L3VPN iBGP PE-CE

The L3VPN iBGP PE-CE feature enables the provider edge (PE) and customer edge (CE) devices to exchange Border Gateway Protocol (BGP) routing information by peering as iBGP instead of as external BGP peering between the PE and CE.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Restrictions for L3VPN iBGP PE-CE

We recommend not using the soft-reconfiguration inbound or BGP soft-reconfig-backup feature with the iBGP PE CE.

Information About L3VPN iBGP PE-CE

L3VPN iBGP PE-CE

When BGP is used as the provider edge (PE) or customer edge (CE) routing protocol, the peering sessions are configured as an external peering between the VPN provider autonomous system (AS) and the customer network autonomous system. The L3VPN iBGP PE-CE feature enables the PE and CE devices to exchange Border Gateway Protocol (BGP) routing information by peering as internal Border Gateway Protocol (iBGP) instead of the widely used external BGP peering between the PE and the CE. This mechanism applies at each PE device where a VRF-based CE is configured as iBGP. This eliminates the need for service providers (SPs) to configure autonomous system override for the CE. With this feature enabled, there is no need to configure the virtual private network (VPN) sites using different autonomous systems.

The introduction of the neighbor internal-vpn-client command enables PE devices to make an entire VPN cloud act like an internal VPN client to the CE devices. These CE devices are connected internally to the VPN cloud through the iBGP PE-CE connection inside the VRF. After this connection is established, the PE device encapsulates the CE-learned path into an attribute called ATTR_SET and carries it in the iBGP-sourced path throughout the VPN core to the remote PE device. At the remote PE device, this attribute is assigned with individual attributes and the source CE path is extracted and sent to the remote CE devices. ATTR_SET is an optional transitive attribute that carries a set of BGP path attributes. It can include any BGP attribute that can occur in a BGP update message as received from the source CE device.

How to Configure L3VPN iBGP PE-CE

Configuring L3VPN iBGP PE-CE

SUMMARY STEPS

    1.    enable

    2.    configure terminal

    3.    router bgp as-number

    4.    address-family ipv4 vrf name

    5.    neighbor ip-address internal-vpn-client


DETAILED STEPS
     Command or ActionPurpose
    Step 1 enable


    Example:
    Device> enable
     

    Enables privileged EXEC mode.

     
    Step 2configure terminal


    Example:
    Device(config)# configure terminal
     

    Enters global configuration mode.

     
    Step 3router bgp as-number


    Example:
    Device(config)# router bgp 100
     

    Enters router configuration mode and creates a BGP routing process.

     
    Step 4address-family ipv4 vrf name


    Example:
    Device(config-router)# address-family ipv4 vrf blue
     

    Enters address family configuration mode and configures VPN routing and forwarding.

     
    Step 5neighbor ip-address internal-vpn-client


    Example:
    Device(config-router-af)# neighbor 10.0.0.1 internal-vpn-client
     

    Defines a neighboring device with which to exchange routing information. The neighbor internal-vpn-client command stacks the iBGP-CE neighbor path in the VPN attribute set .

     

    Configuration Examples for L3VPN iBGP PE-CE

    Example: Configuring L3VPN iBGP PE-CE

    The following example shows how to configure L3VPN iBGP PE-CE:

    Device# enable
    Device(config)# configure terminal
    Device(config)# router bgp 100
    Device(config-router)# address-family ipv4 vrf blue
    Device(config-router-af)# neighbor 10.0.0.1 internal-vpn-client 
    

    Additional References for L3VPN iBGP PE-CE

    Related Documents

    Related Topic Document Title

    Cisco IOS commands

    Cisco IOS Master Command List, All Releases

    BGP commands

    Cisco IOS IP Routing: BGP Command Reference

    Technical Assistance

    Description Link

    The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

    To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

    Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

    http:/​/​www.cisco.com/​support

    Feature Information for L3VPN iBGP PE-CE

    The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

    Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.
    Table 1 Feature Information for L3VPN iBGP PE-CE

    Feature Name

    Releases

    Feature Information

    L3VPN iBGP PE-CE

    Cisco IOS XE Release 3.10S

    The L3VPN iBGP PE-CE feature enables the provider edge (PE) and customer edge (CE) devices to exchange Border Gateway Protocol (BGP) routing information by peering as iBGP instead of as external BGP between the PE and CE.

    The neighbor internal-vpn-client command was introduced.