Ethernet is more often used nowadays for the WAN. I wrote a bit about this in this lesson:
For MPLS, it doesn’t matter that much what the underlying network is. MPLS does support transport of L2 frames, including frame-relay. This allows you to keep your current frame-relay routers on the customer side but replace the frame-relay provider with an MPLS network. Here’s a quick example:
In the example above, the HQ and Branch routers have Ethernet interfaces but it’s also possible to use serial interfaces with frame-relay encapsulation on those routers.
But just to ensure I understand your response - “Ethernet is more often used nowadays for the WAN”. I understand this to mean that you are referring to the underlying technology.
But I am referring to “pure Ethernet” in the sense of no MPLS. I am thinking of a switched network with multiple vlan/departments on a larger scale. I hope I’m making sense.
Nowadays it is true that “pure” Ethernet is used for WAN connections. This is usually referred to as Metro Ethernet referring to the Metropolitan Area Network (MAN) infrastructure that is necessary for this. This service is essentially a fibre optic cable that comes into your premises (it’s almost always fibre optics due to distance restrictions of UTP) and this connects either directly to your Ethernet interface of your switch or to a telco owned switch to which you connect your equipment. Actual Ethernet frames are sent over this connection without MPLS or other technologies running over it.
I support a fibre optic MAN in the city I live in and each customer is given a switch to connect to. They can send multiple VLANs over the Metro Ethernet connection just like you would on your own private network.
I am clear on the access side. But I suspected that a Service Provider could use only Ethernet to provide service end-to-end (with no mpls in the core) why I asked the question.
MPLS functions on many vendors’ equipment as it is an open method of data-carrying. Cisco chooses to implement MPLS in combination with CEF because of their similarities in functions and the efficiency this introduces. Essentially, CEF functionality complements MPLS.
MPLS is like CEF because it generates a table with mappings from incoming labels to outgoing labels and next hop. CEF on the other hand generates a table mapping the incoming packets destination to the outgoing interface and next hop. Both function based on the routing table and are generated on startup, allowing for very fast switching of packets.
On Cisco devices, CEF and MPLS work together. On the ingress edge router the IP destination network of an unlabelled packet will be looked up in the CEF table which contains a mapping to the outgoing label. This is done for efficiency so that the destination doesn’t have to be looked up in the CEF table, then again in the label forwarding information base (LFIB).
A Label Switched Path (LSP) defines a path in only one direction. This means that it allows data to flow in only one direction between two endpoints. Establishing two-way communications between endpoints requires a pair of LSPs to be established, one for each direction. Because two LSPs are required for connectivity, data flowing in the forward direction may use a different path from data flowing in the reverse direction. This is a similar concept to the fact that if routing is available from point A to point B, it is not necessarily true that routing exists from point B to point A. It must be explicitly defined.
The pop label is very different than the untagged label. A popped label is when the penultimate (the second-to-last router) performs a pop of the outer label. The inner label is still there, so it forwards it based on that.
The Untagged keyword shows up in the output of the show mpls forwarding-table command. What it means is that the router has no output label associated with the forwarding equivalence class (FEC … usually an IP prefix). Since there is no output label, the router cannot perform a label swap (or pop) but has to remove the whole MPLS header.
In this case, the raw IP packet has to be forwarded based on the routing table and the prefixes found there.
Frame mode MPLS is what we use on Ethernet and some other L2 technologies. Cell mode MPLS is typically used on ATM networks. Here’s a short explanation of cell switching:
For the PE1 router whats the reason for having local label 16 for the route 4.4.4.4. I mean from where is it possible to receive an mpls tag 16 for this route?
PE1#show mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 17 4.4.4.4/32 0 Gi0/2 192.168.23.3
17 Pop Label 192.168.34.0/24 0 Gi0/2 192.168.23.3
18 Pop Label 3.3.3.3/32 0 Gi0/2 192.168.23.3
Thanks for your amazing MPLS course. Now i am going through it.
We have Site-to-Site IPsec tunnel between HQ router (CISCO2951/K9) and 4 branches using CISCO1941/K9. The connection is established over point-to-point wireless links. To have wired links, we have received BGP-MPLS VPN offer from service provider.
Who will control CE devices?
Can we have CE-to-CE IPSec VPN? Can our routers be assumed to be CE devices
How can we protect our data passing through the service provider as it is financial data ?
This depends on the policy of your network provider. Some providers provision an MPLS pipe for you and you are required to plug your CE equipment onto that. Other providers give you the CE devices and they provision them according to your needs. You will have to speak with your provider to see what options they provide. So depending on the setup, your routers will either be the CE devices or they will be the devices behind the CE devices provided by the service provider.
There are several ways to provide protection over an MPLS network. If you have multiple branches as I see you do, consider using DMVPN over the MPLS network with your HQ as a hub. You can find out more information about such a configuration at this lesson as well as in subsequent lessons.
Keep in mind that the MPLS VPN that is offered by the providers just provides separation of traffic from various customers in the MPLS network and doesn’t necessarily include encryption of the data transfered. More about MPLS VPNs can be found at this lesson.
What is best consideration to follow regarding both options to avoid any down time happen to the business continuity as my setup is now using hub-spoke (static routing).
Regarding your suggestion to DMVPN, do you mean DMVPN over IPSec?
The service provider informed me that they are providing and controlling CE devices. To protect my financial data, should i use DMVPN over IPSEC as now i have static hub-spoke setup? should we have same edge device ip interface with the provider edge devices to establish connectivity between us and them.
It depends on what exactly you need. DMVPN is a hub and spoke technology where tunneling between spokes happens automatically. It’s a useful technique if you have a lot of spokes and a lot of spoke-to-spoke traffic. You can run IPSec on top of DMVPN to make it secure, which is nice since DMVPN is often used over the Internet.
If you only have a small topology, that doesn’t change (like one hub and two spoke routers) then it’s probably not worth the hassle to implement DMVPN. You could configure IPsec between some routers and be done with it. Since you don’t control the CE devices, you’ll have to add your own routers (or ASAs) behind those devices.
It really means a lot when we implement what we learn into the real world. I have learned here a lot and thanks for you and your team.
I have one hub and 6 spokes and there is ASA5525-X behind the hub. They are connected over wireless p2p radio link. If we remove the wireless link and start using MPLS connection provided by the ISP, will it be plug-and-play or will there be configuration change regarding routing traffic participation and IP Addresses used at the edge devices on both parties?
what do you think i take into my consideration regarding integration of my current live setup and the provider’s network.
I’m glad to hear that our material is useful to you!
If you switch from your wireless link to your MPLS connection, it’s probably not going to be completely plug-and-play. It really depends on your setup and what your SP offers you.
If your wireless link is L2 and your MPLS connection is also L2, then it’s pretty straightforward since you probably don’t have to change anything since nothing changes on L3. If your MPLS connection is L3, you’ll need to make some changes to your IP addresses, routing, and probably some rules on your ASA.
Hi rene,
In Home » Cisco » CCIE Routing & Switching Written
MPLS LDP (Label Distribution Protocol) web page, I think topology picture is wrong.
on R2 fa1/0 is connected R3 fa0/0
in CLI R2 fa0/1 i connected R3 fa0/0
for your information, thanks