Inter-Provider MPLS VPN using the ASBR-to-ASBR approach leverages MP-eBGP between ASBRs to exchange VPNv4 routes across autonomous systems, enabling MPLS VPN traffic across multiple providers without per-VRF configuration on the ASBRs. This is what discuss and demonstarte in this lesson. This concept is discussed and demonstrated in this lesson.
MP-eBGP between ASBRs in Inter-Provider VPN
compare Back-to-Back VRF and ASBR-to-ASBR approaches
In the inter-provider MPLS VPN back-to-back VRF method discussed and demonstrated in the previous lesson, each ASBR had to host a dedicated VRF per customer, along with a sub-interface or physical interface per customer between the two providers. This made the solution functional but highly unscalable.
Back-to-Back VRF (Option A)
CE --- PE --- ASBR_A ASBR_B --- PE --- CE
| VRF-CUST1 <-------> | VRF-CUST1
| VRF-CUST2 <-------> | VRF-CUST2
| VRF-CUST3 <-------> | VRF-CUST3
(subif per VPN) (subif per VPN)
In contrast, the ASBR-to-ASBR inter-provider MPLS VPN method uses MP-eBGP between ASBRs to exchange VPNv4 routes directly across autonomous systems. This removes the need for any per-VPN or per-VRF configuration on the ASBRs, unlike the back-to-back VRF approach where each VPN required its own VRF, route-target configuration, and interface bindings.
With the ASBR-to-ASBR approach, the ASBR does not terminate VRFs; it simply carries labeled VPNv4 routes, enabling the solution to scale across multiple providers. Because the BGP next hop changes at the AS boundary, the ASBR assigns a new VPN label before sending the update via MP-eBGP. The inter-AS link must support labeled packet forwarding, but does not require LDP/TDP or an IGP.
Finally, the command no bgp default route-target filter is required on ASBRs that do not host VRFs, ensuring that they accept incoming VPNv4 routes rather than dropping routes that are not imported into any local VRF.
ASBR-to-ASBR MP-eBGP (Option B)
CE --- PE --- ASBR_A ===== MP-eBGP(VPNv4) ===== ASBR_B --- PE --- CE
(one interface / labeled link)
Inter-Provider VPN: MP-eBGP between ASBRs Configuration Example
This topology shows an Inter-Provider MPLS VPN Option B design, where two autonomous systems (AS1 and AS2) interconnect using MP-eBGP for VPNv4 between their ASBRs (ASBR11 in AS1 and ASBR21 in AS2). Each AS runs its own internal MPLS domain with P and PE routers: PE11 serves customers A1/B1 in AS1, and PE21 serves customers A2/B2 in AS2. Customer sites connect to the PE routers through VRF A and VRF B, which carry the customer prefixes 192.168.1.0/24 and 192.168.2.0/24. The key point is that the ASBRs do not host VRFs, do not perform per-VPN routing, and only act as labeled packet forwarders that exchange VPNv4 routes with labels between the two autonomous systems.
The ASBRs participate in MP-eBGP VPNv4 peering, where each ASBR advertises and receives VPNv4 (RD + RT + label) routes from the other provider. Since the ASBRs do not terminate VRFs, the configuration uses the critical command no bgp default route-target filter so that the ASBRs accept VPNv4 updates even though none of the route-targets match local VRFs. Each ASBR assigns a new VPN label to the routes it re-advertises, because at the AS boundary the BGP next hop changes. The interfaces between ASBR11 and ASBR21 are configured for MPLS BGP forwarding, without LDP/TDP or IGP adjacency, meaning the inter-AS link forwards labeled packets purely based on BGP label information. This is what enables the solution to scale without per-customer interfaces or VRF configurations on the ASBRs.
The traceroute and BGP label tables show that traffic from 192.168.1.0/24 (in AS1) to 192.168.2.0/24 (in AS2) crosses PE11 β P11 β ASBR11 β ASBR21 β P21 β PE21 with consistent VPN labels swapped at the ASBR boundary. For example, ASBR11 receives a VPNv4 route for 192.168.2.0/24 with one label (e.g., 32) from ASBR21 and advertises it into AS1 with its own label (e.g., 34). The traceroute output highlights MPLS labels at each hop, proving that the data-plane is forwarding via label-switching end-to-end, not via VRF routing at ASBRs. The presence of repeated label stacks and successful end-to-end ping confirms that MP-eBGP between ASBRs is correctly distributing VPN labels and that both providers are forwarding packets purely based on MPLS label operations across the inter-AS connection.
Verifying Inter-Provider VPN in ASBR-to-ASBR method
The traceroute outputs clearly confirm that the inter-provider MPLS VPN using the ASBR-to-ASBR MP-eBGP (Option B) method is operating correctly. The end-to-end traceroute from CE-A1 (192.168.1.0/24) to CE-A2 (192.168.2.0/24) shows that the traffic remains label-switched across both autonomous systems. Notably, the labels used between ASBR1 and ASBR2 (label 32 for VRF A and label 34 for VRF B) are the VPN labels advertised by ASBR2 to ASBR1 through MP-eBGPβnot via LDPβwhich is a key characteristic of Option B. The consistent presence of VPN labels throughout the path confirms that both providers are successfully exchanging VPNv4 routes with their associated labels, enabling proper labeled forwarding across the inter-AS boundary. No unlabeled hop appears between ASBRs, proving that label-switched forwarding is fully functional end-to-end.
A1#traceroute 192.168.2.1 source 192.168.1.1 Type escape sequence to abort. Tracing the route to 192.168.2.1 VRF info: (vrf in name/id, vrf out name/id) 1 172.16.11.1 6 msec 5 msec 6 msec 2 10.1.1.1 [MPLS: Labels 19/32 Exp 0] 8 msec 10 msec 6 msec 3 10.1.2.2 [MPLS: Label 32 Exp 0] 2 msec 2 msec 5 msec 4 10.12.1.2 [MPLS: Label 32 Exp 0] 4 msec 1 msec 2 msec 5 10.2.2.1 [MPLS: Labels 19/27 Exp 0] 1 msec 5 msec 4 msec 6 172.16.21.1 [MPLS: Label 27 Exp 0] 6 msec 2 msec 1 msec 7 172.16.21.2 5 msec 2 msec 1 msec
B1#traceroute 192.168.2.1 source 192.168.1.1 Type escape sequence to abort. Tracing the route to 192.168.2.1 VRF info: (vrf in name/id, vrf out name/id) 1 172.16.12.1 6 msec 6 msec 6 msec 2 10.1.1.1 [MPLS: Labels 19/34 Exp 0] 6 msec 6 msec 6 msec 3 10.1.2.2 [MPLS: Label 34 Exp 0] 6 msec 6 msec 2 msec 4 10.12.1.2 [MPLS: Label 34 Exp 0] 1 msec 4 msec 2 msec 5 10.2.2.1 [MPLS: Labels 19/29 Exp 0] 1 msec 6 msec 2 msec 6 172.16.22.1 [MPLS: Label 29 Exp 0] 6 msec 6 msec 2 msec 7 172.16.22.2 15 msec 4 msec 4 msec B1#
ASBR11#show bgp vpnv4 unicast all labels Network Next Hop In label/Out label Route Distinguisher: 1:100 172.16.11.0/24 10.10.1.1 27/26 172.16.21.0/24 10.12.1.2 31/31 192.168.1.0 10.10.1.1 28/27 192.168.2.0 10.12.1.2 32/32 Route Distinguisher: 1:200 172.16.12.0/24 10.10.1.1 29/28 172.16.22.0/24 10.12.1.2 33/33 192.168.1.0 10.10.1.1 30/29 192.168.2.0 10.12.1.2 34/34 ASBR11#
Additionally, the show bgp vpnv4 unicast and show bgp vpnv4 unicast all labels outputs on ASBR11 demonstrate proper import and export of VPN routes for both VRFs (RD 1:100 and 1:200). Routes from AS2βsuch as 192.168.2.0/24, 172.16.21.0/24, and 172.16.22.0/24βare learned via next hop 10.12.1.2 (ASBR21), with corresponding labels assigned symmetrically (e.g., in/out labels 32/32, 31/31). Likewise, AS1 routes are advertised toward AS2 with their own label sets. This confirms that the ASBRs hold full VPNv4 routes without requiring VRFs locallyβa key characteristic of Option Bβwhile still maintaining correct per-VRF label bindings. Together, these routing and forwarding results verify that the inter-provider MPLS VPN is correctly implemented and fully functional using ASBR-to-ASBR MP-eBGP label exchange.
ASBR11#show bgp vpnv4 unicast all BGP table version is 33, local router ID is 10.10.1.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 1:100 *>i 172.16.11.0/24 10.10.1.1 0 100 0 ? *> 172.16.21.0/24 10.12.1.2 0 65002 ? *>i 192.168.1.0 10.10.1.1 0 100 0 ? *> 192.168.2.0 10.12.1.2 0 65002 ? Route Distinguisher: 1:200 *>i 172.16.12.0/24 10.10.1.1 0 100 0 ? *> 172.16.22.0/24 10.12.1.2 0 65002 ? *>i 192.168.1.0 10.10.1.1 0 100 0 ? *> 192.168.2.0 10.12.1.2 0 65002 ? ASBR11##
Inter-Provider MPLS VPN (Option B) β Key Device Configurations
The following configurations illustrate the essential settings required to implement an Inter-Provider MPLS VPN using the ASBR-to-ASBR MP-eBGP (Option B) approach.
## PE11 hostname PE11 ! ip vrf A rd 1:100 route-target export 1:100 route-target import 1:100 ! ip vrf B rd 1:200 route-target export 1:200 route-target import 1:200 ! ip cef ! mpls label protocol ldp ! interface Loopback0 ip address 10.10.1.1 255.255.255.255 ! interface Ethernet0/0 ip address 10.1.1.2 255.255.255.0 mpls ip ! interface Ethernet0/1 ip vrf forwarding A ip address 172.16.11.1 255.255.255.0 ! interface Ethernet0/2 ip vrf forwarding B ip address 172.16.12.1 255.255.255.0 ! router ospf 1 network 10.0.0.0 0.255.255.255 area 0 ! router bgp 65001 bgp log-neighbor-changes redistribute connected redistribute static neighbor 10.10.1.2 remote-as 65001 neighbor 10.10.1.2 update-source Loopback0 ! address-family vpnv4 neighbor 10.10.1.2 activate neighbor 10.10.1.2 send-community both neighbor 10.10.1.2 next-hop-self exit-address-family ! address-family ipv4 vrf A redistribute connected redistribute static exit-address-family ! address-family ipv4 vrf B redistribute connected redistribute static exit-address-family ! ip route vrf A 192.168.1.0 255.255.255.0 Ethernet0/1 172.16.11.2 ip route vrf B 192.168.1.0 255.255.255.0 Ethernet0/2 172.16.12.2
## ASBR11 hostname ASBR11 ! ip cef ! mpls label protocol ldp ! interface Loopback0 ip address 10.10.1.2 255.255.255.255 ! interface Ethernet0/0 ip address 10.1.2.2 255.255.255.0 mpls ip ! interface Ethernet0/1 ip address 10.12.1.1 255.255.255.0 mpls bgp forwarding ! router ospf 1 network 10.0.0.0 0.255.255.255 area 0 ! router bgp 65001 bgp log-neighbor-changes no bgp default route-target filter neighbor 10.10.1.1 remote-as 65001 neighbor 10.10.1.1 update-source Loopback0 neighbor 10.12.1.2 remote-as 65002 neighbor 10.12.1.2 next-hop-self ! address-family vpnv4 neighbor 10.10.1.1 activate neighbor 10.10.1.1 send-community both neighbor 10.10.1.1 next-hop-self neighbor 10.12.1.2 activate neighbor 10.12.1.2 send-community both exit-address-family ! mpls ldp router-id Loopback0
## ASBR21 hostname ASBR21 ! ip cef ! mpls label protocol ldp ! interface Loopback0 ip address 10.10.2.2 255.255.255.255 ! interface Ethernet0/0 ip address 10.2.2.2 255.255.255.0 mpls ip ! interface Ethernet0/1 ip address 10.12.1.2 255.255.255.0 mpls bgp forwarding ! router ospf 1 network 10.0.0.0 0.255.255.255 area 0 ! router bgp 65002 bgp log-neighbor-changes no bgp default route-target filter neighbor 10.10.2.1 remote-as 65002 neighbor 10.10.2.1 update-source Loopback0 neighbor 10.12.1.1 remote-as 65001 ! address-family vpnv4 neighbor 10.10.2.1 activate neighbor 10.10.2.1 send-community both neighbor 10.10.2.1 next-hop-self neighbor 10.12.1.1 activate neighbor 10.12.1.1 send-community both neighbor 10.12.1.1 next-hop-self exit-address-family ! mpls ldp router-id Loopback0
## P11 hostname P11 ! ip cef mpls label protocol ldp ! interface Loopback0 ip address 10.10.1.11 255.255.255.255 ! interface Ethernet0/0 ip address 10.1.1.1 255.255.255.0 mpls ip ! interface Ethernet0/1 ip address 10.1.2.1 255.255.255.0 mpls ip ! router ospf 1 network 10.0.0.0 0.255.255.255 area 0 ! mpls ldp router-id Loopback0