[c-nsp] Multi-VRF / Back to back VRF

Tim Franklin tim at pelican.org
Tue May 28 05:06:16 EDT 2013


Hi Ahmed,

> I am planning to deploy Global VPN ( Multi-VRF / NNI ), but the concept is
> not clear for me.
> 
> I have active a new link with my UP Link and configure it as sub-interface.
> 
> Now i am going to connect one customer of mine with destination in UP Link
> network as VPN.

Just to be clear, you have a customer VPN (VRF) in your network, that you're looking to connect to a VPN (VRF) in your provider's network, correct?

> at first what is the required configuration between my PE and CE ? then
> between PE-UP Link ?
> 
> Is it true to enable MB-Ebgp with CE and MPLS ?
> 
> Would you please clarify it to me ?

You certainly don't need to be running MPLS or MBGP to the CE.  If you run regular IPv4 BGP PE-CE today, you can carry on doing it, or if you have another method of establishing PE-CE connectivity, you can carry on doing that too, as long as you end up with the routes in your VRF.

For the part to your upstream, you need to know what type of NNI they have configured for you.  Since you're talking about sub-interfaces, it's likely that you have RFC4364 "type a" interconnect, where there is a point-to-point sub-interface and back-to-back VRFs.  So for this you would configure a point-to-point link on the sub-interfaces (/30 or /31 as appropriate), and a BGP session under 'address-family ipv4 vrf <CUSTOMER>' with the upstream PE.  For subsequent customers, it's a new back-to-back link in the right VRF, and another BGP session in the appropriate address family.

So the forwarding part looks like:

CE <-- IPv4 --> Your-PE <-- MPLS --> Your-PE <-- IPv4--> Upstream PE

And the routing part like:

CE <-- BGP, IGP, static --> Your-PE (ipv4 vrf) <-- MP-BGP --> Your-PE (ipv4 vrf) <-- BGP --> Upstream PE

Does that help?

Regards,
Tim.


More information about the cisco-nsp mailing list