Introduction to MPLS

(jonrandall) #57

Hi @kayoutoure,

In this article we are starting with the idea to remove BGP from the network core. This is because the core can be very large and we don’t want to have to make many manual changes each time something is modified.
Our objective is to let the PE routers talk BGP to other PE routers and remove the requirement for P routers to talk BGP. We could have many P routers in the path between two PE routers (e.g. PE-P-P-P-P-P-P-P-PE) so this would be a great optimisation.

So your first point is correct. BGP prefixes are learned from PE to PE, not via the P routers.

Regarding GRE, don’t worry about this too much. It is used as one example of how we could stop using BGP on the P routers. We are meant to consider that using MPLS in the core is similar to using GRE in the core as they are both methods of allowing PE routers to handle all the BGP routing logic and the P routers just forward data in a “dumb” way between PE routers.

The reason we see many more MPLS cores than GRE cores is that there are some extra advantages to using MPLS such as better performance in large networks but, in our lesson, they have both achieved the same thing; removing BGP from the P router core.

I hope this helps,

(MAODO T) #58

Hi Jon.

Thank you for your interesting answers.

When you say “many manual changes each time something is modified”, it does raise some existential questions in my mind.

1 - What really IBGP (Internal BGP) routers could be useful for ? Your last answers seemed to me to say that a core with IGP nodes only is a “great optimisation” compared to a core with IBGP nodes.

2 - Do MPLS provide a “DMVPN-KindOf” for a company having 10 branches and needing to tunnel between any two of them ?

PS : I would like to have the chance to read a good article explaining why “a core with IGP nodes only is a great optimisation compared to a core with some IBGP nodes”.

(Rene Molenaar) #59

Hi @kayoutoure

It might help to think about this the other way around, let’s say we don’t use MPLS but BGP on all P and PE routers. This means that:

* The P routers have to do a lookup in their routing tables for every destination.
* The P routers have to know about every destination…this means you’ll have to redistribute customer information into BGP.
* iBGP has to be a full mesh so if you add another P router in your network, you’ll have to establish neighbor adjacencies with all other iBGP routers. You can make your life a bit easier with route reflectors and confederations but it’s still a lot more work than configuring a router with an IGP like OSPF + MPLS.

There are a lot of different logical topologies you can run on top of MPLS. For example, services like E-line, E-tree and E-lan are also often used on top of MPLS.

(Rene Molenaar) split this topic #60

4 posts were merged into an existing topic: Internal BGP (Border Gateway Protocol) explained

(Rohan H) #61

Hello Rene,

Thanks for the lesson.

Please excuse me if I’m asking a dumb question. With the increase in high speed fiber links could a Service Provider use “pure Ethernet” (using technologies like vlans, tunneling, etc) in providing WAN service connectivity for its customers?
My understanding of MPLS, with its multi-protocol capability, is that it provides a means of integrating legacy technology (like frame-relay) into a newer network. Correct?


1 Like
(Rene Molenaar) #62

Hi Rohan,

Ethernet is more often used nowadays for the WAN. I wrote a bit about this in this lesson:

For MPLS, it doesn’t matter that much what the underlying network is. MPLS does support transport of L2 frames, including frame-relay. This allows you to keep your current frame-relay routers on the customer side but replace the frame-relay provider with an MPLS network. Here’s a quick example:

In the example above, the HQ and Branch routers have Ethernet interfaces but it’s also possible to use serial interfaces with frame-relay encapsulation on those routers.

(Rohan H) #63

Thanks Rene,

I will do further reading.

But just to ensure I understand your response - “Ethernet is more often used nowadays for the WAN”. I understand this to mean that you are referring to the underlying technology.

But I am referring to “pure Ethernet” in the sense of no MPLS. I am thinking of a switched network with multiple vlan/departments on a larger scale. I hope I’m making sense.


(Lazaros Agapides) #64

Hello Rohan

Nowadays it is true that “pure” Ethernet is used for WAN connections. This is usually referred to as Metro Ethernet referring to the Metropolitan Area Network (MAN) infrastructure that is necessary for this. This service is essentially a fibre optic cable that comes into your premises (it’s almost always fibre optics due to distance restrictions of UTP) and this connects either directly to your Ethernet interface of your switch or to a telco owned switch to which you connect your equipment. Actual Ethernet frames are sent over this connection without MPLS or other technologies running over it.

I support a fibre optic MAN in the city I live in and each customer is given a switch to connect to. They can send multiple VLANs over the Metro Ethernet connection just like you would on your own private network.

I hope this has been helpful!


(Rohan H) #65

Thanks Laz.

I am clear on the access side. But I suspected that a Service Provider could use only Ethernet to provide service end-to-end (with no mpls in the core) why I asked the question.


(Lazaros Agapides) #66

Hello Rohan.

Yes, the ISP can use pure Ethernet end-to-end to provide WAN services without any other technologies running over that like MPLS.

I hope this has been helpful!


(Mohammad Hasanuz Zaman) #67

Hi Rene,
I have three question raises regarding MPLS …So need your assistant badly to explore it .

  1. Why cef switching technique must needed for MPLS operation ??
  2. LSP is unidirectional , What does it mean ??
  3. Untagged label , What does it mean ??Its same operation like Pop tag ??

Appreciate your crystal clear answer regarding the questions .Thx


(Lazaros Agapides) #68

Hello Zaman

MPLS functions on many vendors’ equipment as it is an open method of data-carrying. Cisco chooses to implement MPLS in combination with CEF because of their similarities in functions and the efficiency this introduces. Essentially, CEF functionality complements MPLS.

MPLS is like CEF because it generates a table with mappings from incoming labels to outgoing labels and next hop. CEF on the other hand generates a table mapping the incoming packets destination to the outgoing interface and next hop. Both function based on the routing table and are generated on startup, allowing for very fast switching of packets.

On Cisco devices, CEF and MPLS work together. On the ingress edge router the IP destination network of an unlabelled packet will be looked up in the CEF table which contains a mapping to the outgoing label. This is done for efficiency so that the destination doesn’t have to be looked up in the CEF table, then again in the label forwarding information base (LFIB).

A Label Switched Path (LSP) defines a path in only one direction. This means that it allows data to flow in only one direction between two endpoints. Establishing two-way communications between endpoints requires a pair of LSPs to be established, one for each direction. Because two LSPs are required for connectivity, data flowing in the forward direction may use a different path from data flowing in the reverse direction. This is a similar concept to the fact that if routing is available from point A to point B, it is not necessarily true that routing exists from point B to point A. It must be explicitly defined.

The pop label is very different than the untagged label. A popped label is when the penultimate (the second-to-last router) performs a pop of the outer label. The inner label is still there, so it forwards it based on that.

The Untagged keyword shows up in the output of the show mpls forwarding-table command. What it means is that the router has no output label associated with the forwarding equivalence class (FEC … usually an IP prefix). Since there is no output label, the router cannot perform a label swap (or pop) but has to remove the whole MPLS header.

In this case, the raw IP packet has to be forwarded based on the routing table and the prefixes found there.

I hope this has been helpful!


MPLS LDP (Label Distribution Protocol)
(Mohammad Hasanuz Zaman) #69

Hi Rene,

Hope you are doing well …
What is the difference between Frame Mode MPLS & Cell mode MPLS . Thx


(Rene Molenaar) #70

Hi Zaman,

Frame mode MPLS is what we use on Ethernet and some other L2 technologies. Cell mode MPLS is typically used on ATM networks. Here’s a short explanation of cell switching:


(Charalambos D) #72

Hi Rene,

For the PE1 router whats the reason for having local label 16 for the route I mean from where is it possible to receive an mpls tag 16 for this route?

PE1#show mpls forwarding-table 
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop    
Label      Label      or Tunnel Id     Switched      interface              
16         17       0             Gi0/2
17         Pop Label  0             Gi0/2
18         Pop Label       0             Gi0/2
(Faisal Ahmed A) #73

Dear Rene,

Thanks for your amazing MPLS course. Now i am going through it.

We have Site-to-Site IPsec tunnel between HQ router (CISCO2951/K9) and 4 branches using CISCO1941/K9. The connection is established over point-to-point wireless links. To have wired links, we have received BGP-MPLS VPN offer from service provider.

Who will control CE devices?
Can we have CE-to-CE IPSec VPN? Can our routers be assumed to be CE devices
How can we protect our data passing through the service provider as it is financial data ?

Thanks again.

Faisal Ahmed

(Lazaros Agapides) #74

Hello Faisal

This depends on the policy of your network provider. Some providers provision an MPLS pipe for you and you are required to plug your CE equipment onto that. Other providers give you the CE devices and they provision them according to your needs. You will have to speak with your provider to see what options they provide. So depending on the setup, your routers will either be the CE devices or they will be the devices behind the CE devices provided by the service provider.

There are several ways to provide protection over an MPLS network. If you have multiple branches as I see you do, consider using DMVPN over the MPLS network with your HQ as a hub. You can find out more information about such a configuration at this lesson as well as in subsequent lessons.

Keep in mind that the MPLS VPN that is offered by the providers just provides separation of traffic from various customers in the MPLS network and doesn’t necessarily include encryption of the data transfered. More about MPLS VPNs can be found at this lesson.

I hope this has been helpful!


(Faisal Ahmed A) #75

Dear Laz,

Thank you very much for your clarification.

What is best consideration to follow regarding both options to avoid any down time happen to the business continuity as my setup is now using hub-spoke (static routing).

Regarding your suggestion to DMVPN, do you mean DMVPN over IPSec?

I highly appreciate for further suggestions.

Thank you again.


(Rene Molenaar) #76

Hi Charalambos,

This label is locally generated. For a detailed explanation, take a look at this lesson:


(Faisal Ahmed A) #77

Hi Laz,

The service provider informed me that they are providing and controlling CE devices. To protect my financial data, should i use DMVPN over IPSEC as now i have static hub-spoke setup? should we have same edge device ip interface with the provider edge devices to establish connectivity between us and them.