Overview

This solution guide covers the use case of Versa FlexVNF as a gateway between an MPLS network and an SD-WAN network, while serving multiple tenants and their Virtual Routing and Forwarding (VRFs).


Versa FlexVNF gateway has these routing instances configured corresponding to the SD-WAN overlay:

  • Transport virtual routers that correspond to MPLS network and the broadband connections.

  • Control virtual router that runs Multiprotocol EBGP (MP-EBGP) with a session to SD-WAN controller(s). This routing instance is a Multiprotocol Label Switching (MPLS) VPN core instance.

  • A routing instance of the type Virtual Routing and Forwarding (VRF) for the LAN side of the gateway (part of the gateway’s local network). A VRF is associated with a MPLS VPN core instance and imports/exports routes from it.

In the data plane, Versa FlexVNF transmits data packets with MPLS over GRE encapsulation as specified in RFC 4023, as shown in this figure.


Figure 1: Packet Format for BGP/MPLS using GRE Tunneling

 Provider Edge (PE) de-capsulates this data packet, does a route lookup in the VRF’s forwarding table, and transmits the packet towards MPLS core.


The gateway has the following routing instances corresponding to the MPLS network:

  • A virtual router instance that runs MP-EBGP to the MPLS PE. This is configured as the MPLS VPN core instance for all the customer VRFs. A single transport interface in this virtual router is connected to MPLS PE.

  • One VRF that corresponds to each customer is connected to the MPLS network.



In Figure 2, VRF1 and VRF2 are the tenant VRFs. VR-1 is the control virtual router that runs Multiprotocol Extensions for BGP (MPBGP) towards the controller. VR-2 is the broadband transport virtual router. VRF11 and VRF22 are VRFs served by the MPBGP core virtual router VR-3 that is connected to the MPLS network. Routes are internally redistributed between VRF1 and VRF11 and also between VRF2 and VRF22.


Figure 2: Versa SD-WAN Gateway Connectivity for Option AB



Versa FlexVNF is verified to interoperate with a Juniper/Cisco router configured for option AB. 

For each customer VRF, the Versa FlexVNF gateway sends VPN IPv4/IPv6 prefixes to the MPLS PE (configured with option AB) using MP-EBGP. VRF in Versa FlexVNF and the MPLS PE are configured with a matching route target extended community. 

For example, in Juniper PE, option AB is configured by following these steps:

  1. Configure EBGP in the default routing instance towards the SD-WAN gateway with VPN-IPV4 family.
  2. Create tenant VRFs.
  3. Configure vrf-table-label in the VRFs.
  4. Configure MP-IBGP towards all other PEs in the MPLS core.

The MPLS PE installs the routes received from other PEs in the VRF. For all routes, it sends same label to the SD-WAN gateway using MP-EBGP. Similarly, it decodes the routes sent by the gateway and installs them to the tenant VRFs. Then it sends the VPN-IPV4 routes to the other MPLS PEs using the MP-IBGP session.


Redundant Gateways

To support redundancy, configure two or more gateways. One gateway actively forwards data between MPLS and SD-WAN networks. 

This is also achieved by standby gateway(s). 


These methods ensure that the standby gateway is not preferred:

  • Announcing a longer AS path towards MPLS PE.

  • Announcing a worse local preference to the SD-WAN controller on the SD-WAN side.

 If the active gateway fails, a different standby gateway becomes active from the data path perspective.


NOTE: Sample values are specified within parentheses.



Configuring VRFs 

This section explains the steps to configure VRFs logically connected to the SD-WAN control virtual router.


Configuring Virtual Router Details

Follow these steps to configure virtual router details:

  1. Login to Versa Director.
  2. Navigate to Application Context > Configurations and select a gateway.
  3. Navigate to Networking > Virtual Routers > .
    The Configure Virtual Router screen is displayed.

  4. In the Configure Virtual Router screen, do the following:

    • Enter the Instance Name. For example, Tenant1_VRF1.

    • Select Instance Type as Virtual routing forwarding instance.

    • Select MPLS transport routing instance. Here, select the SD-WAN control virtual router instance running MPBGP towards SD-WAN controller. Fo example, Tenant1_Control_VR.

    • Enter the Route Distinguisher for this VRF. For example, 1L:2.
    • Enter VRF Both Target used for route target filtering for this VRF. For example, target:3L:4.


Configuring BGP to Paired TVI peer

Configure a BGP instance.This is requiredfor internal BGP peering to the other end of the paired TVI interface connected to the VRF served by the virtualrouter running MPBGP to MPLS PE (with option AB).

The routes between the VRF served by SD-WANcontrol instance and VRF served by the virtual routerrunning MPBGP to MPLS PE are exchanged usingthis internal BGP session within the appliance.

Follow these steps to configure BGP to paired TVI peer:

  1. Login to Versa Director.
  2. Navigate to Application Context > Configurations and select a gateway.
  3. Navigate to Networking > Virtual Routers > BGP > General.
    The Add BGP Instance screen is displayed.

  4. In the Add BGP Instance screen do the following:

    • Enter a unique BGP Instance ID. For example, 51.

    • Enter the Router ID. For example, 172.18.11.1.

    • Enter a Local AS for the BGP peer. For example, 65183.


Configuring Peer Group

Follow these steps to configure peer group:

  1. Login to Versa Director.
  2. Navigate to Application Context > Configurations and select a gateway.
  3. Navigate to Networking > Virtual Routers > BGP > Peer Group.

  4. Enter a new peer group for BGP peering to the other end of the paired TVI interface. For example, to_Tenan1_lan_vrf.

  5. Set Type as EBGP.


Configuring Neighbors

Follow these steps to configure neighbors:

  1. Login to Versa Director.
  2. Navigate to Application Context > Configurations and select a gateway.
  3. Navigate to Networking > Virtual Routers > BGP > Peer Group > Neighbors.

  4. Click  on the top right corner of the Neighbors section.
  5. Add a neighbor to the peer group. Enter the Peer AS. For example, 65184.
  6. Enter a local address. For example, 10.51.10.2.


Configuring SD-WAN Control Routing Instance

This section provides steps to configure SD-WAN control routing instance.


Configuring Virtual Router Details

Follow these steps to configure virtual router details:

  1. Login to Versa Director.
  2. Navigate to Application Context > Configurations and select a gateway.
  3. Navigate to Networking > Virtual Routers > .
    The Configure Virtual Router screen is displayed.

  4. In the Configure Virtual Router screen, do the following:

    • Enter the Instance Name running the MPBGP for the SD-WAN overlay. For example, Tenant1_Control_VR.

    • Select Instance Type as Virtual routing instance.

    • Add a TVI interface. This is the logical interface over which MPBGP is running.
    • Select the checkbox MPLS VPN Core, as this is the routing-instance that serves as the MPLS VPN core instance for the overlay.
    • Enter the MPLS Local Router Address same as the TVI interface address. For example, 10.11.118.2.


Configuring MPBGP for Overlay in SD-WAN Control Routing Instance

Follow these steps to configure BGPMPBGP for overlay in SD-WAN control routing instance:

  1. Login to Versa Director.
  2. Navigate to Application Context > Configurations and select a gateway.
  3. Navigate to Networking > Virtual Routers > BGP > General.
    The Add BGP Instance screen is displayed.

  4. Enter the Router ID. For example, 10.11.118.2.
    This is a mandatory field.

  5. Enter a Local AS for the overlay MPBGP. For example, 65000.
    This is a mandatory field.


Configuring Peer Group

Follow these steps to configure peer group:

  1. Login to Versa Director.
  2. Navigate to Application Context > Configurations and select a gateway.
  3. Navigate to Networking > Virtual Routers > BGP > Peer Group.

  4. Enter the peer group Name. For example, SD-WAN.
    This is a mandatory field.

  5. Select Type as IBGP. IBGP is used for the overlay MPBGP.

  6. Click and select IPv4 Versa Private and IPv4 Layer 3 VPN Unicast as two families for the instance.


Configuring Neighbors

Follow these steps to configure neighbors:


  1. Login to Versa Director.
  2. Navigate to Application Context > Configurations and select a gateway.
  3. Navigate to Networking > Virtual Routers > BGP > Peer Group > Neighbors.

  4. Click  on the top right corner of the Neighbors section.

  5. Enter the SD-WAN controller Local Address. For example, 10.11.110.2.


Configuring VRF

This section provides steps to configure VRF served by the MPLS virtual router running MPBGP with the MPLS PE.


Configuring Virtual Router Details

Follow these steps to configure virtual router details:

  1. Login to Versa Director.
  2. Navigate to Application Context > Configurations and select a gateway.
  3. Navigate to Networking > Virtual Routers > .
    The Configure Virtual Router screen is displayed.

  4. In the Configure Virtual Router screen, do the following:

    • Enter the Instance Name. For example, PE1_VRF1.

    • Select Instance Type as Virtual routing forwarding instance.

    • Select MPLS transport routing instance. Here, select the control virtual router instance running MPBGP towards MPLS PE. For example, MPLS-PE-Control_VR.
    • Enter the Route Distinguisher for this VRF. For example, 1L:2.
    • Enter VRF Both Target used for route target filtering for this VRF. For example, target:20L:20.


Configuring BGP to Paired TVI Peer



Follow these steps to configure a BGP instance required for internal BGP peering to the other end of the paired TVI interface, connected to the VRF being served by the virtual router running overlay MPBGP.


  1. Login to Versa Director.
  2. Navigate to Application Context > Configurations and select a gateway.
  3. Navigate to Networking > Virtual Routers > BGP > General.
    The Add BGP Instance screen is displayed.

  4. Enter a unique BGP Instance ID. For example, 61.

  5. Enter the Router ID. For example, 10.51.10.2.

  6. Enter a Local AS for the BGP peer. For example, 65184.



Configuring Peer Group

Follow these steps to configure peer group:

  1. Login to Versa Director.
  2. Navigate to Application Context > Configurations and select a gateway.
  3. Navigate to Networking > Virtual Routers > BGP > Peer Group.

  4. Enter the peer group name for BGP peering to the other end of the paired TVI interface. For example, to_Tenan1_lan_vrf.

  5. Select the Type as EBGB.


Configuring Neighbors

Follow these steps to configure neighbors:

  1. Login to Versa Director.
  2. Navigate to Application Context > Configurations and select a gateway.
  3. Navigate to Networking > Virtual Routers > BGP > Peer Group > Neighbors.

  4. Click  on the top right corner of the Neighbors section.

  5. Enter a local address. For example, 10.51.10.1.

  6. Enter a peer AS. For example, 65183.


Configuring Control Routing Instance for MPLS PE Connectivity

This section provides steps to configure control routing instance for MPLS PE connectivity.


Configuring Virtual Router Details

Follow these steps to configure virtual router details:

  1. Login to Versa Director.
  2. Navigate to Application Context > Configurations and select a gateway.
  3. Navigate to Networking > Virtual Routers > .
    The Configure Virtual Router screen is displayed.

  4. In the Configure Virtual Router screen, do the following:

    • Add a new routing instance name that runs the MPBGP to the MPLS PE. For example, MPLS-PE-Control_VR.

    • Select Instance Type as Virtual routing instance.

    • Add a TVI interface, the logical interface over which MPBGP runs. For example, tvi-0/100.0.

    • Select the MPLS VPN Core checkbox. This is the routing-instance that serves as the MPLS VPN core instance for connection to MPLS PE.

    • Enter the MPLS Local router address same as the TVI interface address. For example, 10.11.118.2.

    • Select the Create dynamic GRE tunnels checkbox. This enables the appliance to automatically establish GRE tunnels to the loopback of the MPLS PE when the appliance establishes the BGP session to MPLS PE, and receives L3VPN routes from the MPLS PE.



Configuring MPBGP

Follow these steps to configure MPBGP to MPLS PE:

  1. Login to Versa Director.
  2. Navigate to Application Context > Configurations and select a gateway.
  3. Navigate to Networking > Virtual Routers > BGP > General.
    The Add BGP Instance screen is displayed.

  4. Enter the Router ID. For example, 10.10.10,5.

  5. Enter a Local AS for the overlay MPBGP. For example, 65200.


Configuring Peer Group

Follow these steps to configure peer group:

  1. Login to Versa Director.
  2. Navigate to Application Context > Configurations and select a gateway.
  3. Navigate to Networking > Virtual Routers > BGP > Peer Group.

  4. Enter the peer group name. For example, SD-WAN.

  5. Select the Type as EBGB.

  6. In Family, clickand select IPv4 Layer 3 VPN Unicast. This is because the appliance needs to send L3VPN routes to the MPLS PE, which is running the option AB.


Configuring Neighbors

Follow these steps to configure neighbors:

  1. Login to Versa Director.
  2. Navigate to Application Context > Configurations and select a gateway.
  3. Navigate to Networking > Virtual Routers > BGP > Peer Group > Neighbors.

  4. Click  on the top right corner of the Neighbors section.

  5. Enter the MPLS PE’s loopback address as the neighbor. For example, 10.10.10.1.
  6. Enter a local address. For example, 10.10.10.5.
    This needs to be the IP address of the TVI interface address.

  7. Enter a peer AS. For example, 65100.