2018.03.07 – Interprovider L3VPN Option C on a vMX

Implementation Description

In this article, I will build an Interprovider L3VPN Option C setup on a single vMX. Each individual router will be configured as a logical router. The vMX router has a back-to-back connection between ge-0/0/0 and ge-0/0/1 ports. For each different link, a different VLAN number will be configured to separate the traffic generated based on router ID number.

Note: This option is the most scalable solution comparing with option A and option B.

Network Diagram

IP Allocation

  • AS 20: 192.168.20.0/16
    • CE 21: 192.168.0.21/32
    • CE 22: 192.168.0.22/32
    • Link 1121: 192.168.20.0/31
    • Link 1622: 192.168.20.2/31
  • AS 30: 192.168.30.0/16
    • CE 31: 192.168.0.31/32
    • CE 32: 192.168.0.32/32
    • Link 1131: 192.168.30.0/31
    • Link 1632: 192.168.30.2/31
  • AS 100: 10.100.0.0/16
    • PE 11: 10.100.0.11/32
    • P 12: 10.100.0.12/32
    • ASBR 13: 10.100.0.13/32
    • Internal Links: 10.100.1.0/16
  • AS 200: 10.200.0.0/16
    • PE 16: 10.200.0.16/32
    • P 15: 10.200.0.15/32
    • ASBR 14: 10.200.0.14/32
    • Internal Links: 10.200.1.0/16
  • Inter-ASBR link:
    • Link 1314: 172.167.12.0/31

Full Configuration

show | no-more 
## Last changed: 2018-03-07 08:58:37 UTC
version 15.1F4.15;
groups {
    isis {
        logical-systems {
            <*> {
                protocols {
                    isis {
                        level 1 disable;
                        interface <*> {
                            point-to-point;
                        }
                    }
                }
            }
        }
    }
}
apply-groups isis;
system {
    host-name MX;
    root-authentication {
        encrypted-password "$5$L3F31155$kVyagZl2v/WM9s32/hi7VCXxM5o0vupYD.LO3uvCif4"; ## SECRET-DATA
    }
    services {
        ssh;
        netconf {
            ssh;
        }
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
}
logical-systems {
    11-PE {
        interfaces {
            ge-0/0/0 {
                unit 1112 {
                    vlan-id 1112;
                    family inet {
                        address 10.100.1.0/31;
                    }
                    family iso;
                    family mpls;
                }
                unit 1121 {
                    vlan-id 1121;
                    family inet {
                        address 192.168.20.0/31;
                    }
                }
                unit 1131 {
                    vlan-id 1131;
                    family inet {
                        address 192.168.30.0/31;
                    }
                }
            }
            lo0 {
                unit 11 {
                    family inet {
                        address 10.100.0.11/32;
                    }
                    family iso {
                        address 49.0100.0101.0000.0011.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                interface all;
            }
            bgp {
                group to-AS200 {
                    type external;
                    multihop {
                        ttl 10;
                    }
                    local-address 10.100.0.11;
                    family inet-vpn {
                        unicast;
                    }
                    peer-as 200;
                    neighbor 10.200.0.16;
                }
                group internal {
                    type internal;
                    local-address 10.100.0.11;
                    family inet {
                        labeled-unicast {
                            resolve-vpn;
                        }
                    }
                    neighbor 10.100.0.13;
                }
            }
            isis {
                interface ge-0/0/0.1112;
                interface lo0.11;
            }
            ldp {
                interface all;
            }
        }
        routing-instances {
            Cust-20 {
                instance-type vrf;
                interface ge-0/0/0.1121;
                route-distinguisher 10.100.0.11:20;
                vrf-target target:0.0.100.200:20;
                protocols {
                    bgp {
                        group to-Cust {
                            type external;
                            peer-as 20;
                            as-override;
                            neighbor 192.168.20.1;
                        }
                    }
                }
            }
            Cust-30 {
                instance-type vrf;
                interface ge-0/0/0.1131;
                route-distinguisher 10.100.0.11:30;
                vrf-target target:0.0.100.200:30;
                protocols {
                    bgp {
                        group to-Cust {
                            type external;
                            peer-as 30;
                            as-override;
                            neighbor 192.168.30.1;
                        }
                    }
                }
            }
        }
        routing-options {
            autonomous-system 100;
        }
    }
    12-P {
        interfaces {
            ge-0/0/0 {
                unit 1213 {
                    vlan-id 1213;
                    family inet {
                        address 10.100.1.2/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            ge-0/0/1 {
                unit 1112 {
                    vlan-id 1112;
                    family inet {
                        address 10.100.1.1/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            lo0 {
                unit 12 {
                    family inet {
                        address 10.100.0.12/32;
                    }
                    family iso {
                        address 49.0100.0101.0000.0012.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                traffic-engineering {
                    bgp-igp;
                }
                interface all;
            }
            isis {
                interface all;
            }
            ldp {
                interface all;
            }
        }
        routing-options {
            autonomous-system 100;
        }
    }
    13-ASBR {
        interfaces {
            ge-0/0/0 {
                unit 1314 {
                    vlan-id 1314;
                    family inet {
                        address 172.167.12.0/31;
                    }
                    family mpls;
                }
            }
            ge-0/0/1 {
                unit 1213 {
                    vlan-id 1213;
                    family inet {
                        address 10.100.1.3/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            lo0 {
                unit 13 {
                    family inet {
                        address 10.100.0.13/32;
                    }
                    family iso {
                        address 49.0100.0101.0000.0013.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                traffic-engineering {
                    bgp-igp;
                }
                interface all;
            }
            bgp {
                group to-AS200 {
                    type external;
                    family inet {
                        labeled-unicast;
                    }
                    export to-AS200;
                    peer-as 200;
                    neighbor 172.167.12.1;
                }
                group internal {
                    type internal;
                    local-address 10.100.0.13;
                    family inet {
                        labeled-unicast;
                    }
                    neighbor 10.100.0.11;
                }
            }
            isis {
                interface all;
            }
            ldp {
                interface ge-0/0/1.1213;
                interface lo0.13;
            }
        }
        policy-options {
            policy-statement to-AS200 {
                term PE11-lo0 {
                    from {
                        route-filter 10.100.0.11/32 exact;
                    }
                    then accept;
                }
                term reject {
                    then reject;
                }
            }
        }
        routing-options {
            autonomous-system 100;
        }
    }
    14-ASBR {
        interfaces {
            ge-0/0/0 {
                unit 1415 {
                    vlan-id 1415;
                    family inet {
                        address 10.200.1.4/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            ge-0/0/1 {
                unit 1314 {
                    vlan-id 1314;
                    family inet {
                        address 172.167.12.1/31;
                    }
                    family mpls;
                }
            }
            lo0 {
                unit 14 {
                    family inet {
                        address 10.200.0.14/32;
                    }
                    family iso {
                        address 49.0200.0102.0000.0014.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                traffic-engineering {
                    bgp-igp;
                }
                interface all;
            }
            bgp {
                group to-AS100 {
                    type external;
                    family inet {
                        labeled-unicast;
                    }
                    export to-AS100;
                    peer-as 100;
                    neighbor 172.167.12.0;
                }
                group internal {
                    type internal;
                    local-address 10.200.0.14;
                    family inet {
                        labeled-unicast;
                    }
                    neighbor 10.200.0.16;
                }
            }
            isis {
                interface all;
            }
            ldp {
                interface ge-0/0/0.1415;
                interface lo0.14;
            }
        }
        policy-options {
            policy-statement to-AS100 {
                term PE16-lo0 {
                    from {
                        route-filter 10.200.0.16/32 exact;
                    }
                    then accept;
                }
                term reject {
                    then reject;
                }
            }
        }
        routing-options {
            autonomous-system 200;
        }
    }
    15-P {
        interfaces {
            ge-0/0/0 {
                unit 1516 {
                    vlan-id 1516;
                    family inet {
                        address 10.200.1.6/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            ge-0/0/1 {
                unit 1415 {
                    vlan-id 1415;
                    family inet {
                        address 10.200.1.5/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            lo0 {
                unit 15 {
                    family inet {
                        address 10.200.0.15/32;
                    }
                    family iso {
                        address 49.0200.0102.0000.0015.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                traffic-engineering {
                    bgp-igp;
                }
                interface all;
            }
            isis {
                interface all;
            }
            ldp {
                interface all;
            }
        }
    }
    16-PE {
        interfaces {
            ge-0/0/0 {
                unit 1622 {
                    vlan-id 1622;
                    family inet {
                        address 192.168.20.2/31;
                    }
                }
                unit 1632 {
                    vlan-id 1632;
                    family inet {
                        address 192.168.30.2/31;
                    }
                }
            }
            ge-0/0/1 {
                unit 1516 {
                    vlan-id 1516;
                    family inet {
                        address 10.200.1.7/31;
                    }
                    family iso;
                    family mpls;
                }
            }
            lo0 {
                unit 16 {
                    family inet {
                        address 10.200.0.16/32;
                    }
                    family iso {
                        address 49.0200.0102.0000.0016.00;
                    }
                }
            }
        }
        protocols {
            mpls {
                interface all;
            }
            bgp {
                group internal {
                    type internal;
                    local-address 10.200.0.16;
                    family inet {
                        labeled-unicast {
                            resolve-vpn;
                        }
                    }
                    neighbor 10.200.0.14;
                }
                group to-AS100 {
                    type external;
                    multihop {
                        ttl 10;
                    }
                    local-address 10.200.0.16;
                    family inet-vpn {
                        unicast;
                    }
                    peer-as 100;
                    neighbor 10.100.0.11;
                }
            }
            isis {
                interface all;
            }
            ldp {
                interface all;
            }
        }
        routing-instances {
            Cust-20 {
                instance-type vrf;
                interface ge-0/0/0.1622;
                route-distinguisher 10.100.0.16:20;
                vrf-target target:0.0.100.200:20;
                protocols {
                    bgp {
                        group to-Cust {
                            type external;
                            peer-as 20;
                            as-override;
                            neighbor 192.168.20.3;
                        }
                    }
                }
            }
            Cust-30 {
                instance-type vrf;
                interface ge-0/0/0.1632;
                route-distinguisher 10.100.0.16:30;
                vrf-target target:0.0.100.200:30;
                protocols {
                    bgp {
                        group to-Cust {
                            type external;
                            peer-as 30;
                            as-override;
                            neighbor 192.168.30.3;
                        }
                    }
                }
            }
        }
        routing-options {
            autonomous-system 200;
        }
    }
    21-CE {
        interfaces {
            ge-0/0/1 {
                unit 1121 {
                    vlan-id 1121;
                    family inet {
                        address 192.168.20.1/31;
                    }
                }
            }
            lo0 {
                unit 21 {
                    family inet {
                        address 192.168.0.21/32;
                    }
                }
            }
        }
        protocols {
            bgp {
                group AS100 {
                    type external;
                    export to-bgp;
                    peer-as 100;
                    neighbor 192.168.20.0;
                }
            }
        }
        policy-options {
            policy-statement to-bgp {
                from protocol direct;
                then accept;
            }
        }
        routing-options {
            autonomous-system 20;
        }
    }
    22-CE {
        interfaces {
            ge-0/0/1 {
                unit 1622 {
                    vlan-id 1622;
                    family inet {
                        address 192.168.20.3/31;
                    }
                }
            }
            lo0 {
                unit 22 {
                    family inet {
                        address 192.168.0.22/32;
                    }
                }
            }
        }
        protocols {
            bgp {
                group AS200 {
                    type external;
                    export to-bgp;
                    peer-as 200;
                    neighbor 192.168.20.2;
                }
            }
        }
        policy-options {
            policy-statement to-bgp {
                from protocol direct;
                then accept;
            }
        }
        routing-options {
            autonomous-system 20;
        }
    }
    31-CE {
        interfaces {
            ge-0/0/1 {
                unit 1131 {
                    vlan-id 1131;
                    family inet {
                        address 192.168.30.1/31;
                    }
                }
            }
            lo0 {
                unit 31 {
                    family inet {
                        address 192.168.0.31/32;
                    }
                }
            }
        }
        protocols {
            bgp {
                group AS100 {
                    type external;
                    export to-bgp;
                    peer-as 100;
                    neighbor 192.168.30.0;
                }
            }
        }
        policy-options {
            policy-statement to-bgp {
                from protocol direct;
                then accept;
            }
        }
        routing-options {
            autonomous-system 30;
        }
    }
    32-CE {
        interfaces {
            ge-0/0/1 {
                unit 1632 {
                    vlan-id 1632;
                    family inet {
                        address 192.168.30.3/31;
                    }
                }
            }
            lo0 {
                unit 32 {
                    family inet {
                        address 192.168.0.32/32;
                    }
                }
            }
        }
        protocols {
            bgp {
                group AS200 {
                    type external;
                    export to-bgp;
                    peer-as 200;
                    neighbor 192.168.30.2;
                }
            }
        }
        policy-options {
            policy-statement to-bgp {
                from protocol direct;
                then accept;
            }
        }
        routing-options {
            autonomous-system 30;
        }
    }
}
interfaces {
    ge-0/0/0 {
        description "to ge-0/0/1";
        vlan-tagging;
    }
    ge-0/0/1 {
        description "to ge-0/0/0";
        vlan-tagging;
    }
    ge-0/0/2 {
        description "to ge-0/0/3";
        vlan-tagging;
    }
    ge-0/0/3 {
        description "to ge-0/0/2";
        vlan-tagging;
    }
    ge-0/0/4 {
        description "to ge-0/0/5";
        vlan-tagging;
    }
    ge-0/0/5 {
        description "to ge-0/0/4";
        vlan-tagging;
    }
    ge-0/0/6 {
        description "to ge-0/0/7";
        vlan-tagging;
    }
    ge-0/0/7 {
        description "to ge-0/0/6";
        vlan-tagging;
    }
    ge-0/0/8 {
        description "to eth1";
    }
    ge-0/0/9 {
        description "to eth2";
    }
    fxp0 {
        unit 0 {
            family inet {
                address 192.168.83.11/24;
            }
        }
    }
}

Verification

root@MX:21-CE> show route 

inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.0.21/32    *[Direct/0] 02:05:23
                    > via lo0.21
192.168.0.22/32    *[BGP/170] 00:00:33, localpref 100
                      AS path: 100 200 100 I, validation-state: unverified
                    > to 192.168.20.0 via ge-0/0/1.1121
192.168.20.0/31    *[Direct/0] 02:04:45
                    > via ge-0/0/1.1121
192.168.20.1/32    *[Local/0] 02:04:45
                      Local via ge-0/0/1.1121
192.168.20.2/31    *[BGP/170] 00:00:33, localpref 100
                      AS path: 100 200 I, validation-state: unverified
                    > to 192.168.20.0 via ge-0/0/1.1121

root@MX:21-CE> ping 192.168.0.22 count 3 source 192.168.0.21    
PING 192.168.0.22 (192.168.0.22): 56 data bytes
64 bytes from 192.168.0.22: icmp_seq=0 ttl=52 time=11.834 ms
64 bytes from 192.168.0.22: icmp_seq=1 ttl=52 time=11.269 ms
64 bytes from 192.168.0.22: icmp_seq=2 ttl=52 time=8.738 ms

--- 192.168.0.22 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 8.738/10.614/11.834/1.346 ms

Label Operation

1. Customer router will send simple traffic.

root@MX:21-CE> show route 192.168.0.22 

inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.0.22/32    *[BGP/170] 00:05:33, localpref 100
                      AS path: 100 200 100 I, validation-state: unverified
                    > to 192.168.20.0 via ge-0/0/1.1121

2. Router 11-PE will add three labels to the traffic, L3VPN label, BGP-LU label and LDP transport label.

root@MX:11-PE> show route 192.168.0.22    

Cust-20.inet.0: 5 destinations, 6 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.0.22/32    *[BGP/170] 00:10:04, localpref 100, from 10.200.0.16
                      AS path: 200 20 I, validation-state: unverified
                    > to 10.100.1.1 via ge-0/0/0.1112, Push 299856, Push 299952, Push 299824(top)

root@MX:11-PE> show route table mpls      

mpls.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0                  *[MPLS/0] 02:15:03, metric 1
                      Receive
1                  *[MPLS/0] 02:15:03, metric 1
                      Receive
2                  *[MPLS/0] 02:15:03, metric 1
                      Receive
13                 *[MPLS/0] 02:15:03, metric 1
                      Receive
299776             *[LDP/9] 02:14:03, metric 1
                    > to 10.100.1.1 via ge-0/0/0.1112, Pop      
299776(S=0)        *[LDP/9] 02:14:03, metric 1
                    > to 10.100.1.1 via ge-0/0/0.1112, Pop      
299840             *[LDP/9] 00:30:25, metric 1
                    > to 10.100.1.1 via ge-0/0/0.1112, Swap 299824
299888             *[VPN/170] 00:10:08
                    > to 192.168.20.1 via ge-0/0/0.1121, Pop      
299904             *[VPN/170] 00:10:08
                    > to 192.168.30.1 via ge-0/0/0.1131, Pop           

3. Router 12-P is PHP and will pop the LDP label.

root@MX:12-P> show route 192.168.0.22  

root@MX:12-P> show route label 299824 

mpls.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

299824             *[LDP/9] 00:31:02, metric 1
                    > to 10.100.1.3 via ge-0/0/0.1213, Pop      
299824(S=0)        *[LDP/9] 00:31:02, metric 1
                    > to 10.100.1.3 via ge-0/0/0.1213, Pop         

4. Router 13-ASBR will swap the BGP-LU label.

root@MX:13-ASBR> show route label 299952 

mpls.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

299952             *[VPN/170] 00:15:19
                    > to 172.167.12.1 via ge-0/0/0.1314, Swap 299920

5. Router 14-ASBR will swap BGP-LU with a new LDP label.

root@MX:14-ASBR> show route 10.200.0.16 

inet.0: 10 destinations, 12 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.200.0.16/32     *[LDP/9] 00:30:22, metric 1
                    > to 10.200.1.5 via ge-0/0/0.1415, Push 299824
                    [IS-IS/18] 00:31:56, metric 20
                    > to 10.200.1.5 via ge-0/0/0.1415

root@MX:14-ASBR> show route label 299920    

mpls.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

299920             *[VPN/170] 00:27:37
                    > to 10.200.1.5 via ge-0/0/0.1415, Swap 299824

6. Router 15-P is PHP and will pop the LDP label.

root@MX:15-P> show route 192.168.0.22 

root@MX:15-P> show route label 299824 

mpls.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

299824             *[LDP/9] 00:31:21, metric 1
                    > to 10.200.1.7 via ge-0/0/0.1516, Pop      
299824(S=0)        *[LDP/9] 00:31:21, metric 1
                    > to 10.200.1.7 via ge-0/0/0.1516, Pop

7. Router 16-PE will pop the L3VPN label and will forward simple traffic to the end customer.

root@MX:16-PE> show route label 299856 

mpls.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

299856             *[VPN/170] 00:20:01
                    > to 192.168.20.3 via ge-0/0/0.1622, Pop      

root@MX:16-PE> show route 192.168.0.22 

Cust-20.inet.0: 5 destinations, 6 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.0.22/32    *[BGP/170] 02:24:35, localpref 100
                      AS path: 20 I, validation-state: unverified
                    > to 192.168.20.3 via ge-0/0/0.1622

Sources: