MPLS Layer 3 VPN Configuration

Hi Rene,
Sorry but still don’t understand why I need exchange labels between directly connected PEs.
In this scenario I have all the necessary prefixes in the vpnv4 table and in the global table but it doesn’t work.

Hi NetRuso,

I agree that technically it sounds like this should work. The PE routers are directly connected and both routers know about the VPN labels.

The problem is somewhere in the forwarding part. When you forward a packet, the top label is the transport label (exchanged through LDP) and the bottom label is the VPN label (exchanged through MP-BGP). I think the router refuses to forward the packet / doesn’t understand the label when you don’t have LDP enabled / when there is no LSP.

I think this is difficult to debug since Cisco IOS doesn’t seem to support a debug ip packet for VRFs. Otherwise we could debug the reason why it doesn’t forward the packet.

Rene

Hi Rene,
Just to confirm that it works with just enable mpls in the interfaces which connect PE1 and PE2. So from my understanding is necessary enable MPLS when we work with VPNv4 prefixes and VRFs. But I still do not fully understand the background of this story…

Thanks,

In the MPLS Layer 3 VPN, is it must to use LDP with in service provider part or MP-BGP can also distribute the labels.

In the is lesson, on routers PE1, P, and PE2 LDP has been used. Is there any alternative.

Hello NetRuso

Yes, the only thing that is necessary, in its most basic configuration, is the enabling of MPLS on the interfaces which connect PE1 and PE2 to the P router.

Can you be more specific as to what you’re having trouble with? Let us know so we can clarify it for you.

I hope this has been helpful!

Laz

Hi Rene,

Could you please explain VPLS and H-VPLS.

what is the difference between EVPN and VPLS. why EVPN is better than VPLS.

Thanks in advance

Hello Rahul

VPLS and H-VPLS are both technologies that use IP or MPLS networks to provide layer 2 connectivity between remote sites. This essentially allows dispersed sites to share a single Ethernet broadcast domain by connecting sites through what are known as pseudowires. This is a method of making L2 connections over an L3 infrastructure.

VPLS requires full mesh connectivity between sites, which is not very scalable. H-VPLS or Hierarchical VPLS is a method of allowing for scalability by dividing VPLS networks into two or three tiered hierarchical networks.

EVPN technologies provide similar services, but do so in different ways. The primary differences are:

  • Signalling
  • CE multihoming
  • MAC learning

More information about these differences can be found at the following links:


I hope this has been helpful!

Laz

1 Like

Hi Rene,

I do not see, that you’ve enabled OSPF on interfaces.
I would expect something like - (config-if)# ip ospf 1 area X
Or am I missing something?

Thanks in advance.

Hello Vadim

There are two ways to enable OSPF on particular interfaces. One is the way you mention, where you actually configure OSPF on a per interface basis. OSPF can also be enabled on an interface when the network address for the interface matches the range of addresses that is specified by the network area command that is entered in router configuration mode. Rene has applied the latter.

Note here that the ip ospf 1 area command is supported only by OSPFv2.

I hope this has been helpful!

Laz

Hello Lazaros,

Thanks for the response.

But it is still a little bit confusing how it was possible to pull out the information from router “P” with “show mpls ldp neighbor” if those interfaces weren’t set with IP yet.
By the way, could you also answer my question about RD and RT ?

Thanks in advance.

Could be a very silly question, but just curious. PE1 and CE1 are having normal EBGP and neighbors are not defined under VPNV4 address family. Why still we need to use vpnv4 in the below show command to see the neighbor stats?

PE1#show bgp vpnv4 unicast vrf CUSTOMER summary 
BGP router identifier 2.2.2.2, local AS number 234
BGP table version is 2, main routing table version 2
1 network entries using 160 bytes of memory
1 path entries using 56 bytes of memory
2/1 BGP path/bestpath attribute entries using 272 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
1 BGP extended community entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 536 total bytes of memory
BGP activity 1/0 prefixes, 1/0 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
192.168.12.1    4            1      13      12        2    0    0 00:07:31        1

Regards,
M

Hello Madhu

I went into the lab and attempted to use both the show bgp vpnv4 unicast vrf CUSTOMER summary command and the show bgp vrf CUSTOMER summary command and both resulted in the same output. The more correct command to use would be the latter since it specifically states what you want displayed.

The show bgp set of commands tend to assume certain things when you use them. For example if you simply issue the show bgp command, it will assume the ipv4 address family. In this case, there is only one VRF, so all configurations are assumed to be in that VRF, and thus both commands will result in the same output.

I hope this has been helpful!

Laz

1 Like

Thanks Laz for clarifying.

1 Like

Hi Rene,
A great lesson as always!
Could you explain why do we have to give source lo0 when we do ping/traceroute from CE1/CE2?

Hello Chirag

When you use the “source” keyword in the ping and traceroute commands, you are telling the router which interface, and thus which source IP address will be used for the sending and receiving of packets. If “source” wasn’t used, the router will automatically choose the IP of the exit interface as the source.

For example, if you ping 5.5.5.5 from CE1 without the “source” keyword, the ping will be sourced from the Fa0/0 interface which has an IP of 192.168.12.1. But the goal of the exercises is to see if the two loopback networks can communicate. By using “source” and the desired loopback, return packets will have a destination of 1.1.1.1, which is required to verify the desired connectivity.

I hope this has been helpful!

Laz

1 Like

Hi Laz,
Thank you for the explanation. So what config change would be required if we do not want to use source lo0? Since for PE1, 192.168.12.1 is directly connected. So the return packet should know the next-hop interface right if the source is physical interface?

Hello Chirag

The purpose of the lab was to allow connectivity between the 1.1.1.1/32 and 5.5.5.5/32 networks. This is why the ping was initiated using the loopback as the source. This was the requirement that had to be fulfilled and one way to test it is to use a ping from a source of 1.1.1.1 to verify connectivity between the specific networks.

If you don’t use the “source” keyword, then the source IP address that would be used is the IP address of the exit interface. In this case, with a destination of 5.5.5.5, the router will see from its routing table that the exit interface is Fa0/0 and would thus use 192.168.12.1 as the source IP address. This means that the echo request (ping) will use that address for the reply, so the return packet would have a destination of 192.168.12.1.

I hope this has been helpful!

Laz

1 Like

Hi Laz,
Thank you for the explanation!

1 Like

Hi Rene,

I’m trying to build the same network in packet tracer but the packet tracer is not supported to build bgp neighbor internally. Is there any other way to do the configuration on packet tracer. Or MPLS will work only in GNS3.

Hello Sharath

Unfortunately packet tracer does not support internal BGP peering nor does it support any MPLS features. Packet tracer was designed to cover the requirements of the CCNA level R&S certification. For more advanced topics you will have to use GNS3 or VIRL, or Netsim, but the latter two require some level of payment. The only free option is GNS3.

I hope this has been helpful!

Laz