It illustrates how labels are applied to a packet traveling through an MPLS VPN. At the ingress PE router, two labels are pushed onto a packet. First, a VPN label is applied that will determine which egress PE receives the packet. Then, another label is pushed on top of that label that determines which P router will be the next-hop in the normal MPLS labeled switch path (LSP). This top label is changed through each P router it passes through in the LSP and is finally popped by the router that is penultimate to the egress PE. With only the VPN label left, the packet is passed on to the egress PE router, the label is popped off and the packet is then routed via IP to the appropriate CE router. Any P routers that exist in the LSP (labeled switch path) should have no knowledge of the customer routes/VPN labels that are ‘tunneling’ through them between PE devices. This is important to understand because should some misconfiguration occur and a P router receives a labeled packet destined for a customer VPN, it won’t have any idea what do with it, and therefore it will be dropped.
BGP comes into play as the protocol used to exchange routes within a VPN. referred to as MP-BGP (Multiprotocol BGP)
The routes carried within MP-BGP are known as VPNv4 routes. As you’ll see, IPv4, VPNv4, IPv6, etc. are all referred to by BGP as address families. This is how BGP can distinguish what type of routes it’s seeing
These VPNv4 routes are essentially IPv4 routes, but with a value known as a Route Distinguisher (RD) tacked on to the front. The typical format of an RD is ASN:nn . The RD value is used to designate which Virtual Routing and Forwarding Instance (VRF) that an IPv4 route belongs to . Once a VPNv4 route is received by a participating PE, the RD is stripped and the original IPv4 route is placed into the VRF routing table.
the Route Target (RT). Why do we need another value, you ask, if we can already use the RD to distinguish between VPN customers? Well, the RT comes in handy when you want to create an extranet between VPN customers. The RT is a ‘tag’ value that designates which VPNv4 routes to import and export.if two customers want to access each other’s networks, they will both need to import the RT exported by the other customer.
No comments:
Post a Comment