Solved: BGP and MPLS Basics

prakashcsco · ‎06-01-2015

Dear friends,

i have Some doubts in BGP and MPLS setups, i think you can help me to sort out !!!..

I want to know how an ISP giving multiple services to Cutomer who has many branches using BGP and MPLS?

How customer are still in Private IP segment and able to work in bgp. how the setup will be?

and last what is difference between L2 MPLS and L3 mpls with an example.

Thanks in advance

Markus Benz · ‎06-02-2015

Sure, no problem.

There are for sure different possibilities. And you need to sort them out with the carrier in the end.

But a very typical scenario would be this one:

You have a Head Quarter or Datacenter site. At this site you have an internet Link and all your related infrastructure, like Fireall, Spam Filter, Mail and Web Servers etc.
Additionally you have a L3 MPLS VPN interconnecting all your sites. On each site you get a rotuer from the carrier. This router is connected to your network. In your case you would use BGP to exchange routes between the carrier and your site. So each site sends it's routes to the MPLS VPN and learns all the routes from the MPLS VPN. You will have an any to any connection to all sites.

If a user in a site wants to access a corporate service it accesses it in the DC trough the MPLS VPN (private IP). If a user wants to browse the internet, his packets are sent to the DC to the Firewall and there will be a NAT to public.

If you don't want a centralized internet access, you could also have an internet break out in each site. In this case you would route packets destined to the internet over the internet link (DSL for example) and and packets to access corporate services to the MPLS link.

In your setup you probably don't need L2 MPLS. it is required if you want to run non routable protocols over it. For example if you want to run your own MPLS. Or if you want to migrate virtual machines between sites and they need to stay in the same subnet or the like.
But standard Branch environment L3 MPLS should be absolutely ok.

Regards,
Markus

View solution in original post

Markus Benz · ‎06-03-2015

what exactly do you need to know?
That would be a very long answer to explain MPLS and L3 VPN's in one forum answer.

Generally between your Site and CE rotuers you're using either static routes or any type of routing protocols to exchange routes.

From CE to PE normally standard BGP is in use.

From PE to PE it is always MP-BGP that carries the customer routes.There is no other option if you run MPLS VPN's. OSPF or IS-IS is in use between PE's as well, but not to transport customer routes learned by CE routers. OSPF or IS-IS is only used between PE's to learn information about all other connected PE routers and to be able to create MPLS labels.

Normally if you order a L3 MPLS service from a carrier, you get a full-mesh service and not hub and spoke. Meaning each site can directly talk to every other site. From your perspective as end customer, you can more or less ignore the fact that the carrier is running MPLS, to the end customer the MPLS network looks like a routed private network. Just that it is not you own network, but a virtualized network on a carrier backbone. But the functionality is the same as if you would run your own routers.

So if there is no reason to do hub and spoke, I would order a standard full-mesh L3 VPN where each site can talk to every other site. Your default route would point to the Datacenter where your internet connection is.

Does that answer your question?

Regards,
Markus

View solution in original post

Markus Benz · ‎06-02-2015

Hi,

I am not 100% sure I understand your question.

But in MPLS/VRF you sort of virtualize your routing table (address-families / VRF's).
So basically each IP route gets a tag in front of it to make it unique (route distinguisher)

Each physical or logical interface is connected to one virtualized routing table.
Following example assigns interface Gi1/0/1 to the VRF DEMO.

interface Gi1/0/1
ip vrf forwarding DEMO

So the IP configured on this interface will belong to the "virtual router" named DEMO.

A similar mechanism is implemented with the routing protocols. BGP uses address families.
If you're a customer of a carrier, the carrier will create a new VRF for you and assign a unique route distinguisher to this VRF. The interface that is facing your site is put into your VRF and all routes that are learned via BGP are assigned to your address-family and put into your VRF. So all of your routing is logically separated from other customers. Which allows overlapping private address spaces.
If you have a route like this 10.1.1.0/24 it would look something like this in the carrier router:
<route distinguisher>:10.1.1.0/24

The difference in L2 and L3 MPLS is simple.
L3 is sort of a virtualized routed network. Meaning you talk IP to the carrier and you use static routes or routing protocols to exchange routes.

L2 MPLS (L2 VPN) is sort of a stretched L2 segment across the WAN. So all sites share the same L2 domain. Logically it would look like all your sites are connected to the same Switch.

Hope that helps. Let me know if this did not answer your question...

Regards,
Markus

PS: please mark answers correct if they helped you....

prakashcsco · ‎06-02-2015

Dear MARKUS BENZ,

thanks for the reply,

can you answer this scenario how this setup will work

Comapny ABC has 15 branches all over country and they maintain a Data centre in central location

they have signed to ISP to connect all branch office to central office (DC) with use of BGP and MPLS.

i understand using VRF they differentiate customer IP segments .

The Branch offices and Head offices are using Private address only and i want to know how they ascess internet and also connected with DC.

i understand L3 MPLS but can you explain me with an real time example for L2 MPLS VPN, how it work

thanks in advance

Markus Benz · ‎06-02-2015

Sure, no problem.

There are for sure different possibilities. And you need to sort them out with the carrier in the end.

But a very typical scenario would be this one:

You have a Head Quarter or Datacenter site. At this site you have an internet Link and all your related infrastructure, like Fireall, Spam Filter, Mail and Web Servers etc.
Additionally you have a L3 MPLS VPN interconnecting all your sites. On each site you get a rotuer from the carrier. This router is connected to your network. In your case you would use BGP to exchange routes between the carrier and your site. So each site sends it's routes to the MPLS VPN and learns all the routes from the MPLS VPN. You will have an any to any connection to all sites.

If a user in a site wants to access a corporate service it accesses it in the DC trough the MPLS VPN (private IP). If a user wants to browse the internet, his packets are sent to the DC to the Firewall and there will be a NAT to public.

If you don't want a centralized internet access, you could also have an internet break out in each site. In this case you would route packets destined to the internet over the internet link (DSL for example) and and packets to access corporate services to the MPLS link.

In your setup you probably don't need L2 MPLS. it is required if you want to run non routable protocols over it. For example if you want to run your own MPLS. Or if you want to migrate virtual machines between sites and they need to stay in the same subnet or the like.
But standard Branch environment L3 MPLS should be absolutely ok.

Regards,
Markus

prakashcsco · ‎06-03-2015

Dear Markus,

Your answers really helped me. and i need your further assistance ..

for the same setup
CE-PE-PE-CE

CE-PE-- BGP
PE-PE-OSPF

using L3 MPLS can you explain me frame by frame how packets are moved from DC to Branch Offices

Carrier are used between CE to PE by Differenet types of Communication like CVLAN

Are else give me a example of an ISP setup and guide how they work.

In HUb and SPoke topology

Markus Benz · ‎06-03-2015

what exactly do you need to know?
That would be a very long answer to explain MPLS and L3 VPN's in one forum answer.

Generally between your Site and CE rotuers you're using either static routes or any type of routing protocols to exchange routes.

From CE to PE normally standard BGP is in use.

From PE to PE it is always MP-BGP that carries the customer routes.There is no other option if you run MPLS VPN's. OSPF or IS-IS is in use between PE's as well, but not to transport customer routes learned by CE routers. OSPF or IS-IS is only used between PE's to learn information about all other connected PE routers and to be able to create MPLS labels.

Normally if you order a L3 MPLS service from a carrier, you get a full-mesh service and not hub and spoke. Meaning each site can directly talk to every other site. From your perspective as end customer, you can more or less ignore the fact that the carrier is running MPLS, to the end customer the MPLS network looks like a routed private network. Just that it is not you own network, but a virtualized network on a carrier backbone. But the functionality is the same as if you would run your own routers.

So if there is no reason to do hub and spoke, I would order a standard full-mesh L3 VPN where each site can talk to every other site. Your default route would point to the Datacenter where your internet connection is.

Does that answer your question?

Regards,
Markus

prakashcsco · ‎06-04-2015

Dear markus,

yes now i understand the Topology and your answers really helpful to clear my doubts, Thanks a lot !!

stay in touch..