This ISP Design will provide a base for further development of MPLS VPN technologies which will show an example of best practices of MPLS ISP VPN network. Further sections of this document will concentrate on basic design principles outlined in sections shown below:
- High-Level Design
- Physical Design
- Logical Design
- MPLS Design
Each of them will provide a brief overview for a small size service provider lab which will utilize CSR1000v, C7200 and generic switches for topology development.
High-Level Design
For the lab, we have used four ISPs with a dedicated BGP Autonomous System Number that has been chosen to provide easy distinguishment between ISPs. Those will allow customers to use globally routable Provider Independent (PI) and Provider Aggregate (PA) prefixes. Below we listed ISPs and their ASN:
- ISP 1 = AS 100
- ISP 2 = AS 200
- ISP 3 = AS 300
- ISP 4 = AS 400
eBGP Peering
The lab was designed to use four service providers interconnecting together using BGP. Figure 1 represents eBGP peering between ISPs.
Figure 1
OSPF
For the underlay to create full reachability between loopbacks, all ISPs will be using OSPF which will distribute network information. In a real-life implementation, IS-IS would be the chosen option as it is more flexible and doesn’t refresh the full table every 30 minutes, not causing bandwidth bursts.
Since the ISP domains consist of only a few devices, there is no need for additional areas other than the backbone area 0 as shown in Figure 2.
Figure 2
To keep the routing tables small, OSPF will use a prefix suppression feature that doesn’t propagate transit links. This will allow OSPF to pass only information on loopback 0 IP addresses which will be used for MPLS and BGP peering.
iBGP peering
BGP free core was designed to allow for prefix distribution throughout the ISP network without the need for core devices to hold routes. As shown in Figure 3 ISP1 site 1 uses only Border and Access nodes, whereas site 2 and ISP2 also use Aggregation nodes.
In addition, the nodes listed below have additional functions as a Route-Reflector (RR)
- ISP1_ASBR1
- ISP1_P2
- ISP2_ASBR1
- ISP2_P1
Figure 3
Physical Design
This section will cover device inventory and port allocations. It will then move to a physical design diagram. The lab consists of devices carefully chosen based on their capabilities, allowing for future more advanced configurations.
Inventory
Device name | OS |
ISP1_ASBR1 | csr1000v-universalk9.17.03.03 |
ISP1_ASBR2 | csr1000v-universalk9.17.03.03 |
ISP1_P1 | 7200-adventerprisek9-mz.124-24.T5 |
ISP1_P2 | csr1000v-universalk9.17.03.03 |
ISP1_PE1 | csr1000v-universalk9.17.03.03 |
ISP1_PE2 | csr1000v-universalk9.17.03.03 |
ISP1_PE3 | csr1000v-universalk9.17.03.03 |
ISP2_ASBR1 | csr1000v-universalk9.17.03.03 |
ISP2_ASBR2 | csr1000v-universalk9.17.03.03 |
ISP2_P1 | csr1000v-universalk9.17.03.03 |
ISP2_PE1 | csr1000v-universalk9.17.03.03 |
ISP3 | 7200-adventerprisek9-mz.124-24.T5 |
ISP4 | 7200-adventerprisek9-mz.124-24.T5 |
CE1 | 7200-adventerprisek9-mz.124-24.T5 |
CE3 | 7200-adventerprisek9-mz.124-24.T5 |
CE4 | 7200-adventerprisek9-mz.124-24.T5 |
Port Allocation
The table below shows port allocations of the devices along with their adjacent devices.
Device name | Interface | Adjacent device |
ISP1_ASBR1 | G1 | ISP1_P1 |
G2 | IXP Switch1 | |
ISP1_ASBR2 | G1 | ISP1_P2 |
G2 | IXP Switch2 | |
ISP1_P1 | F0/0 | ISP1_ASBR1 |
F0/1 | ISP1_PE1 | |
ISP1_P2 | G1 | ISP1_ASBR2 |
G2 | ISP1_PE2 | |
G3 | ISP1_PE3 | |
ISP1_PE1 | G1 | ISP1_P1 |
G2 | LAN | |
ISP1_PE2 | G1 | ISP1_P2 |
G2 | LAN | |
ISP1_PE3 | G1 | ISP1_P2 |
G2 | LAN | |
ISP2_ASBR1 | G1 | ISP2_P1 |
G2 | IXP Switch1 | |
ISP2_ASBR2 | G1 | ISP2_P1 |
G2 | IXP Switch2 | |
ISP2_P1 | G1 | ISP2_ASBR1 |
G2 | ISP2_ASBR2 | |
G3 | ISP2_PE1 | |
ISP2_PE1 | G1 | ISP2_P1 |
G2 | LAN | |
ISP3 | F0/0 | IXP Switch1 |
F0/1 | ISP4 | |
ISP4 | F0/0 | IXP Switch2 |
F0/1 | ISP3 |
Figure 4 represents a physical topology of the lab, showing the device OS used along with physical connections between devices.
Figure 4
Logical Design
Prefix pools that have been assigned to each provider defining public address space. Those then are then sub-divided to provide customer access and pools of public IP addresses for customers.
It also shows three Internet exchange points (IXP) with a dedicated subnet used to create eBGP peering and exchange routes as shown in Figure 5.
Figure 5
The list of loopback addresses is shown in the table below. Those will be used for iBGP peering, OSPF, and MPLS router IDs.
Loopback IP
Device name | Loopback IP |
ISP1_PE1 | 10.1.0.101/32 |
ISP1_P1 | 10.1.0.11/32 |
ISP1_ASBR1 | 10.1.0.1/32 |
ISP1_PE2 | 10.2.0.102/32 |
ISP1_PE3 | 10.2.0.103/32 |
ISP1_P2 | 10.2.0.12/32 |
ISP1_ASBR2 | 10.2.0.2/32 |
ISP2_PE1 | 10.0.0.11/32 |
ISP2_P1 | 10.0.0.101/32 |
ISP2_ASBR1 | 10.0.0.1/32 |
ISP2_ ASBR2 | 10.0.0.2/32 |
Figure 6 shows the logical diagram of the lab topology. It defines subnets used between devices and their loopbacks. It also shows the pool ranges distribution for customer edge devices.
Figure 6
PPPoE
To provide user access we choose Point-to-Point over Ethernet (PPPoE) unlike standard IP over ethernet it doesn’t require dedicated subnets to provide customer segmentation. Instead, it creates P2P links between customers and provider edge devices which forces intra-customer traffic through PE. This solution has been applied to all PE devices for CE1, CE3 and CE4.
MPLS Design
By default, LDP will assign labels within the full range making it hard to distinguish devices on a hop-by-hop basis. Therefore, just for aesthetic reasons, we will define the mpls label range, allowing devices to assign labels within the given range. Other uses of label range are out of the scope. In addition, LDP sessions use Loopback 0 IP address as Router-ID, which was manually predefined using the command mpls ldp router-id loopback 0.
Device | MPLS Label range |
ISP1_PE1 | 10100-101999 |
ISP1_P1 | 11000-11999 |
ISP1_ASBR1 | 1000-1999 |
ISP1_PE2 | 102000-102999 |
ISP1_PE3 | 103000-103999 |
ISP1_P2 | 12000-12999 |
ISP1_ASBR2 | 2000-2999 |
|
|
ISP2_PE1 | 10100-101999 |
ISP2_P1 | 11000-11999 |
ISP2_ASBR1 | 1000-1999 |
ISP2_ ASBR2 | 2000-2999 |
The other option is to use automatically enable MPLS on all interfaces included in the IGP process. Currently, the autoconfiguration feature is supported only by OSPF and ISIS, and it can be enabled using mpls ldp autoconfig command under the IGP process. All label ranges are shown in Figure 7.
Figure 7