Hi xander

it is not possible to create l3vpn without mpls ? . or any way is available 

Thanks

Durai

hi durai,

you can use the vrf-lite model but this is complex to manage in larger networks.

for example:

CE1 ---PE----core(x)---P------PE---CE1

CE2  --/                                    \----CE2

in this case, without mpls, I need to create on the core(x) link 2 vrf's with 2 vlans to go to "P".

and the same on the other PE and link.

Now if you think that there are more P's with backup paths or more CE's that linkage exponentially increases to define those vlans and in all your P routers is that awareness of every CE route!

MPLS just simplifies this; single core link,by just using labels. Your P routers only see PE next hops and are opaque to the number of vrf's you carry/service. Adding another P or PE device integrates into the routing naturally and MP BGP takes care of the PE advertisement. So expanding and rerouting are more natural and graceful here too.

So while technically MPLS can be omitted, it is just not a smart thing to do from a design perspective in l3vpn.

cheers!

xander

Hi,

i want to understand for Creating L3VPN using MP-BGP why we need MPLS/GRE Tunnels.

if we have all Routers run MPBGP sessions, Can they Exchange VRF Information, Routes without MPLS / GRE.

what would be missing or component without this.

Please help, this would be help in clearing a few Doubts.

Regards

Sourav

hi sourav, on a PE you can have 2 vpn's right or 2 vrf's let's say.

now you and I are both using the same address space 10.0.0.0/24

l3vpn allows that, but in the core, the provider needs to be able to separate your traffic from mine. the way to do that is to "tag" the traffic with a label. (this is a per-vrf label allocation example). It can even go more granular that each of your routes have a unique label and each of mine, this burns the label space quickly but provides for faster forwarding at the PE and also some better loadbalance capabilities (back in teh day, these days we have other options now but hey for some history ;)

so while MPBGP technical can exchnage route information perfectly fine, the problem is the separation of traffic in the core as the "tagging" of you vs mine is missing for which we need MPLS.

cheers xander

Hi Xander, thanks !

as i understand working of MPLS, all RIB prefixes get labels under LFIB.

so is there any difference between lables generate for prefixes under LFIB,

and labels generated for VRF Identity.

is there any diagram for some reference to read , please suggest.  

Thanks 

Sourav

there is technically no difference indeed sourav. 

ldp is used generally to exchange label information between adj devices, mp-bgp is used by PE's to exchange l3vpn label information in so many ways.

for vpn's you have 3 label allocation modes:

- per prefix, each prefix in each vrf gets a unique label

uses a lot of labels, but is faster (since already a deaggregation) and has perfect LB capabilities

- per vrf, all prefixes in a single vrf share the same (vrf) label

saves label space but reduces the loadblaancing and redundancy capabilities

- per CE, each ce (PE next hop towards customer edge) gets a unique label assigned.

is the interim between the previous two to balance label space but providing a level of redundancy.

some possible reading may be:

http://www.cisco.com/c/en/us/support/docs/multiprotocol-label-switching-mpls/mpls/13733-mpls-vpn-basic.html

cheers

xander

ps. to note, if you dont have an mpls core, like the internet, you can use GRE to build tunnels between PE's and run MPLS over the gre tunnel to assign and exchange label information.

I know on cisco asr1000, there is one feature called MPLS over GRE, PE setup BGP session with its peer, GRE tunnel between PEs will be setup automatically, LDP is not needed on PE/P router. You need create VRF for each VPN and configure ip vrf forwarding <VRF name> on CE-facing interface, VPN traffic will be encapsulated over GRE tunnel, it will be forwarded like normal IP packet.

yeah but then you'd be building GRE tunnels to all your PE's, can be done, but is still somewhat of an administrative nightmare...

however if you have an mpls free core, this may be an option to consider...

xander

No need to setup gre tunnel manually, GRE tunnel was created automatically if only apply route-map on BGP session.