Hello colleagues!

Bring to your attention the idea of the hardware configuration in the implementation of design MPLS VPN inter-AS.

In this design MPLS is implemented for both  VPN traffic and for Internet traffic. IGP routing protocol selected IS-IS.

Routing information for MPLS VPN traffic to PE router is transmitted directly to the router ASBR. If your ISP has many sites of one customer, it is best to use Route-Reflector (RR). (In this design, to simplify the configuration is not implemented a second RR.)

A feature of this design is that the transmission MPLS VPN and Internet traffic between the PE and CE, used the same sub-interface.

BGP protocol is implemented in such a way that the Internet can not access the network routers. A management traffic is transmitted through separate sub-interfaces that are included in VRF. (In order not to load the configuration, VRF Management is not shown.)

Fully test this idea I do not have the technical capabilities. Who are interested in this idea, conduct tests, please.

I will be glad to hear from you comments and suggestions to improve the current design.

If you see errors, please tell us.

 

 

MPLS_VPN_INTER-AS_273751147545.png

 

 

 

 

 

 

 

 

Next, showing configuration routers of one of the ISP. I think you do not complicate, make a "mirroring" configuration files for the second ISP.

 

 

 

ASBR_AS333 is configured as follows:

 

!

hostname ASBR_AS333

!

ip cef

!

mpls label protocol ldp

!

interface Loopback0

ip address 172.16.3.7 255.255.255.255

ip router isis

isis circuit-type level-2-only

!

interface FastEthernet0/0

no ip address

speed 100

full-duplex

!

interface FastEthernet0/0.333

description To the RR5

encapsulation dot1Q 333

ip address 172.16.33.1 255.255.255.252

ip router isis

mpls label protocol ldp

mpls ip

mpls mtu 1524

isis circuit-type level-2-only

!

interface FastEthernet1/0

no ip address

speed 100

full-duplex

!

interface FastEthernet1/0.333

description To the ASBR_AS111

encapsulation dot1Q 333

ip address 192.168.8.1 255.255.255.252

mpls label protocol ldp

mpls ip

mpls mtu 1524

!

router isis

net 11.0002.0000.0000.0008.00

is-type level-2-only

!

router bgp 333

bgp router-id 172.16.3.7

no bgp default ipv4-unicast

no bgp default route-target filter

bgp cluster-id 333

neighbor 172.16.3.3 remote-as 333

neighbor 172.16.3.3 description To the RR5

neighbor 172.16.3.3 update-source Loopback0

neighbor 172.16.3.5 remote-as 333

neighbor 172.16.3.5 description To the PE5

neighbor 172.16.3.5 password PLASHCHUN

neighbor 172.16.3.5 update-source Loopback0

neighbor 192.168.8.2 remote-as 111

neighbor 192.168.8.2 description To the ASBR_AS111

neighbor 192.168.8.2 update-source FastEthernet1/0.333

!

address-family ipv4

  neighbor 172.16.3.3 activate

  neighbor 172.16.3.3 next-hop-self

  neighbor 172.16.3.3 default-originate route-map SendDefault

  neighbor 172.16.3.3 send-label

  neighbor 192.168.8.2 activate

  neighbor 192.168.8.2 next-hop-self

  neighbor 192.168.8.2 default-originate route-map SendDefault

  neighbor 192.168.8.2 send-label

  no auto-summary

  no synchronization

exit-address-family

!

address-family vpnv4

  neighbor 172.16.3.5 activate

  neighbor 172.16.3.5 send-community both

  neighbor 172.16.3.5 next-hop-self

  neighbor 172.16.3.5 advertisement-interval 5

  neighbor 192.168.8.2 activate

  neighbor 192.168.8.2 send-community both

  neighbor 192.168.8.2 advertisement-interval 5

  bgp scan-time import 5

exit-address-family

!

ip bgp-community new-format

!

mpls ldp router-id Loopback0 force

!

end

 

 

 

RR5 is configured as follows:

 

!

hostname RR5

!

ip cef

!

mpls label protocol ldp

!

interface Loopback0

ip address 172.16.3.3 255.255.255.255

ip router isis

isis circuit-type level-2-only

!

interface FastEthernet0/0

no ip address

speed 100

full-duplex

!

interface FastEthernet0/0.333

description To the ASBR_AS333

encapsulation dot1Q 333

ip address 172.16.33.2 255.255.255.252

ip router isis

mpls label protocol ldp

mpls ip

mpls mtu 1524

isis circuit-type level-2-only

!

interface FastEthernet0/1

no ip address

speed 100

full-duplex

!

interface FastEthernet0/1.333

description To the PE5

encapsulation dot1Q 333

ip address 172.16.33.5 255.255.255.252

ip router isis

mpls label protocol ldp

mpls ip

mpls mtu 1524

isis circuit-type level-2-only

!

router isis

net 11.0002.0000.0000.0009.00

is-type level-2-only

!

router bgp 333

bgp router-id 172.16.3.3

no bgp default ipv4-unicast

no bgp default route-target filter

neighbor 172.16.3.5 remote-as 333

neighbor 172.16.3.5 description To the PE5

neighbor 172.16.3.5 update-source Loopback0

neighbor 172.16.3.7 remote-as 333

neighbor 172.16.3.7 description To the ASBR_AS333

neighbor 172.16.3.7 update-source Loopback0

!

address-family ipv4

  neighbor 172.16.3.5 activate

  neighbor 172.16.3.5 route-reflector-client

  neighbor 172.16.3.5 send-label

  neighbor 172.16.3.7 activate

  neighbor 172.16.3.7 route-reflector-client

  neighbor 172.16.3.7 send-label

  no auto-summary

  no synchronization

exit-address-family

!

mpls ldp router-id Loopback0 force

!

end

 

 

PE5 is configured as follows:

 

!

hostname PE5

!

ip cef

!

mpls label protocol ldp

!

interface Loopback0

ip address 172.16.3.5 255.255.255.255

ip router isis

isis circuit-type level-2-only

!

interface FastEthernet0/0

no ip address

speed 100

full-duplex

!

interface FastEthernet0/0.192

description To the CE5

encapsulation dot1Q 192

ip address 10.20.192.5 255.255.255.252

mpls label protocol ldp

mpls ip

mpls mtu 1524

!

interface FastEthernet0/1

no ip address

speed 100

full-duplex

!

interface FastEthernet0/1.333

description To the RR5

encapsulation dot1Q 333

ip address 172.16.33.6 255.255.255.252

ip router isis

mpls label protocol ldp

mpls ip

mpls mtu 1512

isis circuit-type level-2-only

!

router isis

net 11.0002.0000.0000.0001.00

!

router bgp 333

bgp router-id 172.16.3.5

no bgp default ipv4-unicast

no bgp default route-target filter

neighbor 10.20.192.6 remote-as 65190

neighbor 10.20.192.6 description To the CE5 for Internet traffic

neighbor 10.20.192.6 password PLASHCHUN

neighbor 10.20.192.6 update-source FastEthernet0/0.192

neighbor 10.20.192.30 remote-as 65190

neighbor 10.20.192.30 description To the CORE5 for MPLS VPN  traffic

neighbor 10.20.192.30 ebgp-multihop 3

neighbor 172.16.3.3 remote-as 333

neighbor 172.16.3.3 description To the RR5 for Internet traffic

neighbor 172.16.3.3 update-source Loopback0

neighbor 172.16.3.7 remote-as 333

neighbor 172.16.3.7 description To the ASBR_AS333 for MPLS VPN  traffic

neighbor 172.16.3.7 password PLASHCHUN

neighbor 172.16.3.7 update-source Loopback0

!

address-family ipv4

  neighbor 10.20.192.30 activate

  neighbor 10.20.192.30 route-map NetworkClient65190 in

  neighbor 172.16.3.3 activate

  neighbor 172.16.3.3 next-hop-self

  neighbor 172.16.3.3 send-label

  no auto-summary

  no synchronization

exit-address-family

!

address-family vpnv4

  neighbor 10.20.192.6 activate

  neighbor 10.20.192.6 send-community both

  neighbor 10.20.192.6 advertisement-interval 5

  neighbor 172.16.3.7 activate

  neighbor 172.16.3.7 send-community both

  neighbor 172.16.3.7 next-hop-self

  neighbor 172.16.3.7 advertisement-interval 5

  bgp scan-time import 5

exit-address-family

!

ip route 10.20.192.28 255.255.255.252 FastEthernet0/0.192

!

ip bgp-community new-format

!

mpls ldp router-id Loopback0 force

!

end

 

CE5 is configured as follows:

 

!

hostname CE5

!

ip cef

!

ip vrf Data

rd 10.20.22.133:5

route-target export 10.20.22.133:5

route-target import 10.20.44.133:1

!

mpls label protocol ldp

!

interface Loopback20

ip vrf forwarding Data

ip address 10.20.22.133 255.255.255.255

!

interface FastEthernet0/0

no ip address

speed 100

full-duplex

!

interface FastEthernet0/0.192

description To the PE5

encapsulation dot1Q 192

ip address 10.20.192.6 255.255.255.252

mpls label protocol ldp

mpls ip

mpls mtu 1524

!

interface FastEthernet0/1

no ip address

duplex auto

speed auto

!

interface FastEthernet0/1.20

description To the Enterprize network

encapsulation dot1Q 20

ip vrf forwarding Data

ip address 10.20.2.29 255.255.255.252

mpls label protocol ldp

mpls ip

mpls mtu 1512

!

interface FastEthernet0/1.192

description To the NAT

encapsulation dot1Q 192

ip address 192.0.0.1 255.255.255.252

mpls label protocol ldp

mpls ip

mpls mtu 1512

!

router ospf 20 vrf Data

auto-cost reference-bandwidth 1000

redistribute bgp 65190 metric-type 1 subnets

network 10.20.2.28 0.0.0.3 area 0

network 10.20.2.32 0.0.0.3 area 0

network 10.20.22.133 0.0.0.0 area 0

!

router bgp 65190

bgp router-id 10.20.192.6

no bgp default ipv4-unicast

no bgp default route-target filter

neighbor 10.20.192.5 remote-as 333

neighbor 10.20.192.5 description To the PE5 for Internet

neighbor 10.20.192.5 password PLASHCHUN

neighbor 10.20.192.5 update-source FastEthernet0/0.192

!

address-family vpnv4

  neighbor 10.20.192.5 activate

  neighbor 10.20.192.5 send-community both

  neighbor 10.20.192.5 advertisement-interval 5

  bgp scan-time import 5

exit-address-family

!

address-family ipv4 vrf Data

  redistribute ospf 20 vrf Data match internal external 1 external 2

  no synchronization

exit-address-family

!

ip route 0.0.0.0 0.0.0.0 10.20.192.5

ip route 10.20.192.28 255.255.255.252 192.0.0.2

!

end

 

 

 

 

ASBR_AS333#sh ip bgp neighbor

ASBR_AS333#sh ip bgp vpnv4 all

PE5#sh mpls forwarding-table

PE5#sh ip route

CE5#sh ip route vrf Data

If you were interested to read the article, then click LIKE. Maybe this will help me find a job

 

P.S. Sorry for my English