Marek,
This topic can become less confusing if you think about what is going on in the control plane vs the data plane. The RTs are used in the control plane to associate ROUTES with VRFs. The VPN label is used in the data plane to associate PACKETS with VRFs.
Check out this great article that talks about why RDs, RTs, and VPN Labels are all needed:
https://mellowd.co.uk/ccie/?p=2923
Andrew- thank you, it all makes sense now!
The link you shared is also awesome but it melted my brain until I realised the guy forgot to mention that R6 and R7 BOTH advertise route 6.6.6.6 
19 posts were merged into an existing topic: MPLS Layer 3 VPN Configuration
Dear Rene,
I have encountered following log message when setting this up. Can you confirm if we need to make the Loopback Interfaces as /32 s across the MPLS core ?
*Jan 15 01:49:04.853: %BGP-4-VPNV4NH_MASK: Nexthop 1.1.1.1 may not be reachable from neigbor 2.2.2.2 - not /32 mask
This error occurs if you have a loopback interface with a subnet mask that is not /32 and that is advertised in OSPF.
OSPF will always advertise a loopback as a /32 (network type LOOPBACK). LDP however, looks at the actual subnet mask of the interface so there will be a mismatch between LDP and your routing table.
To fix this, you have two options:
* Change the network type of your loopback interface to ip ospf network-point-to-point so that OSPF advertises the actual subnet mask of the interface.
OR
* Change the subnet mask of the loopback interface to /32.
Rene
Hi Rene,
When we give a trace from a Non-MPLS device and its travel thru a MPLS network.So, how Device know about the MPLS path IP and label from output ā¦
CE1#traceroute 5.5.5.5 source loopback 0
Type escape sequence to abort.
Tracing the route to 5.5.5.5
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.12.2 0 msec 0 msec 4 msec
**2 192.168.23.3 [MPLS: Labels 17/19 Exp 0] 0 msec 0 msec 4 msec**
**3 192.168.45.4 [MPLS: Label 19 Exp 0] 0 msec 0 msec 4 msec**
4 192.168.45.5 0 msec 0 msec *
So from the output how CE1 informed the IP 192.168.23.3 and 192.168.45.4 with the label value 17 , 19 respectively.I want to know the discovering process deeply. please assist me in your clear text .Thx
I know how Traceroute works normally but In MPLS domain I cant understand .
br//zaman
Hello Mohammad
An excellent and very in depth explanation of how traceroute and MPLS function can be found in this Cisco documentation. It includes information about the elements found within the frame headers and how these are translated and outputted in the traceroute output as label values.
I hope this has been helpful!
Laz
Thanks a lot Andrew.
Hi Rene,
Please see the bold output below ā¦
CE1#traceroute 5.5.5.5 source loopback 0
Type escape sequence to abort.
Tracing the route to 5.5.5.5
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.12.2 0 msec 0 msec 4 msec
2 192.168.23.3 [MPLS: Labels 17/19 Exp 0] 0 msec 0 msec 4 msec
**3 192.168.45.4 [MPLS: Label 19 Exp 0] 0 msec 0 msec 4 msec**
4 192.168.45.5 0 msec 0 msec *
why its showing 192.168.45.4 instead of 192.168.34.4 . As we know it should show exit interface IP . Is there logic behind this ??? Please make me clear .Thx
br//zaman
The output is correct, keep in mind that MPLS traceroute works a bit different than regular IP traceroute:
I think they show the IP address of the remote PE router in the VRF on purpose, instead of the interface that connects to the P router. The IP address of the PE router in the VRF is reachable from the CE1 router, making it useful for troubleshooting.
Hi. Thanks for the lesson. It helped me learn something about MPLS.
One question though. What if I want to connect another 2 CE routers, and wants to add more VRF? Iāve tried adding new address-family ipv4 vrf to existing BGP process in PE1 and PE2, and redistribute the new routing protocol by adding it to address-family ipv4 vrf and all just like in the lesson, but to no success. The new router still canāt ping successfully.
Whatās needed to add new networks to the MPLS VPN? I maybe havenāt understood it all completely.
Hello Evan,
If you want to add a second customer that is separated from the first one then you need to add:
Take a look at the startup configurations in this lesson. Thatās exactly what you are looking for:
Itās MPLS VPN with two customers in two VRFs.
Hope this helps!
Rene
Hi. Iām really helped with this topic. Thanks a lot. Now a new question popped up in my mind.
How if I want to have redundancy in the MPLS? I mean, if one of the line in the MPLS backbone is down, the whole CE traffic is down too. If I must add a new node to the MPLS backbone, how would the configuration be so it has redundant links?
I appreciate for the help. Thanks.
Hello Ivan,
You could use a topology like this:
In that example, I have redundant P and PE routers but I didnāt use MPLS there. What you need for MPLS VPN is:
If you can configure a MPLS VPN topology without redundancy then itās easy to add redundancy, there are no extra commands. If you have trouble with this, let me know and Iāll share the configs when I get back from my holiday (next Wednesday) 
Rene
Thanks for the answer, Rene. Iāll look to that and try the configuration in the meantime.
Anyway, is there any chance of using protocols like VRRP, GLBP, or FHRP in MPLS?
Hello Ivan.
According to Cisco:
VRRP is supported on Ethernet, Fast Ethernet, Bridge Group Virtual Interface (BVI), and Gigabit Ethernet interfaces, and on Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs), VRF-aware MPLS VPNs, and VLANs.
link
Similarly, GLBP can also be used for MPLS implementations as well.
HSRP, FRRP and GLBP are all protocols that fall into the category of First Hop Redundancy Protocols (FHRP).
I hope this has been helpful!
Laz
Iāve got another question. Besides using the configuration from the lesson you shared, is there any other strategies to have redundancy on MPLS backbone? Like using BFD or any other strategies?
Hi Ivan,
There are a couple of things. In MPLS VPN, you have to think of:
For your IGP, you can use BFD but also something like fast reroute:
For BGP, there are a couple of things you can do. For example:
Hope this helps
Rene
Hi, Thanks again, Rene. By the way. Is the fast reroute you shared above is the same with MPLS Traffic Engineering fast reroute or is it different?
Iām also facing trouble with the BGP PIC config. Really hope for you to share the configs you mentioned above. Thanks in advance.
Anyway, I also noticed that the OSPF LFA you shared above is only available to a few high end routersā¦ Is there an alternative to that other than BFD?