In certain cases, we need to connect L3VPN sites across multiple ASes, e.g. to join VPN sites provided by multiple ISPs. In this post, we are going to discuss three main options to deliver L3VPN across multiple ASes defined in RFC4364 ( http://tools.ietf.org/html/rfc4364#page-32 ). They are options A, B, C, also known as options 10A, 10B, 10C, because they are defined in section 10 – Multi-AS Backbones in RFC4364. The complexity increasing from A to B to C.
Option A: VRF-to-VRF connections at ASBR routers
This option is also referred to as “back-to-back” VRF, where at least one connection (typically one VLAN) is required to connect one VPN from one AS to the corresponding VPN in the other AS. Multiple eBGP peering sessions are used to exchange no-labeled IPv4 routes between ASes. There are no MPLS labels exchanged between ASBRs at all, and each ASBR will treat the other as if it were a CE router. This option is simple, but not scalable because a new sub-interface and new a new eBGP peering is required for each new VPN.
Option B: eBGP redistribution of labeled VPN-IPv4 routes from one AS to the other
In this option, iBGP is used to redistribute VPN-IPv4 routes between their PEs within an AS. The ASBR then uses eBGP to redistribute those labeled VPN-IPv4 routes to the ASBR in the other AS. The later ASBR then redistributes those VPN-IPv4 labeled routes to the rest of the PEs (via a direct iBGP peering session, or via Route Reflectors).
Typically one eBGP peering session is required between a pair of ASBRs, as compared to multiple ones (one per VPN) in option A. As the result Option B is more scalable than Option A. To make the memory usage more scalable, when there are multiple Inter-AS connections via multiple ASBRs, then ASBRs do not need to hold all routes from all VPNs. One ASBR can hold routes for a set of VPNs, and other ASBR can hold different sets of routes. This can be done by RT filters when the routes are exchanged via eBGP.
Option C: Multi-hop eBGP redistribution of labeled VPN VPN-IPv4 routes between PEs of source & destination ASes, with eBGP redistribution of labeled IPv4 routes (the PE loopbacks) between ASBRs
The difference between this option and option B is that ASes now exchange the loopbacks of the PEs (source and destination) via eBGP sessions between ASBRs. This creates an end to end labeled switch path between source and destination PEs. The source and destination PEs then can set up multi-hop eBGP (directly, or via RR) to exchange VPN-IPv4 labeled routes . The ASBRs do not need to hold the VPN-IPv4 routes. This make the option most scalable.
Packet Corner 