Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Ask the Expert: Understanding MPLS L3VPN: concepts, terminology, control and data plane call flow

Read the bioWith Vivek Ruhil

Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about MPLS L3VPN: concepts, terminology, control and data plane call flow with Cisco expert Vivek Ruhil.

MPLS Layer 3 VPNs use a peer-to-peer model that uses Border Gateway Protocol (BGP) to distribute VPN-related information. This highly scalable, peer-to-peer model allows enterprise subscribers to outsource routing information to service providers, resulting in significant cost savings and a reduction in operational complexity for enterprises. Service providers can then offer value-added services like Quality of Service (QoS) and Traffic Engineering, allowing network convergence that encompasses voice, video, and data.

Vivek Ruhil is a network consulting engineer who is currently serving as the Cisco consultant for Bharti. He has previously worked as a network consultant for planning, design, and implementation of service provider networks and has experience with projects ranging from VPNs (L3, L2, 6vPE) to multicast services. He has been associated with the networking industry for almost 10 years. He holds a bachelor of technology degree as well as CCDP and CCIP certifications.

Remember to use the rating system to let Vivek know if you have received an adequate response.

Vivek might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Service Provider sub-community discussion forum MPLS shortly after the event.


This event lasts through July 26, 2013. Visit this forum often to view responses to your questions and the questions of other community members.

33 REPLIES
New Member

Ask the Expert: Understanding MPLS L3VPN: concepts, terminology,

Hi Vivek,

Could you please guide me to know all the steps which are needed to configure L3VPN , L2VPN and VPLS services. Also any document which can guide all the available option which can go with each command mentioned in above steps.

Thank you in advance

Cisco Employee

Ask the Expert: Understanding MPLS L3VPN: concepts, terminology,

Hi Ayush

In order to configure a L3VPN, below are the steps:

1. Configure a VRF, you will have to set an RD(Route Distinguisher), RT(Route Target).

     ip vrf test

       rd 1:1 <<<< Unless an RD is specified, the Cisco router doesn't activate the VRF.

       route-target import 1:1 >>> You can have multiple such statements

       route-target export 1:1 >>> You can have multiple such statements

2. Attach the VRF to a customer interface

     interface Gi0/1.10

      ip vrf forwarding test

      ip address

3. Configure Routing for Customer

       router bgp

       address-family ipv4 vrf test

       neighbor statements

     In case, the customer wants to use some other routing protocol, then after the customer choosen protocol is configured redistribute that protocol in BGP

     router bgp

       address-family ipv4 vrf test

       redistribution statement

And that's it you are ready to offer L3VPN services to customers, ofcourse the infra has to be ready. Infra include, IGP, MPLS, MP-BGP.

For further information you can check the below link:

http://www.cisco.com/en/US/docs/routers/crs/software/crs_r4.1/lxvpn/configuration/guide/vc41v3.pdf

Goto "Connecting MPLS VPN Customers" Section.

For L2VPN and VPLS, since they are not part of this discussion scope I can point you to the link where the configuration for them is shared, please refer to the below link:

http://www.cisco.com/en/US/docs/ios-xml/ios/mp_l2_vpns/configuration/xe-3s/mp-l2-vpns-xe-3s-book.html

Do let me know if you need anything else.

Thanks

Vivek

New Member

Ask the Expert: Understanding MPLS L3VPN: concepts, terminology,

Hi Vivek,

Thank you very much for your help.

Could you please also let me know the SNMP MIBs (Cisco or Standard) which can provide me the details for L3VPN, L2VPN and VPLS configured in Cisco Routers (PE and P)

If I can get any sample output, it will be great.

Regards,

Ayush

Cisco Employee

Ask the Expert: Understanding MPLS L3VPN: concepts, terminology,

Hi Ayush

These are standard technologies deployed now a days and almost all of the NMS platforms support basic MIBs.

You can view a list of MIBs per platform from the below link:

http://www.oidview.com/mibs/9/CISCO-PRODUCTS-MIB.html

I like this one as this can give you all MIBs per IOS, per platform, per feature set:

http://tools.cisco.com/ITDIT/MIBS/MainServlet?ReleaseSel=3985&PlatformSel=45&fsSel=0

Thanks.

New Member

Ask the Expert: Understanding MPLS L3VPN: concepts, terminology,

In your L3VPN configuration example above, under the BGP part, you don't show any address-family vpnv4 statements.  When is it required to have an address-family vpnv4 configured under BGP?

Cisco Employee

Ask the Expert: Understanding MPLS L3VPN: concepts, terminology,

Hi

In my reply above I pasted the steps to create a  L3vpn and stated that "ofcourse the infra has to be ready. Infra include, IGP, MPLS, MP-BGP."

To answer your next question, for L3VPN to work, below are the mandatory configurations

1. IGP (OSPF or ISIS) should be setup and working

2. MPLS

3. MP-BGP

After these basic infrastructure is ready, you can go ahead and start configuring L3 or L2 vpns.

Cisco Employee

Ask the Expert: Understanding MPLS L3VPN: concepts, terminology,

All

I have uploaded a fairly descriptive presentation on L3VPNs which covers from  basic to advance topics

You may also go through the same and in case any questions do let me know.

https://supportforums.cisco.com/docs/DOC-34799

New Member

Ask the Expert: Understanding MPLS L3VPN: concepts, terminology,

Hi Vivek,

Thank you for providing this presentation.

Thanks,

Ayush

Re: Ask the Expert: Understanding MPLS L3VPN: concepts, terminol

Hi Vivek

I have question about MPLS-VPN and Mcast

is it now recommend and better to used mLDP instead of RSVP signaled multicast and traditional gre-MDT ?

what is the most deployed technology and what is the recommended one for IPMPLSNGN ( I believe cisco now recommending mLDP ) !!

and is it better to provision differnt VPN/VRF and link for multicast to customers or can be combined over the same vpn/VRF and link of the unicast ?

Thanks

Cisco Employee

Re: Ask the Expert: Understanding MPLS L3VPN: concepts, terminol

Hi

mLDP is an interesting concept and I have personally deployed a customer network using mLDP. I would say it was practically only about selecting the right IOS . mLDP is an inbuilt function in the IOS and is straight-forward.

That being said, I would recommend that if there is a fairly new network being deployed for MVPN then we can definitely go ahead with mLDP as it brings the additional benefit that the operational staff doesn't have to be trained on another technology (PIM).

If you are already running MVPN with no problems, then I would say not to migrate unless there are problems being faced.

I couldn't understand the last question, could you please rephrase it ?

Ask the Expert: Understanding MPLS L3VPN: concepts, terminology,

Thanks Vivek,

my last question was, if you provision MVPN to a customer and they have a unicast VPN normally as SP do you use one link to the CE or one link for mcast/mvpn and another one for unicast VPN ?

and my other question is if you are runing MVPN and wants to migrate the signaling to mLDP what is the simple way with minimum interruption that can be fallowed, e.g. I believe we can rung both without any issue get the control plan built then MP-BGP,C-Mcast and VPN can be migrate one by one ( not sure if this right approach !! )

Thanks

Ask the Expert: Understanding MPLS L3VPN: concepts, terminology,

one more question, what is the recommend/better to be used with mLDP for mapping flow to the LSP,  BGP A-D,BGP c-mcast  or PIM

Cisco Employee

Ask the Expert: Understanding MPLS L3VPN: concepts, terminology,

Hi

Yes you can have unicast VPN in the same VRF as Multicast VRF and it works perfectly fine.

For migration, you will have to move VPN per VPN, I mean you cannot have a customer with one VRF using mLDP and the other VRF using MVPN. One VRF within the SP has to be on either mLDP or Multicast. And yes the migration activity is done the way you have described, move one by one.

For the signalling part, IOS only uses Static mapping to mLDP flow. IOS-XR does have the options listed above but the bext one in my opinion would be using BGP A-D, cause with mLDP we are trying to move away from Multicast.

Thanks

New Member

Ask the Expert: Understanding MPLS L3VPN: concepts, terminology,

Could you help me to get the link to understand LSP , how to configure them on Cisco Router, or with another vendor Router ?

Cisco Employee

Ask the Expert: Understanding MPLS L3VPN: concepts, terminology,

Hi Ayush

LSP is Label Switched Path, you don't configure it. It is basically a path used by packets having similar characteristics mainly destination prefix source or the QOS value.

The below link provides a fairly good description

http://en.wikipedia.org/wiki/Label-switched_path

New Member

Ask the Expert: Understanding MPLS L3VPN: concepts, terminology,

What does below command means I dont understand why EIGRP AS 1 is define under global EIGRP AS 65535 process example is :

router eigrp 65535

vrf B

address-family ipv4

autonomous-system 1

interface fa 0/1

Cisco Employee

Ask the Expert: Understanding MPLS L3VPN: concepts, terminology,

Hi Adnan

EIGRP deployment as a PE-CE protocol is based on the address-family architecture, meaning, you define an address-family per vrf within one EIGRP process much like you do in BGP.

And, EIGRP uses AS number to identify the process. Now, if I was a PE router and I implement EIGRP with one AS then I will not be able to peer with multiple customers. Hence, I use this command "autonomous-system" under the address-family configuration mode to ensure that I match the EIGRP AS number as desired by the Customer.

So, in the above example, EIGRP 65535 is the AS number used by the Service Provider. But the end customer is using AS number as 1 and hence we set the autonomous-system to 1 so that the CE can see that this is the same process and the peering will be done.

Thanks

New Member

Ask the Expert: Understanding MPLS L3VPN: concepts, terminology,

Hi Vivek

I triyed to make mpls running under interfaces associated to vrf but it seems that it doesn't work, is there any limitation on this.

conf t

     int f0/0

          ip vrf forwarding test

          mpls ip

          ip add 1.1.1.1 255.255.255.0

          no sh

ldp adjacency is successfully built and routes are exchanged but without labels !!

is there any other command I have to enter when service provider interfaces are in vrf?

Thanks

Cisco Employee

Ask the Expert: Understanding MPLS L3VPN: concepts, terminology,

Hi

I have always seen this type of a setup in CSC environment where one side is in VRF and the other is not and that works perfectly fine.

What you have here is a slightly different setup and I don't think this is a recommended way to achieve what you want to do, i.e. IPv6 over MPLS.

I was going through the other post that you have in the MPLS Forum, and there are three possibilities:

1. Have a GRE Tunnel between the two CE routers so that you can transport IPv6 over this transparently? Ofcourse, this is not scalable but if you want only two such sites to be connected than this is the way.

2. I would recommend that if you want IPv6 over MPLS the best is to implement 6PE.

To achieve 6PE, you have to establish three things:

a. Establish an IPv6 address-family session with the CE router.

b. Establish an MP-iBGP session between the PE routers with the "send-label" option to ensure that label for IPv6 prefixes are advertised to the other end.

c. Rest your MPLS network should be running and then you should be able to have this working.

3. In case, the requirement is to have multiple such customers then I would suggest to have the approach of 6vPE.

New Member

Ask the Expert: Understanding MPLS L3VPN: concepts, terminology,

ok I understand AS1 of EIGRP define under address family ipv4 I got this point but still why we have to define globally EIGRP 65535 etc. if Service provider core is using OSPF and IS-IS so why EIGRP globally. why we can't just define EIGRP under VRF and address family ipv4?

Cisco Employee

Ask the Expert: Understanding MPLS L3VPN: concepts, terminology,

Hi Adnan

EIGRP is enabled in the global level to let the router know that EIGRP process is to be initiated in the router, however, like you mentioned about EIGRP in global level, if you look closely there is no neighborship or for that matter even any configuration in the global level under EIGRP since we are running it only for CE and hence under the VRF.

Also, to answer the last question you have to first enable the feature and then only you can associate it with a VRF.

Thanks

New Member

Ask the Expert: Understanding MPLS L3VPN: concepts, terminology,

Thanks Vivek understand that:), appriciated.

New Member

Ask the Expert: Understanding MPLS L3VPN: concepts, terminology,

Hi Mr. Ruhil am desperately in need of your help in configuring a cisco 3620 series router for VPN

remote access with ios

flash:c3620-jk9s-mz.122-29.bin please help my boss is on me for this

New Member

Re: Ask the Expert: Understanding MPLS L3VPN: concepts, terminol

can anyone send me the vpn configuration for this  ios below

flash:c3620-jk9s-mz.122-29.bin. Cant setup a group profile or tunneling info

Cisco Employee

Re: Ask the Expert: Understanding MPLS L3VPN: concepts, terminol

Hi Keddian

Could you please elaborate on your requirement ? Its not very clear on what you are trying to achieve.

Regards

New Member

Re: Ask the Expert: Understanding MPLS L3VPN: concepts, terminol

hi,

If we have two L3 switches connected back to back, both running MPLS, and acting as P & PE at the same time, how can I see what labels are used to forward the prefixes?

When I do a "show mpls forwarding blah", all the prefixes are listed w/ "no label" as outgoing label.

Since the two P/PE nodes are connected back to back, would they still impose inner and outer labels when packets are forwarded, or only one label?

How do I see what that label is?

thx

Cisco Employee

Ask the Expert: Understanding MPLS L3VPN: concepts, terminology,

Hi

With this command you should be able to see the next hop label in normal scenario.

Yes even in this setup you would see label, and the value will be "pop label" on both the routers.

Can you print output of

show ip route

show mpls ldp nei

show mpls ldp bindings

New Member

Ask the Expert: Understanding MPLS L3VPN: concepts, terminology,

Hi, Vivek,

I have problem with working of VRF with DLEP Protocoll and should ask: can you help me in this case, (while DLEP is rather not the Theme of this discussion)?

Regards

New Member

Ask the Expert: Understanding MPLS L3VPN: concepts, terminology,

hi vivek

ip sla monitor 12

type echo protocol ipIcmpEcho 2.2.2.2 source-ipaddr 1.1.10.1

ip sla monitor schedule 12 life forever start-time now

track 12 rtr 12 reachability

track 12 rtr 12 state

what's the different between reachability and state?

8285
Views
45
Helpful
33
Replies
CreatePlease to create content