L3VPN Intro

  • CE

  • PE

  • P

    VRF tables for each customer

    Overlapping address spaces problem solved with route distinguishers

    PE1 uses a separate VRF for each but other PEs it would be a problem (they cant distinguish them as belonging to different customers)

    3 Types

  • Type0: 2 byte Type + 2 byte AS + 4 byte number + Prefix

  • Type1: 2 byte Type + 4 byte IP address (router ID)+ 2 byte number + Prefix (Recommended)

  • Type2: 2 byte Type + 4 byte AS + 2 byte number + Prefix

Type1 RD enables faster failover when a CE is multihomed to multiple PEs

Ingress PE router adds RD

VPN-IPv4 (AFI:1 SAFI: 128) routes are exchanged between PE routers using BGP

VRF Label chosen by the advertising PE router

Egress PE router converts VPN-IPv4 routes into IPv4 routes before inserting into site’s VRF table

By default, all routes associated with the same VRF interface can share common label

Inner (VPN) label to reach the advertised prefix; advertised by BGP

Outer (Transport) label to reach the PE router; Advertised by label distribution protocols like LDP,RSVP etc

Each router installed in a VRF table can be advertised to the CE devices associated with that VRF table.

L3VPN configuration happens on the PR routers

  • inet.0

  • inet.3

  • mpls.0

  • bgp.l3vpn.0

  • .inet.0 ```sh set protocols bgp group family inet-vpn unicast ```
  • VRF Instance

  • VRF interfaces

  • RD

  • RT

  • PE-CE routing

  • Automatic Route target (vrf-target)

  • VRF import or export policies

  • BGP extended communities
set routing-instances <instance-name> instance-type vrf
set routing-instances <instance-name> interface <interface-name>
set routing-instances <instance-name> route-distinguisher 192.168.1.1:1
set routing-instances <instance-name> vrf-target target:65501:123

vrf-target shortcut for automatically creating VRF import and export

target parameter specified route target community, it is required.

we can make policies that match specific RTs

For more granular control over routes, use vrf-import vrf-export

RD can be assigned manually or dynamically for every configured VRF

set routing-options route-distinguisher-id 192.168.1.1
set policy-options community <community-name> members target:65501:456

vrf-import vrf-export affects only PE-PE routes

Similarly we can write policies for CE-PE route control as well.

Use as-override parameter when CE routers belong to the same AS

or autonomous-system loops

remove-private can also work if private AS numbers are in user

CE-PE IBGP :Independent domain

set routing-instances <instance-name> routing-options autonomous-system 65551 independent-domain

customer’s attributes are preserved when advertised to the remote CE router

Customers do not see the providers BGP attributes

Site of Origin: when CE router is dual homed and as-override is required

SoO prevents advertising routes back to the source

SoO is an extended community

set policy-options community <community-name> members origin:192.168.1.1:101
Back to Top ↑