Interprovider L3VPN Option A on a vMX

Implementation Description

In this article, I will build an Interprovider L3VPN Option A setup on a single vMX. Each individual router will be configured as a logical router. The vMX router has a back-to-back connection between ge-0/0/0 and ge-0/0/1 ports. For each different link, a different VLAN number will be configured to separate the traffic generated based on router ID number.

Network Diagram

IP Allocation

  • AS 20: 192.168.20.0/16
    • CE 21: 192.168.0.21/32
    • CE 22: 192.168.0.22/32
    • Link 1121: 192.168.20.0/31
    • Link 1622: 192.168.20.2/31
  • AS 30: 192.168.30.0/16
    • CE 31: 192.168.0.31/32
    • CE 32: 192.168.0.32/32
    • Link 1131: 192.168.30.0/31
    • Link 1632: 192.168.30.2/31
  • AS 100: 10.100.0.0/16
    • PE 11: 10.100.0.11/32
    • P 12: 10.100.0.12/32
    • ASBR 13: 10.100.0.13/32
    • Internal Links: 10.100.1.0/16
  • AS 200: 10.200.0.0/16
    • PE 16: 10.200.0.16/32
    • P 15: 10.200.0.15/32
    • ASBR 14: 10.200.0.14/32
    • Internal Links: 10.200.1.0/16
  • Inter-ASBR links:
    • Link 20: 172.167.20.0/31
    • LInk 30: 172.167.30.0/31

Full Configuration

## Last changed: 2018-03-06 12:52:17 UTC
version 15.1F4.15;
groups {
    isis {
        logical-systems {
            <*> {
                protocols {
                    isis {
                        level 1 disable;
                        interface <*> {
                            point-to-point;
                        }
                    }
                }
            }
        }
    }
}
apply-groups isis;
system {
    host-name MX;
    root-authentication {
        encrypted-password "$5$L3F31155$kVyagZl2v/WM9s32/hi7VCXxM5o0vupYD.LO3uvCif4"; ## SECRET-DATA
    }
    services {
        ssh;
        netconf {
            ssh;
        }
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
}
logical-systems {
    11-PE {
        interfaces {
            ge-0/0/0 {
                unit 1112 {
                    vlan-id 1112;
                    family inet {
                        address 10.100.1.0/31;
                    }
                    family iso;
                    family mpls;
                }
                unit 1121 {
                    vlan-id 1121;
                    family inet {
                        address 192.168.20.0/31;
                    }
                }
                unit 1131 {
                    vlan-id 1131;
                    family inet {
                        address 192.168.30.0/31;
                    }
                }
            }
            lo0 {
                unit 11 {
                    family inet {
                        address 10.100.0.11/32;
                    }
                    family iso {
                        address 49.0100.0101.0000.0011.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                interface all;
            }
            bgp {
                group internal {
                    type internal;
                    local-address 10.100.0.11;
                    family inet-vpn {
                        any;
                    }
                    neighbor 10.100.0.13;
                }
            }
            isis {
                interface ge-0/0/0.1112;
                interface lo0.11;
            }
            ldp {
                interface all;
            }
        }
        routing-instances {
            Cust-20 {
                instance-type vrf;
                interface ge-0/0/0.1121;
                route-distinguisher 10.100.0.11:20;
                vrf-target target:100:20;
                protocols {
                    bgp {
                        group to-Cust {
                            type external;
                            peer-as 20;
                            as-override;
                            neighbor 192.168.20.1;
                        }
                    }
                }
            }
            Cust-30 {
                instance-type vrf;
                interface ge-0/0/0.1131;
                route-distinguisher 10.100.0.11:30;
                vrf-target target:100:30;
                protocols {
                    bgp {
                        group to-Cust {
                            type external;
                            peer-as 30;
                            as-override;
                            neighbor 192.168.30.1;
                        }
                    }
                }
            }
        }
        routing-options {
            autonomous-system 100;
        }
    }
    12-P {
        interfaces {
            ge-0/0/0 {
                unit 1213 {
                    vlan-id 1213;
                    family inet {
                        address 10.100.1.2/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            ge-0/0/1 {
                unit 1112 {
                    vlan-id 1112;
                    family inet {
                        address 10.100.1.1/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            lo0 {
                unit 12 {
                    family inet {
                        address 10.100.0.12/32;
                    }
                    family iso {
                        address 49.0100.0101.0000.0012.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                interface all;
            }
            isis {
                interface all;
            }
            ldp {
                interface all;
            }
        }
        routing-options {
            autonomous-system 100;
        }
    }
    13-ASBR {
        interfaces {
            ge-0/0/0 {
                unit 20 {
                    vlan-id 20;
                    family inet {
                        address 172.167.20.0/31;
                    }
                }
                unit 30 {
                    vlan-id 30;
                    family inet {
                        address 172.167.30.0/31;
                    }
                }
            }
            ge-0/0/1 {
                unit 1213 {
                    vlan-id 1213;
                    family inet {
                        address 10.100.1.3/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            lo0 {
                unit 13 {
                    family inet {
                        address 10.100.0.13/32;
                    }
                    family iso {
                        address 49.0100.0101.0000.0013.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                interface all;
            }
            bgp {
                group internal {
                    type internal;
                    local-address 10.100.0.13;
                    family inet-vpn {
                        any;
                    }
                    neighbor 10.100.0.11;
                }
            }
            isis {
                interface all;
            }
            ldp {
                interface all;
            }
        }
        routing-instances {
            Cust-20 {
                instance-type vrf;
                interface ge-0/0/0.20;
                route-distinguisher 10.100.0.13:20;
                vrf-target target:100:20;
                protocols {
                    bgp {
                        group to-AS200 {
                            type external;
                            peer-as 200;
                            neighbor 172.167.20.1;
                        }
                    }
                }
            }
            Cust-30 {
                instance-type vrf;
                interface ge-0/0/0.30;
                route-distinguisher 10.100.0.13:30;
                vrf-target target:100:30;
                protocols {
                    bgp {
                        group to-AS200 {
                            type external;
                            peer-as 200;
                            neighbor 172.167.30.1;
                        }
                    }
                }
            }
        }
        routing-options {
            autonomous-system 100;
        }
    }
    14-ASBR {
        interfaces {
            ge-0/0/0 {
                unit 1415 {
                    vlan-id 1415;
                    family inet {
                        address 10.200.1.4/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            ge-0/0/1 {
                unit 20 {
                    vlan-id 20;
                    family inet {
                        address 172.167.20.1/31;
                    }
                }
                unit 30 {
                    vlan-id 30;
                    family inet {
                        address 172.167.30.1/31;
                    }
                }
            }
            lo0 {
                unit 14 {
                    family inet {
                        address 10.200.0.14/32;
                    }
                    family iso {
                        address 49.0200.0102.0000.0014.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                interface all;
            }
            bgp {
                group internal {
                    type internal;
                    local-address 10.200.0.14;
                    family inet-vpn {
                        any;
                    }
                    neighbor 10.200.0.16;
                }
            }
            isis {
                interface all;
            }
            ldp {
                interface all;
            }
        }
        routing-instances {
            Cust-20 {
                instance-type vrf;
                interface ge-0/0/1.20;
                route-distinguisher 10.200.0.13:20;
                vrf-target target:200:20;
                protocols {
                    bgp {
                        group to-AS100 {
                            type external;
                            peer-as 100;
                            neighbor 172.167.20.0;
                        }
                    }
                }
            }
            Cust-30 {
                instance-type vrf;
                interface ge-0/0/1.30;
                route-distinguisher 10.200.0.14:30;
                vrf-target target:200:30;
                protocols {
                    bgp {
                        group to-AS100 {
                            type external;
                            peer-as 100;
                            neighbor 172.167.30.0;
                        }
                    }
                }
            }
        }
        routing-options {
            autonomous-system 200;
        }
    }
    15-P {
        interfaces {
            ge-0/0/0 {
                unit 1516 {
                    vlan-id 1516;
                    family inet {
                        address 10.200.1.6/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            ge-0/0/1 {
                unit 1415 {
                    vlan-id 1415;
                    family inet {
                        address 10.200.1.5/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            lo0 {
                unit 15 {
                    family inet {
                        address 10.200.0.15/32;
                    }
                    family iso {
                        address 49.0100.0102.0000.0015.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                interface all;
            }
            isis {
                interface all;
            }
            ldp {
                interface all;
            }
        }
    }
    16-PE {
        interfaces {
            ge-0/0/0 {
                unit 1622 {
                    vlan-id 1622;
                    family inet {
                        address 192.168.20.2/31;
                    }
                }
                unit 1632 {
                    vlan-id 1632;
                    family inet {
                        address 192.168.30.2/31;
                    }
                }
            }
            ge-0/0/1 {
                unit 1516 {
                    vlan-id 1516;
                    family inet {
                        address 10.200.1.7/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            lo0 {
                unit 16 {
                    family inet {
                        address 10.200.0.16/32;
                    }
                    family iso {
                        address 49.0200.0102.0000.0016.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                interface all;
            }
            bgp {
                group internal {
                    type internal;
                    local-address 10.200.0.16;
                    family inet-vpn {
                        any;
                    }
                    neighbor 10.200.0.14;
                }
            }
            isis {
                interface all;
            }
            ldp {
                interface all;
            }
        }
        routing-instances {
            Cust-20 {
                instance-type vrf;
                interface ge-0/0/0.1622;
                route-distinguisher 10.100.0.16:20;
                vrf-target target:200:20;
                protocols {
                    bgp {
                        group to-Cust {
                            type external;
                            peer-as 20;
                            as-override;
                            neighbor 192.168.20.3;
                        }
                    }
                }
            }
            Cust-30 {
                instance-type vrf;
                interface ge-0/0/0.1632;
                route-distinguisher 10.100.0.16:30;
                vrf-target target:200:30;
                protocols {
                    bgp {
                        group to-Cust {
                            type external;
                            peer-as 30;
                            as-override;
                            neighbor 192.168.30.3;
                        }
                    }
                }
            }
        }
        routing-options {
            autonomous-system 200;
        }
    }
    21-CE {
        interfaces {
            ge-0/0/1 {
                unit 1121 {
                    vlan-id 1121;
                    family inet {
                        address 192.168.20.1/31;
                    }
                }
            }
            lo0 {
                unit 21 {
                    family inet {
                        address 192.168.0.21/32;
                    }
                }
            }
        }
        protocols {
            bgp {
                group AS100 {
                    type external;
                    export to-bgp;
                    peer-as 100;
                    neighbor 192.168.20.0;
                }
            }
        }
        policy-options {
            policy-statement to-bgp {
                from protocol direct;
                then accept;
            }
        }
        routing-options {
            autonomous-system 20;
        }
    }
    22-CE {
        interfaces {
            ge-0/0/1 {
                unit 1622 {
                    vlan-id 1622;
                    family inet {
                        address 192.168.20.3/31;
                    }
                }
            }
            lo0 {
                unit 22 {
                    family inet {
                        address 192.168.0.22/32;
                    }
                }
            }
        }
        protocols {
            bgp {
                group AS200 {
                    type external;
                    export to-bgp;
                    peer-as 200;
                    neighbor 192.168.20.2;
                }
            }
        }
        policy-options {
            policy-statement to-bgp {
                from protocol direct;
                then accept;
            }
        }
        routing-options {
            autonomous-system 20;
        }
    }
    31-CE {
        interfaces {
            ge-0/0/1 {
                unit 1131 {
                    vlan-id 1131;
                    family inet {
                        address 192.168.30.1/31;
                    }
                }
            }
            lo0 {
                unit 31 {
                    family inet {
                        address 192.168.0.31/32;
                    }
                }
            }
        }
        protocols {
            bgp {
                group AS100 {
                    type external;
                    export to-bgp;
                    peer-as 100;
                    neighbor 192.168.30.0;
                }
            }
        }
        policy-options {
            policy-statement to-bgp {
                from protocol direct;
                then accept;
            }
        }
        routing-options {
            autonomous-system 30;
        }
    }
    32-CE {
        interfaces {
            ge-0/0/1 {
                unit 1632 {
                    vlan-id 1632;
                    family inet {
                        address 192.168.30.3/31;
                    }
                }
            }
            lo0 {
                unit 32 {
                    family inet {
                        address 192.168.0.32/32;
                    }
                }
            }
        }
        protocols {
            bgp {
                group AS200 {
                    type external;
                    export to-bgp;
                    peer-as 200;
                    neighbor 192.168.30.2;
                }
            }
        }
        policy-options {
            policy-statement to-bgp {
                from protocol direct;
                then accept;
            }
        }
        routing-options {
            autonomous-system 30;
        }
    }
}
interfaces {
    ge-0/0/0 {
        description "to ge-0/0/1";
        vlan-tagging;
    }
    ge-0/0/1 {
        description "to ge-0/0/0";
        vlan-tagging;
    }
    ge-0/0/2 {
        description "to ge-0/0/3";
        vlan-tagging;
    }
    ge-0/0/3 {
        description "to ge-0/0/2";
        vlan-tagging;
    }
    ge-0/0/4 {
        description "to ge-0/0/5";
        vlan-tagging;
    }
    ge-0/0/5 {
        description "to ge-0/0/4";
        vlan-tagging;
    }
    ge-0/0/6 {
        description "to ge-0/0/7";
        vlan-tagging;
    }
    ge-0/0/7 {
        description "to ge-0/0/6";
        vlan-tagging;
    }
    ge-0/0/8 {
        description "to eth1";
    }
    ge-0/0/9 {
        description "to eth2";
    }
    fxp0 {
        unit 0 {
            family inet {
                address 192.168.83.11/24;
            }
        }
    }
}

Verification

[edit]
root@MX:21-CE# run show route 

inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

172.167.20.0/31    *[BGP/170] 00:04:04, localpref 100
                      AS path: 100 I, validation-state: unverified
                    > to 192.168.20.0 via ge-0/0/1.1121
192.168.0.21/32    *[Direct/0] 04:10:00
                    > via lo0.21
192.168.0.22/32    *[BGP/170] 00:04:04, localpref 100
                      AS path: 100 200 100 I, validation-state: unverified
                    > to 192.168.20.0 via ge-0/0/1.1121
192.168.20.0/31    *[Direct/0] 04:09:08
                    > via ge-0/0/1.1121
192.168.20.1/32    *[Local/0] 04:09:08
                      Local via ge-0/0/1.1121
192.168.20.2/31    *[BGP/170] 00:04:04, localpref 100
                      AS path: 100 200 I, validation-state: unverified
                    > to 192.168.20.0 via ge-0/0/1.1121

[edit]
root@MX:21-CE# run ping 192.168.0.22 count 3 source 192.168.0.21 
PING 192.168.0.22 (192.168.0.22): 56 data bytes
64 bytes from 192.168.0.22: icmp_seq=0 ttl=52 time=9.114 ms
64 bytes from 192.168.0.22: icmp_seq=1 ttl=52 time=10.155 ms
64 bytes from 192.168.0.22: icmp_seq=2 ttl=52 time=8.088 ms

--- 192.168.0.22 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 8.088/9.119/10.155/0.844 ms

Label Operation


1. Customer router will send simple traffic.

root@MX:21-CE> show route 192.168.0.22 

inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.0.22/32    *[BGP/170] 00:10:08, localpref 100
                      AS path: 100 200 100 I, validation-state: unverified
                    > to 192.168.20.0 via ge-0/0/1.1121

2. Router 11-PE will add two labels to the traffic, L3VPN label and LDP transport label.

root@MX:11-PE> show route 192.168.0.22 

Cust-20.inet.0: 6 destinations, 7 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.0.22/32    *[BGP/170] 00:11:04, localpref 100, from 10.100.0.13
                      AS path: 200 20 I, validation-state: unverified
                    > to 10.100.1.1 via ge-0/0/0.1112, Push 299808, Push 299792(top)

3. Router 12-P is PHP and will pop the LDP label.

root@MX:12-P> show route 192.168.0.22 

root@MX:12-P> show route label 299792 

mpls.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

299792             *[LDP/9] 02:34:46, metric 1
                    > to 10.100.1.3 via ge-0/0/0.1213, Pop      
299792(S=0)        *[LDP/9] 02:34:46, metric 1
                    > to 10.100.1.3 via ge-0/0/0.1213, Pop

4. Router 13-ASBR will pop L3VPN label and will forward simple traffic on the dedicated circuit.

root@MX:13-ASBR> show route 192.168.0.22 

Cust-20.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.0.22/32    *[BGP/170] 00:14:39, localpref 100
                      AS path: 200 20 I, validation-state

5. Router 14-ASBR will add two labels to the traffic, L3VPN label and LDP transport label.

root@MX:14-ASBR> show route 192.168.0.22 

Cust-20.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.0.22/32    *[BGP/170] 00:16:04, localpref 100, from 10.200.0.16
                      AS path: 20 I, validation-state: unverified
                    > to 10.200.1.5 via ge-0/0/0.1415, Push 299808, Push 299792(top)

6. Router 15-P is PHP and will pop the LDP label.

root@MX:15-P> show route 192.168.0.22 

root@MX:15-P> show route label 299792 

mpls.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

299792             *[LDP/9] 00:23:26, metric 1
                    > to 10.200.1.7 via ge-0/0/0.1516, Pop      
299792(S=0)        *[LDP/9] 00:23:26, metric 1
                    > to 10.200.1.7 via ge-0/0/0.1516, Pop

7. Router 16-PE will pop L3VPN label and will forward simple traffic to the end customer.

root@MX:16-PE> show route 192.168.0.22 

Cust-20.inet.0: 6 destinations, 7 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.0.22/32    *[BGP/170] 00:19:35, localpref 100
                      AS path: 20 I, validation-state: unverified
                    > to 192.168.20.3 via ge-0/0/0.1622

The Factors that Limit the Scalability of this Method

  • All inter-AS VPN routes (potentially a very large number) must be stored in the BGP RIBs and IP routing tables on the AS boundary routers.
  • You must configure VRFs on each AS boundary router.

Sources:

1 thought on “Interprovider L3VPN Option A on a vMX

  1. Thanks for your strategies. One thing we’ve noticed is that often banks along with financial institutions know the dimensions and spending behaviors of consumers and also understand that a lot of people max away their own credit cards around the holidays. They correctly take advantage of this real fact and begin flooding your current inbox in addition to snail-mail box by using hundreds of no interest APR credit cards offers just after the holiday season comes to an end. Knowing that for anyone who is like 98 of the American public, you’ll get at the one opportunity to consolidate consumer credit card debt and switch balances towards 0 interest rates credit cards.

Leave a Reply

Your email address will not be published. Required fields are marked *