1 Foreword
The All-IP trend is obvious. It is now a necessary step for operators to build a uniform IP bearer network to carry all types of services. To assure the QoS level required by different services, effective isolation between services becomes a focus of attention. MPLS VPN is a technology of best maturity and most rapid development. Its deployment in some areas in recent years has proved its feasibility in carrier networks. MPLS VPN is an effective means of service separation. Most MPLS VPN systems deployed in carrier networks are now located in one autonomous system (AS). Services provisioned like intra-operator voice and VPN private line for enterprises, however, always cross several ASs. How to make a VPN cross multiple ASs becomes a major concern of current considerations.
2 Overview of Inter-AS MPLS VPN
Like building a VPN inside one AS, the construction of a VPN that crosses several ASs also concerns two aspects: one is the transfer of VPN information; the other is the building of VPN tunnel. After a few years practice, three methods are proposed in the industry for VPNs to cross domains. These three methods are Option A, Option B and Option C. Different options use different modes of VPN information transfer and different methods for VPN tunnel construction and are suitable for different scenarios.
Further, MPLS VPNs can be classified to MPLS/BGP L3VPN and MPLS L2VPN. The two types of VPN both support the above three Inter-AS options. However, as MPLS/BGP VPN is earlier and more widely applied, the corresponding Inter-AS methods are standardized. MPLS L2VPN lags behind in standardization, and the corresponding Inter-AS standards are not yet formally released. Mainstream vendors, nevertheless, have supported part or all these methods.
3 MPLS/BGP Inter-AS Methods
3.1 Option A Inter-AS Method
The Option A Inter-AS method is also known as the back-to-back method. As shown in the figure above, two ASBRs, border router of AS, serve as PE and CE mutually. ASBR1 serves as the PE of AS1 and in this case ASBR2 can be regarded as the CE of ASBR1. The same is with ASBR2.
VPN Information Transfer
Between PE and ASBR of a same AS, VPN route information is transferred over normal MBGP. Between ASBRs, VPN route information is transferred through normal PE–CE route transfer method. As shown in the figure above, VPNA2 transfers route information over IGP to PE2; PE2 transfers the information of VPNA2 over MBGP to ASBR2; ASBR2 serves as the CE of ASBR1 and transfers the information of VPNA2 over IGP to ASBR1; ASBR1 transfers the information of VPNA2 over MBGP to PE1; PE1 transfers the information of VPNA2 over IGP to VPNA1. The transfer of VPN information ends here.
VPN Tunnel Construction
For Option A, VPN tunnel construction is simple. Each AS constructs its own 2-layer LSP from PE to ASBR. The inner layer label indicates VPN information and the outer layer label is the public network label indicating the next hop PE of the VPN route. Like the building of LSP tunnel inside an AS, between ASBR and ASBR, naked IP forwarding is adopted without any LSP.
Characteristics
- ASBR needs to process VPN route information and requires the configuration of VRF instances.
- ASBR needs to allocate a physical or logical link for each VPN.
- A separate 2-layer LSP is built inside each AS and inter-ASBR transport relies on the IP network.
- Suitable for early stage of VPN service deployment when the number of VPNs is small.
3.2 Option B Inter-AS Method
The Option B Inter-AS method is also known as the single-hop MP-EBGP method. Inside an AS, normal MPLS/BGP is used to transfer VPN information and construct the LSP tunnel. Between ASs, the single-hop MP-EBGP is used to transfer VPN information and construct the LSP tunnel.
VPN Information Transfer
As shown in the figure above, CE2 transfers private network information over IGP to PE2; PE2 transfers the VPN information over MP-IBGP to ASBR2; ASBR2 transfers the VPN route information over single-hop MP-EBGP to ASBR1; ASBR1 transfers the VPN information over MP-IBGP to PE1; PE1 transfers the private network information over IGP to CE1. Now, CE1 obtains the information of the route to CE2. If multiple ASs are crossed, VPN information is transferred over MP-IBGP within each AS and over single-hop MP-EBGP between each two ASBRs.
LSP Tunnel Construction
When BGP is used to transfer route information, in the case of EBGP, the next hop will be changed to the local node itself, while in the case of IBGP, the next hop may and may not be changed to the local node itself. For instance, when MP-BGP is used to transfer VPN route information and the next hop is changed, another label must be allocated for the VPN.
As shown in the figure above, in the Option B Inter-AS method, when ASBR2 transfers VPN route information to ASBR1, it will change the next hop to itself and reallocate a label for the VPN. When ASBR1 transfers VPN route information to PE1, two situations should be considered. In the first situation, ASBR1 changes the next hop to itself. In the second situation, ASBR1 does not change the next hop and the next hop remains ASBR2.
In the former situation where ASBR1 changes the next hop of the route to itself, ASBR1 reallocates a label for the VPN and the path from PE1 to PE2 is PE1→ASBR1→ASBR2→PE2. Inside AS1, a 2-layer LSP tunnel is built from PE1 to ASBR1. The inner layer is the VPN label (allocated by ASBR1); the outer layer is the public network tunnel from PE1 to ASBR1. A single-layer LSP tunnel is built between ASBRs, which only carries the VPN label (allocated by ASBR2). Inside AS2, a 2-layer LSP tunnel is built. The inner layer is the VPN label allocated by PE2 and the outer layer is the public network tunnel from ASBR2 to PE2. At the two ASBRs, because VPN label is reallocated, the lowest layer label will be swapped. Through the swap of VPN label, the VPN tunnels of the two ASs are connected.
In the latter situation where ASBR1 doest change the next hop of the VPN route, the next hop of the VPN route received by PE1 is ASBR2 in AS2. The path from PE1 to PE2 is then PE1→ASBR2→PE2. In this case, a 2-layer LSP tunnel need be constructed from PE1 till ASBR2. The inner layer is the VPN label (allocated by ASBR2) and the outer layer is the public network tunnel from PE1 to ASBR2. From ASBR2 to PE2, a 2-layer LSP tunnel is also built, with the inner layer being the VPN label (allocated by PE2) and the outer layer the public network tunnel from ASBR2 to PE2. In this case, some label distribution protocol need has to run between ASBR2 and ASBR1 in order to distribute the public network label of ASBR2. In addition, at ASBR2, the inner and outer labels of LSP will both be swapped. The two LSPs are thus connected to an end-to-end LSP tunnel.
Characteristics
- ASBR needs to process VPN information but does not need the configuration of VRF instances.
- Between two ASBRs, one link is used to transfer all VPN information.
- Between two ASBRs, a single-layer or 2-layer LSP tunnel is built depending on the scenario.
- When VPN service operation develops to a certain scale, inter-ASBR links are limited, and Option B can be adopted.
3.3 Option C Inter-AS Method
The Option C Inter-AS method is also known as the multi-hop MP-EBGP method. Because BGP only requires TCP connection to form a BGP neighbor and transfer route information, the Option C method transfers VPN route information between the source and destination PEs directly over multi-hop MP-EBGP, and constructs public network LSP tunnel between the source and destination PEs.
VPN Information Transfer
For Option C, VPN information transfer is simple. The information is transferred between the source and destination PEs directly over multi-hop MP-EBGP. As shown in the figure above, a multi-hop MP-EBGP connection is established between PE2 and PE1 and VPN information is transferred from PE2 directly to PE1.
LSP Tunnel Construction
The way of VPN information transfer shows that, from PE1 to PE2, the VPN only has one hop. The next hop is PE2. PE2 allocates the VPN label, which remains unchanged all the way.
What is important is how the outer LSP from PE1 to PE2 is constructed. First, PE2 and ASBR2 are located in a same AS. With IGP, ASBR2 has the route information of PE2. Through normal LDP, a LSP will be built between ASBR2 and PE2. ASBR1 and PE2 are located in different ASs, and ASBR1 doest not have the route information of PE2. In this case, the route information of PE2 can be transferred to ASBR1 through an EBGP session. In addition, BGP is so extended (RFC3107) that BGP allocates labels while transferring route information. Thus the LSP between ASBR1 and ASBR2 takes shape and label swap happens at ASBR2. Likely, an extended IBGP session is used to transfer the route information of PE2 from ASBR1 to PE1 and allocate the label. Label swap happens at ASBR1. However, in this section, the establishment of LSP is different from that between ASBRs. ASBRs are directly connected and one is reachable right within the next hop. PE1 and ASBR1 are not directly connected but they are located in the same AS. Therefore, a LDP session can be utilized to construct a LSP tunnel. Thus, the LSP from PE1 to ASBR1 carries three layers of labels. The inner layer is the VPN label (allocated by PE2), the middle layer is label to PE2 (allocated by ASBR1 using extended BGP) and the outer layer is the label to ASBR1 (allocated using LDP). A 2-layer LSP is built between two ASBRs. The inner layer is the VPN label (allocated by PE2) and the outer layer is the label to PE2 (allocated by ASBR2 using extended BGP). From ASBR2 to PE2, a 2-layer LSP is built. The inner layer is the VPN label (allocated by PE2) and the outer layer is the label to PE2 (allocated using LDP). The three LSPs are connected through label swap at ASBRs into one end-to-end LSP tunnel.
Characteristics
- ASBR does not need to process VPN information, which best conforms to the VPN requirement that the intermediate equipment is not VPN-aware.
- Extended BGP is used to transfer the public network label.
- 3-layer labels appear in ASs other than the destination AS.
- Option C can used when VPN services grow to a large scale.
3.4 Comparison of Option A/B/C Inter-AS Methods
|
Item/Method
|
Option A
|
Option B
|
Option C
|
Remarks
|
| ASBR VPN awareness |
Need process VPN information and configure VRF |
Need process VPN information but not configure VRF |
Not VPN-aware |
|
| ASBR load Process |
all VPN information and load is heavy Process |
all VPN information and load is heavy Process |
no VPN information and load is light |
|
| link |
Each VPN uses an inter-ASBR link |
One link |
One link |
|
| Inter-AS VPN information transfer |
Between ASBRs, VPN information is transferred over IGP |
Between ASBRs, VPN information is transferred over MP-EBGP. |
Between the source and destination PEs, VPN information is transferred directly over MP-EBGP |
|
| Interworking |
Interworking is simple; ASBRs function as the PE ,CE of each other mutually; IP interworking |
When MP-IBGP does not change the next hop to the local node itself, LDP need run between ASBRs |
Extended BGP need run between ASBRs to transfer the public network label |
Except the destination AS, extended BGP need run in all other ASs to transfer the public network label |
| Tunnel |
2-layer LSP built inside AS, IP forwarding between ASBRs |
Single-layer LSP between ASBRs or 2-layer LSP between ASBR and upper PE |
2-layer LSP inside destination AS and between ASBRs,3-layer LSP in other ASs |
|
| Maintenance |
Simple |
Complex |
Complex |
|
| Scenario |
Small number of VPNs, early stage of service deployment |
Medium number of VPNs, limited inter-ASBR links, middle stage of service deployment |
Large number of VPNs, large scale service deployment |
|
4 Inter-AS L2 VPN
L2 VPN Inter-AS ideas are similar to MPLS/BGP Inter-AS ideas. However, for a L2 VPN to cross several ASs, the implementation is different. The following describes the differences between a Inter-AS L2 VPN and a Inter-AS MPLS/BGP VPN.
4.1 Different Protocols to Carry VPN Information
The implementation of L2 VPN distinguishes between two patterns, specifically, Martini and Kompella. In the Martini pattern, an extended remote LDP session is used to transfer L2 VPN information. In the Kompella pattern, the extended MP-BGP is used to transfer VPN inforamtion.
4.2 Different Content Included in VPN Information
For L3 VPN, the information to transfer includes IP route and labels of VPN. For L2 VPN, IP route information is not transferred. Instead, L2 related information is transferred. For instance, a Martini L2 VPN transfers VC ID, L2 interface information and the labels and a Kompella L2 VPN transfers CE ID and the label block.
Note: For a Kompella L2 VPN, through allocation of label block, the connection a new CE can be established automatically. This will facilitate the ease of later expansion. Moreover, the unique RR of BGP can reduce the number of connections effectively, which is fit for complex topologies. For a Martini L2 VPN, all connections need be configured manually because automatic site detection is not supported. Restricted by a full mesh, Martini L2 VPN is suitable for simple topologies.
4.3 Supported Methods for VPN to Cross ASs
Both Martini and Kompella implementations support Option A/C enabled Inter-AS L2 VPNs. The Option B method is supported by a Kompella L2 VPN by nature while it is not suitable for a Martini L2 VPN to cross ASs, because of the section by section transfer of VPN information for Option B.
4.4 Characteristics of Option B Enabled Inter-AS L2 VPN
Kompella L2 VPN adopts label block allocation, which is different from L3 VPN's single label swap at ASBR. With reference to the above description of Option B, PE2 allocates a label block (suppose 10 labels are included) for CE2, for connection with other 10 CEs. When the label block reaches ASBR2, ASBR2 will reallocate a label block that contains 10 labels to ASBR1. Then a label swap table is created at ASBR2. If 10 connections are built, this table will include 10 swap entries. The connection between CE2 and CE1 matches the first swap entry in the table and so on. Depending on different CE IDs, all connections via ASBR2 will match a swap entry in the table.
4.5 Inter-AS VPLS
VPLS can be regarded as a special instance of L2 VPN. Its implementation also includes Martini and Kompella. A Inter-AS VPLS VPN can also be realized in three methods, namely Option A/B/C (note: the Martini implementation and the Kompella implementation support different Inter-AS methods). When a Inter-AS VPLS VPN is studied, the VSI learning and forwarding need not be considered. The only consideration is the establishment of PW between PEs. Then, it is same as the implementation of a Inter-AS L2 VPN.
4.6 Comparison between Inter-AS L2 VPN and Inter-AS MPLS/BGP
|
Item/VPN
|
MPLS/BGP
|
VPN/L2VPN
|
Remarks
|
|
MARTINI
|
KOMPELLA
|
| Protocol |
MP-BGP |
Extended remote LDP |
MP-BGP |
VPLS Inter-AS methods are the same as those for L2 VPN |
| VPN information |
VPN route and label |
VC ID and label |
CE ID and label block |
| Inter-AS methods |
Option A/B/C |
Option A/C |
Option A/B/C |
| Network topology |
Complex |
Simple |
Complex |
5 Inter-AS VPN Capabilities of Huawei Products
Huawei takes into full consideration the requirements of operators to deploy VPN services and develops the VPN capabilities in all PE and ASBR equipment to get adapted to the interworking with the equipment of other vendors in different stages of service development. Huawei NE40/80 and NE40E/80E are ideal PE and ASBR equipment to serve a carrier network. They support all MPLS VPN functions, including MPLS/BGP VPN, Martini/Kompella L2 VPN and VPLS. They also support the three Inter-AS methods for MPLS/BGP VPN, Option A/C Inter-AS methods for Martini L2 VPN/VPLS and Option A/B/C Inter-AS methods for Kompella L2 VPN/VPLS.
