Connecting Versa SD-WAN overlay service with MPLS L3VPN overlay service using Inter-AS option B
This article covers the use case of Versa FlexVNF as a gateway between a MPLS network and an SD-WAN network, while serving multiple tenants and their Virtual Routing and Forwarding (VRFs). For this case Inter-AS option B (RFC 4364) will be used. This method is the preferred one by service providers as only one interface is required between service provider ASBR and the Versa FlexVNF gateway. A BGP session used to signal VPN labels between AS boundary routers will be configured. Versa FlexVNF is verified to interoperate with the major vendors (Juniper/Cisco/Alcatel) configured for option L3VPN Inter-AS option B. In this article We’ll use Juniper SRX VMs configured as PE and ASBR devices. The bellow picture presents the topology used.
Figure 1. Inter-AS Option B between L3VPN MPLS and SD-WAN
In this topology, PE1, PE2, and PE3 (ASBR) are the service provider devices that serve a Tenant-1 VRF:
admin@PE1> show configuration routing-instances Tenant-1
instance-type vrf;
interface ge-0/0/4.0;
route-distinguisher 11.11.11.11:100;
vrf-target target:100:100;
vrf-table-label;
Special attention should be paid on the SP ASBR9s) where VRFs are not configured, and are also not configured as route-reflectors for VPNv4 AFI/SAFI. As a result, the VPNv4 routing updates that are received from other PEs will be dropped and will not be advertised to the ASBR peer (Versa Branch5). To keep the VPNv4 prefixes, the following knobs must be configured:
- For Junos: “keep all”
- For IOS: “no bgp default route-target filter”
- For IOS-XR: “retain route-target all”
Junos example:
admin@PE3> show configuration protocols bgp group mplsvpn | display set
set protocols bgp group mplsvpn type internal
set protocols bgp group mplsvpn local-address 33.33.33.33
set protocols bgp group mplsvpn keep all
set protocols bgp group mplsvpn family inet-vpn unicast
set protocols bgp group mplsvpn neighbor 1.1.1.1 < - - - MPLS L3VPN RR
Versa ASBR Gateway (Branch5) will have the following additional routing-instances configured:
1. A virtual router instance running MP-BGP to the SP ASBR (PE3) – MPLS-InterAS. This is configured as MPLS VPN core instance for all the customer VRFs (one in our case: Tenant-1-VRF). A single transport interface in this virtual router is connecting to MPLS L3VPN SP ASBR (PE3).
2. One VRF corresponding to each customer connecting to MPLS network – Tenant-1-VRF.
The bellow image shows the additional routing instances construct and how they interact with the existing SD-WAN routing instances.
Figure 2: Versa SD-WAN Gateway connectivity constructs
Let’s see what is happening from control plane perspective (routing) between a prefix present in the MPLS L3VPN overlay (11.11.11/24) and a prefix part of the SD-WAN overlay (44.44.44./24).
MPLS L3VPN prefix: 11.11.11/24
1. PE3 advertise the prefix as a vpnv4 route toward Branch5:
admin@PE3> show bgp summary
Groups: 2 Peers: 2 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
bgp.l3vpn.0
7 5 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
1.1.1.1 65432 827 830 0 0 6:11:52 Establ
bgp.l3vpn.0: 2/2/2/0
192.168.4.254 65433 864 828 0 0 6:12:19 Establ
bgp.l3vpn.0: 3/5/3/0
admin@PE3> show route table bgp.l3vpn.0 advertising-protocol bgp 192.168.4.254 11.11.11.0/24 detail
bgp.l3vpn.0: 5 destinations, 7 routes (5 active, 0 holddown, 2 hidden)
* 11.11.11.11:100:11.11.11.0/24 (2 entries, 1 announced)
BGP group inter-as type External
Route Distinguisher: 11.11.11.11:100
VPN Label: 299856
Nexthop: Self
Flags: Nexthop Change
AS path: [65432] I
Communities: target:100:100
2. Branch5 receives the vpv4 prefix and based on the attached RT extended communities (target:100:100) the prefix is inserted in the respective VRF – Tenant-1-VRF:
admin@Branch5-cli> show bgp neighbor brief MPLS-InterAS
routing-instance: MPLS-InterAS
Neighbor V MsgRcvd MsgSent Uptime State/PfxRcd PfxSent AS
192.168.4.1 4 865 902 06:28:39 2 5 65432
admin@Branch5-cli> show route table l3vpn.ipv4.unicast receive-protocol bgp neighbor-address 192.168.4.1
Routes for Routing instance : Internet-Transport-VR AFI: ipv4 SAFI: unicast
Routes for Routing instance : MPLS-InterAS AFI: ipv4 SAFI: unicast
Routing entry for 11.11.11.0/24
Peer Address : 192.168.4.1
Route Distinguisher: 11.11.11.11:100
Next-hop : 192.168.4.1
VPN Label : 299856
Local Preference : 100
AS Path : 65432
Origin : Igp
MED : 0
Community : [ N/A ]
Extended community : [ target:100:100 ]
Preference : Default
admin@Branch5-cli> show route routing-instance Tenant-1-VRF 11.11.11.0/24
Routes for Routing instance : Tenant-1-VRF AFI: ipv4 SAFI: unicast
[+] - Active Route
Routing entry for 11.11.11.0 (mask 255.255.255.0) [+]
Known via 'BGP', distance 200,
Redistributing via BGP
Last update from 192.168.4.1 06:32:21 ago
Routing Descriptor Blocks:
* 192.168.4.1 , via Indirect 06:32:21 ago
3. The prefix is advertised fromTenant-1-VRF to Tenant-1-LAN-VR via EBGP:
admin@Branch5-cli> show bgp neighbor brief Tenant-1-VRF
routing-instance: Tenant-1-VRF
Neighbor V MsgRcvd MsgSent Uptime State/PfxRcd PfxSent AS
192.168.254.2 4 932 923 06:41:36 4 2 1002
admin@Branch5-cli> show route table ipv4.unicast routing-instance Tenant-1-VRF advertising-protocol bgp neighbor-address 192.168.254.2 11.11.11.0
Routes for Routing instance : Tenant-1-VRF AFI: ipv4 SAFI: unicast
Prefix/Mask Next-hop MED Lclpref AS path
----------- -------- --- ------- -------
11.11.11.0/24 192.168.254.1 0 0 1001 65432
4. The prefix is advertised as a vpnv4 route toward SD-WAN controller and therefore is reaching and imported in the respective VRF on the other branches (based on RT target:3L:3) :
admin@Branch5-cli> show bgp neighbor brief Tenant-1-Control-VR
routing-instance: Tenant-1-Control-VR
Neighbor V MsgRcvd MsgSent Uptime State/PfxRcd PfxSent AS
172.16.0.2 4 984 963 06:53:04 22 9 64512
admin@Branch5-cli> show route table l3vpn.ipv4.unicast routing-instance Tenant-1-Control-VR advertising-protocol bgp neighbor-address 172.16.0.2
Routes for Routing instance : Tenant-1-Control-VR AFI: ipv4 SAFI: unicast
Routing entry for 11.11.11.0/24
Peer Address : 172.16.0.2
Route Distinguisher: 3L:104
Next-hop : 172.16.0.8
VPN Label : 24705
Local Preference : 100
AS Path : 1001 65432
Origin : Igp
MED : 0
Community : [ N/A ]
Extended community : [ target:3L:3 ]
SD-WAN overlay prefix: 44.44.44/24
1. The route is received on Branch5 from the SD-WAN controller as a vpn4 prefix and inserted based on the attached extended community RT (target:3L:3) in Tenant-1-LAN-VR:
admin@Branch5-cli> show route table l3vpn.ipv4.unicast routing-instance Tenant-1-Control-VR receive-protocol bgp neighbor-address 172.16.0.2
Routes for Routing instance : Tenant-1-Control-VR AFI: ipv4 SAFI: unicast
Routing entry for 44.44.44.0/24
Peer Address : 172.16.0.2
Route Distinguisher: 3L:103
Next-hop : 172.16.0.6
VPN Label : 24704
Local Preference : 110
AS Path : N/A
Origin : Igp
MED : 0
Community : [ 8009:8009 8015:0 ]
Extended community : [ target:3L:3 ]
Preference : Default
admin@Branch5-cli> show route routing-instance Tenant-1-LAN-VR 44.44.44.0
Routes for Routing instance : Tenant-1-LAN-VR AFI: ipv4 SAFI: unicast
[+] - Active Route
Routing entry for 44.44.44.0 (mask 255.255.255.0) [+]
Known via 'BGP', distance 200,
Redistributing via BGP
Last update from 172.16.0.6 07:40:10 ago
Routing Descriptor Blocks:
* 172.16.0.6 , via Indirect 07:40:10 ago
2. The prefix is advertised from Tenant-1-LAN-VR to Tenant-1-VRF via EBGP:
admin@Branch5-cli> show bgp neighbor brief Tenant-1-LAN-VR
routing-instance: Tenant-1-LAN-VR
Neighbor V MsgRcvd MsgSent Uptime State/PfxRcd PfxSent AS
192.168.254.1 4 1077 1086 07:47:53 2 4 1001
admin@Branch5-cli> show route table ipv4.unicast routing-instance Tenant-1-LAN-VR advertising-protocol bgp neighbor-address 192.168.254.1 44.44.44.0
Routes for Routing instance : Tenant-1-LAN-VR AFI: ipv4 SAFI: unicast
Prefix/Mask Next-hop MED Lclpref AS path
----------- -------- --- ------- -------
44.44.44.0/24 192.168.254.2 0 0 1002
3. The route is advertised as a vpnv4 prefix from MPLS-InterAS VR toward PE3 over the MP-BGP session. The proper RT (target:100:100) is attached to the prefix in order to allow the PEs part of the MPLS L3VPN to import the prefix in the corresponding VRF (Tenant-1):
admin@Branch5-cli> show bgp neighbor brief MPLS-InterAS
routing-instance: MPLS-InterAS
Neighbor V MsgRcvd MsgSent Uptime State/PfxRcd PfxSent AS
192.168.4.1 4 1056 1100 07:54:46 2 5 65432
admin@Branch5-cli> show route table l3vpn.ipv4.unicast advertising-protocol bgp neighbor-address 192.168.4.1 44.44.44.0
Routes for Routing instance : Internet-Transport-VR AFI: ipv4 SAFI: unicast
Routes for Routing instance : MPLS-InterAS AFI: ipv4 SAFI: unicast
Routing entry for 44.44.44.0/24
Peer Address : 192.168.4.1
Route Distinguisher: 8003L:101
Next-hop : 192.168.4.254
VPN Label : 24704
Local Preference : 0
AS Path : 65433 1002
Origin : Igp
MED : 0
Community : [ 8009:8009 8015:0 ]
Extended community : [ target:100:100 ]
4. PE3 advertises the vpnv4 prefix to the SP Route Reflector:
admin@PE3> show bgp summary
Groups: 2 Peers: 2 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
bgp.l3vpn.0
7 5 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
1.1.1.1 65432 1062 1064 0 0 7:58:09 Establ
bgp.l3vpn.0: 2/2/2/0
192.168.4.254 65433 1110 1063 0 0 7:58:36 Establ
bgp.l3vpn.0: 3/5/3/0
admin@PE3> show route table bgp.l3vpn.0 advertising-protocol bgp 1.1.1.1 44.44.44.0/24 detail
bgp.l3vpn.0: 5 destinations, 7 routes (5 active, 0 holddown, 2 hidden)
* 8003L:101:44.44.44.0/24 (1 entry, 1 announced)
BGP group mplsvpn type Internal
Route Distinguisher: 8003L:101
VPN Label: 299824
Nexthop: Self
Flags: Nexthop Change
Localpref: 100
AS path: [65432] 65433 1002 I
Communities: 8009:8009 8015:0 target:100:100
As a result, there is connectivity between the MPLS L3VPN prefix (11.11.11/24) and the SD-WAN overlay prefix (44.44.44/24):
gns3@H1:~$ ip a sh ens4
3: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 0c:ca:b9:83:57:01 brd ff:ff:ff:ff:ff:ff
inet 11.11.11.2/24 brd 11.11.11.255 scope global noprefixroute ens4
valid_lft forever preferred_lft forever
inet6 fe80::ccfa:2010:8d14:aec6/64 scope link noprefixroute
valid_lft forever preferred_lft forever
gns3@H1:~$ ping 44.44.44.2 -I ens4 -c 5
PING 44.44.44.2 (44.44.44.2) from 11.11.11.2 ens4: 56(84) bytes of data.
64 bytes from 44.44.44.2: icmp_seq=1 ttl=61 time=3.28 ms
64 bytes from 44.44.44.2: icmp_seq=2 ttl=61 time=2.95 ms
64 bytes from 44.44.44.2: icmp_seq=3 ttl=61 time=4.87 ms
64 bytes from 44.44.44.2: icmp_seq=4 ttl=61 time=4.05 ms
64 bytes from 44.44.44.2: icmp_seq=5 ttl=61 time=3.27 ms
--- 44.44.44.2 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 2.951/3.688/4.872/0.696 ms
At the end of the routing exchanges, the PEs and Versa Branches have received the VPN routes for their customers with the appropriate VPN labels assigned by their peers. However, in order actually to be able to forward traffic between two customer sites one part of the MPLS cloud and the other part of the SD-WAN cloud, traffic should be encapsulated end-to-end (to not have the vpnv4 label on top of the stack at any point). This should happen also across the AS boundaries (PE3/ASBR < – – – > Branch5/ASBR). Inside the MPLS provider traffic is encapsulated in a transport LSP (LDP/RSVP/BGP-LU based). Inside the SD-WAN provider traffic is encapsulated in VXLAN tunnels. Between the ASBRs traffic is encapsulated in GRE. This is the only supported encapsulation in VOS (Versa Operating System) at this moment. Basically, the ASBR’s vpnv4 EBGP session endpoints should be reachable over a GRE tunnel.
MPLS ASBR(PE3):
admin@PE3> show bgp neighbor 192.168.4.254
Peer: 192.168.4.254+44863 AS 65433 Local: 192.168.4.1+179 AS 65432
admin@PE3> show route table inet.3 192.168.4.254
inet.3: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.4.254/32 *[Static/5] 00:43:51
> via gr-0/0/0.0 <<< GRE tunnel
SD-WAN ASBR(Branch5):
admin@Branch5-cli> show interfaces dynamic-tunnels dtvi-0/76
REMOTE REMOTE
LOCAL SITE TUNNEL SITE
NAME INTERFACE TENANT VRF LOCAL IP REMOTE IP OPER ADMIN ID TYPE NAME
---------------------------------------------------------------------------------------------------------------
dtvi-0/76 tvi-0/100.0 Versa MPLS-InterAS 192.168.255.2 192.168.4.1 up up 0 n/a
admin@Branch5-cli> show configuration interfaces tvi-0/100 | display set
set interfaces tvi-0/100 description dummy-tvi-for-gre
set interfaces tvi-0/100 enable true
set interfaces tvi-0/100 mtu 1400
set interfaces tvi-0/100 mode ipsec
set interfaces tvi-0/100 type p2mp-gre
set interfaces tvi-0/100 unit 0 enable true
set interfaces tvi-0/100 unit 0 family
set interfaces tvi-0/100 unit 0 family inet
set interfaces tvi-0/100 unit 0 family inet address 192.168.255.2/30
Let’s understand the config. constructs on each ASBR.
1. L3VPN ASBR (Junos)
BGP config:
admin@PE3> show configuration protocols bgp group inter-as | display set
set protocols bgp group inter-as type external
set protocols bgp group inter-as local-address 192.168.4.1
set protocols bgp group inter-as keep all <<< to retain vpnv4 pref even if there is no matching RT
set protocols bgp group inter-as family inet-vpn unicast
set protocols bgp group inter-as peer-as 65433
set protocols bgp group inter-as neighbor 192.168.4.254 multihop ttl 64
GRE tunnel used to reach the ASBR BGP peer:
admin@PE3> show configuration interfaces gr-0/0/0 | display set
set interfaces gr-0/0/0 unit 0 tunnel source 192.168.4.1<<< BGP local address
set interfaces gr-0/0/0 unit 0 tunnel destination 192.168.4.254<<<BGP peer address
set interfaces gr-0/0/0 unit 0 family inet
set interfaces gr-0/0/0 unit 0 family mpls
Resolution for the vpnv4 prefixes NH (remote ASBR) should be performed in inet.3 RIB over the GRE tunnel, to prevent hidden routes. This is not required for other vendors.
admin@PE3> show configuration routing-options | display set
set routing-options interface-routes rib-group inet if-rib
set routing-options rib inet.3 static route 192.168.4.254/32 next-hop gr-0/0/0.0 <<<
set routing-options static route 192.168.4.254/32 next-hop 192.168.4.2
set routing-options rib-groups if-rib import-rib inet.0
set routing-options rib-groups if-rib import-rib inet.3
set routing-options router-id 33.33.33.33
set routing-options autonomous-system 65432
2. SD-WAN ASBR (VOS)
MPLS-InerAS-transport VR used to establish the MP-BGP session with the MPLS ASBR (PE3)
Figure 3: MPLS-InterAS-transport VR
InterAS-MPLS: interface toward remote ASBR
admin@Branch5-cli> show configuration interfaces vni-0/2 | display set
set interfaces vni-0/2 description TO-PE3
set interfaces vni-0/2 enable true
set interfaces vni-0/2 promiscuous false
set interfaces vni-0/2 unit 0 enable true
set interfaces vni-0/2 unit 0 family
set interfaces vni-0/2 unit 0 family inet
set interfaces vni-0/2 unit 0 family inet address 192.168.4.2/30
set interfaces vni-0/2 unit 0 family inet6
set interfaces vni-0/2 unit 0 family inet6 mode router
set interfaces vni-0/2 ether-options link-speed auto
set interfaces vni-0/2 ether-options link-mode auto
tvi-0/101: interface supporting the MP-BGP session with the remote ASBR:
admin@Branch5-cli> show configuration interfaces tvi-0/101 | display set
set interfaces tvi-0/101 description tvi-bgp-local-loopback
set interfaces tvi-0/101 enable true
set interfaces tvi-0/101 mtu 1400
set interfaces tvi-0/101 mode ipsec
set interfaces tvi-0/101 type ipsec
set interfaces tvi-0/101 unit 0 enable true
set interfaces tvi-0/101 unit 0 family
set interfaces tvi-0/101 unit 0 family inet
set interfaces tvi-0/101 unit 0 family inet address 192.168.4.254/32
tvi-0/100 p-to-mpoint GRE interface used as a support to create the dynamic tunnels to the remote ASBRs:
admin@Branch5-cli> show configuration interfaces tvi-0/100 | display set
set interfaces tvi-0/100 description dummy-tvi-for-gre
set interfaces tvi-0/100 enable true
set interfaces tvi-0/100 mtu 1400
set interfaces tvi-0/100 mode ipsec
set interfaces tvi-0/100 type p2mp-gre
set interfaces tvi-0/100 unit 0 enable true
set interfaces tvi-0/100 unit 0 family
set interfaces tvi-0/100 unit 0 family inet
set interfaces tvi-0/100 unit 0 family inet address 192.168.255.2/30
Create dynamic GRE tunnels: uses the p-to-mpoint GRE interface to create dynamic tunnels (dtvi interfaces) to the remote BGP peers/ASBRs.
MP-BGP vpnv4 AFI/SAFI configuration with the remote ASBR (PE3):
admin@Branch5-cli> show configuration routing-instances MPLS-InterAS protocols bgp | display set
set routing-instances MPLS-InterAS protocols bgp 1 description InterAS
set routing-instances MPLS-InterAS protocols bgp 1 shutdown false
set routing-instances MPLS-InterAS protocols bgp 1 router-id 192.168.4.254
set routing-instances MPLS-InterAS protocols bgp 1 local-as as-number 65433
set routing-instances MPLS-InterAS protocols bgp 1 group InterAS type external
set routing-instances MPLS-InterAS protocols bgp 1 group InterAS shutdown false
set routing-instances MPLS-InterAS protocols bgp 1 group InterAS share-aro
set routing-instances MPLS-InterAS protocols bgp 1 group InterAS prefix-limit
set routing-instances MPLS-InterAS protocols bgp 1 group InterAS prefix-limit action drop
set routing-instances MPLS-InterAS protocols bgp 1 group InterAS neighbor 192.168.4.1 prefix-limit
set routing-instances MPLS-InterAS protocols bgp 1 group InterAS neighbor 192.168.4.1 prefix-limit action drop
set routing-instances MPLS-InterAS protocols bgp 1 group InterAS neighbor 192.168.4.1 local-address tvi-0/101.0
set routing-instances MPLS-InterAS protocols bgp 1 group InterAS neighbor 192.168.4.1 family inet-vpn unicast
set routing-instances MPLS-InterAS protocols bgp 1 group InterAS neighbor 192.168.4.1 family inet-vpn unicast prefix-limit-control action drop
set routing-instances MPLS-InterAS protocols bgp 1 group InterAS neighbor 192.168.4.1 peer-as 65432
set routing-instances MPLS-InterAS protocols bgp 1 group InterAS neighbor 192.168.4.1 shutdown false
Tenant1-VRF – helper VRF (peer of the corresponding Tenant LAN VR) used as transit between the MPLS and SD-WAN domains.
Figure 4: Tenant-1-VRF
The relevant configuration elements of the helper VRF (Tenant-1-VRF) are:
Instance type: Virtual routing forwarding instance (VRF)
MPLS transport instance: the instance used for the MP-BGP vpnv4 session with the MPLS ASBR device: MPLS-Inter-AS in this case
Route Distinguisher: RD is prepended to the vpnv4 prefix to make it unique. The value here should not be present in the MPLS L3VPN domain
VRF Both Target: RT BGP extended community. It should match the one attached to the vpnv4 prefixes advertised from the MPLS L3VPN domain. Alternatively Import and Export Route Targets could be use in case if the values are different.
tvi-0/1001.0: paired tvi interface with an interface in Tenant-1-LAN-VR (tvi-0/1002.0). It is used to establish a BGP sessions between Tenant-1-VRF and Tenant-1-LAN-VR. Over this BGP session the ipv4 unicast prefixes will be exchanged between MPLS L3VPN domain and SD-WAN domain.
admin@Branch5-cli> show configuration interfaces tvi-0/1001 | display set
set interfaces tvi-0/1001 enable true
set interfaces tvi-0/1001 mtu 1400
set interfaces tvi-0/1001 mode ipsec
set interfaces tvi-0/1001 type paired
set interfaces tvi-0/1001 paired-interface tvi-0/1002
set interfaces tvi-0/1001 unit 0 enable true
set interfaces tvi-0/1001 unit 0 family
set interfaces tvi-0/1001 unit 0 family inet
set interfaces tvi-0/1001 unit 0 family inet address 192.168.254.1/30
set routing-instances Tenant-1-VRF protocols bgp 1 family inet unicast
set routing-instances Tenant-1-VRF protocols bgp 1 family inet unicast prefix-limit-control action drop
set routing-instances Tenant-1-VRF protocols bgp 1 shutdown false
set routing-instances Tenant-1-VRF protocols bgp 1 route-flap free-max-time 180
set routing-instances Tenant-1-VRF protocols bgp 1 route-flap reuse-max-time 60
set routing-instances Tenant-1-VRF protocols bgp 1 route-flap reuse-size 256
set routing-instances Tenant-1-VRF protocols bgp 1 route-flap reuse-array-size 1024
set routing-instances Tenant-1-VRF protocols bgp 1 graceful-restart helper enable
set routing-instances Tenant-1-VRF protocols bgp 1 prefix-limit
set routing-instances Tenant-1-VRF protocols bgp 1 prefix-limit action drop
set routing-instances Tenant-1-VRF protocols bgp 1 router-id 192.168.254.1
set routing-instances Tenant-1-VRF protocols bgp 1 local-as as-number 1001
set routing-instances Tenant-1-VRF protocols bgp 1 group EBGP-AS1002 type external
set routing-instances Tenant-1-VRF protocols bgp 1 group EBGP-AS1002 peer-as 1002
set routing-instances Tenant-1-VRF protocols bgp 1 group EBGP-AS1002 shutdown false
set routing-instances Tenant-1-VRF protocols bgp 1 group EBGP-AS1002 prefix-limit
set routing-instances Tenant-1-VRF protocols bgp 1 group EBGP-AS1002 prefix-limit action drop
set routing-instances Tenant-1-VRF protocols bgp 1 group EBGP-AS1002 local-address tvi-0/1001.0
set routing-instances Tenant-1-VRF protocols bgp 1 group EBGP-AS1002 neighbor 192.168.254.2 prefix-limit
set routing-instances Tenant-1-VRF protocols bgp 1 group EBGP-AS1002 neighbor 192.168.254.2 prefix-limit action drop
set routing-instances Tenant-1-VRF protocols bgp 1 group EBGP-AS1002 neighbor 192.168.254.2 shutdown false
Tenant-1-LAN-VR – Customer VRF part of the SD-WAN Domain
Figure 5: Tenant-1-LAN-VR
On the SD-WAN customer LAN vrf two new elements were configured, the paired tvi interface with the helper VRF (Tenant-1-VRF) and the EBGP session between these VRFs (it was presented above):
admin@Branch5-cli> show configuration interfaces tvi-0/1002 | display set
set interfaces tvi-0/1002 enable true
set interfaces tvi-0/1002 mtu 1400
set interfaces tvi-0/1002 mode ipsec
set interfaces tvi-0/1002 type paired
set interfaces tvi-0/1002 paired-interface tvi-0/1001
set interfaces tvi-0/1002 unit 0 enable true
set interfaces tvi-0/1002 unit 0 family
set interfaces tvi-0/1002 unit 0 family inet
set interfaces tvi-0/1002 unit 0 family inet address 192.168.254.2/30
admin@Branch5-cli> show configuration routing-instances Tenant-1-LAN-VR protocols bgp | display set
set routing-instances Tenant-1-LAN-VR protocols bgp 1 family inet unicast
set routing-instances Tenant-1-LAN-VR protocols bgp 1 family inet unicast prefix-limit-control action drop
set routing-instances Tenant-1-LAN-VR protocols bgp 1 shutdown false
set routing-instances Tenant-1-LAN-VR protocols bgp 1 route-flap free-max-time 180
set routing-instances Tenant-1-LAN-VR protocols bgp 1 route-flap reuse-max-time 60
set routing-instances Tenant-1-LAN-VR protocols bgp 1 route-flap reuse-size 256
set routing-instances Tenant-1-LAN-VR protocols bgp 1 route-flap reuse-array-size 1024
set routing-instances Tenant-1-LAN-VR protocols bgp 1 graceful-restart helper enable
set routing-instances Tenant-1-LAN-VR protocols bgp 1 prefix-limit
set routing-instances Tenant-1-LAN-VR protocols bgp 1 prefix-limit action drop
set routing-instances Tenant-1-LAN-VR protocols bgp 1 router-id 192.168.254.2
set routing-instances Tenant-1-LAN-VR protocols bgp 1 local-as as-number 1002
set routing-instances Tenant-1-LAN-VR protocols bgp 1 group EBGP-AS1001 type external
set routing-instances Tenant-1-LAN-VR protocols bgp 1 group EBGP-AS1001 peer-as 1001
set routing-instances Tenant-1-LAN-VR protocols bgp 1 group EBGP-AS1001 shutdown false
set routing-instances Tenant-1-LAN-VR protocols bgp 1 group EBGP-AS1001 prefix-limit
set routing-instances Tenant-1-LAN-VR protocols bgp 1 group EBGP-AS1001 prefix-limit action drop
set routing-instances Tenant-1-LAN-VR protocols bgp 1 group EBGP-AS1001 local-address tvi-0/1002.0
set routing-instances Tenant-1-LAN-VR protocols bgp 1 group EBGP-AS1001 neighbor 192.168.254.1 prefix-limit
set routing-instances Tenant-1-LAN-VR protocols bgp 1 group EBGP-AS1001 neighbor 192.168.254.1 prefix-limit action drop
set routing-instances Tenant-1-LAN-VR protocols bgp 1 group EBGP-AS1001 neighbor 192.168.254.1 shutdown false
For more information regarding Versa interoperability with other overlay solutions please consult Versa Networks official documentation.
