Configure MPLS VPN on Ethernet VLAN interfaces

Answered Question
Jun 15th, 2008

I created Ethernet subinterfaces with VLAN and isl/dot1q

encapsulation.

then i tried Applying VRF (part of MPLS VPN) to it, and it worked

without giving error.

But I believe, VPN isnt supported on VLAN interfaces.. it doesnt make

sense to have L3 tunneling inside L2.

I dont know if this configuration works in real, but it is accpeted by

cisco CLI.

Any ideas?

I have this problem too.
0 votes
Correct Answer by n.nandrekar about 8 years 5 months ago

Hi!

Yes. It will work perfectly fine. Just 1 thing to remember. Configuring vlan on the subinterface is not the same as configuring vlan on a switchport. A subinterface is still an L3 interface and the vlan tag is just used to distinguish traffic on 1 subinterface from another subinterface. So a subinterface with Vlan encap will work the same as a pure L3 interface. Vlan encap is mandatory for a subinterface. Also you would have to configure ip address on the subinterface to make the vrf useful.

If you configure vlan on a switchport (eg access / trunk) then it is a L2 interface and VRF doesnt make sense on it and is not supported.

Hope this makes things clear.

Regards,

Niranjan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
n.nandrekar Sun, 06/15/2008 - 09:16

Hi Tarandeep!

When you are creating Ethernet Sub-interfaces with encapsulation dot1.Q, The yare not actually vlan interfaces. Vlan is just used to multiplex/de-multiples the traffic. The incoming traffic comes with a vlan and that identified the subinterface that should support it. So these subinterfaces are still L3 interfaces and NOT L2!!!!!!!!

Second thing is that it is absolutely right configuration. VRFs are supported on subinterfaces. This is especially useful when you want to support multiple customers on the same subinterface. This is a common scenario wherein the SP cannot extend the mpls core till the customers. As MPLS enabled devices are costlier, it makes sense to limit the mpls to aggrigation routers. Then a lower end router (U-PE / user facing PE). This device connects multiple customers to the n-PE (network facing PE) on which MPLS is running. The U-PE is not MPLS capable but extends the vrf towards the customer by usinf VRF-LITE or (multi-VRF-CE) .

http://www.cisco.com/warp/public/cc/pd/rt/2600/prodlit/1575_pp.pdf

Above is the link for more info on MULTI-VRF-CE (VRF-LITE)

Also MPLS/VRF can be enabled on any L3 interface including SVI (if supported on the router). Remember - Switchport interfaces only are L2 interfaces. Subinterfaces, SVI (interface vlan 20 etc) are all L3 interfaces as you can give an IP address on those interfaces.

Hope your doubts are cleared.

Regards,

Niranjan

(please rate helpful posts)

tarandeep Sun, 06/15/2008 - 10:03

ok, lets make it simple, i configure VLAN on ethernet subinterfaces.

now i configure VRF (mpls vpn) on a particular interface, will it work as expected ?

Correct Answer
n.nandrekar Sun, 06/15/2008 - 11:17

Hi!

Yes. It will work perfectly fine. Just 1 thing to remember. Configuring vlan on the subinterface is not the same as configuring vlan on a switchport. A subinterface is still an L3 interface and the vlan tag is just used to distinguish traffic on 1 subinterface from another subinterface. So a subinterface with Vlan encap will work the same as a pure L3 interface. Vlan encap is mandatory for a subinterface. Also you would have to configure ip address on the subinterface to make the vrf useful.

If you configure vlan on a switchport (eg access / trunk) then it is a L2 interface and VRF doesnt make sense on it and is not supported.

Hope this makes things clear.

Regards,

Niranjan

n.nandrekar Sun, 06/15/2008 - 20:28

Hi!

Can you mark the issue solved if it has? Or please revert if you still have doubts on the same.

regards,

Niranjan

Actions

This Discussion