BGP and L2VPN

Hi Baks,

BGP is an "exterior gateway protocol" used mainly on the Internet:

and OSPF is an "interior gateway protocol" designed for a network whose parts are under the control of a single organization:

Sincerely,

Brad Reese BradReese.Com Cisco Repair Service Experts

Hendersonville Road, Suite 17 Asheville, North Carolina USA 28803 U.S. Toll Free: 877-549-2680 International: 828-277-7272

There are a couple of different concepts to deal with here:

1. Pseudowires: these provide emulated point-to-point layer-2 connectivity.

1. L2VPNs which are built using pseudowires. These include Virtual Private LAN Service (VPLS) and IP-Only LAN Service (IPLS).

2. L3VPNs, which include BGP/MPLS (RFC 2547bis), IPsec, and Virtual Router based VPNs.

Case 1:

----------- In case 1, pseudowires are built between PE routers or other devices, and provide layer-2 connectivity for CE devices. Pseudowires may be signalled using either LDP (draft martini), BGP (draft kompella), or L2TPv3 depending on the particular implementation you are using.

Cisco implements draft martini pseudowires (called AToM by Cisco) which specify LDP signalling (for VC/PW labels). PE routers still need to have IP connectivity in order to build tunnel LSPs (signalled using LDP/RSVP-TE/TDP) over which the pseudowire can travel between PE routers.

IP connecitivty is almost always provided by OSPF and IS-IS as these two routing protocols are the only ones that have the necessary extensions necessary for MPLS traffic engineering (very desirable when implementing pseudowires). Note that it is also possible to transport draft martini pseudowires over tunneling technologies such as GRE, though this is a pretty uncommon configuration.

Cisco also implements L2TPv3 pseudowires, and again you'll need IP connectivity between PE routers (usually provided via an IGP such as OSPF or IS-IS).

Case 2

---------- L2VPN including VPLS and IPLS take advantage of pseudowire technologies and other mechanisms to provide multipoint Ethernet connectivity for CE devices. VPLS provides multiprotocol connectivity, but is complex, and IPLS provides IP only connectivity and is less complex.

There are currently three drafts specifying VPLS in the IETF L2VPN working group- one using BGP signalling, one specifying LDP signalling, and one using L2TPv3 (with RADIUS discovery).

LDP and BGP signalled VPLS has been implemented already by a number of vendors (mostly LDP signalled), while L2TPv3 based VPLS and IPLS have yet to be implemented by any vendor that I am aware of.

Case 3

---------- L3VPNs, of course, provide layer-3 connectivity between CE routers.

Now, to the original question- it should be possible to use BGP to advertise routes between PE routers as long as the draft martini pseudowire that you are configuring is transported over a GRE tunnel. But, having said that, I would personally just stick with an LDP/RSVP-TE tunnel LSP between PE routers, and in that case you should stick with OSPF or IS-IS.

Hope that helps,

Mark

CCIE#6280 / CCSI#21051 / JNCIS#121 / etc.

Author:

What you are missing here is the fact that a draft martini pseudowire requires the following to cross a network (assuming the PEs are not back to back):

1. a VC/PW label. This is the demultiplexor on the egress PE, and is signalled in draft martini using LDP.

1. EITHER a tunnel LSP label *OR* another type of encapsulation to transport draft martini packets from the ingress PE to the egress PE.

So, if you have MPLS in your backbone network (including P routers) then you'll probably want to use a tunnel LSP for transport (this is provided by LDP/TDP/TDP in an MPLS backbone). In an IP-only backbone, on ther other hand, you do *not* need a tunnel LSP label because you are using GRE or other encapsulation for transport. So, the fact that labels are not, by default, assigned to BGP routes is completely irrelevant because all you are using BGP or other for is to signal IP routes between PE routers (that's all that GRE needs to get between the PE routers).

It is important not to confuse BGP/MPLS (RFC 2547bis) VPN concepts with L2VPN/pseudowire concepts- remember that while (MP-)BGP is central to RFC25437bis, it is almost irrelevant for draft martini (except where is simply provides IP reachability- NOT labels). Focus on point#2 above!

HTH,

Mark

BTW- I should also mention that the initial question was very confused- the diagram shows a PW (pseudowire), which is what the pseudowire solution I discuss is based upon (there is no need for customer routes to be advertised by PE routers as CEs advertise them directly between themselves).

If the initial question is really about 2547bis then it is still possible to use BGP instead of OSPF/IS-IS! This because BGP/MPLS (RFC

2547bis) VPNs require the following (in a simple scenario):

1. a VPN label- this is signalled using MP-BGP, and it is the demultiplexor on the egress PE (it designates the egress interface or VRF).

2. an IGP label (or labels) *OR* other encapsulation to transport the PE routers. An IGP label is signalled using LDP/TDP/RSVP-TE.

Now, if you use another encapsulation such as GRE or L2TPv3 for #2 above then you no longer need the LSP created by LDP/TDP/RSVP-TE, you just need IP reachability between the PE routers, which can be provided by regular BGP (though OSPF or IS-IS would be prerferable, of course). Now the key point again here is that BGP provides the IP reachability for an L2TPv3 or GRE tunnel between PE routers (see #2 above) - it doesn't need to provide labels for #2, although it would still have to provide labels for #1!

Cisco routers can be configured to provide BGP/MPLS (RFC2547bis) VPNs over a GRE (either point-to-point or multipoint) or L2TPv3 tunnel- have a dig around CCO for examples.

HTH,

Mark

Okay, last post on this subject. Be very careful when you say ' AFAIK, Cisco AToM requires TDP/LDP'- to be precise (see previous post), draft martini (including AToM) requires LDP to *signal the VC/PW label*, but does not *require* it for transport between PE routers (though transport is often provided this way).

I am not surprised that you haven't been able to find an example of AToM over GRE on CCO, but actually it's pretty simple:

1. Enable mpls & ldp as the global label protocol.

1. Configure a regular point-to-point GRE tunnel between PE routers

*and* enable mpls on it. Don't enable mpls on PE core interfaces.

Use PEs' core physical interfaces as the GRE tunnel source/destination addresses for simplicity (tunnel source serial x/ tunnel destination ), and use the loopback on each PE as the GRE tunnel inteface address (ip unnumbered loopback x).

1. Config AToM as normal (xconnect, blah, blah..).

1. Configure IP reachability between PEs using your routing protocol of choice, but do not enable it on the GRE tunnel as this may cause the tunnel to flap (recursive routing loops!). Also, do not config the routing protocol to advertise the loopbacks used for xconnect connectivity.

2. Add static routes on each PE to the loopback on the remote PE, and specify the outgoing interface of this route to be the GRE tunnel interface (ip route 255.255.255.255 tunnel x).

And that's it!

The effect of the config is as follows:

1. the VC/PW label is, as always, advertised between PEs using LDP.

1. The PEs become adjacent for LDP over the GRE tunnel, and so advertise implicit-nulls to each other.

So, when AToM packets are transmitted, they are encapsulated as follows:

1. GRE header.

1. VC/PW label.

2. Optional control word.

1. Encapsulated layer-2 frame.

HTH,

Mark

Hello,

It seems that You are mixing 2 different VPNs here. First, Your post header implies there is L2VPN at work. Second, You are asking if You could advertise CE1 IP address via some routing protocol. AFAIK, in Cisco implementation L2VPN means Draft-Martini (

PE1 will advertise MPLS label for CE1-PE1 link to PE2, not CE1 IP address/prefix. Now, it You mean L3VPN then You have to have LDP/TDP+IGP between PE1 and PE2 such as OSPF/ISIS, maybe even RIP or static routes for advertising the PE1 router-id to PE2 and vice versa, and also BGP between PE1 and PE2 to carry MPLS VPN reachability information. BGP cannot be used instead of IGP between PE1 and PE2 since BGP routes are NOT assigned an MPLS label by default. HTH Cheers Alex

Hello Mark,

Would You please be able to provide link/example config on how BGP could be used instead of OSPF between PE routers? I'm genuinely interested in how BGP could be used in place of OSPF. AFAIK, "MPLS VPN Architectures" says that BGP routes are NOT assigned an MPLS label by default so I would say that _UNLESS_ PE1 and PE2 are eBGP peers _AND_ use labeled-unicast address-family then there is no way e.g. for BGP route towards PE2 loopback to get a MPLS label assigned on PE1. Regards Alex

Ok, Mark, now I'm with You. May I ask the specific question - how could it be done on Cisco routers? I'd love to see a config :-) AFAIK, Cisco AToM requires TDP/LDP

Based on the original email body (not header), the task was to advertise a route from PE1 to PE2 where prefix would be address of CE1. Speaks L3VPN to me as neither ATom, not L2TPv3 advertise IP prefixes between PEs. Regards Alex