Nagendra is a customer support engineer in the Cisco High Touch Technical Support center in Bangalore, India, supporting Cisco's major service provider customers in routing and MPLS technologies. His areas of expertise include routing, switching, MPLS, and multicast. Previously at Cisco he worked as a technical marketing engineer for ISR platforms. He has been in the networking industry for 8 years and holds CCIE certification (#20987) in the Routing & Switching and Service Provider tracks
The related Ask The Expert sessions is available here Introduction to MPLS VPN. Click the Snapshots to view the Complete Recording of this live Webcast. You can download the pdf format of the presentation from
Introduction to MPLS VPN
Q. How is MPLS VPN different/similar toGPLS?
A. GPLS is more about L1 and MPLS VPN is L3
Q. What is the role of MPLS?
A. MPLS is required to be running in the Service Provider’s core network before we can use MPLS VPN.
Q. What is the role of service provider in L2VPN?
A.Service Provider ensures that L2 is bridged over L3 network using MPLS. Basically, L2 encapsulation over MPLS network is done by Service Provider.
Q. What is the requirement for services to be vrf aware)?
A. The services like DHCP, NAT on PE router has to be VRF aware, the CE device does not need to be VRF aware. So, this will be transparent for the customer.
Q. How do we communicate between Vrfs?
A. This is done by importing RT in the VRF. So, we can communicate between VRFs if correct RTs are imported.
Q. While communicating between Vrfs, how do we eliminate looping?
A. Unless we have alternate paths, routing loop is not a problem.
Q. How does RT differs from RD?
A. RD is per VRF and RT is per VPN across the network.
Q. Can same RD be assigned to different customers?
A. Yes, however it can create issues if same IPs and RDs are used as then there VPNv4 prefixes will be same and can cause issues.
Q. Can we do selective import from one VRF to another?
A. Yes, using import-map.
Q. How does MPLS VPN supports IPv6 or, does it support IPv6?
A. Yes, MPLS does support IPv6. With 6PE and 6VCE MPLS VPN cab run IPv6 and IPv6 prefixes can be exchanged over BGP as core is running LSP and does not look at L3 information.
Q. What does P router's routing table contain?
A. P router only has global/IGP routing table for the service provider. While PE router will have customer’s routing table and global routing table as PE only runs MPBGP.
Q. Is SSH Vrf aware?
A. Yes, but it depends on software.
Q. While running an IGP like OSPF on PE-CE interface, does CE need to run BGP at all?
A. PE-CE IGP can be different from what is run on CE (as customer’s IGP). We may have to redistribute routes between them to have complete connectivity.
Q. Can we use Multicast over MPLS network?
A. Yes, using Label Switch Multicast (LSM).
Q. What is the significance of numeric keyword in traceroute command?
A. Numeric keyword suppresses name lookup and hence we get faster results.
Q. Which IGP is generally used in MPLS core?
A. OSPF & IGP are used generally as they are vendor independent. Though EIGRP can also be used.
Q. How LSR chooses which path to use if there are two labels for same prefix: 10.1.1.0/24 and 10.1.1.1/32?
A. Same rule applies as in routing table, longest matched prefix is chosen.
Q. How does VPLS different from MPLS VPN?
A. VPLS runs on top of MPLS core. MPLS VPN can be L3 VPN or L2 VPN- wrapped inside MPLS.
Q. Why there is no cecksum field in MPLS header?
A. MPLS labe comes between L2 and L3 header and as they both perform CRC check, checksum is not required.
Q. Why there is TTL field in MPLS header?
A. TTL is to avoid looping in MPLS network.
Q. What is LSP?
A. LSP is label switched path, path between two PE routers.
Q. What is the difference between L2 and L3 VPN?
A. In L2 VPN, Service provider does not get involve in routing, routing relationship is between customer sites. Example- Frame relay DLCI and ATM VC.
Q. How to hide MPLS label details while tracing ?
A.By using no mpls ip propagate-ttl command.
Q. If we want to configure hub and spoke for a single customer, how to configure RT?
A. For hub and spoke, if hub only is required to speak to spokes not spokes to spokes, the one RT for hub and one for spoke is used. Hub will import spoke RT and spoke will import hub RT.
Q. I see in your presentation setup that you create a 'router ospf 100 vrf one' process. With multiple VRF's does this suggest that an ospf process for each vrf needs to be created?
A. Yes, there will be a separate ospf process created for every vrf. Although you can create different process for the same vrf but for each different vrf, you cannot use the same ospf process. As you already know that the vrf routing table is different from the global routing table, so its always needed that separate processes be maintained for each routing table.
Q. Suppose there are two customer VPN sites that are inter-connected with:
1. direct slow backup T1 link, and
2. primary DS3 MPLS
The goal is to have traffic route through the primary MPLS circuits. If the two VPN sites run OSPF between each other, we can create a sham-link between the PE's and force traffic to go through MPLS. What if the IGP between the two sites is EIGRP? Is there an equivalence of OSPF's sham-link?
A. With EIGRP as PE-CE protocol, considering below 2 points as part of designing will help achieve your goal,
1. Having same EIGRP AS number on all PE devices for that VRF customer.
2. Manipulate BW/Delay parameters.
When a PE device redistribute vrf aware EIGRP into BGP, AS # will be carried as part of extended community in BGP Update to remote PE devices. Any remote PE device while redistributing BGP back into vrf aware EIGRP, will check if the AS # received in BGP Update and the EIGRP AS# to which this update is redistributed and see if they are same. If they are same, it will be advertised as Internal else will be advertised as external.
Once it is Internal, CE devices will decide the estpath based on lowest metric. So by manipulating the metric ( bya working on BW and or delay), your goal can be achieved.
Below is link which describes the extended community to carry EIGRP parameters, http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/fteipece.html
Q. MPLS VPN and vrf is it the similar? How you go about performing multicasting to Vrf?
A. VRF is one of the key element that helps provide MPLS VPN service. VRF is VPN Routing and Forwarding instance which will build its own RIB and FIB table. By having each VPN customer associated to different VRF, privacy is acheived between customers.
Regarding multicast for VRF customers, current implementation is not label switched. Instead, multicast will be enabled on SP core with different group for each vpn customer. PE device on receiving any customer multicast traffic will encapsulate using GRE with destination address as multicast group for corresponding VRF customer and send across to other PE devices.
Below is the link to get more details about MVPN,
Q. i use MPLS VPN in my network and will like to ask you the best practice in configuring route leaking. we use prefix and route map and then export the route map in the corresponding VRF. what's the best way you will recommend for us.
A. Current prefered way of Inter-VRF leaking in a controlled manner is to use export map and import map. This is also a scalable solution and so my understanding is you dont need any changes until you face any issue with this solution.
Q. One of our enterprise customer like to convert IPv4 to MPLS as their enterprise core. What is best pratice / method to migrate? One big migration or phase by phase? Also what is default Qos setting for MPLS and Is default setting is enough to preserve EF and call signal during MPLS core transit...
A. Actually MPLS is used by service providers but in case of enterprise want to use MPLS, they can use the vrf lite or if they are getting the connectivity from SP, in that case the migration is very easy because no need to change in enterprise.
The things which you need to understand is below mentioned:-
1. Which routing protcol you would like to run with SP?
2. Exiting IGP?
4. For QOS you need to ask your SP and they will provide you the class details and mapping
Q. In ldp header ,there is a string call ldp identifier take 48 bit, it compose 32bit ip add and 16bit amount of label (i think that the number ldp can advertise is 2^16 ). But, in mpls header ,the lable range is 2^20-16.is there any collision?
A. LDP Identifier (48 bits) comprises of 32 bit "LDP Router ID" and 16 bits of "label space". It is not the filed where actual label will be advertised, but to inform neighbors about what label space the local LDP router is going to use. Is it per-interface space or per-platform space.
Actual label will be advertised in Label TLV which is of size 32 bits.
1. How do we monitor MPLS performance using Netflow?