Showing results for 
Search instead for 
Did you mean: 

Design MPLS L3VPN for Service Provider



I'm taking computer security in university and I persist to find a good proposal about cisco for my FYP(Final Year Project). I was searching about MPLS L3VPN topic, but Im lost in that.Im suggested to design and implement MPLS L3VPN for service provide, but i don't know how i should bring it to proposal. I mean should I come with a scenario or do you have any suggestion for that? could you please help me to find a good proposal about it or any other interesting topics? Thanks in advance.

4 Replies 4

Mahesh Gohil
Rising star
Rising star


I don't know i really understood problem or not.

But for me to design l3 VPN for service provider includes introducing below devices to network

> PE--Provider edge routes for terminating customers. Will have IGP (OSPF or ISIS), MPLS and MP-BGP. In addition adding some customer vrf
> P-Provider/Core router. It is unaware of customer. It is having IGP (OSPF or ISIS), MPLS and more importantly no BGP. Everything happens here is based on   LDP label
> RR- As you must be aware that IBGP need full mesh to operate. To avoid this there is RR (route reflector) where all PE will bgp peered with RR only.

that's it.

I am having simple topology

CE---PE      PE---CE

If you need may be I can provide config for this routers.



Hello Mahesh,

Thanks for introduction. My problem is, my supervisor asked me to come up with a new system or a challenging proposal. I think L3VPN is all configuration and configuration is not accepted for FYP. I need to add something new in L3VPN(not really new,just make it challenging). I need help coz I have no idea about what to add.


Hi Farid,

Challenges for ISP depends upon customer requirement. I am just briefing the one challenges i got from customer.

Please look at diagram attached

>- Customer requirement is

                           > Remote-site1 will access internet from central-site1
                           > Remote-site2 will access internet from central-site2
                           > Both the remote site switchover to backup if primary site is unavailable
                           > Customer will provide Default route for internet access from two central sites

   How It is achieved

                           > When pumping default route from both central-site it is marked with specific RT value

                               (100:1 for central-site1 and 100:2 for Central site:2)  via. Export-map in vrf
                           > When Accepting default route at remote-site1, the preference is given to the one RT (100:1) which is customer primary
                           > Same way at other remote-site config is exactly inverted. Preference is given to 100:2 as a primary

                           > All this is done with import-map in vrf

A lot of more challenges will be there which depends upon customer requirement. You can think of other challenges by tweaking route-terget.

Hope this helps



If you want to make it complex, you can already start with traffic engineering tunnels in the core ISP network for the PE-PE LSP. On the PEs, implement a first layer of VPNs, then enable carrier supporting carrier (mpls towards the Customer facing devices). On the CE devices, you can then mix L2vpn and usual L3vpns, or just put L3vpns then add again another layer of MPLS labels using L2vpn for example.

In order to complexify the L3vpns, you would then play with import and export maps as well as provide some Internet access through NAT.

I can only recommend you the workbooks to prepare for the CCIE SP as they contain such scenarios.



Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers