Inter-AS VPN

The MPLS VPN solution serves an increasing number of users across many applications. A site at one geographical location often needs to connect to an ISP network at another geographical location. In this situation, for example, inter-AS issues may arise for operators who manage different metropolitan area networks (MANs) or backbone networks that span different autonomous systems (AS).

MPLS VPN architecture typically runs within an AS. Routes of any VPN can be flooded within the AS, but not to other ASs. To implement the exchange of VPN routes between different ASs, the inter-AS MPLS VPN model is used. The inter-AS MPLS VPN model is an extension to MPLS VPN framework. Route prefixes and labels can be advertised over links between different carrier networks through the inter-AS MPLS model.

RFC defines the following inter-AS VPN solutions:

Inter-Provider Backbones Option A: Autonomous system boundary routers (ASBRs) manage VPN routes for inter-AS VPNs through dedicated interfaces. This solution is also called VRF-to-VRF.
Inter-Provider Backbones Option B: ASBRs advertise labeled VPN-IPv4 routes to each other through MP-EBGP. This solution is also called EBGP redistribution of labeled VPN-IPv4 routes.
Inter-Provider Backbones Option C: PE devices advertise labeled VPN-IPv4 routes to each other through Multi-hop MP-EBGP. This solution is also called Multi-hop EBGP redistribution of labeled VPN-IPv4 routes.

Switches support inter-AS VPN Option A and inter-AS VPN Option B.

Inter-Provider Backbones Option A

Introduction

Option A is a basic BGP/MPLS IP VPN application in an inter-AS scenario. In this solution, ASBRs do not require extra configurations for inter-AS VPN or run MPLS. The ASBRs of two ASs are directly connected and function as PE devices of the ASs. Each ASBR considers the peer ASBR as its CE device and creates a VPN instance for each VPN. The ASBRs use EBGP to advertise IPv4 routes.

Figure 1 shows a networking example of Inter-Provider Backbones Option A.

Figure 1 Inter-Provider Backbones Option A

In Figure 1, ASBR2 in AS200 is a CE of ASBR1 in AS 100, and ASBR1 is the CE of ASBR2. VPN LSP indicates a private tunnel and LSP indicates a public tunnel.
Route advertisement

In Option A, PE and ASBR devices use MP-IBGP to exchange VPN-IPv4 routes. Two ASBRs run BGP, IGP multi-instance, or use static routes to exchange VPN information. EBGP is recommended for inter-AS route exchange.

Figure 2 shows the process of Option A route advertisement.
Figure 2 Route advertisement of Option A

In Figure 2, the route destined for 10.1.1.1/24 is advertised from CE1 to CE2. D is the destination address, NH is the next hop, and L1 and L2 are private labels. This figure does not show the advertisement of public IGP routes or the distribution of public network labels.
Packet forwarding

Figure 3 shows a networking example of Option A packet forwarding.
Figure 3 Packet forwarding of Option A

In Figure 3, packets are forwarded over the LSPs, which serve as the public network tunnels. L1 and L2 are inner labels and Lx and Ly are outer tunnel labels.
Option A characteristics
- Simplified configuration
  
  MPLS does not need to run between ASBRs and extra configuration is not required.
- Low scalability
  - ASBRs need to manage all VPN routes and create VPN instances for each VPN.
  - ASBRs must reserve an interface for each inter-AS VPN since IP forwarding is performed between the ASBRs.
  - PE devices must have high performance.
  - Intermediate ASs must support the VPN service if a VPN spans multiple ASs. The configuration is complex and intermediate ASs are affected.
Option A is applicable when the number of inter-AS VPNs is insignificant.

Inter-Provider Backbones Option B

Introduction

In Option B, two ASBRs use MP-EBGP to exchange labeled VPN-IPv4 routes received from the PE devices in the ASs. In the following figure, VPN LSPs are private network tunnels, and LSPs are public network tunnels.

Figure 4 Inter-Provider Backbones Option B

In Option B, the ASBRs receive all inter-AS VPN-IPv4 routes within or outside the local AS and advertise the routes. In basic MPLS VPN implementation, a PE device only stores the VPN routes that match the VPN target of the local VPN instance. The ASBRs are configured to store all the received VPN routes regardless of whether any local VPN instance matches the routes.

All the traffic is forwarded by the ASBRs, which facilitates traffic control but increases the load on the ASBRs. BGP routing policies, such as VPN target filtering policies, can be configured on the ASBRs so that the ASBRs only save some of VPN-IPv4 routes.
Route advertisement

Figure 5 shows the process of Option B route advertisement. In this example, the route destined for 10.1.1.1/24 is advertised from CE1 to CE2. D is the destination address, NH is the next hop, and L1, L2, and L3 are inner labels. This figure does not show the advertisement of public IGP routes or the distribution of public network labels.

Figure 5 Route advertisement of Option B
The route advertisement process is as follows:
1. CE1 uses BGP, OSPF, or RIP to advertise routes to PE1 in AS 100.
2. PE1 in AS 100 uses MP-IBGP to advertise labeled VPNv4 routes to ASBR1 in AS 100. If a route reflector (RR) is deployed on the network, PE1 advertises the VPNv4 routes to the RR, and then the RR reflects the routes to ASBR1.
3. ASBR1 uses MP-EBGP to advertise the labeled VPNv4 routes to ASBR2. Since MP-EBGP changes the next hop of the routes when advertising the routes, ASBR1 distributes a new label to the VPNv4 routes.
4. ASBR2 uses MP-IBGP to advertise the labeled VPNv4 routes to PE3 in AS 200. If an RR is deployed on the network, ASBR2 advertises the VPNv4 routes to the RR, and then the RR reflects the routes to PE3. When ASBR2 advertises routes to an MP-IBGP peer in the local AS, it changes the next hop of the routes to ASBR2.
5. PE3 in AS 200 uses BGP, OSPF, or RIP to advertise the routes to CE2.
Both ASBR1 and ASBR2 swap inner labels of the VPNv4 routes. Inter-AS labels are carried in BGP messages, so ASBRs do not need to run signaling protocols such as Label Distribution Protocol (LDP) or Resource Reservation Protocol (RSVP).
Packet forwarding

In Option B, both ASBRs swap labels during packet forwarding. Figure 6 shows the process of Option B packet forwarding. In the following figure, packets are forwarded over the LSPs, which serve as the public network tunnels. L1, L2, and L3 are inner labels; Lx and Ly are outer tunnel labels.

Figure 6 Packet forwarding of Option B
Option B characteristics
- Unlike Option A, option B is not limited by the number of links between ASBRs.
- Information about VPN routes is stored on and advertised by ASBRs. When a large number of VPN routes exist, overburdened ASBRs are likely to encounter bottlenecks. In the MP-EBGP solution, ASBRs that maintain VPN routes do not perform IP forwarding on the public network, as a result.