Unbale to configure MPLS VPN in the below scenario

Apr 7th, 2009

Hi Experts,

I tried in my GNS3 lab for configuring MPLS VPN lab with the below attached scenario and configurations.

I am struggling to know what else should be configured on the P/PE /CE devices.

Please refer the attached diagram and configuration .

Request you to suggest with valuable posts to configure MPLS VPN with the below scenario.

Also Can any one confirm me if i can use 7206 vxr router in GNS3 lab along with IOS c7200-jk9s-mz.124-23.bin .

Highly appreciate your earliest response and posts.

Configuration attached for reference.

Thanks in advance!



shivlu jain Tue, 04/07/2009 - 04:26

core backbone links should be configured with

mpls ip

mpls label protcol ldp

same above mentioned commands need to be enabled in global config also

mpls ip

mpls label protcol ldp

mpls ldp advertise-labels

under bgp address familiy of customer enable redistribute connetced and satatic

under Mp-iBGP use loopback as update source

You can refer my blog and find lot of good material http://shivlu.blogspot.com

shivlu jain


shivlu jain


shivlu jain

JamesLuther Tue, 04/07/2009 - 07:06


As shivlu has said, configure the following

(config)# mpls ip

(config)# mpls label protcol ldp

(config-if)# mpls ip

(config-if)# mpls label protcol ldp

Are you running an IGP routing protocol between your backbone routers R3-R6? For the MPLS VPN to work then the loopback IPs of all the backbone routers must be known. ISPs will normally run ISIS in their backbone for this, however you can just configure static routes for GNS3. I see you've already configured the MP-BPG to use update-source loopback which is correct.

Once you've configured the routing for the loopbacks and enabled mpls then it should all start working.

You can check that LDP has created all the VPNV4 labels using the following on R3/R5/R6

sh mpls forwarding-table

You should see the VPNV4 routes with a [V] (on regular IOS) and you should see labels for all the MP-BGP neighbor loopbacks. Also you can see if your exchanging VPNV4 routes by typing the following

sh ip bgp vpnv4 all summary

sh ip bgp vpnv4 rd 1:1

sh ip bgp vpnv4 rd 1:1 x.x.x.x/24

For the code level, I use the "telco" image for GNS3 as it's small and includes MPLS/BGP. As long as it takes the "mpls ip" command you're OK.


mirzaakberali Wed, 04/08/2009 - 03:51

Thanks Shivlu for your posts.

I am still unable to establish MPLS VPN using the below scenario with your above posts.::(.

Can you or somebody go through my configs attached and suggest the missing configurations for MPLS VPN.

I have to setup this task in my organsation.

Highly appreciate your efforts.

Thanks ,Mirza.

JamesLuther Wed, 04/08/2009 - 04:12


Can you please post the output of the following from R3

sh mpls forwarding-table

sh ip bgp vpnv4 all summary

sh ip ro

sh ip ro

sh run int lo0


shivlu jain Wed, 04/08/2009 - 04:16

can you check whether your mpls ldp neighbors is coming up or not.

Command for check:-

show mpls ldp neighbors


shivlu jain

mirzaakberali Thu, 04/09/2009 - 08:49

Hi James/Shivlu & Experts,

Thanks for your continuous follow-up.

Currently my MP-BGP established . I am still confused to configure static routes from where to where & MPLS commands if any missed out.

Attaching you the existing config and show commands for your reference.

I suspect i am missing something on static routes may be.

Highly appreciate your efforts.

Thanks ,


ozzyosbu1 Thu, 04/09/2009 - 23:57


are u running any IGP to ensure the reachability of the IBGP neighbors within AS 101. if not how is the reachability achieved

mirzaakberali Fri, 04/10/2009 - 01:51


I am using Static route on R3/R5/R6 on PE routers and also on R4- P router.

also using redistribute connected on on R3/R5/R6 .

Would you plz go through my previous post which are attached with configurations and let me know if i missed out any or wrongly configured.



JamesLuther Fri, 04/10/2009 - 04:49

Hi Mirza,

Thanks for posting the output. I've spotted a couple of things.

1) Please change all of your loopback addresses to have a /32 subnet mask. I've noticed that one of them is a /24. This can cause problems with LDP.

2) For MP-BGP to come up you must have a route for the peers router-id otherwise LDP won't create a label. On R3 you don't have a route for or .6. If you are using static routes please ensure that all the PE routers (and R4) can route to each others loopback addresses. Otherwise you need to run ISIS in your core.

You can see from "sh ip bgp vpnv4 all summary" that MP-BGP is down because no routes have been exchanged to and .6 (due to no routes).

Also "sh mpls forwarding-table" is only showing locally attached routes, you have no labels for remote subnets


mirzaakberali Fri, 04/10/2009 - 07:27

Hello James,

Thanks for your above Inputs.

Should my static route look likes this?


ip route

ip route

Similarly on R5 & R6.

but still result is same.

Could you plz go through my static routes and eigrp config in the attached.

I am using eigrp on R1/R2/R7/R8 - does it reqd.

Can u suggest wht comand shld i use to see R5& R6 routes from R3 loc.

Sincerely thanking you for your continuous advice.



JamesLuther Fri, 04/10/2009 - 07:36

Hi Mirza,

Your static routes on R3 for example will be

ip route

ip route

On R4 they will be

ip route

ip route

In the core the important thing is to have all the MP-BGP loopbacks present in order to bring up MP-BGP. You also need LDP enabled everywhere.

Normally these routes are distributed via ISIS in a production core. Hopefully this will be enough to get MP-BGP. Once the MP-BGP is up all the routes for each remote vrf should get populated.

Remember to use the following to validate your configurations

sh mpls forwarding-table

sh ip bgp vpnv4 all summary


mirzaakberali Fri, 04/10/2009 - 12:13

Hello James,

Finally my MP-BGP came-up after a long trouble :)

After this , I wanted to know will I be able to ping from to the follwoing .

R3- R5 /R3-R7/R3-R8/R3-R2 .currently i am not able to ping these.

Also currently i am not able to see & from R3 by the below commmand.

R3 :- sh ip bgp

sh ip bgp

shows error as network not in table

where as can see routes of

Can you also check my RIP on R1/R2/R7/R8..does it reqd.I want to ping from R1-R8/R1-R7 ....

I am very delighted to reach at this stage of MPLS with all your & Shivlu support.

Attaching the configurations & output result for reference.



maldin Fri, 04/10/2009 - 13:14

Hi Mirzaak,

I have built your topology and configure basic MPLS VPN by using 3600 routers on the core (r3,r4,r5,r6) and 2600 for the CEs. But since i want to do it very quickly, i did not use any frame relay switch, so all serial are back to back hdlcs.

I use OSPF for core routing.

LDP for mpls labels

For Customer B i run Ospf between them and for customer A one site runs BGP and the other runs eigrp.

This should be a very basic setup.

From your configs, some of the errors have been corrected by others, but i suppose your redistribution was not correct and you do not have next hop self in the vpnv4 neighbors.

i attached here a zip file containing the NET file saved by GNS3 and also all the router final config.

Hope this helps.

It sure helps me practice :)

mirzaakberali Fri, 04/10/2009 - 20:47

Hi Maldin,

Thanks for your Posts and it looks good.

I shall simulate them once i achieve complete Lab for my above scenario.

Attaching my current scenario diagram for you, for which i have used 7206 vxr module for all routers.



mirzaakberali Sat, 04/11/2009 - 04:56

Hi James & Shivlu,

Could you please send your inputs on my previous Post.

Appreciate your efforts on my query.



maldin Sat, 04/11/2009 - 05:46


I build the topology i posted based on your diagram including the IP addresses, except for some loopbacks that were not there.

I also remove the static route in R4. The bgp for vpnv4 only runs on r3, r5 and r6. r4 is a pure P router with no bgp.

i suggest you load the net file i include and see first. There is no use of using 7206 vxr unless you want to try the AToM feature.

With the topology i gave you it should be able to do MPLS Te and also MPLS Multicast.

mirzaakberali Sat, 04/11/2009 - 06:32

Hello Maldin,

Let me for sure try to understand your above posts :), as i was more focused to resolve my existing issue so was concentrating on it.

Can u post some good scenario on MPLS TE..



mirzaakberali Mon, 04/13/2009 - 07:05

Hello James,

I have a got doubt on the above static route configuration :( that why do we need to configure Static route from R3- R5/R6 and vice versa from remaining PE's.

As we already have IBGP configured with a full mesh between PE router.

Can u please expalin to me.

Appreciate your valuable response.



JamesLuther Mon, 04/13/2009 - 08:10

Hello Mirza,

Let me explain generally how an MPLS network is setup. For the routing then normally you will have the following setup.

CE-PE eBGP is configured

PE-PE MP-BGP is configured to distribute customer routes

PE-P-PE ISIS is configure to distribute PE/P loopback addreses to allow the MP-BGP sessions to come up.

The BGP session between each PE router is distributing VPN4 routes NOT routes from the global routing table. ie routes between VRFs

A good book on MPLS is "MPLS fundamentals" or the "MPLS & VPN Architecture" books.



mirzaakberali Tue, 04/14/2009 - 07:49

Hi James,

My Sincere admiration to you for your above all posts.

I have successfully configured (believe so :) ) MPLS- VPN.

Following are my queries at the end of this excercise.

1) Can i ping from R1 to R8 IP.

2) Can i ping R3 to R5 IP's ( if not why)

3) Can i ping from R3 to R8 Interface IP.

4) Is there any way i can get output for the below command ....( by adding some more confiuration)

R3#sh ip route

5) In real scenarion does CustB VRF R1 & R8 /Cust A VRF routers R2 & R7 ping/communicate each other ? If not how packet will reach?

once again great thanks for your great explanation!

attaching my Show results/config /diagrams for your reference.



JamesLuther Tue, 04/14/2009 - 08:16

Hi Mirza,

Well done configuring MPLS VPN !! Here are some answers to your questions

1) Yes, this is because you have reditribute connected. You can also try pinging from the insed interface ie "ping x.x.x.x source fa0/1"

2) Not required for MPLS to work, it depends on your global routing tables on the PE and P routers. If you have all the routes in there then it will work.

3) No. But you can ping from the VRF ie "ping vrf CustB x.x.x.x"

4) This IP is R7 loopback address. This address isn't in the global routing table but should be in VRF CustA, so you can do "sh ip route vrf CustA"

5) In real world this is not that common. However maybe a large company has two MPLS networks ie EMEA and America or ABC-Electronics & ABC-VideoGames. Then you may want to have customers talk to each other. This can be done with the following

ip vrf CustA

rd 100:1

route-target export 1000:1

route-target import 1000:1

route-target export 1000:100

ip vrf CustB

rd 100:2

route-target export 2000:1

route-target import 2000:1

route-target import 1000:100

Where RT 1000:1 is just used for CustA to talk to other CustA sites, similarly for 2000:1 and RT 1000:10 is used to put routes from CustA into CustB. Of course you would need to put some routes back the other way. This will do all routes, however you can also select routes to export with the following

ip vrf CustA

export map EXPORT_MAP


route-map EXPORT_MAP permit 10

match ip address prefix-list exported-routes-list

set extcommunity rt 1000:1


mirzaakberali Tue, 04/14/2009 - 09:20

Hi James,

Query 1 : i tried using extended ping to from R1 keeping sourece as loopback..but unbale to ping

Quer2: Can u plz identify if any thing missing between R3-R4-R5 config part.

Query3: I am unable to ping from R3 using the comand --ping vrf CustB

Query 4 & 5 i am able to completely understand :)

Thanks for the awesome explanations.

Thanks ,



This Discussion