Introduction
Vinit Jain is a technical lead with the High-Touch Technical Support (HTTS) team supporting customers in areas of routing, MPLS, TE, IPv6, and multicast. He also supports a wide variety of platform issues such as high CPU; memory leaks; Cisco IOS, IOS XE, and IOS XR Software; and NxOS code base. He has delivered training within Cisco on various technologies as well as platform troubleshooting topics. He has also written a workbook about Cisco IOS XR Software fundamentals on the Cisco Support Community. Vinit holds CCIE certification (no. 22854) in R&S, Service Provider, Data Center and Security, as well as multiple certifications on programming and databases.
MPLS VPN Fundamentals
Q. What is meaning of Overlay?
A. Overlay in this case is when Customer is transmitting its traffic across MPLS cloud.
Q. In the previous slide re route contexts, one had bgp/eigrp on a vrf and another bgp/rip, that's confusing, why?
A. You can run various protocols under a single VRF. A routing protocol can be part of different VRF's and are segregated based on routing contexts ( for example address-family ipv4 vrf ABC)
Q. Can we have bgp, eigrp both on different subnet between ce-pe? If it is yes, then we have to redist under the bgp family address vrf, or am I not aware of something?
A: That is correct. Lets say we have VRF Customer_A using eigrp.. and then VRF Customer_B using RIP. BGP in this case is the conduit to allow those VRF's and IGP's to exchange prefixes. Yes, you're right - under the address-family ipv4 vrf Customer_X, you would then redistribute .
Q. P and PE routers could be 2921 , ASR & CRS , which is better?
A: For P and PE, major providers use CRS or ASR .
Q. What is the difference between CRS and ASR ?
A: CRS uses midplane architecture and can scale to extent of 7 line card chassis with single fabric chassis, hence used by major Service Providers's. ASR can be used in core or edge depending on size of Enterprise or Service Provider .
Q. When we are saying Label, Is that encapsulating the standard IP packet or its over L2 Header ?
A: Layer 2.5 header .
Q. What is Penultimate hop and what is it main function ?
A: Penultimate hop pops the label and then sends to traffic to the CE router.
Q. Does CRS and ASR both used IOS XR?
A: Yes both CRS and ASR uses XR OS .
MPLS VPN Configuration
Q. How to configure IBGP in MPLS VPN?
A: Please see the following link:
Q. If using 2 different protocols say eigrp and BGP- Don’t the RT import extport the VPN routes to the VRF automatically? Does this need mutual redistribution to import the route from MPBGP to customer VRF?
A: If I understood your question correctly, global routing table is separate from vrf routing table. we swap the label and route the traffic based on IGP + LFIB .
Q. Is vpnv4 & ipv4 address-family are the same?
A: They are different Global routing table is maintained by ipv4 address-family. However, the customers packets are being received by PE in a different routing table than a global table and are then labeled. To forward those labeled packets to a different PE/RR; address-family vpnv4 is used.
Q. Does MPLS will not work if CEF is disabled?
A: CEF needs to be enabled to run MPLS.
Q. Does PHP pop the outer most label at the hop prior to the PE so that way the PE device only has to loop up the VPN label?
A: That is accurate.
Q. Show mpls forwarding table is equivalent to show ip cef?
A: show mpls forwarding command shows the LIB (label information base) where as show ip cef shows information of FIB (Forwarding Information Base) and the LFIB.
Q. When CE and PE are using EIGRP, then do we need to mutual redistribute the eigrp and BGP to exchange the routes? If Yes, then what is the use of RT import and export?
A: Redistribution is required for exporting vrf routes into vpnv4 table and vice versa. With the use of RT, we decide if the route can be imported into the VRF routing table and to send the vrf routes to remote PE's using MPBGP.
Q. Can you filter the imported routes defined in RT through a route-map?
A. it can be done before redistributing but generally enterprises do it if they run mpls but service providers will forward what they receive and not get into manipulation .
Q. What is the difference between bgp and mpls ?
A. BGP is L3 protocol and MPLS is L 2.5 protocol .
Q. Why MPLS is called overlay? What feature can run on MPLS?
A. We can run many features like layer 3 VPN, layer 2 VPN and various types of Layer 2 VPN like EMPLS, any transport over MPLS etc. So we can run a lot of services on top of MPLS in your service provider core. Since you are running MPLS on top of your IP and providing services across your MPLS that is the reason it is generally called overlay.
Q. Does MPLS forwarding uses LFIB not CEF?
A. MPLS forwarding depends upon LFIB, but the LFIB is based on CEF. The VRF routing table is based on the CEF, it builds its own CEF table and its respective LFIB table is also present for the VPN labels and IGP labels and the core. So it is the combination of all of them because they all work together closely coupled.
Q. RD only needed in MPGP, is that correct?
A. Yes. In case if you want to make your prefixes unique, it makes more sense in MPLS VPN deployments.
Q. So SP may underline LDP for MPLS but than MPBGP is used on top of that MPLS VPN capability?
A. MPBGP is just for exchanging the routes from PE to PE, so that is more of the control plane part. The forwarding takes place at the lower level that is based on your MPLS. So they are not running on top of each other but running together.
Q. Is RD locally significant?
A. Yes. RD is locally significant.
Q. If I do not see any customer route, will I see only one export and one import?
A. Yes, that is possibly true because if you have both import and export statements, say at one side one PU has export and on the other side has export, so this guy will be able to exchange the routes but you will be not able to learn the other side route to this side.
Q. Does MPLS VPN works well with IPv6 address?
A. Yes. For MPLS VPN services if you want to provide ipv6 IP address servicing, that feature is called 6VPE.
Q. What is the difference between configuring address family vpn4 and ipv4 address family?
A. IPv4 is our regular BGP and global routing table with respect to global routing. VPNv4 sends multiprotocol BGP updates for vpnv4 prefixes. The vpnv4 prefixes are the routes which are uniquely formed using the route distinguishing value: the customer prefix.
Q. Is VPNv4 and IPv4 address family are same?
A. No, they are different. So if you are forming two different sessions, one for ipv4 address family and one for VPNv4 address family. In case your ipv4 address family session goes down and BGP goes down, that does not mean that your vpnv4 session will also goes down and will impact your VPN services. Those are totally different.
Q. Is the P and PE router look at the label and switch to each P router to reach the actually destination. Is there is a way to quickly go to the last PE router with traversing and looking at each label?
A. Not really. The only thing what can be done is configure the TE tunnel from that PE to PE but the lookup of the tables will happen at the RSVP for the travel the packet from one end to another end. So Label lookup will either happen in LDP generated label or TE tunnel generated label or RSVP generated labels.
Q. Is route leaking is controlled by Service provider?
A. yes and It also depends on the agreement between the SP and the Customer
Q. What is the difference between MPLS label and transport label?
A. It is the same.
Q. Can you address the payload encryption?
A. Payload encryption in the MPLS VPN or the data faction or actual prefix information is hidden behind the labels. In the service provider core unless you dig deeper into the MPLS packet, you cannot figure out the source and destination.
Related Information
