L3 VPN Control Plane Activities
As a basic definition, Control Plane is the time that routing exchange activities are done in L3 VPN Networks. These are the necesssary routing information exchange of the L3 VPN routers. Beginning with CE devices, PE devices continue this exchange with other PEs and at the other end, it finishes with CE device again.
As we mentione before, CE uses a routing protocol in internal network. So it has internal routes. CE also uses a different or the same routing protocol with PE devices. If a different protocol is used between CE and PE, then redistribution is needed. With the help of this routing protocol or redistribution, CE sends the routers to the PE.
PE router gets the routes from the CE router, it allocates VPN Label for the prefixes and create a unique route called VPNv4 route. Then it redistributes the VPNv4 route into MP-BGP.. During this activity, the isolation of different customer routes are done via Route Distinguisher. So different customer routes can transport over the Service Provider IP/MPLS network without any mix.
At the receiving PE device, accorfing to Route Targets, the L3 VPN service is sent to the destination.
L3 VPN VRF routes in a PE device must be shared with the other PE devices that run this L3 VPNService. To do this, a specific protocol is used. This protocol is MP-BGP (Multi Protocol BGP).
MP-BGP is the BGP version that can use different address types. Multiple customers can use same private blocks in their networks and these private blocks must not be mixed during transportation. Here, to distinguish different customer routes, we need to change their prefixes with a new address format. This address format is VPNv4 Address and it is produced by adding an 64 bit long Route Distinguisher to the beginning of IPv4 addresses of customer. Below, we will talk about this address type detailly.
Between the PE devices a BGP session is established. All the different L3 VPN customers’ information is transfered over this BGP session.
Think about it. If we do not use MP-BGP in L3 VPN. What is the situation of the routes of multiple customers’ same prefixes? Simply, in the BGP routing tables there would be different routes for same prefixes. So, one of them would selected and the data would forward through it. But, these are different customer’s route? Is it enough sending only the best route and only one customer route to its destination? Certainly not. This is not a healty and acceptable scenario.
VPNv4 Address And Route Distinguisher
MP-BGP allows different address classes. In L3 VPN to transport the same address blocks of one more customer, a mechanism need to identify these address blocks. To do this, a specific address is created to distinguish different customer networks in the BGP session. This address is crated with Route Distingusiher and called 96 bit long VPNv4 address.
VPNv4 address is built with the help of 64 bit Route Distinguisher and 32 bit IP Prefix. Here, the route distinguisher provide the difference. Route Distinguisher makes the prefix, globally unique. All the PE devices in that L3 VPN need to be configured with the same Route Distinguisher.
For a L3 VPN, PE router add the Route Distinguisher to the customer prefixes and VPNv4 addresses are created and then send it with MP-BGP updates.
Route Distinguisher is consist of some sub parts also. These are 2 bytes “Type” value, 2 bytes ASN number or 4 bytes IP Address value and 2 or 4 bytes assigned numbers. Route Distinguisher is 8 bytes (64 bits) in total.
AS you can see, there are two different types of Route Distinguisher. Both of them is used in different service providers. Let’s give examples for both Route Distinguisher types.
We have an IP address 184.108.40.206/24 and our AS number is 64000 . Let’s create the VPNv4 address for this address. AS an assigned number we will use 111. Here, our VPNv4 address will be 64000:111:220.127.116.11/24. The first part is Route Distinguisher and the second part is prefix.
We can also produce a VPNv4 address with using IP address instead AS number. If we use 18.104.22.168 ipv4 address instead of AS number, our new VPNv4 address will be 22.214.171.124:111:126.96.36.199/24 for the same prefix.
By the way, these VPNv4 address areused only for Control Plane operations. In Data Plane, normal IPv4 addresses are used. And VPNv4 address are used in Service Provider Network only. Customer do not know anything about them.
At the destination PE, PE needs to know which prefix is belong to which L3 VPN. To know this, a new identifier appears. This is “Route Targets”. With Route Target, all the L3 VPN memberships are identified and according to this value, data is forwarded to each customer destination with its of VRF table and without any mix.
Route Target is 8 Bytes BGP exteded community value. BGP extended community is used to carry additional information with BGP updates.
Route Targets are created and associated with VPNv4 addresses at the creation.
There are Import and Export route targets. The originating PE exported the Route Target is called “Export Route Target”. And the receiving end also importing the Route Target. This is called “Import Route Target”.
These two value need to be same for a route to be received with the correct destination. In other words, Export Route Target of the originating PE need to be same with Import Route Target of receiving PE.
This lessons seems sometimes a little difficult to the network engineers. Do not worry about it. Let’s give a quick summary for these important terms.
VPNv4 addresses that are created with Route Distinguisher plus IP prefix, is the identifier of the customer routes that makes them unique in the global network.
Route Targets are the values, that are created to determine the receiving PE and L3 VPN destination.
Now, let’s explain these processes with an example.
As you can see above, PE devices learns the CE Routes via the Routing Protocol between CE and PE. Here, BGP is also used between CE and PE Routers.This learned routes are stored in the VRF table of PE. Each L3 VPN has a unique VRF Table in PE.
At PE, by adding Route Distinguisher, VPNv4 Routes are created and added with Route Targets to the MP-BGP Table of PE.
These routes that are carried via MP-BGP, is stored also in the VRF Table of the destination PE and advertised to the destination CE routers.
As you can see at the last picture, in the Routing Table of CE, there are two networks. One is directly connected 10 network, the other is remote network learned via BGP. In the VRF TAble of PE, these routes are showed as learned from MP-BGP and BGP.Because, the remote 10 network is learned via MP-BGP. And the other near 10 network is learned via BGP.