366 Chapter 8 Advanced MPLS Topics

Advanced MPLS VPN Topologies

When discussing MPLS VPNs throughout this book, you have seen only simple VPNs. There are many additional topologies that you should know about even though they are not specified in the exam objectives.

Simple VPNs

Throughout this book you have seen only simple MPLS VPN topologies. For example, Figure 8.7 illustrates a customer with two sites connected to a service provider.

F I G U R E 8 . 7 A simple VPN topology

For the sites Customer A1 and Customer A2 to be connected together with an MPLS VPN, a VRF, route distinguisher, routing protocol, and route target must be configured. For the purpose of this discussion of MPLS VPN topologies, I’m interested only in the route targets.

When a route from Customer A1 arrives at PE1, it is redistributed into MP-BGP. Remember that the export route target value is carried in the extended community. When the route arrives at PE2, the import route target value is used to pull the route from MP-BGP into the VRF. For example, the relevant configuration of PE1 is as follows:

ip vrf vpn_1

route-target export 1289:172 route-target import 1289:172

By analyzing the configuration of PE1 and PE2, you can see that routes from PE1, when exported into MP-BGP, carry the export route target value of 1289:172 in the extended community. In addition, routes from PE2, when exported into MP-BGP, carry the export route target value of 1289:172 in the extended community. Both PE1 and PE2 import routes that have an extended community route target value of 1289:172.

Advanced MPLS VPN Topologies 367

Central Services MPLS VPN Topology

Although many of your customers may require only a simple MPLS VPN to meet their connectivity requirements, route targets can be used to support a host of other topologies.

A Central Services MPLS VPN topology is where there is some central service, such as data storage facilities or media content, that is being accessed by different sites. Figure 8.8 illustrates a Central Services network.

F I G U R E 8 . 8 A Central Services network

Customer B

E-Learning content

In Figure 8.8, there are three customers: Customer A, Customer B, and

Customer C. Each of these three customers is paying the service provider for access to the e-learning content hosted by the service provider.

Customer A, Customer B, and Customer C need to know how to send packets to the e-learning content site. The e-learning content site needs to know how to send packets back to Customer A, Customer B, and Customer C. Customer A, Customer B, and Customer C do not need to send packets to each other.

On PE1, Customer A’s routes will be exported with a route target of 100:1. The relevant configuration of PE1 is as follows:

ip vrf vpn_a

route-target export 100:1

368 Chapter 8 Advanced MPLS Topics

On PE2, Customer B’s routes will be exported with a route target of 100:2. The relevant configuration of PE2 is as follows:

ip vrf vpn_b

route-target export 100:2

On PE3, Customer C’s routes will be exported with a route target of 100:3. The relevant configuration of PE2 is as follows:

ip vrf vpn_c

route-target export 100:3

On SPS1, the e-learning content routes will be exported with a route target of 1289:1027. The relevant configuration of SPS1 is as follows:

ip vrf elearning_svc route-target export 1289:107

On PE1, Customer A needs to know about the e-learning content routes. PE1 is configured to import the routes from the e-learning content. The relevant configuration of PE1 is as follows:

ip vrf vpn_a

route-target export 100:1 route-target import 1289:1027

On PE2, Customer B needs to know about the e-learning content routes. PE2 is configured to import the routes from the e-learning content. The relevant configuration of PE2 is as follows:

ip vrf vpn_b

route-target export 100:2 route-target import 1289:1027

On PE3, Customer C needs to know about the e-learning content routes. PE3 is configured to import the routes from the e-learning content. The relevant configuration of PE3 is as follows:

ip vrf vpn_c

route-target export 100:3 route-target import 1289:1027

On SPS1, the e-learning content needs to know about the Customer A, Customer B, and Customer C routes. SPS1 is configured to import the routes from Customer A, Customer B, and Customer C. The relevant configuration of SPS1 is as follows:

ip vrf elearning_svc route-target export 1289:1073

Advanced MPLS VPN Topologies 369

route-target import 100:1 route-target import 100:2 route-target import 100:3

Overlay MPLS VPN Topology

One other topology you should know about is an overlay MPLS VPN topology. An overlay is essentially a situation where a site participates in more than one VPN. In Figure 8.9, there are two customers: Customer A and Customer B. Customer A has two sites: CustomerA_HQ and CustomerA_Site1. Customer B has two sites: Customer B_HQ and CustomerB_Site1.

F I G U R E 8 . 9 An overlay MPLS VPN topology

Customer A_Site1

PE1

PE4

Customer B_Site1

For connectivity, Customer A requires a simple VPN between its headquarters and the remote site. Customer B requires a simple VPN between its headquarters and the remote site. However, Customer A and Customer B are collaborating on a project and need to have an extranet set up between their headquarters locations: CustomerA_HQ and CustomerB_HQ.

Let’s start with the simple VPN. For a simple VPN, the import route target and export route target values can match. For CustomerA_VPN, a route distinguisher of 517:1 will be used. For CustomerB_VPN, a route target of 517:38 will be used. On PE1 and PE2, the following configuration exists for CustomerA_VPN:

ip vrf customera_vpn route-target export 517:1 route-target import 517:1