Introduction to MPLS

Jayachandran S
professoraaronjc@gmail.com
Goals of this Session

 Understand history and business drivers for MPLS

 Learn about MPLS customer and market segments
 Understand the problems MPLS is addressing
 Understand benefits of deploying MPLS
 Understand the major MPLS technology
components
 Learn the basics of MPLS technology
 Understand typical applications of MPLS

© 2010 Cisco and/or its affiliates. All rights reserved. 2

The Big Picture
End-to-end MPLSServices
End-to-end VPN Services

Layer-3 VPNs MPLS in Core Network Layer-2 VPNs

End-to-end MPLS-enabled
Services
Edge MPLSCoreNetworkServices
Network
MPLS Core
Services Edge
Edge Edge

MPLS QoS MPLS TE MPLS OAM/MIBs

Layer-3 VPNs Layer-2 VPNs
MPLS Signaling a nd Forwarding
Edge Edge
Core MPLS
MPLS QoS MPLS TE MPLS OAM/MIBs
Edge Core Core Edge
MPLS Signaling and Forwarding
MPLS Signaling and Forwarding

Network Infrastructure
Network Infrastructure

© 2010 Cisco and/or its affiliates. All rights reserved. 3

Agenda

 Introduction
 MPLS Network Components Core MPLS

 MPLS VPNs
End-to-end MPLS
MPLS Layer-3 VPNs Services
MPLS Layer-2 VPNs
 MPLS QoS
MPLS Network
 MPLS Traffic Engineering Services
 MPLS Management
 Summary

© 2010 Cisco and/or its affiliates. All rights reserved. 4

Introduction
The business drivers for MPLS

Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Why Multi Protocol Label Switching?

 SP/Carrier perspective
Reduce costs (CAPEX); consolidate networks
Consolidated network for multiple Layer-2/3 services
Support increasingly stringent SLAs
Handle increasing scale/complexity of IP-based services
 Enterprise/end-user perspective
Campus/LAN
Need for network segmentation (users, applications,
etc.)
WAN connectivity (connecting enterprise networks)
Need for easier configuration of site-to-site WAN
connectivity

© 2010 Cisco and/or its affiliates. All rights reserved. 6

What Is MPLS Technology?

 It’s all about labels …

 Use the best of both worlds
Layer-2 (ATM/FR): efficient forwarding and traffic engineering
Layer-3 (IP): flexible and scalable

 MPLS forwarding plane

Use of labels for forwarding Layer-2/3 data traffic
Labeled packets are being switched instead of routed
Leverage layer-2 forwarding efficiency
 MPLS control/signaling plane
Use of existing IP control protocols extensions + new
protocols to exchange label information
Leverage layer-3 control protocol flexibility and scalability

© 2010 Cisco and/or its affiliates. All rights reserved. 7

Evolution of MPLS
 Evolved from tag switching in 1996 to full IETF
standard, covering over 130 RFCs
 Key application initially were Layer-3 VPNs, followed
by Traffic Engineering (TE), and Layer-2 VPNs

© 2010 Cisco and/or its affiliates. All rights reserved. 8

 For your
reference
MPLS Applications only

Service Enterprise Data Data center EWAN

Providers Center interconnects Edge

L2/L3VPN’s
Key Features

VPN’s VPN’s / VRF’s VPN’s / VRF’s

TE/FRR
TE/FRR VRF-Aware Security VRF Aware Security
QoS
High Availability High Availability High Availability
High Availability

Hosted Data centers

Departmental
Applications

Data center Disaster Recovery

segmentation
interconnect Service multiplexing Internet Access
Vmotion support
Segmentation for IT Security Branch Connectivity
Mergers, Acquisitions, Branch Interconnects
Mergers, spinoffs
Acquisitions, spinoffs

• Network Consolidation – Merging Multiple parallel network into a shared infrastructure

• Network segmentation – By user groups or business function
• Service and policy centralization – Security policies and appliances at a central location
• New applications readiness – Converged multi-service network
• Increased network security – User groups segmentation with VPNs

© 2010 Cisco and/or its affiliates. All rights reserved. 9

Enterprise MPLS Customers

 Two types of enterprise customers for MPLS

technology
 MPLS indirectly used as subscribed WAN service
Enterprise subscribes to WAN connectivity data service
offered by external Service Provider
Data connectivity service implemented by Service Provider
via MPLS VPN technology (e.g., layer-2 and layer-3 VPNs)
VPN Service can be managed or unmanaged
 MPLS used as part of self managed network
Enterprise deploys MPLS in it’s own network
Enterprise manages it’s own MPLS-based network

© 2010 Cisco and/or its affiliates. All rights reserved. 10

MPLS Technology Framework
End-to-end Services

Layer-3 VPNs Layer-2 VPNs

MPLS Network Services

MPLS QoS MPLS TE MPLS OAM/MIBs

Core MPLS

MPLS Signaling and Forwarding

Network Infrastructure

© 2010 Cisco and/or its affiliates. All rights reserved. 11

MPLS Technology Components
Basic building blocks of MPLS

Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
MPLS Forwarding and Signaling

 MPLS label forwarding and signaling mechanisms

Layer-3 VPNs Layer-2 VPNs

MPLS QoS MPLS TE MPLS OAM/MIBs

Core MPLS

MPLS Signaling and Forwarding

Network Infrastructure

© 2010 Cisco and/or its affiliates. All rights reserved. 13

Basic Building Blocks

 The big picture

MPLS-enabled network devices
Label Switched Paths (LSPs)
 The internals
MPLS labels
Processing of MPLS labels
Exchange of label mapping information
Forwarding of labeled packets
 Other related protocols and protocols to exchange
label information
Between MPLS-enabled devices

© 2010 Cisco and/or its affiliates. All rights reserved. 14

 MPLS Network Overview
MPLS Domain

P P
CE PE PE CE

CE CE

PE P P PE

Label switched traffic

 P (Provider) router = label switching router = core router (LSR)

Switches MPLS-labeled packets

 PE (Provider Edge) router = edge router (LSR)

Imposes and removes MPLS labels

 CE (Customer Edge) router

Connects customer network to MPLS network

© 2010 Cisco and/or its affiliates. All rights reserved. 15

 MPLS Label and Label Encapsulation
MPLS Label
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

Label # – 20bits EXP S TTL-8bits

COS/EXP = Class of Service: 3 Bits; S = Bottom of Stack; TTL = Time to Live

MPLS Label Encapsulation

PPP Header
PPP Header Label Layer 2/L3 Packet
(Packet over SONET/SDH)

One or More Labels Appended to the Packet

(Between L2/L3 packet header and link layer header)

LAN MAC Label Header MAC Header Label Layer 2/L3 Packet

© 2010 Cisco and/or its affiliates. All rights reserved. 16

 MPLS Label Operations
Label Imposition (Push) Label Swap Label Swap Label Disposition (PoP)

L1 L1 L2 L2 L3 L3

L2/L3 Packet

P P
CE PE PE CE

CE CE

PE P P PE

 Label imposition (Push)

By ingress PE router; classify and label packets

 Label swapping or switching

By P router; forward packets using labels; indicates service class & destination

 Label disposition (PoP)

By egress PE router; remove label and forward original packet to destination CE

© 2010 Cisco and/or its affiliates. All rights reserved. 17

 Forwarding Equivalence Class
 Mechanism to map ingress layer-2/3 packets onto a Label
Switched Path (LSP) by ingress PE router
Part of label imposition (Push) operation
 Variety of FEC mappings possible
IP prefix/host address
Groups of addresses/sites (VPN x)
Used for L3VPNs
Layer 2 circuit ID (ATM, FR, PPP, HDLC, Ethernet)
Used for Pseudowires (L2VPNs)
A bridge/switch instance (VSI)
Used for VPLS (L2VPNs)
Tunnel interface
Used for MPLS traffic engineering (TE)

© 2010 Cisco and/or its affiliates. All rights reserved. 18

Label Distribution Protocol

 MPLS nodes need to exchange label information with each other

Ingress PE node (Push operation)
Needs to know what label to use for a given FEC to send packet to neighbor
Core P node (Swap operation)
Needs to know what label to use for swap operation for incoming labeled packets
Egress PE node (Pop operation)
Needs to tell upstream neighbor what label to use for specific FEC type LDP used for
exchange of label (mapping) information

 Label Distribution Protocol (LDP)

Defined in RFC 3035 and RFC3036; updated by RFC5036
LDP is a superset of the Cisco-specific Tag Distribution Protocol
 Note that, in addition LDP, also other protocols are being used for
label information exchange
Will be discussed later

© 2010 Cisco and/or its affiliates. All rights reserved. 19

 For your
reference
Some More LDP Details only

 Assigns, distributes, and installs (in forwarding) labels for

prefixes advertised by unicast routing protocols
OSPF, IS-IS, EIGRP, etc.
 Also used for Pseudowire/PW (VC) signaling
Used for L2VPN control plane signaling
 Uses UDP (port 646) for session discovery and TCP (port
646) for exchange of LDP messages
 LDP operations
LDP Peer Discovery
LDP Session Establishment
MPLS Label Allocation, Distribution, and Updating MPLS
forwarding
 Information repositories used by LDP
LIB: Label Information Database (read/write)
RIB: Routing Information Database/routing table (read-only)

© 2010 Cisco and/or its affiliates. All rights reserved. 20

LDP Operations
 LDP startup
Local labels MPLS Node A MPLS Node B
assigned to RIB LDP Control Plane

prefixes and Session Setup

stored in LIB RIB RIB
LIB LIB
Peer discovery Label Binding
and session setup Exchange

Exchange of
MPLS label LDP Interactions
with
bindings MPLS Forwarding

 Programming of
MPLS forwarding MPLS
Forwarding
MPLS
Forwarding
CEF/MFI CEF/MFI
Based on LIB info
CEF/MFI updates

© 2010 Cisco and/or its affiliates. All rights reserved. 21

 MPLS Control and Forwarding Plane
 MPLS control plane
Used for distributing labels Routing
and building label-switched RIB Routing Updates/
paths (LSPs) Process Adjacencies
Typically supported by LDP;
also supported via RSVP and
BGP Label Binding
LIB MPLS Updates/
Labels define destination Process Adjacencies
and service
 MPLS forwarding plane
Used for label imposition,
swapping, and disposition
Independent of type of control
plane MFI FIB
Labels separate forwarding MPLS Traffic IP Traffic
from IP address-based routing Forwarding Forwarding

© 2010 Cisco and/or its affiliates. All rights reserved. 22

 IP Packet Forwarding Example
FIB
FIB FIB

128.89 0

128.89 1 128.89 0 171.69 1

171.69 1 171.69 1 …

… …

128.89

128.89.25.4

128.89.25.4 128.89.25.4

171.69
Packets Forwarded
Based on IP Address
(via RIB lookup)
© 2010 Cisco and/or its affiliates. All rights reserved. 23
 Step 1: IP Routing (IGP) Convergence
MFI/FIB MFI/FIB MFI/FIB
In Address Out Out
Label Prefix I’face Label
128.89 0
171.69 1
… …

128.89

You Can Reach 128.89 Thru Me

You Can Reach 128.89 and
171.69 Thru Me

Routing Updates
You Can Reach 171.69 Thru Me
(OSPF, EIGRP, …) 171.69

© 2010 Cisco and/or its affiliates. All rights reserved. 24

Step 2a: LDP Assigns Local Labels
MFI/FIB MFI/FIB MFI/FIB
In Address Out Out
Label Prefix I’face Label
4 128.89 0 9
5 171.69 1
… …

128.89

171.69

© 2010 Cisco and/or its affiliates. All rights reserved. 25

 Step 2b: LDP Assigns Remote Labels
MFI/FIB MFI/FIB MFI/FIB
In Address Out Out
Label Prefix I’face Label
4 128.89 0 9
5 171.69 1 7
… …

128.89

Use Label 9 for 128.89

Use Label 4 for 128.89 and
Use Label 5 for 171.69

Label Distribution
Use Label 7 for 171.69 171.69
Protocol (LDP)
(Downstream Allocation)
© 2010 Cisco and/or its affiliates. All rights reserved. 26
 Step 3: Forwarding MPLS Packets
MFI/FIB MFI/FIB MFI/FIB
In Address Out Out
Label Prefix I’face Label
128.89 4 4 128.89 0 9 9
171.69 1
… …

128.89

9
128.89.25.4 4

Label Switch Forwards

171.69
Based on Label

© 2010 Cisco and/or its affiliates. All rights reserved. 27

Summary Steps For MPLS Forwarding

 Each node maintains IP routing information via IGP

IP routing table (RIB) and IP forwarding table (FIB)
 LDP leverages IGP routing information
 LDP label mapping exchange (between MPLS
nodes) takes place after IGP has converged
LDP depends on IGP convergence
Label binding information stored in LIB
 Once LDP has received remote label binding
information MPLS forwarding is updated
Label bindings are received from remote LDP peers
MPLS forwarding via MFI

© 2010 Cisco and/or its affiliates. All rights reserved. 28

MPLS Network Protocols
MP-iBGP

OSPF, IS-IS,
P EIGRP, EIGRP P
CE PE PE CE

LDP, RSVP
CE CE

PE P P PE

Label switched traffic

 IGP: OSPF, EIGRP, IS-IS on core facing and core links

 RSVP and/or LDP on core and/or core facing links
 MP-iBGP on PE devices (for MPLS services)
© 2010 Cisco and/or its affiliates. All rights reserved. 29
Label Stacking

 More than one label can be used for MPLS packet encapsulation
Creation of a label stack
 Recap: labels correspond to Forwarding Equivalence Class
(FEC)
Each label in stack used for different purposes
 Outer label always used for switching MPLS packets in network
 Remaining inner labels used to specific services/FECs, etc.
 Last label in stack marked with EOS bit
Outer Label
 Allows building services such as
MPLS VPNs; LDP + VPN label TE Label
Traffic engineering (FRR): LDP + TE label LDP Label
VPNs over TE core: LDP + TE + VPN label VPN Label
Any transport over MPLS: LDP + PW label
Layer 2/3
Inner Label
Packet Header

© 2010 Cisco and/or its affiliates. All rights reserved. 30

Summary

 MPLS uses labels to forward traffic

 More than one label can be used for traffic
encapsulation; multiple labels make up a label stack
 Traffic is encapsulated with label(s) at ingress and at
egress labels are removed in MPLS network
 MPLS network consists of PE router at ingress/egress
and P routers in the core
 MPLS control plane used for signaling label mapping
information to set up end-to-end Label Switched Paths
 MPLS forwarding plane used for label imposition
(PUSH), swapping, and disposition (POP) operation

© 2010 Cisco and/or its affiliates. All rights reserved. 31

MPLS VPNs
Overviews

Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
MPLS Technology Framework
 End-to-end data connectivity services across MPLS
networks (from PE to PE)
End-to-end Services

Layer-3 VPNs Layer-2 VPNs

MPLS QoS MPLS TE MPLS OAM/MIBs

🗸 MPLS Signaling and Forwarding

Network Infrastructure

© 2010 Cisco and/or its affiliates. All rights reserved. 33

What Is a Virtual Private Network?

 VPN is a set of sites or groups which are allowed to communicate

with each other in a secure way
Typically over a shared public or private network infrastructure
 VPN is defined by a set of administrative policies
Policies established by VPN customers themselves (DIY)
Policies implemented by VPN service provider (managed/
unmanaged)
 Different inter-site connectivity schemes possible
Ranging from complete to partial mesh, hub-and-spoke
 Sites may be either within the same or in different organizations
VPN can be either intranet or extranet
 Site may be in more than one VPN
VPNs may overlap
 Not all sites have to be connected to the same service provider
VPN can span multiple providers

© 2010 Cisco and/or its affiliates. All rights reserved. 34

 MPLS VPN Example
PE-CE PE-CE
Link Link

P P
CE PE PE CE

VPN
CE CE

PE P P PE

Label switched traffic

 PE-CE link
Connect customer network to SP network; layer-2 or layer-3
 VPN
Dedicated secure connectivity over shared infrastructure

© 2010 Cisco and/or its affiliates. All rights reserved. 35

MPLS VPN Benefits

 SP/Carrier perspective
Reduce costs (CAPEX)
Leverage same network for multiple services and
customers
Migrate legacy networks onto single converged network
Reduce costs (OPEX)
Easier service enablement; only edge node configuration
 Enterprise/end-user perspective
Enables site/campus network segmentation
Allows for dedicated connectivity for users, applications,
etc.
Enables easier setup of WAN connectivity
Easier configuration of site-to-site WAN connectivity (for
L3VPN and VPLS); only one WAN connection needed

© 2010 Cisco and/or its affiliates. All rights reserved. 36

 MPLS VPN Options
MPLS VPN Models

Layer-2 VPNs Layer-3 VPNs

• CPE connected to PE via IP-based connection

(over any layer-2 type)
Point-to-Point Multi-Point – Static routing
Layer-2 VPNs Layer-2 VPNs
– PE-CE routing protocol; eBGP, OSPF, IS-IS
• CEs peer with PE router
• CPE connected to • CPE connected to
PE via p2p Layer-2 PE via Ethernet • PE routers maintain customer-specific routing
connection (FR, connection (VLAN) tables and exchange customer=specific routing
ATM) information
• CEs peer with each
• CEs peer with each other via fully/ • Layer-3 VPN provider’s PE routers are part of
other (IP routing) partial mesh Layer-2 customer routing
via p2p layer-2 VPN VPN connection
connection • CE-CE routing; no
• CE-CE routing; no SP involvement
SP involvement

© 2010 Cisco and/or its affiliates. All rights reserved. 37

MPLS Layer-3 VPNs
Technology Overview and Applications

Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
MPLS L3 VPN Overview

 Customer router (CE) has a IP peering connection

with PE/edge router in MPLS network
IP routing/forwarding across PE-CE link
 MPLS VPN network responsible for distributing
routing information to remote VPN sites
MPLS VPN part of customer IP routing domain
 MPLS VPNs enable full-mesh, hub-and-spoke, and
hybrid connectivity among connected CE sites
 MPLS VPN service enablement in MPLS networks
only requires VPN configuration at edge/PE nodes
Connectivity in core automatically established via BGP
signaling

© 2010 Cisco and/or its affiliates. All rights reserved. 39

MPLS L3 VPN Technology Components

 PE-CE link
Can be any type of layer-2 connection (e.g., FR, Ethernet)
CE configured to route IP traffic to/from adjacent PE router
Variety of routing options; static routes, eBGP, OSPF, IS-IS

 MPLS L3VPN Control Plane

Separation of customer routing via virtual VPN routing table
In PE router: customer I/Fs connected to virtual routing table
Between PE routers: customer routes exchanged via BGP

 MPLS L3VPN Forwarding Plane

Separation of customer VPN traffic via additional VPN label
VPN label used by receiving PE to identify VPN routing table

© 2010 Cisco and/or its affiliates. All rights reserved. 40

 Virtual Routing and Forwarding Instance

CE
VPN 1 VRF Green
PE
CE MPLS Backbone IGP
VPN 2
VRF Blue

 Virtual Routing and Forwarding Instance (VRF)

 Typically one VRF created for each customer VPN on PE router
 VRF associated with one or more customer interfaces
 VRF has its own instance of routing table (RIB) and forwarding
table (CEF)
 VRF has its own instance for PE-CE configured routing protocols

© 2010 Cisco and/or its affiliates. All rights reserved. 41

 VPN Route Distribution
VPN Route Exchange
Customer Customer
Route BGP RR Route
Exchange Exchange

P P
CE PE PE CE
VRF VRF
VPN 1

CE CE
VRF VRF
VPN 2
PE P P PE

Label switched traffic MP-iBGP Session

 Full mesh of BGP sessions among all PE routers

Multi-Protocol BGP extensions (MP-iBGP)
Typically BGP Route Reflector (RR) used for improved scalability

© 2010 Cisco and/or its affiliates. All rights reserved. 42

 VPN Control Plane Processing
BGP advertisement:
VPN-IPv4 Addr = RD:16.1/16
BGP Next-Hop = PE1
Route Target = 100:1
eBGP: Label=42 eBGP:
16.1/16 16.1/16
No VPN Routes
IP Subnet P in core (P) nodes
P IP Subnet
CE1 PE1 PE2 CE2
VRF
VPN 1 VRF

ip vrf Green
RD 1:100
route-target export 1:100
route-target import 1:100

Make customer routes unique: Processing Steps:

 Route Distinguisher (RD): 8-byte field, VRF 1. CE1 redistribute IPv4 route to PE1 via eBGP.
parameters; unique value assigned by a
provider to each VPN to make different VPN 2. PE1 allocates VPN label for prefix learnt from
routes unique CE1 to create unique VPNv4 route
 VPNv4 address: RD+VPN IP prefix 3. PE1 redistributes VPNv4 route into MP-iBGP, it
Selective distribute customer routes: sets itself as a next hop and relays VPN site
routes to PE2
 Route Target (RT): 8-byte field, VRF
parameter, unique value to define the import/ 4. PE2 receives VPNv4 route and, via processing
export rules for VPNv4 routes in local VRF (green), it redistributes original
 MP-iBGP: advertises VPNv4* prefixes + labels IPv4 route to CE2.

© 2010 Cisco and/or its affiliates. All rights reserved. 43

 VPN Forwarding Plane Processing
IGP VPNv4 IGP VPNv4 IGP VPNv4
IPv4 Label C Label IPv4 Label B Label IPv4 Label A Label IPv4 IPv4

IPv4 P1 P2 PE2
IPv4
CE1 Packet PE1 Packet
CE2
VRF
VPN 1 VRF

ip vrf Green
RD 1:100
route-target export 1:100
route-target import 1:100

Processing Steps:
1. CE2 forwards IPv4 packet to PE2.
2. PE2 imposes pre-allocated VPN label (learned via MP-IBGP) to IPv4 packet
received from CE2.
3. PE2 imposes outer IGP label (learned via LDP) and forwards labeled packet
to next-hop P-router P2.
4. P-routers P1 and P2 swap outer IGP label and forward label packet to PE1.
5. Router PE1 strips VPN label and forwards IPv4 packet to CE1.

© 2010 Cisco and/or its affiliates. All rights reserved. 44

Use Case 1: Traffic Separation
Requirement: Need to ensure data separation between Aerospace, Cosmetics and
Financial Services, while leveraging a shared infrastructure
Solution: Create MPLS VPN for each group

Remote Site 1
Central site - HQ VRF instances
created for each
group at the edge

Financial Cosmetics
Services
Aerospace Cosmetics Financial Services
VPN_Fin
VPN_Fin
VPN_Cos
VPN_Cos

VPN_Aero

MPLS Backbone
Remote Site 3 Remote Site 2

VPN_Aero
VPN_Cos
VPN_Fin
VPN_Aero

Aerospace Financial
Services Cosmetics Aerospace

© 2010 Cisco and/or its affiliates. All rights reserved. 45

Use Case 2: Simplify Hub Site Design
Requirement: To ease the scale and design of head-end site
Solution: Implement MPLS Layer 3 VPNs, which reduces the number of routing
peers of the central site

Central Site Central Site

Central site has high
number of routing Central site has
peers – creates a a single routing
complicated peer – enhancing
headend design head-end design

MPLS Backbone

Remote Sites Remote Sites

© 2010 Cisco and/or its affiliates. All rights reserved. 46

 For your
reference
Enterprise Network Architecture only

Access

Distribution

Core

Internet

© 2010 Cisco and/or its affiliates. All rights reserved. 47

 For your
Enterprise Network Segmentation reference
only

End-to-end
Distribution Core
Connectivity

VRF lite configured on VRF lite configured on

Device Separation: VRF
VRF-lite + 802.1Q distribution nodes core nodes
Data Path Separation:
VLANs VLAN mapping onto 802.1Q VLAN ID
802.1Q VLAN ID
VRFs mapping onto VRFs

VRF lite configured on

Core nodes forward IP End-to-end GRE tunnels
VRF-lite + GRE distribution nodes
packets (GRE IP between distribution
tunnels VRFs associated with Packets) nodes
GRE tunnels

End-to-end label
Distribution nodes
Layer-3 MPLS configured as PE routers Core nodes forward switched paths (LSPs)
VPNs MPLS packets (via LFIB) between distribution
with VRF(s)
nodes (PE routers)

© 2010 Cisco and/or its affiliates. All rights reserved. 48

 For your
reference
Option 1: VRF-lite + 802.1Q only

 Layer-2 access
 No BGP or MPLS

L2
 VRF-lite configured on core and
distribution nodes v v

 MPLS labels substituted by

802.1q tags end-to-end

Layer 3
v v
 Every link is a 802.1Q trunk
 Many-to-Many model
 Restricted scalability v v

v Multi-VRF
 Typical for department
inter-connectivity VPN1
v v

L2
VPN2
802.1Q

© 2010 Cisco and/or its affiliates. All rights reserved. 49

 For your
reference
Option 2: VRF-lite + GRE only

 L2 access
 No BGP or MPLS

L2
 VRF-lite only configured on
distribution nodes v v

 VLANs associated with end-to-

end GRE Tunnels

Layer 3
 Many-to-One model
 Restricted scalability
 Typical for user-specific VPN
connectivity v Multi-VRF
VPN1
v v

L2
VPN2
GRE

© 2010 Cisco and/or its affiliates. All rights reserved. 50

 For your
reference
Option 3: Layer-3 MPLS VPNs only

 L2 access
 Distribution nodes configured as

L2
PE routers with VRFs
 MP-iBGP between distribution v v
nodes
 MPLS packet forwarding by core

MPLS
nodes
 Many-to-Many model
 High scalability

v VRF
VPN1
v v

L2
VPN2

© 2010 Cisco and/or its affiliates. All rights reserved. 51

MPLS Layer-3 VPN Summary

 Provide layer-3 connectivity among CE sites via IP

peering (across PE-CE link)
 Implemented via VRFs on edge/PE nodes providing
customer route and forwarding segmentation
 BGP used for control plane to exchange customer
VPN (VPNv4) routes between PE routers
 MPLS VPNs enable full-mesh, hub-and-spoke, and
hybrid IP connectivity among connected CE sites
 L3 VPNs for enterprise network segmentation can
also be implemented via VRFs + GRE tunnels or
VLANs

© 2010 Cisco and/or its affiliates. All rights reserved. 52

MPLS VPNs
Simplified Presentation
Overviews

Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
MPLS Layer-3 VPN Introduction

 L3 MPLS VPN (Layer 3 Multiprotocol Label Switching

Virtual Private Network) is a technology used to create
virtual private networks that allow multiple sites to
communicate over a shared infrastructure.

© 2010 Cisco and/or its affiliates. All rights reserved. 54

MPLS Layer-3 VPN Key Components

 PE (Provider Edge) Routers: These routers connect to

customer networks and handle VPN services.

 P (Provider) Routers: These are internal routers within

the service provider’s core network.

 CE (Customer Edge) Routers: These routers connect

customer sites to the MPLS network.

© 2010 Cisco and/or its affiliates. All rights reserved. 55

Label Distribution Protocol (LDP)

 MPLS uses protocols like LDP or RSVP to distribute

labels between routers. When a data packet enters the
MPLS network, the ingress PE router assigns a label
based on the destination network.

© 2010 Cisco and/or its affiliates. All rights reserved. 56

MPLS Layer-3 VPN Routing and
Forwarding (VRF)
 Each VPN has its own routing table, called a VRF, which
keeps customer routes separate. This allows multiple
customers to use the same address space without
conflict.

© 2010 Cisco and/or its affiliates. All rights reserved. 57

MPLS Layer-3 VPN Packet
Forwarding
 When a packet is sent from a customer site, it arrives
at the CE router, which forwards it to the PE router.

 The PE router looks up the VRF associated with the

incoming interface, finds the appropriate label for the
destination, and forwards the packet with the assigned
MPLS label.

 The P routers forward the packet based on the MPLS

label until it reaches the egress PE router.

 The egress PE router strips the MPLS label and

forwards the packet to the appropriate CE router.
© 2010 Cisco and/or its affiliates. All rights reserved. 58
MPLS Layer-3 VPN Encapsulation

 MPLS encapsulates packets with an MPLS header that

includes the label, which determines the path the
packet will take through the network.

© 2010 Cisco and/or its affiliates. All rights reserved. 59

MPLS Layer-3 VPN Traffic Separation
and Security
 Using VRFs, MPLS VPNs provide traffic separation for
different customers. Each customer’s traffic is isolated,
enhancing security and privacy.

© 2010 Cisco and/or its affiliates. All rights reserved. 60

What is VRF?

 A VRF is a virtual routing table that allows the same IP

address space to be used by multiple customers
without conflict. Each VRF instance operates
independently, ensuring that routing information does
not overlap

© 2010 Cisco and/or its affiliates. All rights reserved. 61

How VRF Works in MPLS L3 VPNs

 Separation of Routing Information:

 Each customer has its own VRF instance on the PE
router. This instance contains the customer’s
specific routes, enabling different customers to use
the same IP address space (e.g., two customers can
both have a router with the IP address
192.168.1.1).
 Association with Interfaces:
 Each interface on the PE router can be associated
with a specific VRF. When packets arrive at the PE
router, they are associated with the corresponding
VRF based on the incoming interface.

© 2010 Cisco and/or its affiliates. All rights reserved. 62

How VRF Works in MPLS L3 VPNs

 Route Import and Export:

 When a route is learned by a PE router, it is stored
in the corresponding VRF. The PE router can also
perform route import/export policies to control
which routes are visible between different VRFs.
 Label Distribution:
 When a packet enters the MPLS network, the PE
router assigns a label to it based on the VRF’s
routing table. This label is then used for forwarding
the packet through the MPLS core.
 Traffic Forwarding:

© 2010 Cisco and/or its affiliates. All rights reserved. 63

How VRF Works in MPLS L3 VPNs

 Traffic Forwarding:
 The packet is forwarded through the MPLS core
based on its label until it reaches the egress PE
router, which removes the MPLS label and
forwards the packet to the appropriate CE router
associated with the corresponding VRF.

© 2010 Cisco and/or its affiliates. All rights reserved. 64

Benefits of VRF in MPLS L3 VPNs

 Isolation: Ensures that customers' traffic remains

separate, enhancing security.

 Scalability: Allows multiple customers to use

overlapping IP address spaces, making it easier to scale
the network.

 Flexible Routing: Each VRF can support different

routing protocols (like OSPF or BGP) based on the
customer’s needs.

© 2010 Cisco and/or its affiliates. All rights reserved. 65

RD and RT Intro

Route Distinguishers and Route Targets are

essential components in MPLS L3 VPNs,
enabling service providers to manage and
isolate routing information across multiple
customers efficiently.

By using RDs for uniqueness and RTs for route

sharing policies, MPLS VPNs can deliver
scalable and secure networking solutions.
MPLS L3 VPN Route Distinguisher (RD)

 Purpose: The RD is used to create a unique identifier

for routes in a VRF. It allows multiple customers to use
overlapping IP address spaces without conflict.
 Format: An RD is typically a 64-bit value. It can be
represented in two ways:
 Type 1: An administrator-defined value followed by
an IPv4 address (e.g., 1:100 where 1 is the AS
number and 100 is the customer identifier).
 Type 2: A 32-bit IPv4 address followed by a 32-bit
value (e.g., 192.168.1.1:100).
 Function: When a route is advertised from a PE router
to other PE routers, the RD is prepended to the route,
ensuring it is uniquely identifiable across the provider's
network.
© 2010 Cisco and/or its affiliates. All rights reserved. 67
MPLS L3 VPN Route Target (RT)

• Purpose: The RT is used to control the import and

export of routes between different VRFs. It determines
which routes are shared among different VPNs.
• Format: Like the RD, the RT is also a 64-bit value,
typically formatted as AS:NN (e.g., 1:100).
• Function:
• Import RT: Specifies which routes a VRF will
accept from other VRFs. For example, if VRF A
has an import RT of 1:100, it will accept routes
that are tagged with 1:100.
• Export RT: Specifies which routes a VRF will
advertise to other VRFs. If VRF B has an export
RT of 1:100, it will advertise its routes to any
VRF that imports 1:100.
© 2010 Cisco and/or its affiliates. All rights reserved. 68
 How RD and RT Work Together
Route Creation: When a route is created in a VRF, it is
assigned a Route Distinguisher to ensure it can be
uniquely identified within the MPLS core.

Route Distribution: The PE router tags the route with the

appropriate Route Target(s) when advertising it to other
PE routers.

Routing Decisions: On receiving the route, the PE router

checks the Route Target against its configured import
policies for each VRF. If there's a match, the route is added
to that VRF’s routing table.

© 2010 Cisco and/or its affiliates. All rights reserved. 69

 How RD and RT Work Together
Route Creation: When a route is created in a VRF, it is
assigned a Route Distinguisher to ensure it can be
uniquely identified within the MPLS core.

Route Distribution: The PE router tags the route with the

appropriate Route Target(s) when advertising it to other
PE routers.

Routing Decisions: On receiving the route, the PE router

checks the Route Target against its configured import
policies for each VRF. If there's a match, the route is added
to that VRF’s routing table.

© 2010 Cisco and/or its affiliates. All rights reserved. 70

MPLS L3 VPN Summary
MPLS L3 VPN services are a robust solution for enterprises
looking to connect multiple locations securely and
efficiently.

By leveraging MPLS technology, service providers can offer

scalable, isolated, and high-performance networking
solutions tailored to various business needs.

© 2010 Cisco and/or its affiliates. All rights reserved. 71

MPLS Layer-2 VPNs
Technology Overview and Applications

Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
L2VPN Options
L2VPN Models

VPWS VPLS
Virtual Private Wire Service Virtual Private LAN Service
Point to Point Point to Multipoint

MPLS Core

L2TPv3 AToM Ethernet

IP Core MPLS Core

Ethernet Ethernet MPLS Layer-2 VPNs

Frame Relay Frame Relay
ATM (AAL5 and Cell) ATM (AAL5 and Cell)
PPP and HDLC PPP and HDLC Any Transport over MPLS: AToM

© 2010 Cisco and/or its affiliates. All rights reserved. 73

Layer-2 VPN Overview
 Enables transport of any Layer-2
traffic over MPLS network SP
Interconnection
Includes label encapsulation PE Router
and translation
SP
Network

PE Router
Pseudo Wire

Many Subscriber
FR Encapsulations
ATM
Supportable

PPP HDLC
Ethernet
© 2010 Cisco and/or its affiliates. All rights reserved. 74
 Any Transport over MPLS Architecture
 Based on IETF’s Pseudo-Wire (PW) Reference Model
 PW is a connection (tunnel) between 2 PE Devices, which
connects 2 PW End-Services
PW connects 2 Attachment Circuits (ACs)
Bi-directional (for p2p connections)
Use of PW/VC label for encapsulation

Customer2 Customer2
Site1 PWES PSN Tunnel PWES Site2

Pseudo-Wires
Customer1 PE PE Customer1
Site1 Site2
PWES PWES

Emulated Layer-2 Service

© 2010 Cisco and/or its affiliates. All rights reserved. 75
 AToM Technology Components
 PE-CE link
Referred to as Attachment Circuit (AC)
Can be any type of layer-2 connection (e.g., FR, Ethernet)

 AToM Control Plane

Targeted LDP (Label Distribution Protocol) Session
Virtual Connection (VC)-label negotiation, withdrawal, error notification

 AToM Forwarding Plane

2 labels used for encapsulation + control word
Outer tunnel (LDP) label
To get from ingress to egress PE using MPLS LSP
Inner de-multiplexer (VC) label
To identify L2 circuit (packet) encapsulated within tunnel label
Control word
Replaces layer-2 header at ingress; used to rebuild layer-2 header at
egress

© 2010 Cisco and/or its affiliates. All rights reserved. 76

 AToM Control Plane Processing
4 Label Mapping Messages
5 5
3 LDP session
2 2
P P
CE1 PE1 PE2 CE2
Layer-2 Layer-2
Connection Connection

Processing Steps (for both P1 and P2):

1. CE1 and CE2 are connected to PE routers via layer-2 connections
2. Via CLI, a new virtual circuit cross-connect is configured, connecting
customer interface to manually provided VC ID with target remote PE
3. New targeted LDP session between PE routers established, in case one
does not already exist
4. PE binds VC label with customer layer-2 interface and sends label-
mapping message to remote PE over LDP session
5. Remote PE receives LDP label binding message and matches VC ID with
local configured cross-connect

© 2010 Cisco and/or its affiliates. All rights reserved. 77

 AToM Forwarding Plane Processing
Tunnel VC Tunnel VC Tunnel VC
L2 Label C Label L2 Label B Label L2 Label A Label L2 L2

Layer-2 P1 P2 PE2
Layer-2
CE1 Packet PE1 Packet
CE2

Processing Steps:
1. CE2 forwards layer-2 packet to PE2.
2. PE2 imposes VC (inner) label to layer-2 packet received from
CE2 and optionally a control word as well (not shown).
3. PE2 imposes Tunnel outer label and forwards packet to P2.
4. P2 and P1 router forwards packet using outer (tunnel) label.
5. Router PE2 strips Tunnel label and, based on VC label, layer-2
packet is forwarded to customer interface to CE1, after VC label
is removed
In case control word is used, new layer-2 header is generated first.

© 2010 Cisco and/or its affiliates. All rights reserved. 78

Use Case: L2 Network Interconnect
Requirement: Need to create connectivity between remote customer sites, currently
interconnected via Frame Relay WAN connectivity. Only point-to-point connectivity
required.
Solution: Interconnect AToM PW between sites, enabling transparent Frame Relay
WAN connectivity.

VC1 – Connects DLCI 101

to DLCI 201
Directed LDP
Label Exchange for VC1 – Label 10

PE2
PE1 101 10 50 101 10 90
DLCI 201
DLCI 101

Neighbor LDP– Neighbor LDP–

CPE Router, Label 50 Label 90 CPE Router,
FRAD FRAD
MPLS
Backbone

© 2010 Cisco and/or its affiliates. All rights reserved. 79

 Virtual Private LAN Service Overview

Site1 PE1 PE2 Site2

CE CE

MPLS
WAN

Site3
CE

 Architecture for Ethernet Multipoint Services (EMS) over MPLS

 Emulates IEEE Ethernet bridge; VPLS network acts like a virtual
switch that emulates conventional L2 bridge
 Fully meshed or Hub-Spoke topologies supported

© 2010 Cisco and/or its affiliates. All rights reserved. 80

VPLS Technology Components
 PE-CE link
Referred to as Attachment Circuit (AC)
Ethernet VCs are either port mode or VLAN ID
 VPLS Control Plane
Full mesh of targeted LDP sessions
Virtual Connection (VC)-label negotiation, withdrawal, error
notification
 VPLS Forwarding Plane
Virtual Switching Instance: VSI or VFI (Virtual Forwarding
Instance)
VPN ID: Unique value for each VPLS instance
PWs for interconnection of related VSI instances

© 2010 Cisco and/or its affiliates. All rights reserved. 81

 VPLS Overview
Full Mesh of Targeted-LDP Sessions
Exchange VC Labels
Attachment Circuit

n-PE n-PE
CE CE
PW

Tunnel LSP PW CE
CE

PW
CE CE
Red VSI Red VSI
Blue VSI Blue VSI
Directed LDP
Green VSI Session Between Green VSI
Participating PEs Full Mesh of PWs
Between VSIs

© 2010 Cisco and/or its affiliates. All rights reserved. 82

 Use Case: VPLS Network Interconnect
Requirement: Need to create full-mesh connectivity between separate metro
networks.

Solution: Use VPLS to create transparent bridge layer-2 Ethernet connectivity

between ethernet networks.

Customer A1 Customer A1

CE11 L2 Metro
PE1 PE2
L2 Metro CE12
Ethernet Ethernet
CE21 Carrier A Metro Carrier A CE22
Backbone
Provider QinQ

VPLS VPN Name: VPLS-

CarrierA
PE3 CE13
VPN ID: 1100
Metro Customer A1
VCID: 1234
Ethernet
Each PE points to other peer Carrier A CE23
PE’s loopback address

© 2010 Cisco and/or its affiliates. All rights reserved. 83

Layer-2 VPN Summary

 Enables transport of any Layer-2 traffic over MPLS

network
 Two types of L2 VPNs; AToM for point-to-point and
VPLS point-to-multipoint layer-2 connectivity
 Layer-2 VPN forwarding based on Pseudo Wires (PW),
which use VC label for L2 packet encapsulation
LDP used for PW signaling

 AToM PWs suited for implementing transparent point-to-

point connectivity between Layer-2 circuits
 VPLS suited for implementing transparent point-to-
multipoint connectivity between Ethernet links/sites

© 2010 Cisco and/or its affiliates. All rights reserved. 84

MPLS Layer-2 VPNs
Simplified Version
Technology Overview and Applications

Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
Layer-2 VPN Introduction

 MPLS Layer 2 VPNs (L2 VPNs) are designed

to provide a way to connect multiple
customer sites over a service provider's
network while allowing them to maintain
their own Layer 2 Ethernet frames.

 This technology encapsulates customer

Ethernet traffic in a way that allows it to
traverse the provider's MPLS backbone
transparently.

© 2010 Cisco and/or its affiliates. All rights reserved. 86

Components of MPLS L2 VPN
PE (Provider Edge) Routers: These routers connect to the
customer's network and handle the encapsulation and
forwarding of Layer 2 frames. They maintain Virtual
Routing and Forwarding (VRF) instances to manage
multiple customers' traffic.
CE (Customer Edge) Routers: These routers sit at the edge
of the customer’s network and connect to the PE routers.
The CE routers are typically the customer’s own
networking equipment.
P (Provider) Routers: These are internal routers within
the service provider’s MPLS backbone that do not
connect directly to customer networks. They forward
labeled packets based on MPLS labels.
© 2010 Cisco and/or its affiliates. All rights reserved. 87
How MPLS L2 VPN Works

Encapsulation: When a customer sends Ethernet

frames from a CE router to a PE router, the PE router
encapsulates these frames with MPLS labels. This is
often done using protocols like Ethernet over MPLS
(EoMPLS) or Virtual Private LAN Service (VPLS).

Label Distribution: The PE routers use Label

Distribution Protocol (LDP) or other methods to
distribute labels among themselves. Each customer’s
traffic is labeled to ensure it can be properly
forwarded across the MPLS network.
© 2010 Cisco and/or its affiliates. All rights reserved. 88
How MPLS L2 VPN Works Cont..
Traffic Forwarding: The encapsulated frames are then
forwarded through the MPLS backbone. The P routers
forward packets based solely on the MPLS label
without needing to inspect the Layer 2 headers.
De-Encapsulation: When the frames reach the
destination PE router, the MPLS label is removed, and
the original Ethernet frame is sent to the appropriate
CE router.
Multipoint Connectivity: Using VPLS, multiple sites
can communicate as if they are on the same local area
network (LAN). This allows for broadcast and
multicast traffic to be sent between sites seamlessly.
© 2010 Cisco and/or its affiliates. All rights reserved. 89
Types of MPLS L2 VPNs
Ethernet over MPLS (EoMPLS):
This allows Ethernet frames to be encapsulated in MPLS
packets for point-to-point connections. EoMPLS is ideal for
connecting two sites.

Virtual Private LAN Services (VPLS):

VPLS enables multipoint-to-multipoint connections,
allowing multiple sites to appear as if they are on the same
Ethernet LAN. This is particularly useful for enterprises with
several locations.

© 2010 Cisco and/or its affiliates. All rights reserved. 90

Benefits of MPLS L2 VPNs

Transparent Networking: Customers can use

their existing Layer 2 protocols without
modification, making integration easier.
Scalability: Adding new sites is straightforward
and requires minimal changes to the existing
setup.
Traffic Isolation: Each customer’s traffic is kept
separate through VFI instances, enhancing
security.

© 2010 Cisco and/or its affiliates. All rights reserved. 91

Benefits of MPLS L2 VPNs

Reduced Costs: By using shared infrastructure,

MPLS L2 VPNs can be more cost-effective than
dedicated leased lines.

Quality of Service (QoS): Service providers can

implement QoS policies to ensure that critical
applications receive the necessary bandwidth
and low latency.

© 2010 Cisco and/or its affiliates. All rights reserved. 92

Types of EoMPLS

Point-to-Point EoMPLS:
This configuration connects two customer
sites directly. It allows the two sites to
communicate as if they are on the same LAN,
enabling transparent data transport.
Point-to-Multipoint EoMPLS:
This configuration allows one customer site
to connect to multiple remote sites, facilitating a
hub-and-spoke model where one site can
communicate with multiple others.

© 2010 Cisco and/or its affiliates. All rights reserved. 93

Key Concepts of VPLS

Multipoint-to-Multipoint Connectivity:
VPLS creates a virtual Ethernet switch across the
provider’s network, allowing all connected customer sites
to send and receive Ethernet frames to and from one
another as if they were on the same LAN.

Provider Edge (PE) Routers:

PE routers connect to customer equipment and
are responsible for encapsulating and forwarding
customer traffic. They maintain separate Virtual Routing
and Forwarding (VRF) instances for each customer.

© 2010 Cisco and/or its affiliates. All rights reserved. 94

Key Concepts of VPLS Cont.…

Provider (P) Routers:

These routers form the backbone of the MPLS
network. They do not connect directly to customers but
forward packets based on MPLS labels.

© 2010 Cisco and/or its affiliates. All rights reserved. 95

VPLS Working Principle

Encapsulation: When a customer sends an Ethernet

frame from a Customer Edge (CE) device to a PE router,
the frame is encapsulated with an MPLS label. The PE
router adds the appropriate label that identifies the VPLS
instance for the specific customer.
Label Distribution: PE routers use protocols like Label
Distribution Protocol (LDP) or Border Gateway Protocol
(BGP) with Multipoint Extensions to distribute labels and
establish connections between different VPLS instances.
Packet Forwarding: The encapsulated packets are
forwarded through the MPLS backbone using the
assigned labels.

© 2010 Cisco and/or its affiliates. All rights reserved. 96

VPLS Working Principle Cont.…

De-Encapsulation: When packets reach the destination

PE router, the MPLS label is stripped off, and the original
Ethernet frame is forwarded to the appropriate CE device.

Broadcast and Multicast Support: VPLS supports

broadcast, multicast, and unknown unicast traffic,
allowing applications that rely on these types of traffic to
function as they would in a traditional LAN environment.

© 2010 Cisco and/or its affiliates. All rights reserved. 97

VPLS Architecture

Full Mesh: VPLS creates a full mesh topology among all PE

routers within a VPLS instance. This ensures that all sites
can communicate directly with each other without
needing to route traffic through a central point.

Spanning Tree Protocol (STP): VPLS typically integrates

with STP to prevent loops in the network and ensure
efficient traffic management.

© 2010 Cisco and/or its affiliates. All rights reserved. 98

Benefits of VPLS

Seamless Integration: VPLS allows customers to

extend their existing Ethernet networks over a
wide area without needing to redesign their
networking configurations.

Isolation and Security: Each VPLS instance is

isolated, ensuring that customer traffic remains
secure and separate from other customers’
traffic.

© 2010 Cisco and/or its affiliates. All rights reserved. 99

Benefits of MPLS L2 VPNs

Reduced Costs: By using shared infrastructure,

MPLS L2 VPNs can be more cost-effective than
dedicated leased lines.

Quality of Service (QoS): Service providers can

implement QoS policies to ensure that critical
applications receive the necessary bandwidth
and low latency.

© 2010 Cisco and/or its affiliates. All rights reserved. 10

L2 VPN Configurations
An Example configuration for Ethernet
over MPLS (EoMPLS)
Topology
An Example configuration for Ethernet
over MPLS (VPLS)
VPLS Conf. Example on HFCL
LDP-VPLS Service Mapping
Configuration
config)#interface lo Enter the Interface mode for the loopback interface.

(config-if)#ip address 21.21.21.21/32 secondary Configure IP address on loopback interface.

(config-if)#exit Exit interface mode

(config)#router ldp Enter the Router LDP mode.

(config-router)#router-id 21.21.21.21 Set the router ID to IP address 21.21.21.21

(config-router)#transport-address ipv4 Configure transport address

21.21.21.21
(config-router)#targeted-peer ipv4 23.23.23.23 Configure targeted peer

(config-router)#targeted-peer #commit Commit candidate configuration to the running configuration

(config-router-targeted-peer)#end Exit from router target peer and LDP mode

#configure terminal Enter configuration mode

(config)#interface xe2 Enter the Interface mode for xe2.

(config-if)# ip address 10.10.23.21/24 Configure IP address on the interface.

(config-if)#enable-ldp ipv4 Enable LDP on the physical interface

(config-if)# label-switching Enable label switching on the interface.

(config-if)#exit Exit interface mode

(config)#router ospf 100 Enter the Router OSPF mode.

(config-router)#ospf router-id 21.21.21.21 Router-id configurations

(config-router)#network 21.21.21.21/32 area 0 Advertise loopback address in OSPF.

(config-router)#network 10.10.23.0/24 area 0 Advertise network address in OSPF.

(config-router)#exit

(config)#mpls vpls v1 25 Enter VPLS config mode

(config-vpls)#service-tpid dot1.ad Service tp-id configuration.

(config-vpls)#signaling ldp Define Signaling as LDP

(config-vpls-sig)#vpls-type vlan Type VLAN configuration for VPLS

(config-vpls-sig)#vpls-peer 23.23.23.23 Configure VPLS Peer

(config-vpls-sig)#exit-signaling Exit Signaling LDP mode

(config-vpls)#exit Exit VPLS mode

On PE 2
(config)#mpls vpls v1 25 Enter VPLS config mode

(config-vpls)#service-tpid dot1.ad Service tp-id configuration.

(config-vpls)#signaling ldp Define Signaling as LDP

(config-vpls-sig)#vpls-type vlan Type VLAN configuration for VPLS

(config-vpls-sig)#vpls-peer 21.21.21.21 Configure VPLS Peer

(config-vpls-sig)# exit-signaling Exit Signaling LDP mode

(config-vpls)#exit Exit VPLS mode

Verify
show mpls vpls mesh

show ldp vpls

show ldp vpls detail

show mpls vpls detail

MPLS QoS
Technology Overview and Applications

Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
MPLS Technology Framework

 MPLS QoS support for traffic marking and

classification to enable differentiated services

🗸 Layer-3 VPNs Layer-2 VPNs

🗸
MPLS QoS MPLS TE MPLS OAM/MIBs

🗸 MPLS Signaling and Forwarding

Network Infrastructure

© 2010 Cisco and/or its affiliates. All rights reserved. 11

Why MPLS QoS?

 Typically different traffic types (packets) sent over MPLS

networks
E.g., Web HTTP, VoIP, FTP, etc.

 Not all application traffic types/flows are the same …

Some require low latency to work correctly; e.g., VoIP

 MPLS QoS used for traffic prioritization to guarantee

minimal traffic loss and delay for high priority traffic
Involves packet classification and queuing
 MPLS leverages mostly existing IP QoS architecture
Based on Differentiated Services (DiffServ) model; defines
per-hop behavior based on IP Type of Service (ToS) field

© 2010 Cisco and/or its affiliates. All rights reserved. 11

 MPLS QoS Operations
 MPLS EXP bits used for packet classification and
prioritization instead of IP Type of Service (ToS) field
DSCP values mapped into EXP bits at ingress PE router
 Most providers provide 3–5 service classes
 Different DSCP <-> EXP mapping schemes
Uniform mode, pipe mode, and short pipe mode

MPLS DiffServ Marking IP DiffServ Marking

in Experimental Bits

EXP DSCP

Layer-2 Header MPLS Header Layer 3 Header

© 2010 Cisco and/or its affiliates. All rights reserved. 11

 For your
reference
MPLS Uniform Mode only

 End-to-end behavior: original IP DSCP value not preserved

At ingress PE, IP DSCP value copied in EXP value
EXP value changed in the MPLS core
At egress PE, EXP value copied back into IP DSCP value

CE CE

PE P P PE

MPLS MPLS
EXP 3 EXP 2
MPLS MPLS MPLS
EXP 3 EXP 3 EXP 2
IP IP IP IP IP IP
DSCP DSCP DSCP DSCP DSCP DSCP
3 3 3 3 2 2

© 2010 Cisco and/or its affiliates. All rights reserved. 11

 For your
reference
MPLS Pipe Mode only

 End-to-end behavior: original IP DSCP is preserved

At ingress PE, EXP value set based on ingress classification
EXP changed in the MPLS core
At egress PE, EXP value not copied back into IP DSCP value

CE CE

PE P P PE

MPLS MPLS MPLS

EXP 3 EXP 2 EXP 2
MPLS MPLS MPLS MPLS
EXP 3 EXP 3 EXP 3 EXP 2
IP IP IP IP IP IP
DSCP DSCP DSCP DSCP DSCP DSCP
3 3 3 3 3 3

© 2010 Cisco and/or its affiliates. All rights reserved. 71

 For your
reference
MPLS Short Pipe Mode only

 End-to-end behavior: original IP DSCP is preserved

At ingress PE, EXP value set based on ingress classification
EXP changed in the MPLS core
At egress PE, original IP DSCP value used for QoS processing

CE CE

PE P P PE

MPLS MPLS
EXP 3 EXP 2
MPLS MPLS MPLS
EXP 3 EXP 3 EXP 2
IP IP IP IP IP IP
DSCP DSCP DSCP DSCP DSCP DSCP
3 3 3 3 3 3

© 2010 Cisco and/or its affiliates. All rights reserved. 11

MPLS QoS Summary

 MPLS QoS used for MPLS packet-specific marking

and classification
Based on EXP bits
 Different schemes for mapping between IP (ToS/
DSCP) and MPLS packet (EXP) classification
At ingress and egress PE router
MPLS pipe mode mostly used; preserves end-to-end IP
QoS
 Enables traffic prioritization to guarantee minimal
traffic loss and delay for high priority traffic
Useful when packet loss and delay guarantees must be
provided for high priority traffic across MPLS network

© 2010 Cisco and/or its affiliates. All rights reserved. 11

MPLS Traffic Engineering
Technology Overview and Applications

Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
MPLS Technology Framework

 Traffic engineering capabilities for bandwidth

management and network failure protection

🗸 Layer-3 VPNs Layer-2 VPNs

🗸
🗸 MPLS QoS MPLS TE MPLS OAM/MIBs

🗸 MPLS Signaling and Forwarding

Network Infrastructure

© 2010 Cisco and/or its affiliates. All rights reserved. 11

Why Traffic Engineering?

 Congestion in the network due to changing traffic patterns

Election news, online trading, major sports events
 Better utilization of available bandwidth
Route on the non-shortest path
 Route around failed links/nodes
Fast rerouting around failures, transparently to users
Like SONET APS (Automatic Protection Switching)
 Build new services—virtual leased line services
VoIP toll-bypass applications, point-to-point bandwidth guarantees
 Capacity planning
TE improves aggregate availability of the network

© 2010 Cisco and/or its affiliates. All rights reserved. 12

The Problem with Shortest-Path
IP (Mostly) Uses Destination-Based Least-Cost Routing
Alternate Path Under Utilized

Node Next-Hop Cost  Some links are DS3, some are OC-3
B B 10
 Router A has 40M of traffic for
C C 10
router F, 40M of traffic for router G
D C 20
E B 20  Massive (44%) packet loss at router
F B 30 B→router E!
G B 30
Changing to A->C->D->E won’t help

Router B Router F

OC-3 OC-3
Router A Router E
DS3
Router G

OC-3
OC-3 DS3

Router C DS3 Router D

© 2010 Cisco and/or its affiliates. All rights reserved. 12

How MPLS TE Solves the Problem
 Router A sees all links
Node Next-Hop Cost
 Router A computes paths on
B B 10
properties other than just
C C 10 shortest cost; creation of 2
D C 20 tunnels
E B 20
F Tunnel 0 30  No link oversubscribed!
G Tunnel 1 30

Router B Router F

OC-3 OC-3
Router A Router E
DS3
Router G

OC-3
OC-3 40 Mb DS3

Router C DS3 Router D

© 2010 Cisco and/or its affiliates. All rights reserved. 12

How MPLS TE Works
 Link information Distribution*
Head end
ISIS-TE
OSPF-TE
IP/MPLS  Path Calculation (CSPF)*
 Path Setup (RSVP-TE)
 Forwarding Traffic
down Tunnel
Auto-route
Static
PBR

Mid-point Tail end

CBTS / PBTS
Forwarding Adjacency
TE LSP
Tunnel select

* Optional
© 2010 Cisco and/or its affiliates. All rights reserved. 12
 For your
reference
Link Information Distribution only

 Additional link characteristics

Interface address
Neighbor address IP/MPLS
Physical bandwidth
Maximum reservable bandwidth
Unreserved bandwidth
(at eight priorities)
TE metric
Administrative group (attribute flags)

 IS-IS or OSPF flood link

information
 TE nodes build a topology TE
database Topology
database

 Not required if using off-line path

computation

© 2010 Cisco and/or its affiliates. All rhg

i thpts:/rweswewrv.ecdis.co.com/go/mpls 12
Path Calculation
Find shortest
path to R8
 TE nodes can perform
with 8Mbps constraint-based routing
IP/MPLS
R1  Constraints and topology
15 3 database as input to path
5
10
R8 computation
10
10 8
 Shortest-path-first algorithm
10 ignores links not meeting
constraints
 Tunnel can be signaled once
TE
Topology
a path is found
database
 Not required if using offline
path computation
n Link with insufficient bandwidth
n Link with sufficient bandwidth

© 2010 Cisco and/or its affiliates. All rhg

i thpts:/rweswewrv.ecdis.co.com/go/mpls 12
 For your
reference
TE LSP Signaling only

 Tunnel signaled with TE

extensions to RSVP
 Soft state maintained with
downstream PATH messages
Head end IP/MPLS
 Soft state maintained with
upstream RESV messages
 New RSVP objects
LABEL_REQUEST (PATH) LABEL L=16
RESV Tail end
(RESV) EXPLICIT_ROUTE
RECORD_ROUTE (PATH/RESV) PATH

SESSION_ATTRIBUTE (PATH)

 LFIB populated using Input Out Label,

RSVP labels allocated by RESV Label Interface
messages 17 16, 0
TE LSP

© 2010 Cisco and/or its affiliates. All rhg

i thpts:/rweswewrv.ecdis.co.com/go/mpls 12
 MPLS TE FRR - Link Protection
Router A Router B Router D Router E

Router X Router Y
Router C

 Primary tunnel: A → B → D → E
 Backup tunnel: B → C → D (preprovisioned)
 Recovery = ~ 50 ms
*Actual Time Varies—Well Below 50 ms in Lab Tests, Can Also Be Higher

© 2010 Cisco and/or its affiliates. All rights reserved. 12

Use Case 1: Tactical TE Deployment
Requirement: Need to Handle Scattered Congestion Points in the Network
Solution: Deploy MPLS TE on Only Those Nodes that Face Congestion

MPLS Traffic Engineering Bulk of Traffic Flow

Tunnel Relieves Congestion Points e.g. Internet Download

Internet
Service Provider
Backbone

Oversubscribed
Shortest Links

© 2010 Cisco and/or its affiliates. All rights reserved. 12

Use Case 2: 1-Hop Tunnel Deployment
Requirement: Need Protection Only — Minimize Packet Loss of
Bandwidth in the Core
Solution: Deploy MPLS Fast Reroute for Less than 50ms Failover Time
with 1-Hop Primary TE Tunnels and Backup Tunnel for Each

Service Provider
Backbone

VPN Site A Primary 1-Hop TE Tunnel

VPN Site B
Backup Tunnel
Physical Links

© 2010 Cisco and/or its affiliates. All rights reserved. 12

MPLS TE Summary

 MPLS TE can be used to implement traffic engineering to enable

enhanced network availability, utilization, and performance
 Enhanced network availability can be implemented via MPLS TE
Fast Re-Route (FRR)
Link, node, and path protection
Automatically route around failed links/nodes; like SONET APS

 Better network bandwidth utilization can be implemented via

creation of MPLS TE tunnels using explicit routes
Route on the non-shortest path

 MPLS TE can be used for capacity planning by creation of

bandwidth-specific tunnels with explicit paths through the network
Bandwidth management across links and end-to-end paths

© 2010 Cisco and/or its affiliates. All rights reserved. 13

Overview of MPLS TE
MPLS TE Simplified
What Setup and Hold Priority

Setup priority determines the importance of an

LSP request when attempting to establish a new
LSP. It influences the path selection process
during the setup phase.

Hold priority determines how likely an existing

LSP is to remain in place when there are
competing demands for resources.
Path Calculation
and Setup
Forwarding Traffic Down Tunnels
MPLS TE Configuration Example
Less than 50 millisecond for converging if LFA is enabled.
To be a qualified backup path
MPLS Management
Technology Overview and Applications

Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
MPLS Technology Framework

 MPLS management using SNMP MPLS MIB and

MPLS OAM capabilities

🗸 Layer-3 VPNs Layer-2 VPNs

🗸
🗸 MPLS QoS 🗸 MPLS TE MPLS OAM/MIBs

🗸 MPLS Signaling and Forwarding

Network Infrastructure

© 2010 Cisco and/or its affiliates. All rights reserved. 20

What’s Needed for MPLS management?

 What’s needed beyond the basic MPLS CLI?

CLI used for basic configuration and trouble shooting (show
commands)
Traditional management tools:
 MIBs to provide management information for SNMP
management applications (e.g., HPOV)
MIB counters, Trap notifications, etc.
New management tools:
 MPLS OAM -> for reactive trouble shooting
Ping and trace capabilities of MPLS label switched paths
 Automated MPLS OAM -> for proactive trouble shooting
Automated LSP ping/trace via Auto IP SLA

© 2010 Cisco and/or its affiliates. All rights reserved. 20

 For your
MPLS Operations Lifecycle reference
only

 Build and plan the network

Capacity planning and
resource monitoring

 Monitor the network

Node/link failure detection
May impact multiple services

 Provision new services and

maintain existing services
Edge/service node
configuration
 Monitor service
End-to-end monitoring
Linked to customer SLAs

© 2010 Cisco and/or its affiliates. All rights reserved. 21

MPLS MIBs and OAM

Management Feature Key Functionality

MPLS-LDP-STD-MIB LDP session status Trap notifications

MPLS MIBs MPLS-L3VPN-STD-MIB VRF max-route Trap notifications

MPLS-TE-STD-MIB TE Tunnel status Trap notifications

MPLS LSP Ping/Trace for LDP-based Validate end-to-end connectivity of LDP-

LSPs signaled LSPs

Validate end-to-end connectivity of TE

MPLS OAM MPLS LSP Ping/Trace for TE tunnels
tunnels

Discovery of all available equal cost LSP

LSP Multipath (ECMP) Tree Trace
paths between PEs

© 2010 Cisco and/or its affiliates. All rights reserved. 21

 LDP Event Monitoring Using LDP Traps
Interface Shutdown (E1/0 on PE1) LDP Session Down (PE1 – P01)

Time = t: Received SNMPv2c Trap from pe1: Time = t: Received SNMPv2c Trap from pe1:
sysUpTimeInstance = 8159606
sysUpTimeInstance = 8159606
snmpTrapOID.0 = mplsLdpSessionDown
snmpTrapOID.0 = mplsLdpSessionDown
mplsLdpSessionState.<index> = nonexistent(1)
mplsLdpSessionState.<index> = nonexistent(1)
mplsLdpSessionDiscontinuityTime.<index> = 8159605
mplsLdpSessionDiscontinuityTime.<index> = 8159605
mplsLdpSessionStatsUnknownMesTypeErrors.<index> = 0
mplsLdpSessionStatsUnknownTlvErrors.<index> = 0
mplsLdpSessionStatsUnknownMesTypeErrors.<index> = 0

ifIndex.5 = 5 mplsLdpSessionStatsUnknownTlvErrors.<index> = 0
Interface goes down ifIndex.5 = 5 LDP session goes down
Time = t+1: Received SNMPv2c Trap from pe1:
sysUpTimeInstance = 8159906
Time = t+1: Received SNMPv2c Trap from p01:
snmpTrapOID.0 = linkDown
sysUpTimeInstance = 8160579
ifIndex.5 = 5
snmpTrapOID.0 = mplsLdpSessionDown
PE1
ifDescr.5 = Ethernet1/0
ifType.5 = ethernetCsmacd(6)
PE1
mplsLdpSessionState.<index> = nonexistent(1)
locIfReason.5 = administratively down P1 P1
mplsLdpSessionDiscontinuityTime.<index> = 8160579
LDP session LDP session
mplsLdpSessionStatsUnknownMesTypeErrors.<index> = 0
Time = t+2: Received SNMPv2c Trap from p01:
mplsLdpSessionStatsUnknownTlvErrors.<index> = 0
sysUpTimeInstance = 8160579
ifIndex.5 = 5
snmpTrapOID.0 = mplsLdpSessionDown

mplsLdpSessionState.<index> = nonexistent(1)
mplsLdpSessionDiscontinuityTime.<index> = 8160579

mplsLdpSessionStatsUnknownMesTypeErrors.<index> = 0

mplsLdpSessionStatsUnknownTlvErrors.<index> = 0
ifIndex.5 = 5

© 2010 Cisco and/or its affiliates. All rights reserved. 21

Validation of PE-PE MPLS Connectivity

 Connectivity of LSP path(s) between PE routers

can be validated using LSP ping (ping mpls
command via CLI)
pe1>ping mpls ipv4 10.1.2.249/32
Sending 5, 100-byte MPLS Echos to 10.1.2.249/32,
timeout is 2 seconds, send interval is 0 msec:

Codes: '!' - success, 'Q' - request not sent, '.' - timeout,

'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed
PE1 request, 'm' - unsupported tlvs, 'N' - no label
PE2entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
P1 P2
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0

Type escape sequence to abort.

!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 284/294/300 ms

© 2010 Cisco and/or its affiliates. All rights reserved. 21

 Automated MPLS OAM
 Automatic MPLS OAM probes between PE routers
Automatic discovery of PE targets via BGP next-hop discovery
Automatic discovery of all available LSP paths for PE targets via LSP
multi-path trace
Scheduled LSP pings to verify LSP path connectivity
3 consecutive LSP ping failures result in SNMP Trap notification

PE1 - MPLS OAM Probe PE3

PE2 - MPLS OAM Probe
PE3 - MPLS OAM Probe

P1 P2

PE1 PE2

© 2010 Cisco and/or its affiliates. All rights reserved. 21

MPLS Management Summary

 MPLS management operations include MPLS node

and service configuration, and monitoring
 In addition to CLI, SNMP MIBs and OAM
capabilities are available for MPLS management
 MPLS MIBs provide LDP, VPN, and TE
management information, which can be collected by
SNMP tools
MIB counters, Trap notifications
 Advanced MPLS management capabilities can be
implemented via MPLS OAM
LSP path discovery and connectivity validation
Proactive monitoring via automated MPLS OAM

© 2010 Cisco and/or its affiliates. All rights reserved. 21

Summary
Final Notes and Wrap Up

Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 96
 Summary and Key Takeaways
 It’s all about labels …
Label-based forwarding and IP protocol extensions for label exchange
Best of both worlds … L2-type forwarding and L3 control plane

 Key application of MPLS is to implement VPN services

Secure and scalable layer 2 and 3 VPN connectivity
 MPLS supports advanced traffic engineering capabilities
QoS, bandwidth control, and failure protection
 MPLS is a mature technology with widespread deployments
Both SP and enterprise networks

 Two types of MPLS users

Indirect (Subscriber): MPLS used as transport for subscribed service
Direct (DIY): MPLS implemented in (own) SP or enterprise network

© 2010 Cisco and/or its affiliates. All rights reserved. 21

 For your
reference
MPLS Applications only

Service Enterprise Data Data center EWAN

Providers Center interconnects Edge

L2/L3VPN’s
Key Features

VPN’s VPN’s / VRF’s VPN’s / VRF’s

TE/FRR
TE/FRR VRF-Aware Security VRF Aware Security
QoS
High Availability High Availability High Availability
High Availability

Hosted Data centers

Departmental
Applications

Data center segmentation Disaster Recovery

interconnect Service multiplexing Internet Access
Vmotion support
Segmentation for IT Security Branch Connectivity
Mergers, Acquisitions, Branch Interconnects
Mergers, spinoffs
Acquisitions, spinoffs

• Network Consolidation – Merging Multiple parallel network into a shared infrastructure

• Network segmentation – By user groups or business function
• Service and policy centralization – Security policies and appliances at a central location
• New applications readiness – Converged multi-service network
• Increased network security – User groups segmentation with VPNs

© 2010 Cisco and/or its affiliates. All rights reserved. 21

Consider MPLS When …

 There’s a need for network segmentation

Segmented connectivity for specific locations, users,
applications, etc.
Full-mesh and hub-and-spoke connectivity
 There’s a need for network realignment/migration
Consolidation of (multiple) legacy networks
Staged network consolidation after company merger/
acquisition
 There’s a need for optimized network availability
and performance
Node/link protection, pro-active connectivity validation
Bandwidth traffic engineering and QoS traffic prioritization

© 2010 Cisco and/or its affiliates. All rights reserved. 21

Q and A

Presentation_ID © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public 100
© 2010 Cisco and/or its affiliates. All rights reserved. 101