Many articles have been written about MPLS VPN amongst different ISPs but not much information is available if there is a global ISP having PoPs across several cities in the world. In this blog, we will look into a way of providing MPLS connectivity to customers present across various cities of the world where you have point of presence. Since, the geographical location of your PoPs are diverse, your PoPs might as well be connected over the Internet.

Just like always, we will take the example of 2 places which are separated by a great distance, Mumbai and Kuwait. You are a service provider having PoPs in these 2 cities. You are providing Internet and MPLS connectivity to customers in these 2 cities. The way you are doing this currently is that at each location, you have an internet gateway through which your customers will reach the Internet. Also, if you have one customer having multiple offices across that location, they will be able to reach each other through your MPLS cloud. But what about a customer who has office in Mumbai and Kuwait and who wants MPLS connectivity between these 2 locations. The trick is to run MPLS between your 2 locations over the Internet.

The Setup

As per the diagram, Mumbai and Kuwait have 2 routers in their MPLS cloud. One is a PE router connecting to the customer and one is an ASBR which is connecting to its upstream network through the ISP. I have taken a reduced number of equipments for simplicity. The customer location has one router per location for simplicity. There is no direct connectivity between Mumbai and Kuwait.

The Simulation

As can be seen from the Diagram, the simulation of Customer and ISP network is exactly the same as explained in the setup while the Internet cloud has been simulated by 3 ASes between the 2 locations. A high number of AS has been taken to show that there is absolutely no direct connectivity between the 2 Locations. I am not going to discuss much about the ISP peering or how the internet routing has been done. It is basically how you would connect several routers which are part of EBGP.

PE-CE Configuration

We will be running EIGRP between Mumbai customer and Mumbai PE. Also, we will be running RIPv2 between Kuwait Customer and Kuwait PE.

Mumbai Customer

interface FastEthernet0/0

ip address 10.1.1.2 255.255.255.0

router eigrp 1000

network 10.1.1.0 0.0.0.255

no auto-summary

Mumbai PE

ip vrf muku

rd 1:1

route-target export 1:1

route-target import 1:1

interface FastEthernet0/0

ip vrf forwarding muku

ip address 10.1.1.1 255.255.255.0

router eigrp 100

!

address-family ipv4 vrf muku

network 10.1.1.0 0.0.0.255

no auto-summary

autonomous-system 1000

exit-address-family

Kuwait PE

ip vrf muku

rd 1:1

route-target export 1:1

route-target import 1:1

interface FastEthernet0/1

ip vrf forwarding muku

ip address 10.1.2.1 255.255.255.0

router rip

!

address-family ipv4 vrf muku

network 10.0.0.0

no auto-summary

version 2

exit-address-family

Kuwait Customer

interface FastEthernet0/0

ip address 10.1.2.2 255.255.255.0

router rip

version 2

network 10.0.0.0

no auto-summary

IGP Configuration

We are running OSPF at both our locations between the PEs and the ASBRs.

Mumbai PE

interface Loopback0

ip address 100.1.1.1 255.255.255.255

interface FastEthernet0/1

ip address 1.1.12.1 255.255.255.0

router ospf 1

network 1.1.12.1 0.0.0.0 area 0

network 100.1.1.1 0.0.0.0 area 0

Mumbai ASBR

interface FastEthernet0/0

ip address 1.1.12.2 255.255.255.0

router ospf 1

log-adjacency-changes

network 1.1.12.2 0.0.0.0 area 0

default-information originate always

Kuwait ASBR

interface FastEthernet0/1

ip address 3.1.12.1 255.255.255.0

router ospf 1

log-adjacency-changes

network 3.1.12.1 0.0.0.0 area 0

default-information originate always

Kuwait PE

interface Loopback0

ip address 200.1.1.1 255.255.255.255

interface FastEthernet0/0

ip address 3.1.12.2 255.255.255.0

router ospf 1

network 3.1.12.2 0.0.0.0 area 0

network 200.1.1.1 0.0.0.0 area 0

BGP Configuration with Upstream 

Since both the Locations belong to the same ISP, the AS number will remain the same due to which the routes of Mumbai will not enter Kuwait and vice versa. To allow this, we require the command “neighbor allowas-in” at both ASBRs. Also, we are advertising our IGP networks using the network command.

Mumbai ASBR

router bgp 1

no synchronization

network 1.1.12.0 mask 255.255.255.0

network 100.1.1.1 mask 255.255.255.255

neighbor 1.12.1.2 remote-as 2

neighbor 1.12.1.2 allowas-in

no auto-summary

Kuwait ASBR

router bgp 1

no synchronization

network 3.1.12.0 mask 255.255.255.0

network 200.1.1.1 mask 255.255.255.255

neighbor 4.34.1.1 remote-as 4

neighbor 4.34.1.1 allowas-in

no auto-summary

Tunnel configuration between the 2 PEs 

We need a Tunnel between the 2 PEs to run MPLS on it.

Mumbai PE

interface Tunnel1

ip address 192.168.10.1 255.255.255.0

mpls ip

tunnel source 100.1.1.1

tunnel destination 200.1.1.1

Kuwait PE

interface Tunnel1

ip address 192.168.10.2 255.255.255.0

mpls ip

tunnel source 200.1.1.1

tunnel destination 100.1.1.1

MP BGP between the 2 PEs 

We will use the Tunnel configured with MPLS for MP BGP. We are redistributing Customer routes into the VRF of customer via MP BGP. Also, we are redistributing Customer routes of other location back to his IGP from MP BGP.

Mumbai PE

router bgp 1

no bgp default ipv4-unicast

neighbor 192.168.10.2 remote-as 1

!

address-family vpnv4

neighbor 192.168.10.2 activate

neighbor 192.168.10.2 send-community extended

exit-address-family

!

address-family ipv4 vrf muku

redistribute eigrp 1000

no synchronization

exit-address-family

router eigrp 100

!

address-family ipv4 vrf muku

redistribute bgp 1 metric 1 1 1 1 1

Kuwait PE

router bgp 1

no bgp default ipv4-unicast

neighbor 192.168.10.1 remote-as 1

!

address-family vpnv4

neighbor 192.168.10.1 activate

neighbor 192.168.10.1 send-community extended

exit-address-family

!

address-family ipv4 vrf muku

redistribute rip

no synchronization

exit-address-family

router rip

!

address-family ipv4 vrf muku

redistribute bgp 1 metric 1

Check the routes at both the offices and you should see the other locations routes. Ping the other site and verify connectivity.

I hope my post has been helpful in your life but the only guide which can help you in the hereafter is the Qur’an. You can download the English translation of the Qur’an here.