mpls deployment chapter 3 - optimization

Muhammad Syarifuddin, CCNA, CCNP, NRS-1 http://id.linkedin.com/in/syarifuddin

http://id.linkedin.com/in/syarifuddin

http://id.linkedin.com/in/syarifuddin

Chapter 1 – Basic : http://www.slideshare.net/ariefcakep/mpls-deployment-chapter-1-basic1

Chapter 2 – Services : http://www.slideshare.net/ariefcakep/mpls-deployment-chapter-2-services1

Chapter 3 – Optimization : http://www.slideshare.net/ariefcakep/mpls-deployment-chapter-3-optimization

http://www.slideshare.net/ariefcakep/mpls-deployment-chapter-1-basic1










http://www.slideshare.net/ariefcakep/mpls-deployment-chapter-2-services1









http://www.slideshare.net/ariefcakep/mpls-deployment-chapter-3-optimization










MPLS L3VPN Optimization – Route Reflector

Bank BCA wants to subscribe MPLS Link over all of the branches in indonesia using L3VPN/VPRN through our backbone network.

The branch offices are 8 : Jakarta1, Jakarta2, Bogor, Bekasi, Surabaya, Malang, Madiun, Banjarmasin

Datacenter is located in Tangerang City

All BCA Routers connected to each 9 PEs.

Logical Topology

One of VPRN/L3VPN problem is, to comply with such topology, and to connect all client routers, iBGP Peering on the PEs must be fully meshed on each others.

This could become a painful jobs when we add one or more network into current vrf, we need to reconfigure all related vrf PE, to do full mesh iBGP peering.

Peer formula = n(n-1)/2,

n stands for number of routers,

For example 9 routers, will need 41 peer connection

10 routers, will need 45 peer connection



Full Mesh iBGP Peering iBGP Peering in huge

VRF is such a mess and

painful configuration

PEJKTKPI01 (Loopback 10.0.0.3) router bgp 65100

no synchronization

bgp log-neighbor-changes

neighbor 10.0.0.4 remote-as 65100

neighbor 10.0.0.4 update-source Loopback0















no auto-summary

!

address-family vpnv4

neighbor 10.0.0.4 activate

neighbor 10.0.0.4 send-community both















exit-address-family

!


no synchronization


















no auto-summary

!


















exit-address-family

!

PEBTNTGR01 (Loopback 10.0.0.5) router bgp 65100

no synchronization


















no auto-summary

!


















exit-address-family

!

PEJBRBGR01 (Loopback 10.0.0.6) router bgp 65100

no synchronization


















no auto-summary

!


















exit-address-family

!

PEJBRBKS01 (Loopback 10.0.0.7) router bgp 65100

no synchronization


















no auto-summary

!


















exit-address-family

!

PEJTMSBY01 (Loopback 10.0.0.9) router bgp 65100

no synchronization


















no auto-summary

!


















exit-address-family

!

PEJTMMLG01 (Loopback 10.0.0.10) router bgp 65100

no synchronization


















no auto-summary

!


















exit-address-family

!

PEJTMMDN01 (Loopback 10.0.0.11) router bgp 65100

no synchronization


















no auto-summary

!


















exit-address-family

!

PEKALBJM01 (Loopback 10.0.0.13) router bgp 65100

no synchronization


















no auto-summary

!


















exit-address-family

!

Route Reflector / RR are an alternative way to provide full meshed iBGP peers. One or more routers configured as a route reflector, while the remaining iBGP routers are configured as clients and peer only with route reflector forming a Route Reflector Cluster. This reduces the number of connections required to the number of clients. Routing updated received by a client are sent to the Route Reflector and it will forward to other clients in the cluster.

iBGP Peering with Route Reflector

RR Reflects all BGP

received, towards all

of the neighbor

RR Deployment Methods

Option 1 involves using the PE router as the VPNv4 RR as well.

◦ This type of setup is not recommended due to additional constraints of memory and CPU imposed on the PE router that acts as RR, which is handling both the functions of providing services to client edge routers as well as reflecting routes to several other PEs in the same MPLS domain.

Option 2 involves using the P router as an RR for both IPv4 and VPNv4.

◦ The P router handles not only the function of route reflection for IPv4 and VPNv4 routes, but also performs data forwarding operations for IPv4 and VPNv4 traffic.

◦ This scenario may not scale well in large MPLS VPN environments due to memory and CPU constraints imposed on the RR that not only provides IPv4 and VPNv4 routing services but also data forwarding functionality.

Option 3 involves using a P router as a RR only for VPNv4. ◦ This implementation can be used in large-scale MPLS VPN

environments in which the provider network wants to isolate IPv4 functionality on the VPNv4 RR.

Option 4 involves a dedicated router performing the function of reflecting IPv4 and VPNv4 routes. The router does not perform any data forwarding functions. ◦ This scenarios also increases the provider's operational

costs because the provider has to dedicate routers RRs for IPv4 and VPNv4 prefixes as well as ensure their PE routers have physical connectivity with each other for data forwarding functionality or are connected to a dedicated P router, which perform data forwarding functionality.

Option 5 involves a dedicated router as a RR for only VPNv4 routes and not for data forwarding. Like the last option, there is considerable savings in CPU and performance improvements can be realized but at the cost of additional routers providing provider router functionality and increased cost in providing physical connectivity between PE and P routers.

Option 6 involves partitioned RRs, which is primarily in large-scale environments in which using a dedicated VPNv4 RR does not scale to the demands of a large provider carrying a large number of VPNv4 prefixes.

Use PE as supported RR

For this case, IPv4 BGP

Peering is fully meshed

(light red color)

but VPNv4 BGP peering is

configured through RR

(P Router)

Install / Add dedicated

RR into current Network

IPv4 BGP Peering is fully

meshed (light red color)

but VPNv4 BGP peering is

configured through dedicated

RR

BGP VPNv4 peering for each

VRF are divided to different

RR, to reduce the load of

BGP Process

Due to lack of operational budget, team will use Option 1 for RR Deployment Method. This solution is Temporary, and is proposed on next budget to bought additional dedicated RR Routers to do the job.

Positive impact : ◦ Simplify BGP Configuration ◦ BGP Peering kept Redundant ◦ It also makes BGP process low on all non RR PE Routers. ◦ Easy to do expansion for the current VRF

Negative impact : ◦ High BGP Process loads on the RR

In this sample, we will use PEJKTKPI01 as RR1 and PEJKTKPI02 as RR2.


neighbor RR1 peer-group

neighbor RR1 remote-as 65100

neighbor RR1 update-source loopback0


neighbor 10.0.0.4 peer-group RR1








neighbor RR1 route-reflector-client

exit-address-family

!


neighbor RR2 peer-group

neighbor RR2 remote-as 65100

neighbor RR2 update-source loopback0










neighbor RR2 route-reflector-client

exit-address-family

!

For the rest of PEs, only need to peer to the RR1 and RR2

PEBTNTGR01 (Loopback 10.0.0.5) router bgp 65100

no synchronization






no auto-summary

!






exit-address-family

!

PEJBRBGR01 (Loopback 10.0.0.6) router bgp 65100

no synchronization






no auto-summary

!






exit-address-family

!


PEJTMSBY01 (Loopback 10.0.0.9) router bgp 65100

no synchronization






no auto-summary

!






exit-address-family

!

PEJTMMLG01 (Loopback 10.0.0.10) router bgp 65100

no synchronization






no auto-summary

!






exit-address-family

!


PEJTMMDN01 (Loopback 10.0.0.11) router bgp 65100

no synchronization






no auto-summary

!






exit-address-family

!

PEKALBJM01 (Loopback 10.0.0.13) router bgp 65100

no synchronization






no auto-summary

!






exit-address-family

!

More simple configuration

No BGP IPv4 because we only activate the MP-BGP feature

BGP neighbor with RR were UP, but the state is NoNeg, because we only use the MPBGP feature.

Vrf routing still can be exported & imported by using RR

By using show ip route vrf vrf_name, we can see the route for current vrf over the MP-BGP

Ping & Traceroute vrf can be used to test connectivity from PE to CE.

Also can be used to check MPLS label & VPN Label

Thankyou

RR Implementation in MPLS VPN – Cisco Support

◦ https://supportforums.cisco.com/docs/DOC-32629

BGP Case Studies – Cisco Systems

◦ http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml

BGP Route Reflectors Example

◦ http://ccnprecertification.com/2005/10/13/bgp-route-reflectors-example/

CCNP Practical Studies: Routing | Scenario 7-1, Configuring Route Reflectors

◦ http://www.informit.com/library/content.aspx?b=CCNP_Studies_Routing&seqNum=89

Route-Reflectors and Confederations in MPLS VPN Networks

◦ http://mynetworkingwiki.com/index.php/Route-Reflectors_and_Confederations_in_MPLS_VPN_Networks

https://supportforums.cisco.com/docs/DOC-32629




http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml




http://ccnprecertification.com/2005/10/13/bgp-route-reflectors-example/








http://www.informit.com/library/content.aspx?b=CCNP_Studies_Routing&seqNum=89

http://mynetworkingwiki.com/index.php/Route-Reflectors_and_Confederations_in_MPLS_VPN_Networks




mpls deployment chapter 3 - optimization

Technology

changes neighbor

addressfamily vpnv4

router bgp

bca routers

peer connection

client routers

number of routers

mesh ibgp peering ibgp