cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10084
Views
12
Helpful
27
Replies

ASK THE EXPERT : Introduction to MPLS VPN

ciscomoderator
Community Manager
Community Manager

Read the bioWith Nagendra Kumar

Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to get an update on MPLS VPN from Cisco subject matter expert Nagendra Kumar. During the event you can ask questions on the common terminology, configuration, and best practices in setting up MPLS VPN networks. Nagendra is a customer support engineer in the Cisco High Touch Technical Support center in Bangalore, India, supporting Cisco's major service provider customers in routing and MPLS technologies. His areas of expertise include routing, switching, MPLS, and multicast. Previously at Cisco he worked as a technical marketing engineer for ISR platforms. He has been in the networking industry for 8 years and holds CCIE certification (#20987) in the Routing & Switching and Service Provider tracks.

Remember to use the rating system to let Nagendra know if you have received an adequate response.

You can also review the Live Webcast Video by Nagendra who gave the presentation.

Nagendra might not be able to answer each question due to the volume expected  during this event. Remember that you can continue the conversation on  the the Service Provider discussion forum shortly after the event. This event lasts through August 26, 2011. Visit this forum often to view responses to your questions and the questions of other community members.

27 Replies 27

mike prescher
Level 1
Level 1

Very good presentation. Thanks.

I have 2 follow-up questions:

1)  I see in your presentation setup that you create a 'router ospf 100 vrf one' process. With multiple VRF's does this suggest that an ospf process for each vrf needs to be created?

2)  I have previously deployed private MPLS architecture such that the CE and PE functions resided on the same router. In this case I had been configuring BGP with 'Address-Fam ipv4 vrf x'  and under that, redistributing only connected routes.

If all CE interfaces are directly connected SVI interfaces with VRF memberships applied, then is it correct to assume that I would NOT need 'redistribute ospf process vrf x' under 'address-fam ipv4 vrf one'?

(And if I'm thinking about this correctly, this arrangement also eliminate the need for a dedicated 'router ospf 100 vrf x' process. I'd just have loopbacks and P-facing interfaces in a global OSPF process table.)

------ EXAMPLE --------------

router ospf 65001

redistribute connected

passive-interface default

no passive-interface GigabitEthernet0/1

network 10.129.1.4 0.0.0.1 area 132

network 10.129.129.12 0.0.0.0 area 132

network 10.132.40.0 0.0.0.255 area 132

!

router bgp 65001

neighbor 10.129.129.5 remote-as 65001

neighbor 10.129.129.5 description P Router

!

address-family ipv4

  no synchronization

  network 10.129.129.12 mask 255.255.255.255

  redistribute connected

  redistribute static

  neighbor 10.129.129.5 activate

  neighbor 10.129.129.5 send-community both

  neighbor 10.129.129.5 send-label

  no auto-summary

exit-address-family

!

address-family vpnv4

  neighbor 10.129.129.5 activate

  neighbor 10.129.129.5 send-community both

exit-address-family

!

address-family ipv4 vrf x

  no synchronization

  redistribute connected

exit-address-family

!

address-family ipv4 vrf y

  no synchronization

  redistribute connected

exit-address-family

!

address-family ipv4 vrf z

  no synchronization

  redistribute connected

exit-address-family

Hello Mike

Here is a reply to few of your queries.

1) Yes, there will be a seperate ospf process created for every vrf. Altough you can create different process for the same vrf but for each different vrf, you cannot use the same ospf process. As you already know that the vrf routing table is different from the global routing table, so its always needed that seperate processes be maintained for each routing table.

2) For your second query, If the devices are connected via SVI, i dont think you need to redistribute the ospf process and also i dont think you will be running any ospf process for the SVI connected interfaces.

Hope this answers your query..:)

Thanks
--Vinit

huangedmc
Level 3
Level 3

I have a question about path manipulation between a backup link and main MPLS circuit.

Suppose there are two customer VPN sites that are inter-connected with:

1. direct slow backup T1 link, and

2. primary DS3 MPLS

The goal is to have traffic route through the primary MPLS circuits.

If the two VPN sites run OSPF between each other, we can create a sham-link between the PE's and force traffic to go through MPLS.

What if the IGP between the two sites is EIGRP?

Is there an equivalence of OSPF's sham-link?

Hi huangedmc,

With EIGRP as PE-CE protocol, considering below 2 points as part of designing will help achieve your goal,

1. Having same EIGRP AS number on all PE devices for that VRF customer.

2. Manipulate BW/Delay parameters.

When a PE device redistribute vrf aware EIGRP into BGP, AS # will be carried as part of extended community in BGP Update to remote PE devices. Any remote PE device while redistributing BGP back into vrf aware EIGRP, will check if the AS # received in BGP Update and the EIGRP AS# to which this update is redistributed and see if they are same. If they are same, it will be advertised as Internal else will be advertised as external.

Once it is Internal, CE devices will decide the estpath based on lowest metric. So by manipulating the metric ( bya working on BW and or delay), your goal can be achieved.

Below is link which describes the extended community to carry EIGRP parameters,

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/fteipece.html

HTH,

Nagendra

Hi Nagendra

My question concerns supporting IPv6 over MPLS VPN.

I was reading the 2007 MPLS Fundamentals Guide by Luc De Ghein from Cisco Press on this topic.

It states that the only supported PE-CE IPv6 routing protocols were eBGP and static IPv6 routes.

Are other routing protocols such EIGRP IPv6 supported now?

If not are there any other options for supporting EIGRP IPv6 and VRF over MPLS on PE-CE's?

Thanks

Sean

Hi Sean,

Currently support for EIGRPv6 and OSPFv3 as PE-CE is not available with IOS and we have to use eBGP or static routes.

HTH,

Nagendra

Hi Nagendra,

+5, Thanks for your help. I have a follow question if I may.

I was reading a blog post on 6VPE that stated LDP does not support IPv6 prefixes.

Can you confirm is this is correct?

Thanks

Sean

Hi Sean,

Currently LDP cannot be used as signalling protocol for label allocation/advertisement. That is why MPLS VPN for IPv6 customer is still provided over IPv4 core (6VPE) and not yet migrated the core to IPv6

HTH,

Nagendra

lee_jia_en
Level 1
Level 1

Hi Nagendra,

MPLS VPN and vrf is it the similar? How you go about performing multicasting to Vrf?

Thank you.

Hi Lee,

VRF is one of the key element that helps provide MPLS VPN service. VRF is VPN Routing and Forwarding instance which will build its own RIB and FIB table. By having each VPN customer associated to different VRF, privacy is acheived between customers.

Regarding multicast for VRF customers, current implementation is not label switched. Instead, multicast will be enabled on SP core with different group for each vpn customer. PE device on receiving any customer multicast traffic  will encapsulate using GRE with destination address as multicast group for corresponding VRF customer and send across to other PE devices.

Below is the link to get more details about MVPN,

http://www.cisco.com/en/US/tech/tk828/technologies_white_paper09186a00800a3db6.shtml

http://www.cisco.com/en/US/tech/tk436/tk428/technologies_configuration_example09186a0080242aa8.shtml

HTH,

Nagendra

mike prescher
Level 1
Level 1

Question - this is a pretty good presentation - can I share it within my company?

Thanks,

m.

Hi Mike,

Thanks for the comment on the presentation. Sure, you can share the presentation within your company. The video recording of the preso will be available soon if in case you are interested.

Thanks,

Nagedra

Paa-kwasi
Level 1
Level 1

hi Nagendra Kumar

i use MPLS VPN in my network and will like to ask you the best practice  in configuring route leaking. we use prefix and route map and then  export the route map in the corresponding VRF. what's the best way you  will recommend for us.

Many thanks

Hi Fred,

Current preffered way of Inter-VRF leaking in a controlled manner is to use export map and import map. This is also a scalabale solution and so my understandig is you dont need any changes until you face any issue with this solution.

HTH,

Nagendra

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: