"Huawei Certification" mpls cross-domain notes

1. Problems caused by cross-domain mpls vpn:

Compared with intra-domain MPLS VPN, the working principle of VPN in the cross-domain scenario remains the same, but because it spans different ASs , the following problems arise:

The LDP protocol does not run between ASs , so an outer layer tunnel cannot be established between ASs .

PEs do not run the IGP protocol . By default, BGP neighbor relationships cannot be established, and thus VPNv4 routes cannot be directly transmitted.

2. Solutions

Option A：

Two ASBR-PEs are interconnected with multiple physical interfaces (or sub-interfaces), each interface is associated with a VPN, and each ASBR-PE regards the opposite end as a CE.

Route publishing:

Message forwarding:

Advantages: simple configuration, pure ip packets are transmitted between ASBRs , no need to run mpls.

Disadvantages: ASBR needs to maintain the private network routes of multiple instances, the number of VPNV4 routes is too large , and because of IP forwarding, it is necessary to use a different interface (configurable sub-interface) for each cross-domain vpn, which is costly.

(When the number of cross-domain VPNs is relatively small, it can be given priority)

OptionB :

Compared with Option A, Option B does not need to create a VPN instance on the ASBR-PE and does not need to bind any interface.

In OptionB mode, two ASBRs exchange the VPNv4 routes they receive from PEs in their respective ASs through MP-EBGP .

routing pass

data transfer

Advantage: ASBRs are not restricted by physical links. ( All traffic must pass through ASBR. The traffic is very controllable, but the burden on ASBR is heavy. You can filter on RT on ASBR and reserve some routes )

Disadvantages: VPNv4 routes are stored and transmitted through ASBR, and ASBR needs to store routes of multiple instances and occupy label space. In the option B scheme, the ASBR that needs to maintain the VPN pair information is generally no longer responsible for the forwarding of the public network IP.

Option C：

Compared with OptionA and OptionB, in OptionC, ASBRs do not store VPNv4 routes , nor advertise VPNv4 routes to each other.

In Option C, PEs in different ASs establish multihop EBGP connections to exchange VPNv4 routes . Option C can be divided into two ways to realize routing interworking between PEs in different ways:

Method 1: The ASBR sends the PE routes destined for other ASs to the local PE device through BGP.

Method 2: The ASBR imports the PE routes destined for other ASs into the IGP.

(The difference between the two methods of option C is how the local PE learns the route of the peer PE. In mode 1, the route of the peer PE is learned through BGP, while in mode 2, the peer PE The route of PE is learned through IGP. Based on the different methods of route learning in the two ways, everyone should pay attention to the fact that the establishment of the tunnel is also different)

method one:

A BGP vpnv4 neighbor relationship is established between PEs and PEs and RRs to transmit vpnv4 routes. A BGP unicast neighbor relationship is established between PEs, RRs, and ASBRs to pass the loopback interface route of the local PE to the peer PE for the purpose of iterating traffic into the tunnel.

Routing delivery:

1. CE1 advertises the IPv4 route to PE1.
2. PE1 converts the IPv4 route into a VPNv4 route and sends it to PE2, sets the next hop as PE1, and assigns the VPN label V1.
3. ASBR1 advertises a labeled IPv4 route to PE1 to ASBR2 through the EBGP session, where the next hop is ASBR1, the label is BGP label, and the value is B1.
4. ASBR2 advertises a labeled IPv4 route to PE1 to PE2 through the BGP session, where the next hop is ASBR2, the label is the BGP label, and the value is B2.
5. PE1 and P1 assign tunnel labels T1 and T2 to the route to PE1 respectively.
6. ASBR2 and P2 assign tunnel labels T3 and T4 to the route to ASBR2 respectively.
7. PE2 converts the VPNv4 route into an IPv4 route, advertises it to CE2, and sets the next hop to PE2

Data forwarding:   

1. CE2 sends an IP packet destined for Net1 to PE2.
2. After receiving the IP packet, PE2 first encapsulates the VPN label V1, then adds the BGP label B2 assigned by ASBR2 as an intermediate label, and finally encapsulates the outer label T4.
3. P2 replaces the outer label T4 with T3, and then sends the packet to ASBR2.
4. ASBR2 removes the outer label, exchanges BGP label B2 with B1, and forwards it to ASBR1.
5. After ASBR1 receives the packet, it removes B1 and looks up the table for further forwarding. It finds that the route to PE1 has an associated label T2. Therefore, ASBR1 adds it to the top of the stack and forwards it to P1.
6. P1 performs label switching, replaces the outer label T2 with T1, and then sends the packet to PE1.
7. After receiving the packet, PE1 removes all labels and forwards the packet to CE1.

Method 2:

The MP-BGP vpnv4 neighbor relationship is established between the PE and the RR, and the unicast BGP neighbor relationship is established between the ASBRs. The route of the local PE is advertised to the peer PE through route import.

Routing delivery:

1. CE1 advertises the IPv4 route to PE1.
2. PE1 converts the IPv4 route into a VPNv4 route and sends it to PE2, sets the next hop as PE1, and assigns the VPN label V1.
3. PE1 and P1 assign tunnel labels T1 and T2 to the route to PE1 respectively.
4. ASBR1 advertises a labeled IPv4 route to PE1 to ASBR2 through the EBGP session, where the next hop is ASBR1, the label is BGP label, and the value is B1.
5. ASBR2 and P2 assign tunnel labels T3 and T4 to the route to PE1 respectively.
6. PE2 converts the VPNv4 route into an IPv4 route, advertises it to CE2, and sets the next hop as PE2.

Data transfer:

1. CE2 sends an IP packet destined for Net1 to PE2.
2. After PE2 receives the IP packet, it first encapsulates the VPN label V1. Since the next hop to Net1, PE1, is not a direct neighbor, it finds that the label to PE1 is T4 through table lookup, and adds T4.
3. P2 replaces the outer label T4 with T3, and then sends the packet to ASBR2.
4. ASBR2 removes the outer label, swaps T3 for B1, and forwards it to ASBR1.
5. After ASBR1 receives the packet, it removes B1 and looks up the table for further forwarding. It finds that the route to PE1 has an associated label T2. Therefore, ASBR1 adds it to the top of the stack and forwards it to P1.
6. P1 performs label switching, replaces the outer label T2 with T1, and then sends the packet to PE1.
7. After receiving the packet, PE1 removes all labels and forwards the packet to CE1.

4. Features of OptionC

Advantages: VPN routes are directly exchanged between the ingress PE and egress PE, without storage and forwarding of intermediate devices. VPN routing information only appears on PE devices, while P and ASBR are only responsible for packet forwarding, so that the devices in the intermediate domain do not need to support MPLS VPN services, but only support MPLS forwarding, and ASBR devices no longer become a performance bottleneck. Therefore, cross-domain VPN-Option C is more suitable for use across multiple ASs. It is more suitable to support the load sharing of MPLS VPN.

 Disadvantages: It is expensive to maintain an end-to-end PE connection management.