This chapter augments the generic MPLS/VPN architecture presented in Chapter 8 with detailed protocol information and a description of the configuration tasks needed to implement a working MPLS/VPN backbone. The following are the necessary IOS configuration tasks:

  • Create a VRF for every unique set of sites (each set of sites belongs to the same set of VPNs, and therefore shares exactly the same routing information and can share a VPN Routing and Forwarding table).

  • Assign a unique route distinguisher to each VRF.

  • Specify import and export policies for each VRF. The import policy controls the import of routes into per-VRF routing tables based on the extended communities (route targets) attached to the route. The export policy specifies the set of extended communities (route targets) that need to be attached to each route that is exported from the VRF (into the MP-BGP database).

  • Establish BGP connectivity between the provider edge routers. This task is usually part of a larger design process that also establishes the desired iBGP topology to allow the network to scale as it grows (see Chapter 12 for more details on building scalable MPLS/VPN networks).

  • Establish MP-iBGP between the PE-routers and allow the exchange of VPN-IPv4 routes between them.

  • Configure a per-VRF routing process (or instance) for each VRF or specify the static per-VRF routes for each customer site.

  • Configure the per-VRF instance of the BGP routing process and specify the redistribution of VRF routes into the BGP routing process. In some network designs, you also have to configure the redistribution from BGP into the per-VRF routing process.

In some redundant scenarios, you also have to configure the SOO setting and filter to prevent routing loops. See Chapter 10 for more details on these configurations.

    Part 2: MPLS-based Virtual Private Networks