Inter-AS L3 VPN MPLS Solutions

Uses Cases:

  1. SP merger
  2. Two MPLS SP peering to cover common customer base
  3. IGP isolation with service continuity
  4. Interconnect BGP confederations with different IGPs in the same AS

Options described in RFC4364:

  1. Carrier Supporting Carrier (Cs)
  2. Inter-AS (I-AS)

Inter-AS L3 VPNs

All three options support VPNv4 and VPNv6 prefixes

  1. Option A (Back-to-Back VRFs)
    1. Each ASBR thinks the other ASBR is a CE
    2. PE to CE peering is eBGP
    3. IP forwarding between ASBR, no labels
    4. Advantages:
      1. Most secure, least invasive, support granular QoS
    5. Disadvantages:
      1. a VRF for each customer, not scalable
      2. an eBGP session per VRF, not scalable
      3. not label switched between ASBR
  2. Option B (MP-eBGP between ASBR for VPNv4)
    1. Redistribute eBGP link (PE-CE links) into IGP
    2. ASBR exchange VPNIPv4 prefixes + labels using MP-eBGP with the advertising ASBR as the Next-Hop
    3. SP PEs DO know about its partner SP’s cutomers’s VPNIPv4 prefixes
    4. no VRF is needed, which means less configuration as the number of customers grow
    5. single MP-eBGP sessions between ASBR instead of multiple eBGP (per VRF)
    6. VPNv4 prefixes and IGP PE prefixes are exchanged between ASBR
    7. Advantages:
      1. Less invasive than Option C
      2. more scalable than option A for high number of VRFs
      3. more secure then option C because internal IP for the SP are not exchanged, the SP only exchange labels VPN prefixes.
    8. Disadvantages:
      1. more invasive than Option A
      2. Less scalable then option C because the ASBR needs to carry all VPNs prefixes that are shared
  3. Option C (Multihop MP-eBGP between RRs, VPNv4+Labels)
    1. ASBR exchange PE loopback address and labels
    2. Route Reflectors exchange customers VPNv4 prefixes over multihop MP-eBGP
    3. packets have three labels
      1. inner label: Partner SP PE
      2. middle label: Partner ASBR
      3. outer label: SP ASBR (PE)
    4. Advantages:
      1. separate VPNv4 and PE prefixes exchange, most scalable option
      2. The ASBR does not need to know the customers VPN prefixes. The ASBR is only used to exchange the SP internal IP.
    5. Disadvantages:
      1. internal IP (Loopback IP for PE) addresses a SP network is advertised and visible in another SP network, which is a security risk. Most SP wants to prevent any external visibility and access into their internal LSR IP.
      2. Because of the above property, option C is mostly deployed within a single SP or enterprise with multiple MPLS networks (i.e. merger).

One comment

  1. Tun Ad

    Thanks CCDEWiki. This is very beneficial to me. Kindly help with what you mean by (Disadvantages: a VRF for each customer, not scalable) for option A.

    Does it mean For example a company that has 5 branch offices spread around 2 countries, they are connected to an MPLS service provider [ISP-1] which is connecting 3 of their 5 branches to their Head Quarters, now they need to connect the rest of their 2 branches and that has to be via ISP-2. So with this comments about disadvantage above, does it mean I will have to use a different VRF each for their 2 branches. Please note that this is 1 customer with 5 branches not 5 Customers


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s