|
|
This document describes the MPLS VPN ID feature and includes the following sections:
Using Multiprotocol Label Switching (MPLS) VPN ID you can identify virtual private networks (VPNs) by a VPN identification number, as described in RFC 2685. This implementation of the MPLS VPN ID feature is used for identifying a VPN. The MPLS VPN ID feature is not used to control the distribution of routing information or to associate IP addresses with MPLS VPN ID numbers in routing updates.
Multiple VPNs can be configured in a router. You can use a VPN name (a unique ASCII string) to reference a specific VPN configured in the router. Alternately, you can use a VPN ID to identify a particular VPN in the router. The VPN ID follows a standard specification (RFC 2685). To ensure that the VPN has a consistent VPN ID, assign the same VPN ID to all the routers in the service provider network that services that VPN.
You can use several applications to manage VPNs by VPN ID. For more details on how server applications use the VPN ID, refer to the "Benefits" section.
 |
Note Configuration of a VPN ID for a VPN is optional. You can still use a VPN name to identify configured VPNs in the router. The VPN name is not affected by the VPN ID configuration. These are two independent mechanisms to identify VPNs. |
For each VPN that is configured in a router, the router creates a VRF instance. The VPN ID is stored in the corresponding VRF structure for the VPN.
The VRF table is a key element in the MPLS VPN technology. VRF tables exist on provider edge (PE) routers only. More than one VRF table can exist on a PE router. A VPN can contain one or more VRF tables on a PE router.
A VRF contains the routing information that defines the customer VPN site that is attached to a PE router. A VRF consists of the following elements:
An IP routing table and the CEF table store packet forwarding information for each VRF. Another routing table and CEF table for each VRF prevent information from being forwarded outside a VPN and prevent packets that are outside a VPN from being forwarded to a router within the VPN.
Each VPN ID defined by RFC 2685 consists of the following elements:
The IEEE Registration Authority assigns OUIs to any company that manufactures components under the ISO/IEC 8802 standard. The OUI is used to generate universal LAN MAC addresses and protocol identifiers for use in local and metropolitan area network applications. For example, an OUI for Cisco Systems is 00-03-6B (hex).
Use the vpn id command and specify the VPN ID in the following format:
A colon separates the OUI from the VPN index. See the vpn id command reference page for more information.
Using DHCP network administrators can centrally manage and automate the assignment of IP addresses in an organization's network. The DHCP application uses the VPN ID as follows:
Step 2 The PE router determines the VPN ID associated with that interface.
Step 3 The PE router sends a request with the VPN ID and other information for assigning an IP address to the DHCP server.
Step 4 The DHCP server uses the VPN ID and IP address information to process the request.
Step 5 The DHCP server sends a response back to the PE router, allowing the VPN DHCP client access to the VPN.
A Remote Authentication Dial-In User Service (RADIUS) server (or daemon) provides authentication and accounting services to one or more client network access servers (NASs). RADIUS servers authenticate users and return all configuration information necessary for the client to deliver service to the users.
Typically, a user login consists of a query (Access-Request) from the NAS to the RADIUS server and a corresponding response (Access-Accept or Access-Reject) from the server.
The MPLS VPN ID feature provides the following benefits:
The MPLS VPN ID feature has the following restrictions:
The following documents provide more information about the MPLS VPN ID feature:
The list of public OUI assignments:
http://standards.ieee.org/regauth/oui/oui.txt
This feature is supported on the following platforms:
Cisco IOS software is packaged in feature sets that support specific platforms. To get updated information regarding platform support for this feature, access Feature Navigator. Feature Navigator dynamically updates the list of supported platforms as new platform support is added for the feature.
Feature Navigator is a web-based tool that enables you to quickly determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image.
To access Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions at http://www.cisco.com/register .
Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Feature Navigator home page at the following URL:
No new or modified MIBs are supported by this feature.
To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
Each VRF configured on a PE router can have a VPN ID configured. Configure all the PE routers that belong to the same VPN with the same VPN ID. Make sure the VPN ID is unique to the Service Provider network.
See the following sections for configuration tasks for the MPLS VPN ID feature. Each task in the list is identified as either optional or required.
To specify a VPN ID on a PE router, perform the following steps beginning in global configuration mode:
| Command | Purpose | |
|---|---|---|
| Step 1 | Creates a VRF routing table and a CEF forwarding table and enters VRF configuration mode. |
|
| Step 2 |
To display information about the VRF tables on the PE router, use the show ip vrf command. This example displays three VRF tables called "vpn1", "vpn2", and "vpn5".
To ensure that the PE router contains the VPN ID you specified, issue the show ip vrf id command. The following example shows that only VRF tables "vpn1" and "vpn2" have VPN IDs assigned. The VRF table called "vpn5" is not displayed, because it does not have a VPN ID.
This command displays all the VPN IDs that are configured on the router, their associated VRF names, and VRF route distinguishers (RDs). If a VRF table in the PE router has not been assigned a VPN ID, that VRF entry is not included in the output. See the show ip vrf command reference page for more information.
To see all the VRFs on a PE router, issue the show ip vrf detail command:
This section provides the following example of configuring a VPN ID:
The following example updates the VPN ID assigned to the VRF table called "vpn1":
This section documents modified commands. All other commands used with this feature are documented in the Cisco IOS Release 12.2 command reference publications.
To display the set of defined VRFs and associated interfaces, use the show ip vrf command in privileged EXEC mode.
Syntax Description
When no optional parameters are specified, the command shows concise information about all configured VRFs.
Command Modes
Command History
Usage Guidelines
Use this command to display information about VRFs. Two levels of detail are available; use the brief keyword or no keyword to display concise information, or use the detail keyword to display all information. To display information about all interfaces bound to a particular VRF, or to any VRF, use the interfaces keyword. To display information about VPN IDs assigned to a PE router, use the id keyword.
Examples
This example shows brief information for the VRFs currently configured:
Table 1 describes the fields shown in this example.
This example shows detailed information for the VRF called vrf1:
Table 2 describes the significant fields shown in the output.
This example shows the interfaces bound to a particular VRF:
Table 3 describes the significant fields shown in the output.
| Field | Description |
Displays the state of the protocol (up or down) for each VRF interface. |
This example displays all the VPN IDs that are configured in the router and their associated VRF names and VRF route distinguishers (RDs).
Table 4 describes the significant fields shown in the output.
Related Commands
| Command | Description |
|---|---|
To set or update a VPN ID on a VRF, use the vpn id command in VRF configuration mode. To remove the VPN ID from the VRF, use the no form of this command. To change the VPN ID, issue the command again. The new ID overwrites the old one.
Syntax Description
Defaults
By default, the VPN ID is not set.
Command Modes
Command History
| Release | Modification |
|---|---|
This command was integrated into Cisco IOS Release 12.2(4)B. |
|
This command was integrated into Cisco IOS Release 12.2(8)T. |
Usage Guidelines
Each VRF configured in a PE router can have a VPN ID. Use the same VPN ID for the PE routers that belong to the same VPN. Make sure the VPN ID is unique for each VPN in the Service Provider network.
Examples
In the following example, the VPN ID of 0000a100003f6c is assigned to a VRF called "vpn1":
Related Commands
Posted: Wed Jan 15 10:13:27 PST 2003
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.