Implementation Description
In this article, I will build an Interprovider L3VPN Option C setup on a single vMX. Each individual router will be configured as a logical router. The vMX router has a back-to-back connection between ge-0/0/0 and ge-0/0/1 ports. For each different link, a different VLAN number will be configured to separate the traffic generated based on router ID number.
Note: This option is the most scalable solution comparing with option A and option B.
Network Diagram
IP Allocation
- AS 20: 192.168.20.0/16
- CE 21: 192.168.0.21/32
- CE 22: 192.168.0.22/32
- Link 1121: 192.168.20.0/31
- Link 1622: 192.168.20.2/31
- AS 30: 192.168.30.0/16
- CE 31: 192.168.0.31/32
- CE 32: 192.168.0.32/32
- Link 1131: 192.168.30.0/31
- Link 1632: 192.168.30.2/31
- AS 100: 10.100.0.0/16
- PE 11: 10.100.0.11/32
- P 12: 10.100.0.12/32
- ASBR 13: 10.100.0.13/32
- Internal Links: 10.100.1.0/16
- AS 200: 10.200.0.0/16
- PE 16: 10.200.0.16/32
- P 15: 10.200.0.15/32
- ASBR 14: 10.200.0.14/32
- Internal Links: 10.200.1.0/16
- Inter-ASBR link:
- Link 1314: 172.167.12.0/31
Full Configuration
show | no-more ## Last changed: 2018-03-07 08:58:37 UTC version 15.1F4.15; groups { isis { logical-systems { <*> { protocols { isis { level 1 disable; interface <*> { point-to-point; } } } } } } } apply-groups isis; system { host-name MX; root-authentication { encrypted-password "$5$L3F31155$kVyagZl2v/WM9s32/hi7VCXxM5o0vupYD.LO3uvCif4"; ## SECRET-DATA } services { ssh; netconf { ssh; } } syslog { user * { any emergency; } file messages { any notice; authorization info; } file interactive-commands { interactive-commands any; } } } logical-systems { 11-PE { interfaces { ge-0/0/0 { unit 1112 { vlan-id 1112; family inet { address 10.100.1.0/31; } family iso; family mpls; } unit 1121 { vlan-id 1121; family inet { address 192.168.20.0/31; } } unit 1131 { vlan-id 1131; family inet { address 192.168.30.0/31; } } } lo0 { unit 11 { family inet { address 10.100.0.11/32; } family iso { address 49.0100.0101.0000.0011.00; } } } } protocols { mpls { interface all; } bgp { group to-AS200 { type external; multihop { ttl 10; } local-address 10.100.0.11; family inet-vpn { unicast; } peer-as 200; neighbor 10.200.0.16; } group internal { type internal; local-address 10.100.0.11; family inet { labeled-unicast { resolve-vpn; } } neighbor 10.100.0.13; } } isis { interface ge-0/0/0.1112; interface lo0.11; } ldp { interface all; } } routing-instances { Cust-20 { instance-type vrf; interface ge-0/0/0.1121; route-distinguisher 10.100.0.11:20; vrf-target target:0.0.100.200:20; protocols { bgp { group to-Cust { type external; peer-as 20; as-override; neighbor 192.168.20.1; } } } } Cust-30 { instance-type vrf; interface ge-0/0/0.1131; route-distinguisher 10.100.0.11:30; vrf-target target:0.0.100.200:30; protocols { bgp { group to-Cust { type external; peer-as 30; as-override; neighbor 192.168.30.1; } } } } } routing-options { autonomous-system 100; } } 12-P { interfaces { ge-0/0/0 { unit 1213 { vlan-id 1213; family inet { address 10.100.1.2/31; } family iso; family mpls; } } ge-0/0/1 { unit 1112 { vlan-id 1112; family inet { address 10.100.1.1/31; } family iso; family mpls; } } lo0 { unit 12 { family inet { address 10.100.0.12/32; } family iso { address 49.0100.0101.0000.0012.00; } } } } protocols { mpls { traffic-engineering { bgp-igp; } interface all; } isis { interface all; } ldp { interface all; } } routing-options { autonomous-system 100; } } 13-ASBR { interfaces { ge-0/0/0 { unit 1314 { vlan-id 1314; family inet { address 172.167.12.0/31; } family mpls; } } ge-0/0/1 { unit 1213 { vlan-id 1213; family inet { address 10.100.1.3/31; } family iso; family mpls; } } lo0 { unit 13 { family inet { address 10.100.0.13/32; } family iso { address 49.0100.0101.0000.0013.00; } } } } protocols { mpls { traffic-engineering { bgp-igp; } interface all; } bgp { group to-AS200 { type external; family inet { labeled-unicast; } export to-AS200; peer-as 200; neighbor 172.167.12.1; } group internal { type internal; local-address 10.100.0.13; family inet { labeled-unicast; } neighbor 10.100.0.11; } } isis { interface all; } ldp { interface ge-0/0/1.1213; interface lo0.13; } } policy-options { policy-statement to-AS200 { term PE11-lo0 { from { route-filter 10.100.0.11/32 exact; } then accept; } term reject { then reject; } } } routing-options { autonomous-system 100; } } 14-ASBR { interfaces { ge-0/0/0 { unit 1415 { vlan-id 1415; family inet { address 10.200.1.4/31; } family iso; family mpls; } } ge-0/0/1 { unit 1314 { vlan-id 1314; family inet { address 172.167.12.1/31; } family mpls; } } lo0 { unit 14 { family inet { address 10.200.0.14/32; } family iso { address 49.0200.0102.0000.0014.00; } } } } protocols { mpls { traffic-engineering { bgp-igp; } interface all; } bgp { group to-AS100 { type external; family inet { labeled-unicast; } export to-AS100; peer-as 100; neighbor 172.167.12.0; } group internal { type internal; local-address 10.200.0.14; family inet { labeled-unicast; } neighbor 10.200.0.16; } } isis { interface all; } ldp { interface ge-0/0/0.1415; interface lo0.14; } } policy-options { policy-statement to-AS100 { term PE16-lo0 { from { route-filter 10.200.0.16/32 exact; } then accept; } term reject { then reject; } } } routing-options { autonomous-system 200; } } 15-P { interfaces { ge-0/0/0 { unit 1516 { vlan-id 1516; family inet { address 10.200.1.6/31; } family iso; family mpls; } } ge-0/0/1 { unit 1415 { vlan-id 1415; family inet { address 10.200.1.5/31; } family iso; family mpls; } } lo0 { unit 15 { family inet { address 10.200.0.15/32; } family iso { address 49.0200.0102.0000.0015.00; } } } } protocols { mpls { traffic-engineering { bgp-igp; } interface all; } isis { interface all; } ldp { interface all; } } } 16-PE { interfaces { ge-0/0/0 { unit 1622 { vlan-id 1622; family inet { address 192.168.20.2/31; } } unit 1632 { vlan-id 1632; family inet { address 192.168.30.2/31; } } } ge-0/0/1 { unit 1516 { vlan-id 1516; family inet { address 10.200.1.7/31; } family iso; family mpls; } } lo0 { unit 16 { family inet { address 10.200.0.16/32; } family iso { address 49.0200.0102.0000.0016.00; } } } } protocols { mpls { interface all; } bgp { group internal { type internal; local-address 10.200.0.16; family inet { labeled-unicast { resolve-vpn; } } neighbor 10.200.0.14; } group to-AS100 { type external; multihop { ttl 10; } local-address 10.200.0.16; family inet-vpn { unicast; } peer-as 100; neighbor 10.100.0.11; } } isis { interface all; } ldp { interface all; } } routing-instances { Cust-20 { instance-type vrf; interface ge-0/0/0.1622; route-distinguisher 10.100.0.16:20; vrf-target target:0.0.100.200:20; protocols { bgp { group to-Cust { type external; peer-as 20; as-override; neighbor 192.168.20.3; } } } } Cust-30 { instance-type vrf; interface ge-0/0/0.1632; route-distinguisher 10.100.0.16:30; vrf-target target:0.0.100.200:30; protocols { bgp { group to-Cust { type external; peer-as 30; as-override; neighbor 192.168.30.3; } } } } } routing-options { autonomous-system 200; } } 21-CE { interfaces { ge-0/0/1 { unit 1121 { vlan-id 1121; family inet { address 192.168.20.1/31; } } } lo0 { unit 21 { family inet { address 192.168.0.21/32; } } } } protocols { bgp { group AS100 { type external; export to-bgp; peer-as 100; neighbor 192.168.20.0; } } } policy-options { policy-statement to-bgp { from protocol direct; then accept; } } routing-options { autonomous-system 20; } } 22-CE { interfaces { ge-0/0/1 { unit 1622 { vlan-id 1622; family inet { address 192.168.20.3/31; } } } lo0 { unit 22 { family inet { address 192.168.0.22/32; } } } } protocols { bgp { group AS200 { type external; export to-bgp; peer-as 200; neighbor 192.168.20.2; } } } policy-options { policy-statement to-bgp { from protocol direct; then accept; } } routing-options { autonomous-system 20; } } 31-CE { interfaces { ge-0/0/1 { unit 1131 { vlan-id 1131; family inet { address 192.168.30.1/31; } } } lo0 { unit 31 { family inet { address 192.168.0.31/32; } } } } protocols { bgp { group AS100 { type external; export to-bgp; peer-as 100; neighbor 192.168.30.0; } } } policy-options { policy-statement to-bgp { from protocol direct; then accept; } } routing-options { autonomous-system 30; } } 32-CE { interfaces { ge-0/0/1 { unit 1632 { vlan-id 1632; family inet { address 192.168.30.3/31; } } } lo0 { unit 32 { family inet { address 192.168.0.32/32; } } } } protocols { bgp { group AS200 { type external; export to-bgp; peer-as 200; neighbor 192.168.30.2; } } } policy-options { policy-statement to-bgp { from protocol direct; then accept; } } routing-options { autonomous-system 30; } } } interfaces { ge-0/0/0 { description "to ge-0/0/1"; vlan-tagging; } ge-0/0/1 { description "to ge-0/0/0"; vlan-tagging; } ge-0/0/2 { description "to ge-0/0/3"; vlan-tagging; } ge-0/0/3 { description "to ge-0/0/2"; vlan-tagging; } ge-0/0/4 { description "to ge-0/0/5"; vlan-tagging; } ge-0/0/5 { description "to ge-0/0/4"; vlan-tagging; } ge-0/0/6 { description "to ge-0/0/7"; vlan-tagging; } ge-0/0/7 { description "to ge-0/0/6"; vlan-tagging; } ge-0/0/8 { description "to eth1"; } ge-0/0/9 { description "to eth2"; } fxp0 { unit 0 { family inet { address 192.168.83.11/24; } } } }
Verification
root@MX:21-CE> show route inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 192.168.0.21/32 *[Direct/0] 02:05:23 > via lo0.21 192.168.0.22/32 *[BGP/170] 00:00:33, localpref 100 AS path: 100 200 100 I, validation-state: unverified > to 192.168.20.0 via ge-0/0/1.1121 192.168.20.0/31 *[Direct/0] 02:04:45 > via ge-0/0/1.1121 192.168.20.1/32 *[Local/0] 02:04:45 Local via ge-0/0/1.1121 192.168.20.2/31 *[BGP/170] 00:00:33, localpref 100 AS path: 100 200 I, validation-state: unverified > to 192.168.20.0 via ge-0/0/1.1121 root@MX:21-CE> ping 192.168.0.22 count 3 source 192.168.0.21 PING 192.168.0.22 (192.168.0.22): 56 data bytes 64 bytes from 192.168.0.22: icmp_seq=0 ttl=52 time=11.834 ms 64 bytes from 192.168.0.22: icmp_seq=1 ttl=52 time=11.269 ms 64 bytes from 192.168.0.22: icmp_seq=2 ttl=52 time=8.738 ms --- 192.168.0.22 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/stddev = 8.738/10.614/11.834/1.346 ms
Label Operation
1. Customer router will send simple traffic.
root@MX:21-CE> show route 192.168.0.22 inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 192.168.0.22/32 *[BGP/170] 00:05:33, localpref 100 AS path: 100 200 100 I, validation-state: unverified > to 192.168.20.0 via ge-0/0/1.1121
2. Router 11-PE will add three labels to the traffic, L3VPN label, BGP-LU label and LDP transport label.
root@MX:11-PE> show route 192.168.0.22 Cust-20.inet.0: 5 destinations, 6 routes (5 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 192.168.0.22/32 *[BGP/170] 00:10:04, localpref 100, from 10.200.0.16 AS path: 200 20 I, validation-state: unverified > to 10.100.1.1 via ge-0/0/0.1112, Push 299856, Push 299952, Push 299824(top) root@MX:11-PE> show route table mpls mpls.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 0 *[MPLS/0] 02:15:03, metric 1 Receive 1 *[MPLS/0] 02:15:03, metric 1 Receive 2 *[MPLS/0] 02:15:03, metric 1 Receive 13 *[MPLS/0] 02:15:03, metric 1 Receive 299776 *[LDP/9] 02:14:03, metric 1 > to 10.100.1.1 via ge-0/0/0.1112, Pop 299776(S=0) *[LDP/9] 02:14:03, metric 1 > to 10.100.1.1 via ge-0/0/0.1112, Pop 299840 *[LDP/9] 00:30:25, metric 1 > to 10.100.1.1 via ge-0/0/0.1112, Swap 299824 299888 *[VPN/170] 00:10:08 > to 192.168.20.1 via ge-0/0/0.1121, Pop 299904 *[VPN/170] 00:10:08 > to 192.168.30.1 via ge-0/0/0.1131, Pop
3. Router 12-P is PHP and will pop the LDP label.
root@MX:12-P> show route 192.168.0.22 root@MX:12-P> show route label 299824 mpls.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 299824 *[LDP/9] 00:31:02, metric 1 > to 10.100.1.3 via ge-0/0/0.1213, Pop 299824(S=0) *[LDP/9] 00:31:02, metric 1 > to 10.100.1.3 via ge-0/0/0.1213, Pop
4. Router 13-ASBR will swap the BGP-LU label.
root@MX:13-ASBR> show route label 299952 mpls.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 299952 *[VPN/170] 00:15:19 > to 172.167.12.1 via ge-0/0/0.1314, Swap 299920
5. Router 14-ASBR will swap BGP-LU with a new LDP label.
root@MX:14-ASBR> show route 10.200.0.16 inet.0: 10 destinations, 12 routes (10 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 10.200.0.16/32 *[LDP/9] 00:30:22, metric 1 > to 10.200.1.5 via ge-0/0/0.1415, Push 299824 [IS-IS/18] 00:31:56, metric 20 > to 10.200.1.5 via ge-0/0/0.1415 root@MX:14-ASBR> show route label 299920 mpls.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 299920 *[VPN/170] 00:27:37 > to 10.200.1.5 via ge-0/0/0.1415, Swap 299824
6. Router 15-P is PHP and will pop the LDP label.
root@MX:15-P> show route 192.168.0.22 root@MX:15-P> show route label 299824 mpls.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 299824 *[LDP/9] 00:31:21, metric 1 > to 10.200.1.7 via ge-0/0/0.1516, Pop 299824(S=0) *[LDP/9] 00:31:21, metric 1 > to 10.200.1.7 via ge-0/0/0.1516, Pop
7. Router 16-PE will pop the L3VPN label and will forward simple traffic to the end customer.
root@MX:16-PE> show route label 299856 mpls.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 299856 *[VPN/170] 00:20:01 > to 192.168.20.3 via ge-0/0/0.1622, Pop root@MX:16-PE> show route 192.168.0.22 Cust-20.inet.0: 5 destinations, 6 routes (5 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 192.168.0.22/32 *[BGP/170] 02:24:35, localpref 100 AS path: 20 I, validation-state: unverified > to 192.168.20.3 via ge-0/0/0.1622