Mpls10sae-Mpls VPN Design Guidelines
Transcript of Mpls10sae-Mpls VPN Design Guidelines
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
1/66
2001, Cisco Systems, Inc.
Appendix E
MPLS VPN Design
Guidelines
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
2/66
2001, Cisco Systems, Inc. MPLS v1.0E-2
Objectives
Upon completion of this chapter, youwill be able to perform the followingtasks:
Select a proper addressing schemefor the MPLS VPN backbone
Select the optimal Interior GatewayProtocol
Develop comprehensive RouteDistinguisher and Route TargetAllocation Schemes
Design BGP in the MP-BGP backbone
Optimize overall network convergence
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
3/66
Backbone and PE-CE Link
Addressing Scheme
2001, Cisco Systems, Inc. MPLS v1.0E-3
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
4/66
2001, Cisco Systems, Inc. MPLS v1.0E-4
Objectives
Upon completion of this section,you will be able to perform thefollowing tasks:
Decide when to use numbered orunnumbered links
Decide when to use public or private
IP addressesDevelop an addressing scheme withinthe backbone and between the PE andCE routers
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
5/66
2001, Cisco Systems, Inc. MPLS v1.0E-5
Backbone AddressingOverview
Most Internet service providers (ISPs)use registered addresses over numberedlinks.
Troubleshooting and management aresimplified.
Enabling MPLS in ATM-based ISPenvironments reduces routingadjacenciesper label switch router (LSR).
Hop-by-hop links replace end-to-endpermanent virtual connections.
There is no need to fully mesh routingadjacencies between edge routers.
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
6/66
2001, Cisco Systems, Inc. MPLS v1.0E-6
Numbered or UnnumberedLinks in the Backbone
Benefits of unnumbered links: Save address space
May simplify routing configuration
Drawbacks of unnumbered links:
Cannot ping individual interfaces
Syslog/Simple Network ManagementProtocol (SNMPL) monitoring stillavailable
Cannot perform hop-by-hop Telnet
Cannot perform IOS upgrades on low-endrouters
Cannot distinguish parallel links fortraffic engineering
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
7/66
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
8/66 2001, Cisco Systems, Inc. MPLS v1.0E-8
Private Versus Public IPAddresses in the Backbone
Private addresses can be used inthe MPLS VPN backbone:
Backbone nodes and links will not be
accessible to other service providers(in some cases even to customers).
There is no need to give visibility tocustomers on the backbone topology.
Do not propagate time-to-live (TTL) inlabel header.
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
9/66 2001, Cisco Systems, Inc. MPLS v1.0E-9
Effects of Private Addresseson Traceroute
Traceroute should work across backbones withprivate addresses, but:
Internet Control Message Protocol (ICMP)replies from backbone routers will come from
private address space. Responses from private addresses cannot be
resolved via Domain Name System (DNS).
Every decent firewall will drop packets
coming from private address space asspoofing attacks.
Conclusion: disable TTL propagation if you useprivate addresses in the core.
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
10/66 2001, Cisco Systems, Inc. MPLS v1.0E-10
Registered IP Addresses inthe Backbone
Easier management wheninterconnecting (merging) with othernetworks
Less statistical risk of duplicateaddresses
Possible need for ISP to troubleshootrouting with other ISPs, which requiresregistered addresses
Backbone hidden from customers butmay be visible to peer providers
Option: Combination of registeredaddresses at the edge and privateaddresses in the core
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
11/66 2001, Cisco Systems, Inc. MPLS v1.0E-11
Backbone AddressingRecommendations
Use registered addresses if possible
Use registered host addresses from oneaddress block for PE loopbackaddresses
Using host addresses for loopbackinterfaces is not mandatory, but highlyrecommended
Using addresses from one block makes iteasy to avoid summarization of loopbackaddresses
Allows easy conditional label advertisingonly for BGP next hops
More controlled migration toward MPLS backbone
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
12/66 2001, Cisco Systems, Inc. MPLS v1.0E-12
Numbered or UnnumberedPE-CE Links
Do not use unnumbered provideredge-customer edge links
Unnumbered links get their IP address
from another interface (loopback),which has to be in the same VPNrouting/forwarding instance (VRF)
Increases management burden
Increases number of interfaces
Cannot perform PE-CE Telnet in caseof CE router problems
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
13/66 2001, Cisco Systems, Inc. MPLS v1.0E-13
Private Versus Public PE-CEAddresses
Do not use private addresses forPE-CE links:
Customers are free to use any private
addresses in the networks.There is always the potential foroverlap with customer addresses.
Drawback: assigning unique publicsubnet to every PE-CE linkconsumes too much address space.
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
14/66 2001, Cisco Systems, Inc. MPLS v1.0E-14
Reusing Registered IPAddresses on PE-CE Links
The same registered subnet can beassigned to multiple interfacesbelonging to different VRFs.
This options is dangerouscustomersmight establish VPN connectivity even ifthey are connected to a wrong physicalinterface.
Duplicate addresses are allowed evenwithin a VPN (across PE routers) aslong as they are notredistributed intoMP-BGP.
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
15/66 2001, Cisco Systems, Inc. MPLS v1.0E-15
Recommendation forRegistered IP Address Reuse
Allocate one registered addressblock that is reused on every PE
router.Uniqueness of addresses isguaranteed only at the PE leveldonot redistribute connected subnets
into MP-BGP.
This option prevents misconnection ofCE interfaces.
There is no risk of customer
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
16/66 2001, Cisco Systems, Inc. MPLS v1.0E-16
Drawbacks of RegisteredAddress Block Reuse
You cannot ping a remote serialinterface.
Trace across a VPN network mayduplicate IP addresses.
For customers using RIP:
RIP needs a network command on thePE so the PE-CE network will go intothe customer routing table.
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
17/66 2001, Cisco Systems, Inc. MPLS v1.0E-17
SummaryAddressing
Use registered addresses when possible;otherwise use private addresses .
Prefer numbered links for current trafficengineering.
PE loopback addresses should be takenfrom a contiguous block of address space.
PE loopback addresses should be hostroutes.
In the transition phase, bind labels only forsignificant addresses such as PEloopback addresses.
Use unique PE and CE addresses within a
PE router. Reuse the same address blockon each PE router.
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
18/66 2001, Cisco Systems, Inc. MPLS v1.0E-18
Summary
After completing this section, youshould be able to perform thefollowing tasks:
Decide when to use numbered orunnumbered links
Decide when to use public or private IPaddresses
Develop an addressing scheme withinthe backbone and between the PE andCE routers
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
19/66 2001, Cisco Systems, Inc. MPLS v1.0E-19
Review Questions
What are the drawbacks of usingunnumbered links?
Where should you use unnumbered links inthe MPLS backbone?
Where would you use unnumbered linksbetween PE and CE routers?
Why would you use private address spacein your IP backbone?
What are the drawbacks of using privateaddress space in your IP backbone?
How would you hide the private addressspace from your customers?
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
20/66 2001, Cisco Systems, Inc. MPLS v1.0E-20
More Review Questions
What is the impact of using privatebackbone addresses on traceroute?
Why should you allocate PE loopback
addresses from a separate address block? Why should you use registered addresses
forPE-CE links?
Why is the reuse of registered addressesbetween VRFs not advisable?
When can you reuse registered addressesin the same VPN between PE routers?
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
21/66
Backbone IGPSelection and
Design
2001, Cisco Systems, Inc. MPLS v1.0E-21
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
22/66 2001, Cisco Systems, Inc. MPLS v1.0E-22
Objectives
Upon completion of this section,you will be able to perform thefollowing tasks:
Select the proper IGP to run in thebackbone
Design the selected IGP to meet MPLS
VPN requirements
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
23/66
2001, Cisco Systems, Inc. MPLS v1.0E-23
IGP Selection Criteria
Convergence speed
Stability and reliability
Redistributionmay affect protocols:
Not all protocols behave the same withredistribution.
Redistribution is not needed for MPLSVPN but might be needed to support otherIP traffic.
Summarization options and multi-areasupport
Enhancements for Cisco MPLS Traffic
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
24/66
2001, Cisco Systems, Inc. MPLS v1.0E-24
IGP Convergence
Convergence is becoming morecritical than in the past:
New applications: multimedia, voice
Routers have to converge faster:
Implies more CPU and memory
Not a real problem, since switching(high-end platforms) is done at linecard level; therefore, CPU has sparecycles
IGP C Di t
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
25/66
2001, Cisco Systems, Inc. MPLS v1.0E-25
IGP ConvergenceDistanceVector Versus Link-State
Distance vector protocol does not havemany tuning capabilities in terms ofconvergence
Link-state protocols can be tuned inorder to speed up convergence
Shortest path first (SPF) algorithmcalculation, link-state advertisement(LSA) and link-state packet (LSP)
generation, adjacency timer
Scalability of link-state protocols hasbeen proved (live ISP backbones)
Link-state protocols have been extended
for MPLS TE
G C
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
26/66
2001, Cisco Systems, Inc. MPLS v1.0E-26
IGP Convergence VersusStability
Fast convergence requires short reactiontime to events.
Short reaction time implies more routingcalculations.
More routing calculations implies lessstability. (example: a flapping link)
There is a trade-off between satisfactoryconvergence times and indispensable
stability of the backbone. Example: the Internet cannot afford to use
fast convergence. Therefore, BGP is notafast convergence protocol.
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
27/66
2001, Cisco Systems, Inc. MPLS v1.0E-27
Redistribution Issues
Redistributed routes may createoverhead on routing protocols
New and specific protocol packets,
possibly one per new route
Impact on flooding, more to use inrouting algorithm (SPF)
Summarization of redistributed routesnot always possible in an optimalfashion(for example, OSPF)
R di ib i
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
28/66
2001, Cisco Systems, Inc. MPLS v1.0E-28
RedistributionRecommendations
Redistribution generally not thebest option
In OSPF, interfaces should be
inserted in type 1 LSA rather thanredistributed:
New command passive-interfacedefault
Redistribution not an issue with IS-IS:
All prefixes are on same LSP
All prefixes are summarizable in L1L2
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
29/66
2001, Cisco Systems, Inc. MPLS v1.0E-29
Summarization Issues
Summarization is the key elementfor reducing internal routing tablesizes:
Not that important if all nonbackboneroutes are in BGP
Summarization of internal as well asredistributed routes
Not everything can be summarized:
Summarization breaks LSPneversummarize PE loopback addresses orBGP next hops
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
30/66
2001, Cisco Systems, Inc. MPLS v1.0E-30
MPLS TE Enhancements
Link-state protocols were extended tocarry resource availability information:
Calculates topologies based on resourceavailability
Carried in OSPF opaque LSAs and newIS-IS (sub) type, length, value (TLV)attributes
Distance vector protocols will never
support MPLS TE Router must know complete path for
traffic engineering
Only link-state protocols allow router to
have full visibility of the area or domain
IGP S l ti
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
31/66
2001, Cisco Systems, Inc. MPLS v1.0E-31
IGP SelectionRecommendation
The MPLS VPN backbone can be runwith a distance vector protocol
It will not support MPLS TE
Use only if migration toward OSPF or IS-
IS too expensive or too lengthySelect OSPF or IS-IS as the IGP in allother cases
Minor differencesthey both perform
reasonably well in large backbones Select one or the other based on existing
knowledge of your engineers and otherrequirements (for example,Connectionless Network Service [CNLS]-based management)
I Th A Diff
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
32/66
2001, Cisco Systems, Inc. MPLS v1.0E-32
Is There Any DifferenceBetween OSPF and IS-IS?
Both protocols use the same algorithm (SPF,or Dijkstras algorithm).
Most existing ISP or service providerbackbones use IS-IS or OSPF.
The largest ISPs use IS-IS:
More experience with IS-IS in large topologies.
The larger a network is, the more likely is IS-
IS used. Live networks use IS-IS with more than 600
routers in a single area.
Few OSPF live networks have similarnumbers.
IS-IS area routing is an option, not a
Mi T h i l Diff
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
33/66
2001, Cisco Systems, Inc. MPLS v1.0E-33
Minor Technical DifferencesBetween OSPF and IS-IS
Convergence capabilities are similar(same algorithm)
More tuning is available in IS-IS
Redistribution is less painful in IS-IS.
IS-IS does not differentiate betweeninternal and redistributed routes.
Summarization may occur in the same
router for all routes (internal andredistributed).
OSPF has more features (route tags, stubareas, not-so-stubby [NSSA] areas, on-
demand circuits, and the like).
IGP M lti d
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
34/66
2001, Cisco Systems, Inc. MPLS v1.0E-34
IGP Multi-area andSummarization Concerns
Summarization should never be performed inATM LSRs:
Summarization breaks LSP tunnels.
ATM LSRs should never be LSP tunnelendpoints.
PE loopback addresses should not besummarized
Allocated PE loopback addresses from adistinct block of address space that is not
summarized Current traffic engineering implementation
does not support areas
There should be no problems if backbone isthe below ~300 routers
-
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
35/66
2001, Cisco Systems, Inc. MPLS v1.0E-35
SummaryIGP Selection
Link-state protocol: IS-IS or OSPF
IS-IS is better in large topologies andwhere single area is required
IGP should be tuned in order toimprove convergence time
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
36/66
2001, Cisco Systems, Inc. MPLS v1.0E-36
Summary
After completing this section, you
should be able to perform thefollowing tasks:
Select the proper IGP to run in thebackbone
Design the selected IGP to meet MPLSVPN requirements
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
37/66
2001, Cisco Systems, Inc. MPLS v1.0E-37
Review Questions
List three IGP selection criteria.
What is the impact of higher convergencespeed on network stability?
How can you tune OSPF convergence?
How can you tune IS-IS convergence?
What is the difference between OSPF and IS-ISroute redistribution?
Where can you summarize redistributed routesin OSPF?
Where can you summarize redistributed routesin
IS-IS?
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
38/66
2001, Cisco Systems, Inc. MPLS v1.0E-38
More Review Questions
How do you avoid redistribution ofconnected interfaces when using OSPF?
Which routing protocols support MPLSTraffic Engineering?
Why is MPLS TE not supported by EIGRP?
When can you use EIGRP as the IGPprotocol in your MPLS VPN backbone?
What is the impact of routesummarization on MPLS VPN?
Why is IS-IS recommended for extremelylarge networks?
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
39/66
Route Distinguisher and
Route Target Allocation
Schemes
2001, Cisco Systems, Inc. MPLS v1.0E-39
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
40/66
2001, Cisco Systems, Inc. MPLS v1.0E-40
Objectives
Upon completion of this section,you will be able to perform thefollowing tasks:
Develop generic Route Distinguisher(RD) and Route Target (RT) allocationschemes
Route Distinguisher
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
41/66
2001, Cisco Systems, Inc. MPLS v1.0E-41
Route DistinguisherAllocation Scheme
RD function is to make the IP version 4(IPv4) address unique across differentVPNs
64 bits prepended to the IPv4 address
From an architectural point of view,there is no format for the RDsimplify isa sequence of bits
From a practical perspective, the RD isconfigured according to the followingformat:
::
::
Route Distinguisher
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
42/66
2001, Cisco Systems, Inc. MPLS v1.0E-42
Route DistinguisherAllocation Scheme
RD has VPN-local significance
All routes that are part of the samecommunity of sites (VPN) can use the same
RD No duplicate IP addresses allowed within
the same VPN
Sites belonging to the same VPN may have to
use different RDs when these sites alsobelong to other different VPNs
With central services or hub and spoketopology, all client or spoke sites must usedifferent RDs.
Route Distinguisher
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
43/66
2001, Cisco Systems, Inc. MPLS v1.0E-43
Route DistinguisherAllocation Scheme (cont.)
Different PEs may use the same RD forVRFs as long as the VRFs share thesame connectivity requirements.
Using a formatted RD will ensureconsistency and scalability.
Make the customer ID part of the RD.
Route Target Allocation
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
44/66
2001, Cisco Systems, Inc. MPLS v1.0E-44
Route Target AllocationScheme (cont.)
RTs are used for routing policiesbetween VRFs (therefore sites).
Numbering is free.
However, consistency will help toscale.
RT numbering need notfollow RD
numbering.Numbering should not requiremodifications each time a new site isconnected
(for example, in a central services
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
45/66
2001, Cisco Systems, Inc. MPLS v1.0E-45
Summary
After completing this section, you
should be able to perform thefollowing tasks:
Develop generic Route Distinguisher(RD) and Route Target (RT) allocation
schemes
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
46/66
2001, Cisco Systems, Inc. MPLS v1.0E-46
Review Questions
What is the function of the routedistinguisher?
Can you reuse the same routedistinguisher on different PErouters?
Is there any topology where everysite requires a different value ofroute distinguisher?
What is the function of the routetarget?
Do you have to make the route
target equal to the route
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
47/66
End-to-End
Convergence Issues
2001, Cisco Systems, Inc. MPLS v1.0E-47
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
48/66
2001, Cisco Systems, Inc. MPLS v1.0E-48
Objectives
Upon completion of this section,you will be able to perform thefollowing tasks:
Explain the difference between overlayVPN convergence and MPLS VPNconvergence
List the elements of end-to-end
convergence in the MPLS VPN network
Optimize individual elements of MPLSVPN convergence
Traditional Overlay VPN
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
49/66
2001, Cisco Systems, Inc. MPLS v1.0E-49
Traditional Overlay VPNRouting
Routing adjacency is between CE
routers.Routing protocol convergence isowned by the customer.
Frame Relay BackboneCE-RIP-A1
CE-BGP-A1
CE-RIP-A2
CE-BGP-A2
CE-RIP-B1 CE-RIP-B2
Frame Relay Frame Relay
Routing Adjacency
Traditional Overlay VPN
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
50/66
2001, Cisco Systems, Inc. MPLS v1.0E-50
Traditional Overlay VPNConvergence
Elements of overlay VPN convergence:
Neighbor loss discovery (usually notimmediate but based on dead timer)..up to 40seconds
Propagation of changed routing information...fewseconds
Topology recomputation..5 to 15seconds
Frame Relay BackboneCE-RIP-A1
CE-BGP-A1
CE-RIP-A2
CE-BGP-A2
CE-RIP-B1 CE-RIP-B2
Frame Relay Frame Relay
Routing Adjacency
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
51/66
2001, Cisco Systems, Inc. MPLS v1.0E-51
MPLS VPN Routing
Complex parts of the end-to-end routing areperformed by the service provider.
Routing convergence speed is primarily theresponsibility of the service provider.
PE-PE routing relies on MP-BGP, which isusually not a fast-converging protocol.
Site BSite A Provider Network (P-Network)
PE-1CE-A1
CE-A2 PE-2
PE-3 CE-3
MPLS VPN Convergence
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
52/66
2001, Cisco Systems, Inc. MPLS v1.0E-52
MPLS VPN ConvergenceFailure Scenarios
Site BSite A P-Network
PE-1CE-A1
CE-A2 PE-2
PE-3 CE-3
Failure of PE-CE link or CE router failureFailure of a P router
Failure within the P-network
onvergenceF il I id P id
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
53/66
2001, Cisco Systems, Inc. MPLS v1.0E-53
gFailure Inside Provider
Network
All MPLS VPN routing is based on recursive BGProuting toward BGP next hops.
Failure inside P-Network does not affect MPLS VPNrouting.
Data flow is disrupted only during P-network IGPconvergence.
Data flow continues as soon as the LSP toward the
BGP next hop is established.
Site BSite A P-Network
PE-1CE-A1
CE-A2 PE-2
PE-3 CE-3
Failure Inside Provider Network
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
54/66
2001, Cisco Systems, Inc. MPLS v1.0E-54
Failure Inside Provider Network(cont.)
Convergence time after failure inside P-Network depends solely on characteristics ofthe provider backbone.
IGP convergence time
Tag Distribution Protocol (TDP) or LDP labelpropagation time
Convergence time can be reduced by using
advanced MPLS features such as fast reroute.
Site BSite A P-Network
PE-1CE-A1
CE-A2 PE-2
PE-3 CE-3
MPLS VPN Convergence
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
55/66
2001, Cisco Systems, Inc. MPLS v1.0E-55
Site BSite A P-Network
PE-1CE-A1
CE-A2 PE-2
PE-3 CE-3
MPLS VPN ConvergencePE Router Failure
Other PE routers detect the failure by twomeans:
BGP keepalive holdtime expires BGP next hop is no longer reachable through IGP
CE routers detect the failure through usualPE-CE routing protocol mechanisms
Changing BGP Keepalive
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
56/66
2001, Cisco Systems, Inc. MPLS v1.0E-56
Changing BGP KeepaliveTimer
neighbor ip-addresstimers keepalive hold
router(config-
router)#
Changes the BGP keepalive timer and hold
timeout
Reducing the values can significantly
improve neighbor loss detection, but
Disruption of IBGP session involves too
much floodingbe conservative with BGPtimers
Changing BGP Update
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
57/66
2001, Cisco Systems, Inc. MPLS v1.0E-57
Changing BGP UpdateValidation Timer
bgp scan-time time-in-seconds
router(config-
router)#
BGP routing process periodically
validates routes in BGP table
Routes with unreachable next hops are
removed from the BGP table, resulting in
selection of the next best BGP route
Default scan time is 60 secondsreducing the scan time improves
convergence in case of PE router failure
MPLS VPN Convergence PE-CE Link
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
58/66
2001, Cisco Systems, Inc. MPLS v1.0E-58
Site BSite A P-Network
PE-1CE-A1
CE-A2 PE-2
PE-3 CE-3
MPLS VPN Convergence PE CE LinkFailure or CE Router Failure
PE router detects CE router failure or link failure throughstandard means:
Link failure is detected by Layer 1 or Layer 2mechanisms
CE router failure is detected by dead timer or holdtimeout
The CE route has to be revoked from MP-BGP table, thechange propagated through the network and inserted into
remote VRFs
MPLS VPN Convergence PE-CE Link
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
59/66
2001, Cisco Systems, Inc. MPLS v1.0E-59
Site BSite A P-Network
PE-1CE-A1
CE-A2 PE-2
PE-3 CE-3
MPLS VPN Convergence PE CE LinkFailure or CE Router Failure
Convergence element #1
Route has to be exported from VRF into
MP-BGP
Convergence element #2
MP-BGP update has to be propagatedConvergence element #3
New best route has to be selected
(immediate)
Convergence element #4
New route has to be imported into VRF
Changing BGP Route
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
60/66
2001, Cisco Systems, Inc. MPLS v1.0E-60
Changing BGP RouteExport/Import Timer
bgp scan-time import timer
router(config-
router-af)#
By default, export and import actions are
performed every 60 seconds.
Reducing the BGP import/export scan timer
will improve convergence (but also increase
CPU utilization).
Changing BGP Update
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
61/66
2001, Cisco Systems, Inc. MPLS v1.0E-61
Changing BGP UpdateInterval
neighbor ip-addressadvertisment-interval timeout
router(config-
router)#
By default, updates are sent to IBGP
neighbors every 5 seconds, to EBGP
neighbors every 30 seconds
End-to-end convergence across IBGP
backbone can be longer if route reflectors
are deployed Change the advertisement interval to
improve the IBGP/EBGP convergence speed
S
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
62/66
2001, Cisco Systems, Inc. MPLS v1.0E-62
Summary
After completing this section, youshould be able to perform thefollowing tasks:
Explain the difference between overlayVPN convergence and MPLS VPNconvergence
List the elements of end-to-endconvergence in the MPLS VPN network
Optimize individual elements of MPLSVPN convergence
R i Q ti
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
63/66
2001, Cisco Systems, Inc. MPLS v1.0E-63
Review Questions
What are the major elements of end-to-endconvergence in traditional overlay VPNnetworks?
Which part of the end-to-end MPLS VPNsolution performs the most complex routing?
What are the three common failure scenariosin MPLS VPN solution?
How is the MPLS VPN routing influenced by afailure in a provider network?
What influences the overall convergenceafter a failure in a provider network?
How can a PE router detect the failure ofanother PE router?
M R i Q ti
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
64/66
2001, Cisco Systems, Inc. MPLS v1.0E-64
More Review Questions
How can a CE router detect the failureof an adjacent PE router?
Which parameters influence the MPLSVPN convergence after PE routerfailure?
How can a PE router detect the PE-CElink failure?
Which convergence steps need to betaken after PE-CE link failure?
Which parameters influence the MPLSVPN convergence after PE-CE link
failure?
S mmar
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
65/66
2001, Cisco Systems, Inc. MPLS v1.0E-65
Summary
After completing this chapter, youshould be able to perform thefollowing tasks:
Select a proper addressing scheme forthe MPLS VPN backbone
Select the optimal Interior GatewayProtocol
Develop comprehensive RouteDistinguisher and Route TargetAllocation Schemes
Design BGP in the MP-BGP backbone
-
8/14/2019 Mpls10sae-Mpls VPN Design Guidelines
66/66