350-501 SPCOR Cisco CCNP Service Provider – MPLS Layer 3 VPN part 2

3. Virtual Route Forwarding -VRF – Route Distinguisher(RD) – Route Target(RT)

Mplist. L three VPNs. Now in this section we’ll be focusing on three major things like first one will start with what is VRF and how exactly VRF useful in MPs responder networks. And then we’ll see something called Rod Value and Rtvalues. We call them as route distinguisher and route target values. How exactly they are going to relate with VRFs. So first let’s get started with the concept of VRF initially. Now, VRF stands for virtual route routing and forwarding instances. Now VRF is more like a separate routing table for each customer. Now what exactly VRF will do is on the provider edge router. Let’s say I have multiple customers, one is connecting to Blue, maybe the Blue customer and another customer Red customer. And we have another customer called Hello Customer.

The same provider edge router is actually connecting to three different customers. Now what this provider edge router is going to do is it is going to maintain a separate routing table called VRF Blue for customer B, customer Blue and a separate routing table for Customer Red and a separate routing table for Customer Lo. And also it is going to maintain one global routing table which is for inside the service for a network. Now this concept we call it as VRF. It’s a method, it’s a provide a way how to configure multiple routing instances on the same router. The main advantage of doing this is it is going to keep the customer traffic and the routing completely separate by using the same hardware. In fact, we are using only one hardware but still we are actually differentiating the routes of each and every customer.

Now if I just get back if you think about without VRS concept then how it will be. So if I just get back to previous methods, if I think there is no VRF, then I have a customer provided edge router which is connecting to three different customers. Let’s say customer A, customer B and customer C. Now by default, customer A is advertising some networks, let’s say tendon Network. Now these customer routes will get advertised to provide an edge router and this is service for network and it has to reach the other side of the customer A. Now similar way the customer B utizes the routes to provide an edge router because they are connecting to the same provider edge router, the same thing happens on the C as well. Now in order to differentiate the routes, what you need to do is this toward an edge router is going to maintain bid for one routing table.

So which means all the routes coming from the customer A, customer B, customer C will be placed in a common routing table and there is a possibility that the customer routes coming from A they might leak to customer B which is something we don’t want. So if you want to avoid this, what we can do is we can just configure something called routing ACL based routing. We can configure some filtering methods by using some ACLs which is going to deny any routes coming from this side, should not get on the other customer side. But the problem with this one is it is not a scalable solution. And the reason is because if you’re connecting to more than ten to 15 customers, it becomes very difficult for the service provider to configure the filtering on each and every router, maybe for each and every customer.

It’s really not a scalable solution, but the VRF concept is going to overcome this kind of issues. Now in VRF, what exactly we do here is we are going to maintain a separate routing table for Customer A, separate routing table for Customer B a separate routing table for Customer C. So it’s a common router, which is connecting to multiple customer sites and it’s going to maintain one global routing table for all the routes, which is inside the service port network. And it’s going to maintain a separate routing table for Customer A, separate routing table for Customer B, and separate routing table for Customer C. Now, each and every VRF routes are isolated with each other, and anything coming from Customer A will not go to another VRF by default. Unless and until if you want, you can even do that.

But by default, any routes coming from Customer A will not go to Customer B and Customer C without actually doing any extra configurations. Now, in order to differentiate those routes, we need to create a VRF. Actually, we will see the command line probably in the next section. So we need to create a VRF and then we need to assign each and every interface facing towards the customer in a separate VRF. So I need to assign the customer facing interface towards A in a separate VRF and this interface facing towards B in a separate VRF and C in a separate VRF. So here I got the names A-B-C. Let’s take an example. Those are the customer sites. Now any routes coming on that interface on that VRF interface will be automatically placed in a separate VRF routing table called A.

Any routes coming from on this interface will be placed in a separate routing table b any routes coming on this will be placed in a separate routing table. So we’ll see this configuration more in detail with practical examples in our next section. In this section of our main focus is to understand the concept of VRF and the other values which are associated with VRF. Now, finally, just like we have a separate Cisco Express routing table for routing table similarly, every VRF will have its own set table build and any interface assigned to Customer A will be all the routes coming from Customer A will be placed in separate VRF B as well as C and the interfaces which are not placed in any VRF. Let’s say the interface is facing inside the service port network.

So all the routes coming on that interface will be placed in a global routing table. Now the next thing we need to understand after the VRF, we need to know something called Rd value. We call it as a route distinguisher. Now, every VRF inside the provider edge router must have a unique Rd value assigned to the VRF. Now it’s mandatory. Now what exactly it is going to do is it is going to add a 64 bit address, that is eight byte address. It’s going to add to a unique IPV four address, that is a 32 bit IPV four address to make it as a globally unique 96 bit VPN V four address. Now, what does it mean exactly and why exactly we need this Rd value? Let’s take an example. The main reason of using the Rd value is to make the customer routes unique to each customer route.

To make it as a unique address, we assign something called route distribution value for each VRM. Now, what is the requirement for that? Second example, I got a provider edge router which is connecting to another provide edge router somewhere here. So this is complete my service portal network and this service portal network is connecting to customers. I got a customer A connecting on the power and I got a customer B and I got a customer C here. Now, there is a possibility that the customer A might be using the same tendon network. Maybe the possibility is a tender network with a submit mask. Maybe there is a possibility that the customer B is also using the same tendon network in their own land and maybe customer C is also using tendon network. Now, there is a possibility that the multiple customers might be using some overlapping networks.

Now, in this scenario the customer A is using tendon network, customer B uses tendon network, customers is also using tender. Let’s take an example. But in this scenario now when customer is going to advertise their own networks now the routes will be advised to provide an edge router. And what P is going to do is P is going to maintain a separate VRF routes. Now it is going to maintain this customer routes ten dot network in a separate VRF routing table. Same way it is going to maintain the same customer B ten dot network in a separate PRF routing table and customer C also it will be maintained a separate routing table called VRFC. Now, each and every VRF routing table is isolated with each other. So there is no relation between them. Now but the question is now when these routes get advertised inside the service core network.

Now how the other end of the P router or other end of the routers will differentiate the customer A route will differentiate customer C customer B routes. Now, in order to differentiate what exactly in MPLS we do is we are going to associate add so this is your IPV four address, which is a 32 bit address. Now this 32 bit address will be prepended or added with 64 bit address. 64 bit means it’s an eight bit address added with some value. So most of it will be in this format. Like let’s say for customer A we are going to add 500 column one and for customer B we are going to associate 500 column two. And for customer C we are going to associate with some number called 503. Now these numbers we call them as Rd values, we call them as a route distinguisher values.

Now what it exactly do is it is going to differentiate each and every customer routes. Now even though the customers are using some overlapping networks, but when they are prepared or added with this Rd value and then advertised over the MPLS service for network and it’s going to make each and every customer as a unique address. And this address, once it is added with Rd value, we call them as VPN routes. Now, whenever you hear something called VPN routes, you need to understand that the customer routes added with some route distinguisher value, we call them as VPN routes. So it’s going to make each and every customer route as a unique, unique value. So the last thing you need to know is every VRF must have an Rd value associated.

Which means whenever you create a VRF, it’s mandatory that we need to assign a route distinguishable value. And commonly it will be in this format, like 500 colon one. The first number represents mostly the autonomous system number and the second number can be any number. So it has to be 64 bit number. And most commonly we use in this format of assigning the route distinguisher values. And this route distinguished value is locally significant. That is something we need to know. It’s locally significant has nothing to do with the other end of the provider edge routers. But whenever the customer the provider edge routers is going to receive the routes, every VRF will be assigned with every VRF router will be prepared with this 64 bit number and we call them as VPN routes.

So this, this Rd values are locally significant and it must be unique for each and every VRF. Which means if I’m using VRFA I’m using 501 and on the same provider edge router, if I’m connecting customer B, I cannot use again 501 because that ID value is already associated with VRFA. So I need to use another number, 502 for customer B and 503 for customer C. The next thing we’ll see something about route target values. Now why we need a route target value. Route target value is extended community, 64 bit extended PGB community that is attached to your VPN routes, which is going to indicate the VPN membership. Now, before we actually get into this route target value, first we need to understand why exactly we need a route target value when we already have a route distinguisher value.

Now taking all these route distinguisher value and route target value, both are different values but they will be given in the similar kind of format. So we will assign route distinguisher value with 64 bit address. Similar way route target value also will be given with the same kind of network. So it can be same, it can be different, but they both are totally different with each other. So first let us try to understand why route distinguishes values are not enough inside the VRF. So why we need again route target values. So I’m going to take an example here. Say this is my service pawn network that is connecting to multiple this is my entire service network with multiple provider edge routers and I got a customer A, I have a site one.

Let’s say I’m going to give a customer A one, a one nothing site one and then I have a customer A two that is nothing but customer A for site two. So similar way I have another customer, maybe the green one, I got a customer B one and then I got customer B two nothing but customer B side one and site two. Similar way I got some services, we call them as central services where everyone should be able to access some centralized servers or centralized database service where the customer A need to access them and also customer B also need to access them. Similarly, I got another customer, let’s say customer C one and then customer C two. Okay? Now my requirement is to make sure that whatever the routes coming from customer B one should be able to communicate with customer B two on the other side.

So customer B one and B two should be able to communicate with each other. All the routes coming from customer B one should reach the other end of the customer that is B two. Similar way anything coming from the customer A one should reach the other end of the other end of the customer that is a two and a one A two should communicate with each other similar ways. C one and C two should also communicate with each other. Now, at the same time I want to ensure that all the customers like customer A, customer B and customer C must be able to access the centralized database service or centralized voice gateways or it can be anything or it can be some internet access. So every customer must be able to access those things.

Now, in this kind of scenarios, the route distinguisher values will not meet our requirement because route distinguisher value will just prepend a number with a 64 bit value and it is just going to differentiate each and every customer. Thought, let’s say it differentiates with each and every customer with a different 64 bit value added before your IP address and it’s the main job of the route distinction value is to make your net mirrored specific customer routes to make it as a unique VPN routes by adding, by prepending that 64 bit Rd value. But it is not going to identify the VRF or on which side you want to you want your routes to get exported or imported on which site or which P router should install my routes, which P router should not install the routes.

So to make this possible, what we do is we are going to add something called route distinguisher value. So what I’m going to do is we are going to use something called route target value. So we’re, we call them as route target Rtvalue. Now, Rtvalues look similar to the way we write our distribution value. So it can be the same number or different number. It doesn’t make difference. But generally I go with the same number just to avoid the conclusions. But let’s say I’m using for customer A, I’m going to use 500 column one. So what I’m going to do is when I’m sending the routes on the customer, so the customer routes get advertised to the provider edge router. Now, from this broader edge router to the another Ed provider edge router, we have something called MP BGP Configure.

Now, this MP BGP is one kind of implementation of BGP which is going to carry your VPN routes. VPN routes means the customer routes coming from different, different VRFs. All the routes will be carried from one provider edge router to another provider edge router. So, more in detail, I’ll be discussing in my next session about MP BGP implementation and how to configure a different set of commands. Now, we have a tunnel like configuration from this side to other side which is going to carry all your VPN routes. Now, along with that VPN routes, what we are going to do is we are going to add one extended BGP community attribute. So that extended BGP community attribute, we call that as route target values. Now, what this route target value is, it’s one kind of tagging which is attached with your VPN routes.

Now, all the routes coming from this customer, what we’ll do is when we create a VRF, we are going to say export 500 colon one. So I’m going to give a number, something called let me take Blue. So I’m going to give something called export 500 column one. So I’m going to match all my routes. Or it can be all merchants under the VRF, or you can even match specific routes by using something called export maps. So that, again, it’s a little bit beyond the scope. We’ll discuss much more in detail in the advanced implant implementations. But we are going to match all the routes nothing, but we are going to tag all the routes with some route target value. So that number can be anything. So I’m trying to use the same number what we have used for route distinguisher now we need to say export which means all your routes will be exported over the VPN V four.

That VPN with an extended tagging. Now route target value is more like a tag now on the other end of the provider edge router because now when you have VPN V four it goes to every P router. Now on this side we need to say import 501. Now when I say import 501 under the VRF of A two, only that particular VRF will install the routes coming from 501. Now, similar way if you see here the customer B is also connecting. So I’m going to say for customer B I’ll say export 500 column two here, which means your routes will come from the customer go to the provider edge router and they will be carried over your VPN as a VPN routes. And then we are going to go to the VRF under the VRF of B customers we are going to say import 500, colon two.

Now here, even though the P router is actually carrying both the VRF routes from customer A and customer B, but still it is going to differentiate the routes. And when you say import 501, only that particular VRF will import the routes with 500 colon one that is coming from customer A and then customer B will be different. A similar way if you want opposite side we need to say export 500 colon two here, which means your routes will be exported under the VRF and they will go through VPN as with a tag value of route target. And then in this scenario we need to say import 500 column two. Now these route target values plays a major role in your MPLS, some complex employers MPLS implementations like, let’s take an example, I got a very complex VPN where I have some central services.

I want to ensure that all the customers, customer A, customer B, customer C should be able to access these centralized services, maybe some centralized servers. Now what we need to do is we need to export all the routes from this side with the value of fanatic colon ten. So I’m going to export with the value of Fihan, column ten and wherever I configure import. So if I want my customer B should get access to those centralized services, I just need to go to customer B and then I have to say import 510. Similar way I want customer A to also should be able to access those centralized services. I need to say import, import 500 column ten. A similar way if I want customer B also to access all those resources, I need to say import 510.

Maybe in the future you, you want some of the customer A want to access the customer B resources, maybe select a route or maybe all the routes or maybe two different companies. Merches in that scenario what I can do is I can say import 501. So if I configure import 500 colon one on the customer B, which means all the routes exported with customer from customer A with 501 will be installed in the customer B also. So this is what we call as complex VPNs. Now, this is something only possible by using route distinguisher values. So if you’re using Rd value, rd value is going to make your route specifically unique, but it will not identify the VPN membership on the other edge. Now, when you say VPN membership means what routes from which VRF should get imported or exported.

That is something decided by the route target values. So that’s what I got here. If you see route target value is a 64 bit extended committee value which I discussed, which is attached with VPN routes to indicate VPN membership. Now, there are two major options. With route target value. We have something called export and imports. When you say export nothing, but we are, we are sending our routes with a tag and whatever the tag we are going to say and it will be in the same format of route distinguisher, it’s going to identify the membership to which it is going to associate with which VRF belongs to. And generally it is attached to the broader router. When it is converted to VPN route. It’s like a tagging.

These are more like technical terms. In simple, I can say we are exporting nothing, but we are saying that all the routes should get exported with a tag of this. Now, on the other edge of the peer router we need to say import finite. Now, import finite one are used to select which VPN route should get inserted into the respective VRF routing tables. Now, probably in the next section I’ll be getting into much more in detail. Like in the next section, let me just give you an overview. We’ll see how to create a VRF and then we’ll also see how to assign a specific interface under the VRF. And also we’ll practically verify how exactly the router is going to differentiate the different routing tables. And then how we can verify that by using a command called Show IP route or Show IP route VRF a one B one like that.

And then also we’ll see assigning the Rtvalues and RT values and how exactly it will be done. So, Majorly, if you remember, we got six steps in our MPLS L, three VPNs. These are all the commands I’ll get into this command line more in detail in the next section. Now, we are already done with the first step. We know how to convey IGP inside the service for network in our section. One, we discuss that and then later on we have discussed how to convey LDP. And then just now we have finished discussing on what is VRF and what exactly Rd value which makes your customer route a unique, unique VPN and route target value which is more like an extended BGP community tag which is associated with each and every PRF. And it is going to decide what routes should get imported or exported on that respective PRF.