- MPLS High Availability Overview
- MPLS High Availability Command Changes
- MPLS LDP Graceful Restart
- NSF SSO - MPLS LDP and LDP Graceful Restart
- AToM Graceful Restart
- NSF SSO�Any Transport over MPLS and AToM Graceful Restart
- NSF SSO - MPLS VPN
- NSF SSO--MPLS TE and RSVP Graceful Restart
- ISSU MPLS Clients
- NSF SSO ISSU Support for VPLS
- NSF SSO and ISSU�MPLS VPN 6VPE and 6PE
- Circuit Emulation Service over UDP
- SSO Support for MPLS TE Autotunnel and Automesh
- Finding Feature Information
- Prerequisites for NSF SSO - MPLS VPN
- Restrictions for NSF SSO - MPLS VPN
- Information About NSF SSO - MPLS VPN
- How to Configure NSF SSO - MPLS VPN
- Configuration Examples for NSF SSO - MPLS VPN
- NSF SSO - MPLS VPN for a Basic MPLS VPN Example
- NSF SSO - MPLS VPN for a CSC Network with a Customer ISP as Carrier Example
- NSF SSO - MPLS VPN for a CSC Network with a MPLS VPN Provider Example
- NSF SSO - MPLS VPN for a CSC Network with BGP to Distribute MPLS Labels Example
- NSF SSO - MPLS VPN for an Inter-AS Network with BGP to Distribute Routes and MPLS Labels Example
- NSF SSO - MPLS VPN for an Inter-AS Network That Uses BGP over a Non-MPLS VPN Service Provider Example
NSF SSO - MPLS VPN
The NSF/SSO - MPLS VPN feature allows a provider edge (PE) router or Autonomous System Border Router (ASBR) (with redundant Route Processors) to preserve data forwarding information in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) when the primary Route Processor (RP) restarts. This feature module describes how to enable Nonstop Forwarding in MPLS VPN networks, including the following types of VPNs:
- Finding Feature Information
- Prerequisites for NSF SSO - MPLS VPN
- Restrictions for NSF SSO - MPLS VPN
- Information About NSF SSO - MPLS VPN
- How to Configure NSF SSO - MPLS VPN
- Configuration Examples for NSF SSO - MPLS VPN
- Additional References
- Feature Information for NSF SSO - MPLS VPN
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Prerequisites for NSF SSO - MPLS VPN
The NSF/SSO - MPLS VPN feature has the following prerequisites:
For information about supported hardware, see the release notes for your platform.
Before enabling Stateful Switchover (SSO), you must enable MPLS Label Distrbution Protocol (LDP) Graceful Restart if you use LDP in the core or in the MPLS VPN routing and forwarding instance in an MPLS VPN Carrier Supporting Carrier configuration. See the NSF/SSO-MPLS LDP and MPLS LDP Graceful Restart feature module for more information.
You must enable NSF on the routing protocols running between the provider (P) routers , PE routers, and customer edge (CE) routers. The routing protocols are:
- Border Gateway Protocol (BGP)
- Open Shortest Path First (OSPF)
- Intermediate System-to-Intermediate System (IS-IS)
Cisco nonstop forwarding support must be configured on the routers for Cisco Express Forwarding. See the Cisco Nonstop Forwarding feature module for more information.
Before enabling the NSF/SSO - MPLS VPN feature, you must have a supported MPLS VPN network configuration. Configuration information is included in the Configuring MPLS VPNs feature module.
Restrictions for NSF SSO - MPLS VPN
The NSF/SSO - MPLS VPN feature has the following restrictions:
- Tag Distribution Protocol (TDP) sessions are not supported. Only LDP sessions are supported.
- The NSF/SSO - MPLS VPN feature requires that neighbor networking devices be NSF-aware. Peer routers must support the graceful restart of the protocol used to communicate with the NSF/SSO - MPLS VPN-capable router.
- The NSF/SSO - MPLS VPN feature cannot be configured on label-controlled ATM (LC-ATM) interfaces.
Information About NSF SSO - MPLS VPN
- Elements That Enable NSF SSO - MPLS VPN to Work
- How VPN Prefix Information Is Checkpointed to the Backup Route Processor
- How BGP Graceful Restart Preserves Prefix Information During a Restart
- What Happens If a Router Does Not Have NSF SSO - MPLS VPN Enabled
Elements That Enable NSF SSO - MPLS VPN to Work
VPN NSF requires several elements to work:
- VPN NSF uses the BGP Graceful Restart mechanisms defined in the Graceful Restart Internet Engineering Task Force (IETF) specifications and in the Cisco Nonstop Forwarding feature module. BGP Graceful Restart allows a router to create MPLS forwarding entries for VPNv4 prefixes in NSF mode. The forwarding entries are preserved during a restart. BGP also saves prefix and corresponding label information and recovers the information after a restart.
- The NSF/SSO - MPLS VPN feature also uses NSF for the label distribution protocol (LDP) in the core network (either MPLS Label Distribution Protocol, traffic engineering, or static labeling).
- The NSF/SSO - MPLS VPN feature uses NSF for the Interior Gateway Protocol (IGP) used in the core (OSPF or IS-IS).
- The NSF/SSO - MPLS VPN feature uses NSF for the routing protocols between the PE and customer CE routers.
How VPN Prefix Information Is Checkpointed to the Backup Route Processor
When BGP allocates local labels for prefixes, it checkpoints the local label binding in the backup Route Processor. The checkpointing function copies state information from the active Route Processor to the backup Route Processor, thereby ensuring that the backup Route Processor has an identical copy of the latest information. If the active Route Processor fails, the backup Route Processor can take over with no interruption in service. Checkpointing begins when the active Route Processor does a bulk synchronization, which copies all of the local label bindings to the backup Route Processor. After that, the active Route Processor dynamically checkpoints individual prefix label bindings when a label is allocated or freed. This allows forwarding of labeled packets to continue before BGP reconverges.
How BGP Graceful Restart Preserves Prefix Information During a Restart
When a router that is capable of BGP Graceful Restart loses connectivity, the following happens to the restarting router:
- The router establishes BGP sessions with other routers and relearns the BGP routes from other routers that are also capable of Graceful Restart. The restarting router waits to receive updates from the neighboring routers. When the neighboring routers send end-of-Routing Information Base (RIB) markers to indicate that they are done sending updates, the restarting router starts sending its own updates.
- The restarting router accesses the checkpoint database to find the label that was assigned for each prefix. If it finds the label, it advertises it to the neighboring router. If it does not find the label, it allocates a new label and advertises it.
- The restarting router removes any stale prefixes after a timer for stale entries expires.
When a peer router that is capable of BGP Graceful Restart encounters a restarting router, it does the following:
- The peer router sends all of the routing updates to the restarting router. When it has finished sending updates, the peer router sends an end-of RIB marker to the restarting router.
- The peer router does not immediately remove the BGP routes learned from the restarting router from its BGP routing table. As it learns the prefixes from the restarting router, the peer refreshes the stale routes if the new prefix and label information matches the old information.
What Happens If a Router Does Not Have NSF SSO - MPLS VPN Enabled
If a router is not configured for the NSF/SSO - MPLS VPN feature and it attempts to establish a BGP session with a router that is configured with the NSF/SSO - MPLS VPN feature, the two routers create a normal BGP session but do not have the ability to perform the NSF/SSO - MPLS VPN feature.
How to Configure NSF SSO - MPLS VPN
- Configuring NSF Support for Basic VPNs
- Configuring NSF Support for Interfaces That Use BGP as the LDP
- Verifying the NSF and SSO - MPLS VPN Configuration
Configuring NSF Support for Basic VPNs
Perform this task to configure NSF support for basic VPNs.
Route Processors must be configured for SSO. See the Stateful Switchover feature module for more information.
If you use LDP in the core or in the virtual routing and forwarding (VRF) instances for MPLS VPN Carrier Supporting Carrier configurations, you must enable the MPLS LDP: NSF/SSO Support and Graceful Restart feature. See the NSF/SSO-MPLS LDP and MPLS LDP Graceful Restart feature module for more information.
You must enable Nonstop Forwarding on the routing protocols running between the P, PE, and CE routers. The routing protocols are OSPF, IS-IS, and BGP. See the Cisco Nonstop Forwarding feature module for more information.
Before enabling the NSF/SSO - MPLS VPN feature, you must have a supported MPLS VPN network configuration. Configuration information is included in the Configuring MPLS VPNs feature module.
1. enable
2. configure terminal
3. ip cef [distributed]
4. router bgp as - number
5. bgp graceful-restart restart-time secs
6. bgp graceful-restart stalepath-time secs
7. bgp graceful-restart
8. end
DETAILED STEPS
Configuring NSF Support for Interfaces That Use BGP as the LDP
The following VPN features require special configuration for the NSF/SSO - MPLS VPN feature:
- MPLS VPN—Carrier Supporting Carrier—IPv4 BGP Label Distribution
- MPLS VPN—Inter-AS—IPv4 BGP Label Distribution
You must issue an extra command, mpls forwarding bgp, on the interfaces that use BGP to distribute MPLS labels and routes. Use the following procedure to configure the NSF/SSO - MPLS VPN feature in these MPLS VPNs.
- Make sure your MPLS VPN is configured for Carrier Supporting Carrier (CSC) or Inter-AS with BGP as the label distribution protocol.
- Configure NSF/SSO - MPLS VPN first, as described in Configuring NSF Support for Basic VPNs.
1. enable
2. configure terminal
3. ip cef [distributed]
4. interface slot/port
5. mpls forwarding bgp
DETAILED STEPS
Verifying the NSF and SSO - MPLS VPN Configuration
This section explains how to verify a configuratin that has the the NSF/SSO - MPLS VPN feature.
- See the Cisco Nonstop Forwarding feature module for verification procedures for BGP, OSPF, and IS-IS.
- See the NSF/SSO-MPLS LDP and MPLS LDP Graceful Restart feature module for verification procedures for the MPLS LDP: NSF/SSO feature
- See the verification information included in the Configuring MPLS VPNs feature module.
1. show ip bgp vpnv4 all labels
2. show ip bgp vpnv4 all neighbors
3. show ip bgp labels
4. show ip bgp neighbors
DETAILED STEPS
Configuration Examples for NSF SSO - MPLS VPN
This section includes six configuration examples. The first configuration example shows the most simple configuration, a basic VPN configuration. The second, third, and fourth examples show different CSC VPN configurations. The fourth example hows a CSC VPN configuration that uses BGP as the MPLS label distribution method and therefore requires the mpls forwarding bgp command. The last two examples show Inter-AS configurations.
- NSF SSO - MPLS VPN for a Basic MPLS VPN Example
- NSF SSO - MPLS VPN for a CSC Network with a Customer ISP as Carrier Example
- NSF SSO - MPLS VPN for a CSC Network with a MPLS VPN Provider Example
- NSF SSO - MPLS VPN for a CSC Network with BGP to Distribute MPLS Labels Example
- NSF SSO - MPLS VPN for an Inter-AS Network with BGP to Distribute Routes and MPLS Labels Example
- NSF SSO - MPLS VPN for an Inter-AS Network That Uses BGP over a Non-MPLS VPN Service Provider Example
NSF SSO - MPLS VPN for a Basic MPLS VPN Example
In this example, the NSF/SSO—MPLS VPN feature is enabled on the existing MPLS VPN configuration.
Enabling SSO on a Cisco 7500 Series Router
The following commands are used to enable SSO on the Cisco 7500 series routers:
The configuration examples are the same for both platforms with the exception that the following configuration boot commands are seen in the beginning of a Cisco 7500 series router configuration (and not in a Cisco 10000 series router configuration):
boot system slot0:rsp-pv-mz hw-module slot 2 image slot0:rsp-pv-mz hw-module slot 3 image slot0:rsp-pv-mz
Enabling SSO on a Cisco 10000 Series Router
The SSO mode is enabled by default.
Enabling NSF on Both the Cisco 7500 Series and Cisco 10000 Series Routers
The following commands are used to enable NSF for the routing protocols, such as BGP and OSPF, and for the label distribution protocols, such as BGP and LDP:
- bgp graceful-restart restart-time
- bgp graceful-restart stalepath-time
- bgp graceful-restart
- nsf enforce global
 Note |
In the configuration example, the NSF/SSO commands are bold-faced and any platform-specific commands are highlighted by arrows. |
The figure below shows the configuration of the NSF/SSO - MPLS VPN feature on the PE and CE routers.
Note |
LDP is the default MPLS label protocol. |
The following configuration examples show the configuration of the NSF/SSO - MPLS VPN feature on the CE and PE routers.
CE1 Router
ip cef no ip domain-lookup ! interface Loopback0 ip address 10.10.10.10 255.255.255.255 ! interface Ethernet4 ip address 10.0.0.1 255.0.0.0 media-type 10BaseT ! router ospf 100 redistribute bgp 101 nsf enforce global passive-interface Ethernet4 network 10.0.0.0 0.255.255.255 area 100 ! router bgp 101 no synchronization bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart network 10.0.0.0 network 10.0.0.0 neighbor 10.0.0.2 remote-as 100
PE1 Router
redundancy mode sso ! ip cef distributed mpls ldp graceful-restart mpls label protocol ldp ip vrf vpn1 rd 100:1 route-target export 100:1 route-target import 100:1 no mpls aggregate-statistics ! interface Loopback0 ip address 10.12.12.12 255.255.255.255 ! interface Ethernet1/4 =====> interface FastEthernet1/1/4 on a Cisco 10000 series router ip vrf forwarding vpn1 ip address 10.0.0.2 255.0.0.0 ! mpls ip interface ATM3/0 =====> interface ATM3/0/0 on a Cisco 10000 series router no ip address ! interface ATM3/0.1 point-to-point ==> interface ATM3/0/0.1 point-to-point on a Cisco 10000 ip unnumbered Loopback0 mpls ip ! router ospf 100 passive-interface Ethernet1/4 ===> passive-interface FastEthernet1/1/4 on a Cisco 10000 nsf enforce global network 10.0.0.0 0.255.255.255 area 100 ! router bgp 100 no synchronization bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart no bgp default ipv4-unicast neighbor 10.14.14.14 remote-as 100 neighbor 10.14.14.14 update-source Loopback0 ! address-family ipv4 vrf vpn1 neighbor 10.0.0.1 remote-as 101 neighbor 10.0.0.1 activate exit-address-family ! address-family vpnv4 neighbor 10.14.14.14 activate neighbor 10.14.14.14 send-community extended exit-address-family
PE2 Router
redundancy mode sso ! ip cef distributed mpls ldp graceful-restart mpls label protocol ldp ! ip vrf vpn1 rd 100:1 route-target export 100:1 route-target import 100:1 no mpls aggregate-statistics ! ! interface Loopback0 ip address 10.14.14.14 255.255.255.255 ! interface ATM1/0 =====> interface ATM1/0/0 on a Cisco 10000 series router no ip address ! interface ATM1/0.1 point-to-point ==> interface ATM1/0/0.1 point-to-point on a Cisco 10000 ip unnumbered Loopback0 mpls ip ! interface FastEthernet3/0/0 ip vrf forwarding vpn1 ip address 10.0.0.1 255.0.0.0 ip route-cache distributed mpls ip ! router ospf 100 nsf enforce global passive-interface FastEthernet3/0/0 network 10.0.0.0 0.255.255.255 area 100 ! router bgp 100 no synchronization bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart no bgp default ipv4-unicast neighbor 10.12.12.12 remote-as 100 neighbor 10.12.12.12 update-source Loopback0 ! address-family ipv4 vrf vpn1 neighbor 10.0.0.2 remote-as 102 neighbor 10.0.0.2 activate exit-address-family ! address-family vpnv4 neighbor 10.12.12.12 activate neighbor 10.12.12.12 send-community extended exit-address-family
CE2 Router
ip cef ! interface Loopback0 ip address 10.13.13.13 255.255.255.255 ! interface FastEthernet0 ip address 10.0.0.2 255.0.0.0 no ip mroute-cache ! router ospf 100 redistribute bgp 102 nsf enforce global passive-interface FastEthernet0 network 10.0.0.0 0.255.255.255 area 100 ! router bgp 102 no synchronization bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart network 10.0.0.0 network 10.0.0.0 neighbor 10.0.0.1 remote-as 100
NSF SSO - MPLS VPN for a CSC Network with a Customer ISP as Carrier Example
In this example, MPLS VPN SSO and NSF are configured on the existing MPLS CSC VPN configuration. In the CSC network configuration, the customer carrier is an Internet Service Provider (ISP), as shown in the figure below.
Enabling SSO on a Cisco 7500 Series Router
The following commands are used to enable SSO on the Cisco 7500 series routers:
The configuration examples are the same for both platforms with the exception that the following configuration boot commands are seen in the beginning of a Cisco 7500 series router configuration (and not in a Cisco 10000 series router configuration):
boot system slot0:rsp-pv-mz hw-module slot 2 image slot0:rsp-pv-mz hw-module slot 3 image slot0:rsp-pv-mz
Enabling SSO on a Cisco 10000 Series Router
The SSO mode is enabled by default.
Enabling NSF on Both the Cisco 7500 Series and Cisco 10000 Series Routers
The following commands are used to enable NSF for the routing protocols, such as BGP and OSPF, and for the label distribution protocols, such as BGP and LDP:
- bgp graceful-restart restart-time
- bgp graceful-restart stalepath-time
- bgp graceful-restart
- nsf enforce global
Note |
In the configuration example, the NSF/SSO commands are bold-faced and any platform-specific commands are highlighted by arrows. |
CSC-CE1 Configuration
mpls ldp graceful-restart mpls label protocol ldp ! interface Loopback0 ip address 10.14.14.14 255.255.255.255 ! no ip route-cache no ip mroute-cache ! interface ATM1/0 no ip address ! interface ATM1/0.1 point-to-point ip address 10.0.0.2 255.0.0.0 ! atm pvc 101 0 51 aal5snap no atm enable-ilmi-trap mpls label protocol ldp mpls ip ! interface ATM2/0 no ip address ! interface ATM2/0.1 point-to-point ip address 10.0.0.2 255.0.0.0 ! atm pvc 100 0 50 aal5snap no atm enable-ilmi-trap mpls label protocol ldp mpls ip ! router ospf 200 log-adjacency-changes redistribute connected subnets nsf enforce global network 10.14.14.14 0.0.0.0 area 200 network 10.0.0.0 0.255.255.255 area 200 network 10.0.0.0 0.255.255.255 area 200
CSC-PE1 Configuration
redundancy mode sso ip cef distributed mpls ldp graceful-restart mpls label protocol ldp ! ip vrf vpn1 rd 100:0 route-target export 100:0 route-target import 100:0 no mpls aggregate-statistics ! interface Loopback0 ip address 10.11.11.11 255.255.255.255 ! no ip route-cache no ip mroute-cache ! interface Loopback100 ip vrf forwarding vpn1 ip address 10.19.19.19 255.255.255.255 ! interface ATM1/1/0 no ip address ! interface ATM1/1/0.1 point-to-point ip address 10.0.0.1 255.0.0.0 ! atm pvc 100 0 50 aal5snap no atm enable-ilmi-trap mpls label protocol ldp mpls ip ! interface ATM3/0/0 no ip address ! interface ATM3/0/0.1 point-to-point ip vrf forwarding vpn1 ip address 10.0.0.1 255.0.0.0 atm pvc 101 0 51 aal5snap no atm enable-ilmi-trap mpls label protocol ldp mpls ip ! router ospf 100 log-adjacency-changes nsf enforce global passive-interface ATM3/0/0.1 passive-interface Loopback100 network 10.11.11.11 0.0.0.0 area 100 network 10.0.0.0 0.255.255.255 area 100 ! router ospf 200 vrf vpn1 log-adjacency-changes nsf enforce global redistribute bgp 100 metric-type 1 subnets network 10.19.19.19 0.0.0.0 area 200 network 10.0.0.0 0.255.255.255 area 200 ! router bgp 100 bgp log-neighbor-changes bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart timers bgp 10 30 neighbor 10.12.12.12 remote-as 100 neighbor 10.12.12.12 update-source Loopback0 ! address-family ipv4 neighbor 10.12.12.12 activate neighbor 10.12.12.12 send-community extended no synchronization exit-address-family ! address-family vpnv4 neighbor 10.12.12.12 activate neighbor 10.12.12.12 send-community extended exit-address-family ! address-family ipv4 vrf vpn1 redistribute ospf 200 match internal external 1 external 2 no auto-summary no synchronization exit-address-family
CSC-PE2 Configuration
redundancy mode sso ip cef distributed ! ip vrf vpn1 rd 100:0 route-target export 100:0 route-target import 100:0 mpls ldp graceful-restart mpls label protocol ldp no mpls aggregate-statistics ! interface Loopback0 ip address 10.12.12.12 255.255.255.255 no ip route-cache no ip mroute-cache ! interface Loopback100 ip vrf forwarding vpn1 ip address 10.20.20.20 255.255.255.255 ! interface ATM0/1/0 no ip address ! interface ATM0/1/0.1 point-to-point ip address 10.0.0.2 255.0.0.0 atm pvc 100 0 50 aal5snap no atm enable-ilmi-trap mpls label protocol ldp mpls ip ! interface ATM3/0/0 no ip address ! interface ATM3/0/0.1 point-to-point ip vrf forwarding vpn1 ip address 10.0.0.1 255.0.0.0 atm pvc 100 0 50 aal5snap no atm enable-ilmi-trap mpls label protocol ldp mpls ip ! router ospf 100 log-adjacency-changes nsf enforce global passive-interface ATM3/0/0.1 passive-interface Loopback100 network 10.12.12.12 0.0.0.0 area 100 network 10.0.0.0 0.255.255.255 area 100 ! router ospf 200 vrf vpn1 log-adjacency-changes nsf enforce global redistribute bgp 100 metric-type 1 subnets network 10.20.20.20 0.0.0.0 area 200 network 10.0.0.0 0.255.255.255 area 200 ! router bgp 100 bgp log-neighbor-changes bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart timers bgp 10 30 neighbor 10.11.11.11 remote-as 100 neighbor 10.11.11.11 update-source Loopback0 ! address-family ipv4 neighbor 10.11.11.11 activate neighbor 10.11.11.11 send-community extended no synchronization exit-address-family ! address-family vpnv4 neighbor 10.11.11.11 activate neighbor 10.11.11.11 send-community extended exit-address-family ! address-family ipv4 vrf vpn1 redistribute ospf 200 match internal external 1 external 2 no auto-summary no synchronization exit-address-family
CSC-CE2 Configuration
ip cef ! mpls label protocol ldp mpls ldp graceful-restart ! interface Loopback0 ip address 10.16.16.16 255.255.255.255 no ip route-cache no ip mroute-cache ! interface ATM1/0 no ip address ! interface ATM1/0.1 point-to-point ip address 10.0.0.2 255.0.0.0 atm pvc 100 0 50 aal5snap no atm enable-ilmi-trap mpls label protocol ldp mpls ip ! interface ATM5/0 no ip address ! interface ATM5/0.1 point-to-point ip address 10.0.0.2 255.0.0.0 atm pvc 100 0 50 aal5snap no atm enable-ilmi-trap mpls label protocol ldp mpls ip ! router ospf 200 log-adjacency-changes nsf enforce global redistribute connected subnets network 10.16.16.16 0.0.0.0 area 200 network 10.0.0.0 0.255.255.255 area 200 network 10.0.0.0 0.255.255.255 area 200
NSF SSO - MPLS VPN for a CSC Network with a MPLS VPN Provider Example
In the CSC network configuration shown in the figure below, the customer carrier is an MPLS VPN provider. The customer carrier has two sites. The backbone carrier and the customer carrier use MPLS. The internal BGP (iBGP) sessions exchange the external routing information of the ISP.
The following configuration example shows the configuration of each router in the CSC network. OSPF is the protocol used to connect the customer carrier to the backbone carrier. The NSF/SSO—MPLS VPN feature is enabled on the existing MPLS VPN configuration.
Enabling SSO on a Cisco 7500 Series Router
The following commands are used to enable SSO on the routers:
The configuration examples are the same for both platforms with the exception that the following configuration boot commands are seen in the beginning of a Cisco 7500 series router configuration (and not in a Cisco 10000 series router configuration):
boot system slot0:rsp-pv-mz hw-module slot 2 image slot0:rsp-pv-mz hw-module slot 3 image slot0:rsp-pv-mz
Enabling SSO on a Cisco 10000 Series Router
The SSO mode is enabled by default.
Enabling NSF on Both the Cisco 7500 Series and Cisco 10000 Series Routers
The following commands are used to enable NSF for the routing protocols, such as BGP and OSPF, and for the label distribution protocols, such as BGP and LDP:
- bgp graceful-restart restart-time
- bgp graceful-restart stalepath-time
- bgp graceful-restart
- nsf enforce global
Note |
In the configuration examples, the NSF/SSO commands are bold-faced and any platform-specific commands are highlighted with arrows. |
- CE1 Configuration
- PE1 Configuration
- CSC-CE1 Configuration
- CSC-PE1 Configuration
- CSC-PE2 Configuration
- CSC-CE2 Configuration
- PE2 Configuration
- CE2 Configuration
CE1 Configuration
ip cef ! interface Loopback0 ip address 10.17.17.17 255.255.255.255 ! interface Ethernet0/1 ip address 10.0.0.2 255.0.0.0 ! router ospf 300 log-adjacency-changes nsf enforce global redistribute bgp 300 subnets passive-interface Ethernet0/1 network 10.17.17.17 0.0.0.0 area 300 ! router bgp 300 no synchronization bgp log-neighbor-changes bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart timers bgp 10 30 redistribute connected redistribute ospf 300 match internal external 1 external 2 neighbor 10.0.0.1 remote-as 200 neighbor 10.0.0.1 advertisement-interval 5 no auto-summary
PE1 Configuration
redundancy mode sso ip cef distributed mpls ldp graceful-restart mpls label protocol ldp ! ip vrf vpn2 rd 200:1 route-target export 200:1 route-target import 200:1 ! interface Loopback0 ip address 10.13.13.13 255.255.255.255 ! interface ATM1/0 =====> interface ATM1/0/0 on a Cisco 10000 series router no ip address ! interface ATM1/0.1 point-to-point ===> interface ATM1/0/0 point-to-point on a Cisco 10000 ip address 10.0.0.1 255.0.0.0 atm pvc 100 0 50 aal5snap no atm enable-ilmi-trap mpls label protocol ldp mpls ip ! interface Ethernet3/0 =====> interface FastEthernet3/0/0 on a Cisco 10000 series router ip vrf forwarding vpn2 ip address 10.0.0.1 255.0.0.0 no ip mroute-cache ! router ospf 200 log-adjacency-changes redistribute connected subnets nsf enforce global passive-interface Ethernet3/0 ===> passive-interface FastEthernet3/0/0 on a Cisco 10000 network 10.13.13.13 0.0.0.0 area 200 network 10.0.0.0 0.255.255.255 area 200 ! router bgp 200 no bgp default ipv4-unicast bgp log-neighbor-changes bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart timers bgp 10 30 neighbor 10.15.15.15 remote-as 200 neighbor 10.15.15.15 update-source Loopback0 ! address-family ipv4 neighbor 10.15.15.15 activate neighbor 10.15.15.15 send-community extended no synchronization exit-address-family ! address-family vpnv4 neighbor 10.15.15.15 activate neighbor 10.15.15.15 send-community extended exit-address-family ! address-family ipv4 vrf vpn2 neighbor 10.0.0.2 remote-as 300 neighbor 10.0.0.2 activate neighbor 10.0.0.2 as-override neighbor 10.0.0.2 advertisement-interval 5 no auto-summary no synchronization exit-address-family
CSC-CE1 Configuration
mpls label protocol ldp mpls ldp graceful-restart ! interface Loopback0 ip address 10.14.14.14 255.255.255.255 no ip route-cache no ip mroute-cache ! interface ATM1/0 no ip address ! interface ATM1/0.1 point-to-point ip address 10.0.0.2 255.0.0.0 atm pvc 101 0 51 aal5snap no atm enable-ilmi-trap mpls label protocol ldp mpls ip ! interface ATM2/0 no ip address ! interface ATM2/0.1 point-to-point ip address 10.0.0.2 255.0.0.0 atm pvc 100 0 50 aal5snap no atm enable-ilmi-trap mpls label protocol ldp mpls ip ! router ospf 200 log-adjacency-changes redistribute connected subnets nsf enforce global network 10.14.14.14 0.0.0.0 area 200 network 10.0.0.0 0.255.255.255 area 200 network 10.0.0.0 0.255.255.255 area 200
CSC-PE1 Configuration
redundancy mode sso ip cef distributed ! ip vrf vpn1 rd 100:0 route-target export 100:0 route-target import 100:0 mpls label protocol ldp mpls ldp graceful-restart no mpls aggregate-statistics ! interface Loopback0 ip address 10.11.11.11 255.255.255.255 no ip route-cache no ip mroute-cache ! interface Loopback100 ip vrf forwarding vpn1 ip address 10.19.19.19 255.255.255.255 ! interface ATM1/1/0 no ip address ! interface ATM1/1/0.1 point-to-point ip address 10.0.0.1 255.0.0.0 atm pvc 100 0 50 aal5snap no atm enable-ilmi-trap mpls label protocol ldp mpls ip ! interface ATM3/0/0 no ip address ! interface ATM3/0/0.1 point-to-point ip vrf forwarding vpn1 ip address 10.0.0.1 255.0.0.0 atm pvc 101 0 51 aal5snap no atm enable-ilmi-trap mpls label protocol ldp mpls ip ! router ospf 100 log-adjacency-changes passive-interface ATM3/0/0.1 nsf enforce global passive-interface Loopback100 network 10.11.11.11 0.0.0.0 area 100 network 10.0.0.0 0.255.255.255 area 100 ! router ospf 200 vrf vpn1 log-adjacency-changes nsf enforce global redistribute bgp 100 metric-type 1 subnets network 10.19.19.19 0.0.0.0 area 200 network 10.0.0.0 0.255.255.255 area 200 ! router bgp 100 bgp log-neighbor-changes timers bgp 10 30 bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart neighbor 10.12.12.12 remote-as 100 neighbor 10.12.12.12 update-source Loopback0 ! address-family ipv4 neighbor 10.12.12.12 activate neighbor 10.12.12.12 send-community extended no synchronization exit-address-family ! address-family vpnv4 neighbor 10.12.12.12 activate neighbor 10.12.12.12 send-community extended exit-address-family ! address-family ipv4 vrf vpn1 redistribute ospf 200 match internal external 1 external 2 no auto-summary no synchronization exit-address-family
CSC-PE2 Configuration
redundancy mode sso ip cef distributed ! ip vrf vpn1 rd 100:0 route-target export 100:0 route-target import 100:0 mpls label protocol ldp mpls ldp graceful-restart no mpls aggregate-statistics ! interface Loopback0 ip address 10.12.12.12 255.255.255.255 no ip route-cache no ip mroute-cache ! interface Loopback100 ip vrf forwarding vpn1 ip address 10.20.20.20 255.255.255.255 ! interface ATM0/1/0 no ip address ! interface ATM0/1/0.1 point-to-point ip address 10.0.0.2 255.0.0.0 atm pvc 100 0 50 aal5snap no atm enable-ilmi-trap mpls label protocol ldp mpls ip ! interface ATM3/0/0 no ip address ! interface ATM3/0/0.1 point-to-point ip vrf forwarding vpn1 ip address 10.0.0.1 255.0.0.0 atm pvc 100 0 50 aal5snap no atm enable-ilmi-trap mpls label protocol ldp mpls ip ! router ospf 100 log-adjacency-changes nsf enforce global passive-interface ATM3/0/0.1 passive-interface Loopback100 network 10.12.12.12 0.0.0.0 area 100 network 10.0.0.0 0.255.255.255 area 100 ! router ospf 200 vrf vpn1 log-adjacency-changes nsf enforce global redistribute bgp 100 metric-type 1 subnets network 10.20.20.20 0.0.0.0 area 200 network 10.0.0.0 0.255.255.255 area 200 ! router bgp 100 bgp log-neighbor-changes timers bgp 10 30 bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart neighbor 10.11.11.11 remote-as 100 neighbor 10.11.11.11 update-source Loopback0 ! address-family ipv4 neighbor 10.11.11.11 activate neighbor 10.11.11.11 send-community extended no synchronization exit-address-family ! address-family vpnv4 neighbor 10.11.11.11 activate neighbor 10.11.11.11 send-community extended exit-address-family ! address-family ipv4 vrf vpn1 redistribute ospf 200 match internal external 1 external 2 no auto-summary no synchronization exit-address-family
CSC-CE2 Configuration
ip cef ! mpls ldp graceful-restart mpls label protocol ldp ! interface Loopback0 ip address 10.16.16.16 255.255.255.255 no ip route-cache no ip mroute-cache ! interface ATM1/0 no ip address ! interface ATM1/0.1 point-to-point ip address 10.0.0.2 255.0.0.0 atm pvc 100 0 50 aal5snap no atm enable-ilmi-trap mpls label protocol ldp mpls ip ! interface ATM5/0 no ip address ! interface ATM5/0.1 point-to-point ip address 10.0.0.2 255.0.0.0 atm pvc 100 0 50 aal5snap no atm enable-ilmi-trap mpls label protocol ldp mpls ip ! router ospf 200 log-adjacency-changes redistribute connected subnets nsf enforce global network 10.16.16.16 0.0.0.0 area 200 network 10.0.0.0 0.255.255.255 area 200 network 10.0.0.0 0.255.255.255 area 200
PE2 Configuration
redundancy mode sso ip cef distributed ip cef accounting non-recursive ! ip vrf vpn2 rd 200:1 route-target export 200:1 route-target import 200:1 mpls ldp graceful-restart mpls label protocol ldp ! interface Loopback0 ip address 10.15.15.15 255.255.255.255 ! interface Ethernet3/0 =====> interface FastEthernet3/0/0 on a Cisco 10000 series router ip vrf forwarding vpn2 ip address 10.0.0.1 255.0.0.0 ! interface ATM5/0 =====> interface ATM5/0/0 on a Cisco 10000 series router no ip address ! interface ATM5/0.1 point-to-point ==> interface ATM5/0/0.1 point-to-point on a Cisco 10000 ip address 10.0.0.1 255.0.0.0 atm pvc 100 0 50 aal5snap no atm enable-ilmi-trap mpls label protocol ldp mpls ip ! router ospf 200 log-adjacency-changes redistribute connected subnets nsf enforce global passive-interface Ethernet3/0 ===> passive-interface FastEthernet3/0/0 on a Cisco 10000 network 10.15.15.15 0.0.0.0 area 200 network 10.0.0.0 0.255.255.255 area 200 ! router bgp 200 no bgp default ipv4-unicast bgp log-neighbor-changes bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart timers bgp 10 30 neighbor 10.13.13.13 remote-as 200 neighbor 10.13.13.13 update-source Loopback0 ! address-family ipv4 neighbor 10.13.13.13 activate neighbor 10.13.13.13 send-community extended no synchronization exit-address-family ! address-family vpnv4 neighbor 10.13.13.13 activate neighbor 10.13.13.13 send-community extended exit-address-family ! address-family ipv4 vrf vpn2 neighbor 10.0.0.2 remote-as 300 neighbor 10.0.0.2 activate neighbor 10.0.0.2 as-override neighbor 10.0.0.2 advertisement-interval 5 no auto-summary no synchronization exit-address-family
CE2 Configuration
ip cef ! interface Loopback0 ip address 10.18.18.18 255.255.255.255 ! interface Ethernet0/1 ip address 10.0.0.2 255.0.0.0 ! router ospf 300 log-adjacency-changes nsf enforce global redistribute bgp 300 subnets passive-interface Ethernet0/1 network 10.18.18.18 0.0.0.0 area 300 ! router bgp 300 no synchronization bgp log-neighbor-changes bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart timers bgp 10 30 redistribute connected redistribute ospf 300 match internal external 1 external 2 neighbor 10.0.0.1 remote-as 200 neighbor 10.0.0.1 advertisement-interval 5 no auto-summary
NSF SSO - MPLS VPN for a CSC Network with BGP to Distribute MPLS Labels Example
In the following example and in the figure below, the NSF/SSO—MPLS VPN feature is configured on an existing MPLS VPN.
Enabling SSO on a Cisco 7500 Series Router
The following commands are used to enable SSO on the routers:
The configuration examples are the same for both platforms with the exception that the following configuration boot commands are seen in the beginning of a Cisco 7500 series router configuration (and not in a Cisco 10000 series router configuration):
boot system slot0:rsp-pv-mz hw-module slot 2 image slot0:rsp-pv-mz hw-module slot 3 image slot0:rsp-pv-mz
Enabling SSO on a Cisco 10000 Series Router
The SSO mode is enabled by default.
Enabling NSF on Both the Cisco 7500 Series and Cisco 10000 Series Routers
The following commands are used to enable NSF for the routing protocols, such as BGP and OSPF, and for the label distribution protocols, such as BGP and LDP:
- bgp graceful-restart restart-time
- bgp graceful-restart stalepath-time
- bgp graceful-restart
- nsf enforce global
- mpls forwarding bgp
Note |
In the configuration examples, the NSF/SSO commands are bold-faced and arrows highlight any platform-specific commands. |
This section and the figure below provide an example of a backbone carrier and a customer carrier who are both BGP/MPLS VPN service providers. The example shows how BGP is enabled to distribute routes and MPLS labels between PE and CE routers.
In the figure above, the subnet mask is 255.255.255.252.
The routers have the following characteristics:
- CE1 and CE2 belong to an end customer. CE1 and CE2 routers exchange routes learned from PE routers. The end customer is purchasing VPN services from a customer carrier.
- PE1 and PE2 are part of a customer carrier network that is configured to provide MPLS VPN services. PE1 and PE2 are peering with a VPNv4 IBGP session to form an MPLS VPN network.
- CSC-CE1 and CSC-CE2 are part of a customer carrier network. CSC-CE1 and CSC-CE2 routers exchange IPv4 BGP updates with MPLS labels and redistribute PE loopback addressees that are sent to and received from the IGP (OSPF in this example). The customer carrier is purchasing Carrier Supporting Carrier VPN services from a backbone carrier.
- CSC-PE1 and CSC-PE2 are part of the backbone carrier’s network configured to provide Carrier Supporting Carrier VPN services. CSC-PE1 and CSC-PE2 peer with a VPNv4 IP BGP session to form the MPLS VPN network. In the VRF, CSC-PE1 and CSC-PE2 peer with the CSC-CE routers, which are configured to carry MPLS labels with the routes, within an IPv4 EBGP session.
- CE1 Configuration
- PE1 Configuration
- CSC-CE1 Configuration
- CSC-PE1 Configuration
- CSC-PE2 Configuration
- CSC-CE2 Configuration
- PE2 Configuration
- CE2 Configuration
CE1 Configuration
ip cef interface Loopback0 ip address aa.aa.aa.aa 255.255.255.255 ! interface Ethernet3/3 ip address mm.0.0.1 255.0.0.0 ! router bgp 300 no synchronization bgp log-neighbor-changes bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart timers bgp 10 30 redistribute connected !Exchange routes neighbor mm.0.0.2 remote-as 200 !learned from PE1. neighbor mm.0.0.2 advertisement-interval 5 no auto-summary
PE1 Configuration
redundancy mode sso ip cef distributed ! ip vrf vpn2 rd 200:1 route-target export 200:1 route-target import 200:1 mpls ldp graceful-restart mpls label protocol ldp ! interface Loopback0 ip address bb.bb.bb.bb 255.255.255.255 ! interface Ethernet3/0 =====> interface FastEthernet3/0/0 on a Cisco 10000 series router ip address nn.0.0.1 255.0.0.0 no ip mroute-cache mpls label protocol ldp mpls ip ! interface Ethernet3/3 =====> interface FastEthernet3/0/3 on a Cisco 10000 series router ip vrf forwarding vpn2 ip address mm.0.0.2 255.0.0.0 no ip mroute-cache ! router ospf 200 log-adjacency-changes auto-cost reference-bandwidth 1000 nsf enforce global redistribute connected subnets passive-interface Ethernet3/3 ===> passive-interface FastEthernet3/0/3 on a Cisco 10000 network bb.bb.bb.bb 0.0.0.0 area 200 network nn.0.0.0 0.255.255.255 area 200 ! router bgp 200 no bgp default ipv4-unicast bgp log-neighbor-changes bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart timers bgp 10 30 neighbor hh.hh.hh.hh remote-as 200 neighbor hh.hh.hh.hh update-source Loopback0 ! address-family vpnv4 !VPNv4 session with PE2. neighbor hh.hh.hh.hh activate neighbor hh.hh.hh.hh send-community extended bgp dampening 30 exit-address-family ! address-family ipv4 vrf vpn2 neighbor mm.0.0.1 remote-as 300 neighbor mm.0.0.1 activate neighbor mm.0.0.1 as-override neighbor mm.0.0.1 advertisement-interval 5 no auto-summary no synchronization bgp dampening 30 exit-address-family
CSC-CE1 Configuration
ip cef ! mpls ldp graceful-restart mpls label protocol ldp ! interface Loopback0 ip address cc.cc.cc.cc 255.255.255.255 ! interface Ethernet3/0 ip address pp.0.0.1 255.0.0.0 mpls forwarding bgp ! interface Ethernet4/0 ip address nn.0.0.2 255.0.0.0 no ip mroute-cache mpls label protocol ldp mpls ip ! router ospf 200 log-adjacency-changes auto-cost reference-bandwidth 1000 nsf enforce global redistribute connected subnets !Exchange routes redistribute bgp 200 metric 3 subnets !learned from PE1. passive-interface ATM1/0 passive-interface Ethernet3/0 network cc.cc.cc.cc 0.0.0.0 area 200 network nn.0.0.0 0.255.255.255 area 200 ! router bgp 200 no bgp default ipv4-unicast bgp log-neighbor-changes bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart timers bgp 10 30 neighbor pp.0.0.2 remote-as 100 neighbor pp.0.0.2 update-source Ethernet3/0 no auto-summary ! address-family ipv4 redistribute connected redistribute ospf 200 metric 4 match internal neighbor pp.0.0.2 activate neighbor pp.0.0.2 send-label no auto-summary no synchronization bgp dampening 30 exit-address-family
CSC-PE1 Configuration
redundancy mode sso ip cef distributed ! ip vrf vpn1 rd 100:1 route-target export 100:1 route-target import 100:1 mpls ldp graceful-restart mpls label protocol ldp ! interface Loopback0 ip address dd.dd.dd.dd 255.255.255.255 ! interface Ethernet3/1 =====> interface FastEthernet3/0/1 on a Cisco 10000 series router ip vrf forwarding vpn1 ip address pp.0.0.2 255.0.0.0 mpls forwarding bgp ! interface ATM0/1/0 no ip address ! interface ATM0/1/0.1 point-to-point ip unnumbered Loopback0 no atm enable-ilmi-trap mpls label protocol ldp mpls ip ! router ospf 100 log-adjacency-changes auto-cost reference-bandwidth 1000 nsf enforce global redistribute connected subnets passive-interface Ethernet3/1 network dd.dd.dd.dd 0.0.0.0 area 100 ! router bgp 100 no bgp default ipv4-unicast bgp log-neighbor-changes bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart timers bgp 10 30 neighbor ee.ee.ee.ee remote-as 100 neighbor ee.ee.ee.ee update-source Loopback0 ! address-family vpnv4 !VPNv4 session with CSC-PE2. neighbor ee.ee.ee.ee activate neighbor ee.ee.ee.ee send-community extended bgp dampening 30 exit-address-family ! address-family ipv4 vrf vpn1 neighbor pp.0.0.1 remote-as 200 neighbor pp.0.0.1 activate neighbor pp.0.0.1 as-override neighbor pp.0.0.1 advertisement-interval 5 neighbor pp.0.0.1 send-label no auto-summary no synchronization bgp dampening 30 exit-address-family
CSC-PE2 Configuration
redundancy mode sso ip cef distributed ! ip vrf vpn1 rd 100:1 route-target export 100:1 route-target import 100:1 mpls ldp graceful-restart mpls label protocol ldp ! interface Loopback0 ip address ee.ee.ee.ee 255.255.255.255 ! interface Ethernet5/0 =====> interface FastEthernet5/0/0 on a Cisco 10000 series router ip vrf forwarding vpn1 ip address ss.0.0.2 255.0.0.0 mpls forwarding bgp no ip route-cache distributed clock source internal ! interface ATM2/1/0 no ip address ! interface ATM2/1/0.1 point-to-point ip unnumbered Loopback0 no atm enable-ilmi-trap mpls label protocol ldp mpls ip ! router ospf 100 log-adjacency-changes auto-cost reference-bandwidth 1000 nsf enforce global redistribute connected subnets passive-interface Ethernet5/0 ====> passive-interface FastEthernet5/0/0 on a Cisco 10000 passive-interface ATM3/0/0 network ee.ee.ee.ee 0.0.0.0 area 100 ! router bgp 100 no bgp default ipv4-unicast bgp log-neighbor-changes bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart timers bgp 10 30 neighbor dd.dd.dd.dd remote-as 100 neighbor dd.dd.dd.dd update-source Loopback0 ! address-family vpnv4 !VPNv4 session with CSC-PE1. neighbor dd.dd.dd.dd activate neighbor dd.dd.dd.dd send-community extended bgp dampening 30 exit-address-family ! address-family ipv4 vrf vpn1 neighbor ss.0.0.1 remote-as 200 neighbor ss.0.0.1 activate neighbor ss.0.0.1 as-override neighbor ss.0.0.1 advertisement-interval 5 neighbor ss.0.0.1 send-label no auto-summary no synchronization bgp dampening 30 exit-address-family
CSC-CE2 Configuration
ip cef ! mpls ldp graceful-restart mpls label protocol ldp ! interface Loopback0 ip address gg.gg.gg.gg 255.255.255.255 ! interface Ethernet2/2 ip address ss.0.0.2 255.0.0.0 no ip mroute-cache mpls forwarding bgp ! interface ATM3/1/0.1 point-to-point ip address yy.0.0.1 255.0.0.0 mpls label protocol ldp mpls ip ! router ospf 200 log-adjacency-changes auto-cost reference-bandwidth 1000 nsf enforce global redistribute connected subnets !Exchange routes redistribute bgp 200 metric 3 subnets !learned from PE2. passive-interface ATM3/1/0.1 network gg.gg.gg.gg 0.0.0.0 area 200 network ss.0.0.0 0.255.255.255 area 200 ! router bgp 200 no bgp default ipv4-unicast bgp log-neighbor-changes bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart timers bgp 10 30 neighbor yy.0.0.2 remote-as 100 neighbor yy.0.0.2 update-source ATM3/1/0.1 no auto-summary ! address-family ipv4 redistribute connected redistribute ospf 200 metric 4 match internal neighbor yy.0.0.2 activate neighbor yy.0.0.2 send-label no auto-summary no synchronization bgp dampening 30 exit-address-family
PE2 Configuration
redundancy mode sso ip cef distributed ! ip vrf vpn2 rd 200:1 route-target export 200:1 route-target import 200:1 ! mpls ldp graceful-restart mpls label protocol ldp ! interface Loopback0 ip address hh.hh.hh.hh 255.255.255.255 ! interface Ethernet3/6 =====> interface FastEthernet3/0/6 on a Cisco 10000 series router ip vrf forwarding vpn2 ip address tt.0.0.2 255.0.0.0 ! interface ATM5/0.1 point2point ip address qq.0.0.1 255.0.0.0 no atm enable-ilmi-trap no ip mroute-cache mpls label protocol ldp mpls ip ! router bgp 200 no bgp default ipv4-unicast bgp log-neighbor-changes bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart timers bgp 10 30 neighbor bb.bb.bb.bb remote-as 200 neighbor bb.bb.bb.bb update-source Loopback0 ! address-family vpnv4 !VPNv4 session with PE1. neighbor bb.bb.bb.bb activate neighbor bb.bb.bb.bb send-community extended bgp dampening 30 exit-address-family ! address-family ipv4 vrf vpn2 neighbor tt.0.0.1 remote-as 300 neighbor tt.0.0.1 activate neighbor tt.0.0.1 as-override neighbor tt.0.0.1 advertisement-interval 5 no auto-summary no synchronization bgp dampening 30 exit-address-family
CE2 Configuration
ip cef ! interface Loopback0 ip address jj.jj.jj.jj 255.255.255.255 ! interface Ethernet3/6 ip address tt.0.0.1 255.0.0.0 ! router bgp 300 bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart no synchronization bgp log-neighbor-changes timers bgp 10 30 !Exchange routes redistribute connected !learned from PE2. redistribute ospf 300 match internal external 1 external 2 neighbor tt.0.0.2 remote-as 200 neighbor tt.0.0.2 advertisement-interval 5 no auto-summary
NSF SSO - MPLS VPN for an Inter-AS Network with BGP to Distribute Routes and MPLS Labels Example
In the figure below and in the following example, the NSF/SSO—MPLS VPN feature is configured on the existing MPLS VPN Inter-AS configuration.
Enabling SSO on a Cisco 7500 Series Router
The following commands are used to enable SSO on the routers:
The configuration examples are the same for both platforms with the exception that the following configuration boot commands are seen in the beginning of a Cisco 7500 series router configuration (and not in a Cisco 10000 series router configuration):
boot system slot0:rsp-pv-mz hw-module slot 2 image slot0:rsp-pv-mz hw-module slot 3 image slot0:rsp-pv-mz
Enabling SSO on a Cisco 10000 Series Router
The SSO mode is enabled by default.
Enabling NSF on Both the Cisco 7500 Series and Cisco 10000 Series Routers
The following commands are used to enable NSF for the routing protocols, such as BGP and OSPF, and for the label distribution protocols, such as BGP and LDP:
- bgp graceful-restart restart-time
- bgp graceful-restart stalepath-time
- bgp graceful-restart
- nsf enforce global
- mpls forwarding bgp
Inter-AS with IPv4 BGP Label Distribution enables you to set up a VPN so that the ASBRs exchange IPv4 routes with MPLS labels of the PE routers. Route reflectors (RRs) exchange VPNv4 routes by using Multihop, Multiprotocol EBGP. This configuration saves the ASBRs from having to store all of the VPNv4 routes. Using the RRs to store the VPNv4 routes and forward them to the PE routers improves scalability.
The figure below shows two MPLS VPN service providers. They distribute VPNv4 addresses between the RRs and IPv4 routes and MPLS labels between ASBRs.
The figure above shows the two techniques you can use to distribute the VPNv4 routes and the IPv4 routes and MPLS labels of remote PEs and RRs to local PEs and RRs:
- AS 100 uses the route reflectors to distribute the IPv4 routes and MPLS labels and the VPNv4 routes from the ASBR to the PE.
- In AS 200, the IPv4 routes that ASBR2 learned are redistributed into IGP.
Note |
In the configuration examples, the NSF/SSO commands are bold-faced and arrows highlight any platform-specific commands. |
RR1 Configuration
The configuration example for RR1 specifies the following:
- RR1 exchanges VPNv4 routes with RR2, using Multihop, Multiprotocol EBGP.
- The VPNv4 next hop information and the VPN label are preserved across the autonomous systems.
- RR1 reflects to PE1 the VPNv4 routes learned from RR2 and the IPv4 routes and MPLS labels learned from ASBR1.
redundancy mode sso ip subnet-zero ip cef distributed ! interface Loopback0 ip address aa.aa.aa.aa 255.255.255.255 ! interface Serial1/2 =======> Serial1/0/2 on a Cisco 10000 series router ip address dd.0.0.2 255.0.0.0 clockrate 124061 ! router ospf 10 log-adjacency-changes auto-cost reference-bandwidth 1000 network aa.aa.aa.aa 0.0.0.0 area 100 network dd.0.0.0 0.255.255.255 area 100 ! router bgp 100 bgp cluster-id 1 bgp log-neighbor-changes bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart timers bgp 10 30 neighbor ee.ee.ee.ee remote-as 100 neighbor ee.ee.ee.ee update-source Loopback0 neighbor ww.ww.ww.ww remote-as 100 neighbor ww.ww.ww.ww update-source Loopback0 neighbor bb.bb.bb.bb remote-as 200 neighbor bb.bb.bb.bb ebgp-multihop 255 neighbor bb.bb.bb.bb update-source Loopback0 no auto-summary ! address-family ipv4 neighbor ee.ee.ee.ee activate neighbor ee.ee.ee.ee route-reflector-client !IPv4+labels session to PE1 neighbor ee.ee.ee.ee send-label neighbor ww.ww.ww.ww activate neighbor ww.ww.ww.ww route-reflector-client !IPv4+labels session to ASBR1 neighbor ww.ww.ww.ww send-label no neighbor bb.bb.bb.bb activate no auto-summary no synchronization exit-address-family ! address-family vpnv4 neighbor ee.ee.ee.ee activate neighbor ee.ee.ee.ee route-reflector-client !VPNv4 session with PE1 neighbor ee.ee.ee.ee send-community extended neighbor bb.bb.bb.bb activate neighbor bb.bb.bb.bb next-hop-unchanged !MH-VPNv4 session with RR2 with next hop unchanged neighbor bb.bb.bb.bb send-community extended exit-address-family ! ip default-gateway 10.3.0.1 no ip classless ! end
ASBR1 Configuration
ASBR1 exchanges IPv4 routes and MPLS labels with ASBR2.
redundancy mode sso ip cef distributed ip subnet-zero mpls ldp graceful-restart mpls label protocol ldp ! interface Loopback0 ip address ww.ww.ww.ww 255.255.255.255 no ip route-cache no ip mroute-cache ! interface Ethernet0/2 =====> interface FastEthernet1/0/2 on a Cisco 10000 series router ip address hh.0.0.2 255.0.0.0 no ip mroute-cache mpls forwarding bgp ! interface Ethernet0/3 =====> interface FastEthernet1/0/3 on a Cisco 10000 series router ip address dd.0.0.1 255.0.0.0 no ip mroute-cache mpls label protocol ldp mpls ip ! router ospf 10 log-adjacency-changes auto-cost reference-bandwidth 1000 nsf enforce global redistribute connected subnets passive-interface Ethernet0/2 =====> passive-interface FastEthernet1/0/2 on a Cisco 10000 network ww.ww.ww.ww 0.0.0.0 area 100 network dd.0.0.0 0.255.255.255 area 100 ! router bgp 100 bgp log-neighbor-changes bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart timers bgp 10 30 neighbor aa.aa.aa.aa remote-as 100 neighbor aa.aa.aa.aa update-source Loopback0 neighbor hh.0.0.1 remote-as 200 no auto-summary ! Redistributing IGP into BGP ! so that PE1 & RR1 loopbacks ! get into the BGP table. address-family ipv4 redistribute ospf 10 neighbor aa.aa.aa.aa activate neighbor aa.aa.aa.aa send-label neighbor hh.0.0.1 activate neighbor hh.0.0.1 advertisement-interval 5 neighbor hh.0.0.1 send-label no auto-summary no synchronization exit-address-family ! ip default-gateway 10.3.0.1 ip classless end
RR2 Configuration
RR2 exchanges VPNv4 routes with RR1 through Multihop, Multiprotocol EBGP. In this configuration, the next hop information and the VPN label are preserved across the autonomous systems.
ip subnet-zero ip cef ! interface Loopback0 ip address bb.bb.bb.bb 255.255.255.255 ! interface Serial1/1 ip address ii.0.0.2 255.0.0.0 no ip mroute-cache ! router ospf 20 log-adjacency-changes network bb.bb.bb.bb 0.0.0.0 area 200 network ii.0.0.0 0.255.255.255 area 200 ! router bgp 200 bgp cluster-id 1 bgp log-neighbor-changes bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart timers bgp 10 30 neighbor aa.aa.aa.aa remote-as 100 neighbor aa.aa.aa.aa ebgp-multihop 255 neighbor aa.aa.aa.aa update-source Loopback0 neighbor ff.ff.ff.ff remote-as 200 neighbor ff.ff.ff.ff update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor aa.aa.aa.aa activate neighbor aa.aa.aa.aa next-hop-unchanged !Multihop VPNv4 session with RR1 with next-hop unchanged neighbor aa.aa.aa.aa send-community extended neighbor ff.ff.ff.ff activate neighbor ff.ff.ff.ff route-reflector-client !VPNv4 session with PE2 neighbor ff.ff.ff.ff send-community extended exit-address-family ! ip default-gateway 10.3.0.1 no ip classless end
ASBR2 Configuration
ASBR2 exchanges IPv4 routes and MPLS labels with ASBR1. However, in contrast to ASBR1, ASBR2 does not use the RR to reflect IPv4 routes and MPLS labels to PE2. ASBR2 redistributes the IPv4 routes and MPLS labels learned from ASBR1 into IGP. PE2 can reach these prefixes.
ip subnet-zero ip cef ! mpls ldp graceful-restart mpls label protocol ldp ! interface Loopback0 ip address xx.xx.xx.xx 255.255.255.255 ! interface Ethernet1/0 ip address hh.0.0.1 255.0.0.0 no ip mroute-cache mpls forwarding bgp ! interface Ethernet1/2 ip address jj.0.0.1 255.0.0.0 no ip mroute-cache mpls label protocol ldp mpls ip ! router ospf 20 log-adjacency-changes auto-cost reference-bandwidth 1000 nsf enforce global redistribute connected subnets redistribute bgp 200 subnets passive-interface Ethernet1/0 ! redistributing the routes learned from ASBR1 !(EBGP+labels session) into IGP so that PE2 ! will learn them network xx.xx.xx.xx 0.0.0.0 area 200 network jj..0.0 0.255.255.255 area 200 ! router bgp 200 bgp log-neighbor-changes bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart timers bgp 10 30 neighbor bb.bb.bb.bb remote-as 200 neighbor bb.bb.bb.bb update-source Loopback0 neighbor hh.0.0.2 remote-as 100 no auto-summary ! address-family ipv4 redistribute ospf 20 ! Redistributing IGP into BGP ! so that PE2 & RR2 loopbacks ! will get into the BGP-4 table neighbor hh.0.0.2 activate neighbor hh.0.0.2 advertisement-interval 5 neighbor hh.0.0.2 send-label no auto-summary no synchronization exit-address-family ! address-family vpnv4 neighbor bb.bb.bb.bb activate neighbor bb.bb.bb.bb send-community extended exit-address-family ! ip default-gateway 10.3.0.1 ip classless ! end
NSF SSO - MPLS VPN for an Inter-AS Network That Uses BGP over a Non-MPLS VPN Service Provider Example
In this example, the NSF/SSO—MPLS VPN feature is configured on an existing MPLS VPN.
Enabling SSO on a Cisco 7500 Series Router
The following commands are used to enable SSO on the routers:
The configuration examples are the same for both platforms with the exception that the following configuration boot commands are seen in the beginning of a Cisco 7500 series router configuration (and not in a Cisco 10000 series router configuration):
boot system slot0:rsp-pv-mz hw-module slot 2 image slot0:rsp-pv-mz hw-module slot 3 image slot0:rsp-pv-mz
Enabling SSO on a Cisco 10000 Series Router
The SSO mode is enabled by default.
Enabling NSF on Both the Cisco 7500 Series and Cisco 10000 Series Routers
The following commands are used to enable NSF for the routing protocols, such as BGP and OSPF, and for the label distribution protocols, such as BGP and LDP:
- bgp graceful-restart restart-time
- bgp graceful-restart stalepath-time
- bgp graceful-restart
- nsf enforce global
- mpls forwarding bgp
The figure below shows two MPLS VPN service providers that are connected through a non-MPLS VPN service provider. The autonomous system in the middle of the network is configured as a backbone autonomous system that uses LDP to distribute MPLS labels. You can also use traffic engineering tunnels instead of LDP to build the LSP across the non-MPLS VPN service provider.
Note |
In the configuration examples, the NSF/SSO commands are bold-faced and arrows highlight any platform-specific commands. |
- RR1 Configuration
- ASBR1 Configuration
- RR2 Configuration
- ASBR2 Configuration
- ASBR3 Configuration
- RR3 Configuration
- ASBR4 Configuration
RR1 Configuration
The configuration example for RR1 specifies the following:
- RR1 exchanges VPNv4 routes with RR2, using Multihop, Multiprotocol EBGP.
- The VPNv4 next hop information and the VPN label are preserved across the autonomous systems.
- RR1 reflects to PE1 the VPNv4 routes learned from RR2 and the IPv4 routes and MPLS labels learned from ASBR1.
ip subnet-zero ip cef ! interface Loopback0 ip address aa.aa.aa.aa 255.255.255.255 ! interface Serial1/2 ip address dd.0.0.2 255.0.0.0 clockrate 124061 ! router ospf 10 log-adjacency-changes auto-cost reference-bandwidth 1000 network aa.aa.aa.aa 0.0.0.0 area 100 network dd.dd.0.0.0 0.255.255.255 area 100 ! router bgp 100 bgp cluster-id 1 bgp log-neighbor-changes bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart timers bgp 10 30 neighbor ee.ee.ee.ee remote-as 100 neighbor ee.ee.ee.ee update-source Loopback0 neighbor ww.ww.ww.ww remote-as 100 neighbor ww.ww.ww.ww update-source Loopback0 neighbor bb.bb.bb.bb remote-as 200 neighbor bb.bb.bb.bb ebgp-multihop 255 neighbor bb.bb.bb.bb update-source Loopback0 no auto-summary ! address-family ipv4 neighbor ee.ee.ee.ee activate neighbor ee.ee.ee.ee route-reflector-client !IPv4+labels session to PE1 neighbor ee.ee.ee.ee send-label neighbor ww.ww.ww.ww activate neighbor ww.ww.ww.ww route-reflector-client !IPv4+labels session to ASBR1 neighbor ww.ww.ww.ww send-label no neighbor bb.bb.bb.bb activate no auto-summary no synchronization exit-address-family ! address-family vpnv4 neighbor ee.ee.ee.ee activate neighbor ee.ee.ee.ee route-reflector-client !VPNv4 session with PE1 neighbor ee.ee.ee.ee send-community extended neighbor bb.bb.bb.bb activate neighbor bb.bb.bb.bb next-hop-unchanged !MH-VPNv4 session with RR2 with next-hop-unchanged neighbor bb.bb.bb.bb send-community extended exit-address-family ! ip default-gateway 10.3.0.1 no ip classless ! snmp-server engineID local 00000009020000D0584B25C0 snmp-server community public RO snmp-server community write RW no snmp-server ifindex persist snmp-server packetsize 2048 ! end
ASBR1 Configuration
ASBR1 exchanges IPv4 routes and MPLS labels with ASBR2.
redundancy mode sso ip subnet-zero ip cef distributed mpls ldp graceful-restart mpls label protocol ldp ! interface Loopback0 ip address ww.ww.ww.ww 255.255.255.255 no ip route-cache no ip mroute-cache ! interface Serial3/0/0 ip address kk.0.0.2 255.0.0.0 mpls forwarding bgp ip route-cache distributed ! interface Ethernet0/3 ip address dd.0.0.1 255.0.0.0 no ip mroute-cache mpls label protocol ldp mpls ip ! router ospf 10 log-adjacency-changes nsf enforce global auto-cost reference-bandwidth 1000 redistribute connected subnets passive-interface Serial3/0/0 network ww.ww.ww.ww 0.0.0.0 area 100 network dd.0.0.0 0.255.255.255 area 100 ! router bgp 100 bgp log-neighbor-changes bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart timers bgp 10 30 neighbor aa.aa.aa.aa remote-as 100 neighbor aa.aa.aa.aa update-source Loopback0 neighbor kk.0.0.1 remote-as 200 no auto-summary ! address-family ipv4 redistribute ospf 10 ! Redistributing IGP into BGP neighbor aa.aa.aa.aa activate ! so that PE1 & RR1 loopbacks neighbor aa.aa.aa.aa send-label ! get into BGP table neighbor kk.0.0.1 activate neighbor kk.0.0.1 advertisement-interval 5 neighbor kk.0.0.1 send-label no auto-summary no synchronization exit-address-family ! ip default-gateway 10.3.0.1 ip classless ! end
RR2 Configuration
RR2 exchanges VPNv4 routes with RR1, using Multihop, Multiprotocol EBGP. This configuration also preserves the next hop information and the VPN label across the autonomous systems.
ip subnet-zero ip cef ! interface Loopback0 ip address bb.bb.bb.bb 255.255.255.255 ! interface Serial1/1 ip address ii.0.0.2 255.0.0.0 no ip mroute-cache ! router ospf 20 log-adjacency-changes network bb.bb.bb.bb 0.0.0.0 area 200 network ii.0.0.0 0.255.255.255 area 200 ! router bgp 200 bgp cluster-id 1 bgp log-neighbor-changes bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart timers bgp 10 30 neighbor aa.aa.aa.aa remote-as 100 neighbor aa.aa.aa.aa ebgp-multihop 255 neighbor aa.aa.aa.aa update-source Loopback0 neighbor ff.ff.ff.ff remote-as 200 neighbor ff.ff.ff.ff update-source Loopback0 no auto-summary ! address-family vpnv4 neighbor aa.aa.aa.aa activate neighbor aa.aa.aa.aa next-hop-unchanged !MH Vpnv4 session with RR1 with next-hop-unchanged neighbor aa.aa.aa.aa send-community extended neighbor ff.ff.ff.ff activate neighbor ff.ff.ff.ff route-reflector-client !Vpnv4 session with PE2 neighbor ff.ff.ff.ff send-community extended exit-address-family ! ip default-gateway 10.3.0.1 no ip classless ! end
ASBR2 Configuration
ASBR2 exchanges IPv4 routes and MPLS labels with ASBR1. However, in contrast to ASBR1, ASBR2 does not use the RR to reflect IPv4 routes and MPLS labels to PE2. Instead, ASBR2 redistributes the IPv4 routes and MPLS labels learned from ASBR1 into IGP. PE2 can now reach these prefixes.
redundancy mode sso ip subnet-zero ip cef distributed ! mpls ldp graceful-restart mpls label protocol ldp ! interface Loopback0 ip address xx.xx.xx.xx 255.255.255.255 ! interface Ethernet0/1 =====> interface FastEthernet1/0/1 on a Cisco 10000 series router ip address qq.0.0.2 255.0.0.0 mpls forwarding bgp ! interface Ethernet1/2 =====> interface FastEthernet1/1/2 on a Cisco 10000 series router ip address jj.0.0.1 255.0.0.0 no ip mroute-cache mpls label protocol ldp mpls ip ! router ospf 20 log-adjacency-changes auto-cost reference-bandwidth 1000 nsf enforce global redistribute connected subnets redistribute bgp 200 subnets !redistributing the routes learned from ASBR4 !(EBGP+labels session) into IGP so that PE2 !will learn them passive-interface Ethernet0/1 ====> passive-interface FastEthernet1/0/1 on a Cisco 10000 network xx.xx.xx.xx 0.0.0.0 area 200 network jj.0.0.0 0.255.255.255 area 200 ! router bgp 200 bgp log-neighbor-changes bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart timers bgp 10 30 neighbor bb.bb.bb.bb remote-as 200 neighbor bb.bb.bb.bb update-source Loopback0 neighbor qq.0.0.1 remote-as 100 no auto-summary ! address-family ipv4 ! Redistributing IGP into BGP redistribute ospf 20 ! so that PE2 & RR2 loopbacks ! will get into the BGP-4 table neighbor qq.0.0.1 activate neighbor qq.0.0.1 advertisement-interval 5 neighbor qq.0.0.1 send-label no auto-summary no synchronization exit-address-family ! address-family vpnv4 neighbor bb.bb.bb.bb activate neighbor bb.bb.bb.bb send-community extended exit-address-family ! ip default-gateway 10.3.0.1 ip classless ! end
ASBR3 Configuration
ASBR3 belongs to a non-MPLS VPN service provider. ASBR3 exchanges IPv4 routes and MPLS labels with ASBR1. ASBR3 also passes the routes learned from ASBR1 to ASBR3 through RR3.
Note |
Do not redistribute EBGP routes learned into internal BGP if you are using IBGP to distribute the routes and labels. This is not a supported configuration. |
ip subnet-zero ip cef ! interface Loopback0 ip address yy.yy.yy.yy 255.255.255.255 no ip route-cache no ip mroute-cache ! interface Hssi4/0 ========> only on a Cisco 7500 series router ip address mm.0.0.0.1 255.0.0.0 ========> only on a Cisco 7500 series router no ip mroute-cache ========> only on a Cisco 7500 series router mpls ip ========> only on a Cisco 7500 series router hssi internal-clock ========> only on a Cisco 7500 series router ! interface Serial5/0 ========> Serial5/0/0 on a Cisco 10000 series router ip address kk.0.0.1 255.0.0.0 no ip mroute-cache load-interval 30 clockrate 124061 mpls forwarding bgp ! router ospf 30 log-adjacency-changes auto-cost reference-bandwidth 1000 redistribute connected subnets network yy.yy.yy.yy 0.0.0.0 area 300 network mm.0.0.0 0.255.255.255 area 300 ========> only on a Cisco 7500 series router ! router bgp 300 bgp log-neighbor-changes bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart timers bgp 10 30 neighbor cc.cc.cc.cc remote-as 300 neighbor cc.cc.cc.cc update-source Loopback0 neighbor kk.0.0.2 remote-as 100 no auto-summary ! address-family ipv4 neighbor cc.cc.cc.cc activate ! IBGP+labels session with RR3 neighbor cc.cc.cc.cc send-label neighbor kk.0.0.2 activate ! EBGP+labels session with ASBR1 neighbor kk.0.0.2 advertisement-interval 5 neighbor kk.0.0.2 send-label no auto-summary no synchronization exit-address-family ! end
RR3 Configuration
RR3 is a non-MPLS VPN RR that reflects IPv4 routes with MPLS labels to ASBR3 and ASBR4.
ip subnet-zero ! interface Loopback0 ip address cc.cc.cc.cc 255.255.255.255 ! interface POS0/2 =========> interface POS1/0/2 on a Cisco 10000 series router ip address pp.0.0.1 255.0.0.0 no ip route-cache cef no ip route-cache no ip mroute-cache crc 16 clock source internal ! router ospf 30 log-adjacency-changes network cc.cc.cc.cc 0.0.0.0 area 300 network pp.0.0.0 0.255.255.255 area 300 ! router bgp 300 bgp log-neighbor-changes bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart neighbor zz.zz.zz.zz remote-as 300 neighbor zz.zz.zz.zz update-source Loopback0 neighbor yy.yy.yy.yy remote-as 300 neighbor yy.yy.yy.yy update-source Loopback0 no auto-summary ! address-family ipv4 neighbor zz.zz.zz.zz activate neighbor zz.zz.zz.zz route-reflector-client neighbor zz.zz.zz.zz send-label ! IBGP+labels session with ASBR3 neighbor yy.yy.yy.yy activate neighbor yy.yy.yy.yy route-reflector-client neighbor yy.yy.yy.yy send-label ! IBGP+labels session with ASBR4 no auto-summary no synchronization exit-address-family ! ip default-gateway 10.3.0.1 ip classless ! end
ASBR4 Configuration
ASBR4 belongs to a non-MPLS VPN service provider. ASBR4 and ASBR3 exchange IPv4 routes and MPLS labels by means of RR3.
Note |
If you use IBGP to distribute the routes and labels, do not redistribute EBGP learned routes into IBGP. This is not a supported configuration. |
redundancy mode sso mpls ldp graceful-restart ip subnet-zero ip cef distributed ! interface Loopback0 ip address zz.zz.zz.zz 255.255.255.255 no ip route-cache no ip mroute-cache ! interface Ethernet0/2 =====> interface FastEthernet1/0/2 on a Cisco 10000 series router ip address qq.0.0.1 255.0.0.0 no ip mroute-cache mpls forwarding bgp ! interface POS1/1/0 ip address pp.0.0.2 255.0.0.0 ip route-cache distributed ! interface Hssi2/1/1 ========> only on a Cisco 7500 series router ip address mm.0.0.2 255.0.0.0 ========> only on a Cisco 7500 series router ip route-cache distributed ========> only on a Cisco 7500 series router no ip mroute-cache ========> only on a Cisco 7500 series router mpls label protocol ldp ========> only on a Cisco 7500 series router mpls ip ========> only on a Cisco 7500 series router hssi internal-clock ========> only on a Cisco 7500 series router ! router ospf 30 log-adjacency-changes nsf enforce global auto-cost reference-bandwidth 1000 redistribute connected subnets passive-interface Ethernet0/2 ====> passive-interface FastEthernet1/0/2 on a Cisco 10000 network zz.zz.zz.zz 0.0.0.0 area 300 network pp.0.0.0 0.255.255.255 area 300 network mm.0.0.0 0.255.255.255 area 300 ! router bgp 300 bgp log-neighbor-changes bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart timers bgp 10 30 neighbor cc.cc.cc.cc remote-as 300 neighbor cc.cc.cc.cc update-source Loopback0 neighbor qq.0.0.2 remote-as 200 no auto-summary ! address-family ipv4 neighbor cc.cc.cc.cc activate neighbor cc.cc.cc.cc send-label neighbor qq.0.0.2 activate neighbor qq.0.0.2 advertisement-interval 5 neighbor qq.0.0.2 send-label no auto-summary no synchronization exit-address-family ! ip classless end
Additional References
The following sections provide additional information related to the NSF/SSO - MPLS VPN feature.
Related Documents
| Related Topic |
Document Title |
|---|---|
| Nonstop forwarding and BGP Graceful Restart |
Cisco Nonstop Forwarding |
| Nonstop forwarding for MPLS LDP |
NSF/SSO-MPLS LDP and MPLS LDP Graceful Restart |
| Stateful awitchover |
Stateful Switchover |
| Basic VPNs, MPLS VPN interautonomous systems, MPLS VPN Carrier Supporting Carrier |
Configuring MPLS VPNs |
Standards
| Standards |
Title |
|---|---|
| draft-ietf-mpls-bgp-mpls-restart.txt |
Graceful Restart Mechanism for BGP with MPLS |
| draft-ietf-mpls-idr-restart.txt |
Graceful Restart Mechanism for BGP |
MIBs
| MIBs |
MIBs Link |
|---|---|
| MPLS VPN MIB |
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: |
RFCs
| RFCs |
Title |
|---|---|
| RFC 1163 |
A Border Gateway Protocol |
| RFC 1164 |
Application of the Border Gateway Protocol in the Internet |
| RFC 2283 |
Multiprotocol Extensions for BGP-4 |
| RFC 2547 |
BGP/MPLS VPNs |
Technical Assistance
| Description |
Link |
|---|---|
| The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register on Cisco.com. |
Feature Information for NSF SSO - MPLS VPN
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
| Feature Name |
Releases |
Feature Information |
|---|---|---|
| NSF/SSO—MPLS VPN |
12.2(25)S 12.2(28)SB 12.2(33)SRA 12.2(33)SXH |
This feature allows a provider edge (PE) router or Autonomous System Border Router (ASBR) (with redundant Route Processors) to preserve data forwarding information in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) when the primary Route Processor restarts. In 12.2(25)S, this feature was introduced on the Cisco 7500 series router. In 12.2(28)SB, support was added for the Cisco 10000 series routers. In 12.2(33)SRA, support was added for the Cisco 7600 series routers. In 12.2(33)SXH, this feature was integrated into this release. |
Feedback