Layer 3 VPN Configuration

An MPLS Layer 3 VPN consists of a set of sites that are interconnected through an MPLS provider core network. At each customer
site, one or more Customer Edge (CE) routers attach to one or more Provider Edge (PE) routers. The following figure shows the
topology that will serve as the example for this VPN configuration scenario.

Before configuring an MPLS VPN, the core network topology must be set up so that it can serve MPLS VPN customers. Configuring
the MPLS core begins with deploying the backbone IGP which can be OSPF or IS-IS. In this example scenario IS-IS is used, and LDP
must be enabled on all the interfaces in the core. In Cisco IOS XR Software, the process of enabling LDP on an interface also turns on
MPLS functionality for that interface.

The IS-IS routing protocol is an IGP standardized by the IETF and commonly used in large networks in service provider and, less
frequently, in large enterprise arenas. IS-IS is a link-state routing protocol, providing fast convergence and excellent scalability and it
is very efficient in its use of network bandwidth.

MPLS Layer 3 VPN functionality is enabled at the edge of an MPLS network. The PE router performs the following tasks:

 Exchanges routing updates between PE side VRF routing context and the CE routers.
 Translates the received CE routing information into VPNv4 and VPNv6 routes.
 Exchanges VPNv4 and VPNv6 routes with other PE routers through MP-BGP sessions.

When deploying an MPLS Layer 3 VPN, the focus is on the following major configuration tasks on PE and CE routers:

 VRF configuration: Define the customer VRFs on PE routers.

 BGP configuration: Configure the MP-BGP peering between PE routers.
 PE-CE routing configuration: Define the PE-CE routing protocol and implement it on PE and CE.

To configure an MPLS Layer 3 VPN, you will need some specific information beforehand:

 Customer VRF name on the PE

 VPN RD value
 VPN RT community values—decide which routes to import in and export from the VRF routing table
 PE-CE routing protocol
VRF Configuration

The VRF table is the major data structure that is associated with MPLS VPN implementation on Cisco IOS, IOS XE, and IOS XR
platforms.

The configuration of a VRF in Cisco IOS XR Software requires the following steps:

 Create a new VRF using the vrf command in the global configuration mode. VRF names are case-sensitive and have local
significance.
 Define import and export RTs under vrf, address-family ipv4|ipv6 unicast configuration mode, depending on whether you
are using IPv4, IPv6 or both
 Assign an RD value to the VRF under the BGP process, vrf configuration mode. A unique RD must be configured for the VRF
table to be functional.
 Assign PE interfaces facing the CE router to the VRF

VRF configuration example in Cisco IOS XR Software:

 Define the VRF and configure route targets:

 RP/0/RP0/CPU0:PE(config)# vrf Customer_A
 RP/0/RP0/CPU0:PE(config-vrf)# address-family ipv4 unicast
 RP/0/RP0/CPU0:PE(config-vrf-af)# import route-target 65000:100
RP/0/RP0/CPU0:PE(config-vrf-af)# export route-target 65000:100

 Assign the RD value to the VRF

 RP/0/RP0/CPU0:PE(config)# router bgp 65000
 RP/0/RP0/CPU0:PE(config-bgp)# vrf Customer_A
RP/0/RP0/CPU0:PE(config-bgp-vrf)# rd 65000:1

 Assign all relevant interfaces facing the CE router to the VRF Customer_A
 RP/0/RP0/CPU0:PE(config)# interface GigabitEthernet0/0/0/0
 RP/0/RP0/CPU0:PE(config-if)# vrf Customer_A
RP/0/RP0/CPU0:PE(config-if)# ipv4 address [Link] [Link]

Both RDs and RTs can be specified in one of these two formats:

 The 16-bit autonomous system number (ASN) followed by a 32-bit decimal number (ASN:nn).
 32-bit IP address followed by a 16-bit decimal number (A.B.C.D:nn).

The Cisco IOS XR export route-target command associates the local VPN with an RT. When the route is advertised to other PE
routers, the export RT is sent along with the route as an extended community. The import route-target command allows exported
VPN routes to be imported into the VPN, if one of the RTs of the exported route matches one of the local VPN's import RTs.

MP-BGP Peering Configuration

A prerequisite for deploying MPLS Layer 3 VPNs is to have the MP-BGP peering in place between all PEs in your network. By using
multiprotocol BGP extensions, only members of a specific VPN can learn the routes, which enables communication among the
members.

The customer prefixes will be converted to the VPN-IPv4 address by combining the original network address with a 64-bit RD on the
connecting PE router. VPNv4 prefixes will uniquely identify the customer addresses globally in your network.

It is worth noting that the BGP sessions between PE routers are of the multiprotocol internal BGP (MP-IBGP) type. Due to the general
nature of an internal BGP operation, which requires a full mash of peering sessions between PE routers, you will need to deploy an
RR router in your network. An RR relaxes the full mash requirement by becoming the central peering point to reflect the routes
between all PEs—avoiding the need to configure and maintain many internal BGP sessions. Any PE in your network can assume the
role of an RR. Dedicated, redundant RRs are also common.
In the previous figure, a direct MP-IBGP session is established between Loopback0 interfaces of PE1 and PE2. The key BGP address
family to use when exchanging VPNv4 prefixes is the VPNv4 address family. In Cisco IOS XR Software, the VPNv4 address family is
configured in the BGP section and then applied in the neighbor configuration block. In the following section, you will not be using
RRs.

PE-CE Routing Configuration

After VRF instances and MP-IBGP connectivity between PE routers has been established, configure the routing protocols between
the PE router and the attached CE routers. The PE-CE routing protocols are configured for individual VRFs.

A PE can exchange VPN routes with a CE router using the following routing protocols:

 Static routing on both PE and CE side

 An External Border Gateway Protocol session between PE and CE
 An IGP of customer's choice, between PE and CE, such as:
1. OSPF
2. RIPv2
3. EIGRP

The previous figure shows the configuration of EIGRP as the PE-CE routing protocol. Both BGP and EIGRP are configured for a specific
VRF instance. If you connected other customers to the same PE router, you would have multiple VRF configuration blocks in BGP and
EIGRP. A very important part of configuring routing between PE and CE routers on the PE side is to configure the mutual route
redistribution between EIGRP and BGP in the defined customer VRF. Also, the EIGRP metric must be defined for redistribution into
BGP.

Answer

The correct answer is To uniquely identify customer addresses. This answer is correct because the RD is used to create unique
VPNv4 prefixes by combining customer network addresses with the RD, enabling global uniqueness across the network.

The To manage the import and export of VPN routes option is incorrect because this function is managed by RTs, not RDs.

The To enable MPLS on interfaces option is incorrect because enabling MPLS is not a function of RDs.

Finally, the To establish BGP peering option is incorrect because BGP peering is established through the configuration of BGP
sessions, not RDs.