-family ipv4 unicast Router-PE1(config-ospf)#area 1 Router-PE1(config-ospf-ar)#interface HundredGigE0/0/1/0 Router-PE1(config-ospf-vrf-ar-if)#commit

Running Configuration

router ospf dc-core

router-id 13.13.13.1 address-family ipv4 unicast area 1

interface HundredGigE0/0/1/0 !

Verification

• Verify the OSPF neighbor and ensure that the State is displayed as 'FULL'.

Router-PE1# show ospf neighbor Neighbors for OSPF dc-core

Neighbor ID Pri State Dead Time Address Interface

16.16.16.1 1 FULL/DR 00:00:34 191.22.1.2 HundredGigE0/0/1/0

Neighbor is up for 1d18h

Total neighbor count: 1

L3VPN Configuration Guide for Cisco NCS 540 Series Routers, IOS XR Release 6.3.x

MPLS L3VPN Overview

Cisco NCS 540 Series Configuration Manual

Specifications and Main Features

Frequently Asked Questions

User Manual