Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Can Enterprises act like SP, to provide isolation for each customer traffic? (Enterprises whose backbone network is MPLS VPN links from SP)

Now a day’s trend is to get mpls vpn links from service providers & get to off-shore offices or customers. In which customer is typically using MPLS from service providers as transport medium from VPN customers prospective...where in all MPLS features are not utlizsed.

Have any one ever come cross or heard of enterprises having MPLS VPN links from services providers & they are running MPLS inside their enterprise as well. I think i am not able to pen down my query properly so pl lets go with the following example & let know or advise

Enterprise x in UK having customer A & B in US.

Enterprise x is using SP MPLS VPN links to reach to their US POP locations where customer A & B are collocated. Enterprise X is running BGP between PE & CE

Instead , of above Enterprise X decided to use end to end MPLS from POP to end of offshore location where host are connected. Can enterprise X run MPLS over service providers provided MPLS VPN links & provide VRF instance for each of their customer i.e. A & B. It will be end-to-end VRF from customer location to Core switch at offshore location

In short can Enterprise act like SP network model, whose backbone network is SP MPLS VPN Links.

If it is possible, what all points (major) need to consider while doing it?

Does it require any changes from Service providers end?




Re: Can Enterprises act like SP, to provide isolation for each c

Hello Yogesh,

Your requirement matches with "Inter provider vpn " solution with MPLS. This solution is used by provider to meet below requirement


Where customer is having two sites and connected to two different provider.

There are three options by which you can meet this requirement. Which option is best for you is depend upon size of your network/Security concern/

and other parameter.

Sharing link to understand all possible options

Hope this helps



Hall of Fame Super Silver

Re: Can Enterprises act like SP, to provide isolation for each c

Hello Yogesh,

this is possible

Carrier Supporting Carrier model can be used and requires cooperation of Top Provider


using BGP with labels  also known as labeled unicast is to be preferred and it is can also used for Inter AS cooperation model suggested by Mahesh.

as an alternative, depending on the devices involved you could think of running MPLS over GRE tunnels between the Enterprise X CE routers.

But this would require devices supporting GRE tunnels in an efficient manner like C6500 with Sup720 or routers.

In any case the MTU of Top Provider has to be great enough to support the biggest frames.

As a final but now very common option the enterprise X could buy EoMPLS links between US and UK and they could run their MPLS over that.

However, This would mean moving from L3 VPN to L2 VPN.

Hope to help


New Member

Re: Can Enterprises act like SP, to provide isolation for each c


I suggest you attend this upcoming webinar by Ivan Pepelnjak on Enterprise MPLS VPN Deployment:

There are many examples of how to deploy MPLS VPNs in an enterprise to do many different functions. I have worked on the design and deployment of one very large one myself.



CreatePlease to create content