MPLS Layer 3 VPN Configuration

(Evan d) #64

I just found that in the lesson we can only ping from the loopback interface? I wanted to add new networks to the CE routers and see if they can ping each other. Is it just me or am I missing some configuration? Thanks.

(Rene Molenaar) #65

Hello Ivan,

OSPF fast reroute is different from MPLS TE Fast Reroute. The idea is kinda the same but with MPLS TE fast reroute, we have a backup LSP.

BFD helps to quickly detect loss of an OSPF neighbor and LFA/FRR helps a lot when you lose a route. Some other things you can do to improve convergence times are playing with the different SPF/LSA timers. For example:

Incremental SPF is nice:

What issue do you have with the BGP PIC configs?


(Rene Molenaar) #66

Hi Evan,

The CE routers in this example are using eBGP so if you add a new network on your CE routers and advertise it in BGP, you will be able to ping between the two CE routers.


(Ivan A) #67

Hi I’m having difficulties. My PE routers does not show anything when I tried the command show bgp ip because it only uses BGP for the VRF route unlike the examples in the BGP PIC lesson. And in the BGP PIC lesson there is no VRF. How can I use the BGP PIC with VRF?

(Rene Molenaar) #68

Hello Ivan,

Where exactly do you want to use it? In the BGP examples I have shown, we use BGP PIC for failures in the core where PE routers have to find a different path to another PE router for the iBGP peering, or when a PE router fails.

When you use MP-BGP between PE-CE then you could use BGP PIC when the CE router is multihomed. Is that what you are looking for?


(devaprem R) #69



How the CE routes change to VPNV4 when we redistribute them under address family IPV4 ?

Why we are not redistributing under address family VPNv4 ?

(devaprem R) #70

In case if we use static routing between PE and CE and if I want to advertise CE loopbacks

In my PE should I need to include network statement under address family ipv4 or vpnv4 ?

(Rene Molenaar) #71

Hi Devaprem,

In this lesson:

We do two-way redistribution:

PE1 & PE2
(config)#router bgp 234
(config-router)#address-family ipv4 vrf CUSTOMER
(config-router-af)#redistribute ospf 2
PE1 & PE2
(config)#router ospf 2
(config-router)#redistribute bgp 234 subnets

From OSPF into the correct MP-BGP address family, that’s how these routes become VPN routes. The router knows which RD to use for the VRF we specify.

If you want to add a static route, you can configure it with the ip route vrf command on the PE router and then redistribute it into the correct MP-BGP address- family, just like the OSPF example above.


(devaprem R) #72

Thanks Rene

Understand, so address family VPNv4 only used to activate MPBGP neighbor but all the prefixes will still be advertised under address family ipv4 vrf

I have another question , what will happen if VRF CUSTOMER configured with different RD value in PE2 but i still have Import RT statement to import CUSTOMER routes like below

PE2(config)#ip vrf CUSTOMER2
PE2(config-vrf)#rd 1:2
PE2(config-vrf)#route-target export 1:2
PE2(config-vrf)#route-target import 1:1

If this is the case, what is the behavior in control plane ? and what is the behavior in Data plane ?

Thanks again for your support , This blog is one of the best explanation i have ever seen for MPLS Layer 3 VPN and you keeping things very simple.

(Rene Molenaar) #73

That’s right, the VPNv4 address family enables the advertisement of VPN routes between BGP neighbors. We advertise/redistribute things under the address family for the VRF.

The RD is for the control plane. You have an RD of 1:2 and you export that. This means that on another PE router, you have to import 1:2 if you want to get these VPN routes. You import 1:1 so whatever has an RD of 1:1, gets imported.

If you add an route-target import 1:2 on PE1, you’ll see it imports the routes you export on PE2.

MPLS VPN can be pretty complicated, there are a lot of moving parts.

(Ray J) #74

how did the routers know they should use 2 labels instead of 1? why 19 as the VPN label? i don’t see any config that defines it?

(Lazaros Agapides) #75

Hello Ray

First of all, MPLS routers will dynamically assign labels. It is possible to statically assign them, however, by default the label values are chosen by the router. Secondly, the PE router “knows” to use two labels instead of one because we are using VRFs. The first label is used to determine to which VRF the packet belongs and the second label is used to get the packet through the core of the MPLS network.

I hope this has been helpful!


(Fabrice M) #76

Hi rene
Why you are not use vpn id under you vrf configuration ?


(Lazaros Agapides) #77

Hello Fabrice

The use of a VPN ID is not mandatory. It is possible to use it, and it is just another way with which a VPN can be identified. There are several benefits to using it. You can see them at this post:

I hope this has been helpful!


(NetRuso) #78

Hi Rene and team,

I am wondering if for using address-family VPNv4 we also need to configure MPLS and LDP.

I have tried to configure a CE1-PE1----PE2-CE2 topology where there is no P equipment in between the PEs. No MPLS or IGP need. Configuring eBGP vrf lite in CE-PE connections with the RD/RTs for customer VRF and iBGP vpnv4 between PEs doesn’t work for me, it seems like when CE1 try to reach CE2, PE1 is not able to forward the packet to the next hop.

(*) I configured the iBGP using source loopback and to have connectivity between the loopbacks I used an static route in each PE to came up the BGP.


(Rene Molenaar) #79

Hello NetRuso,

It’s not a requirement, you can advertise whatever you want in MP-BGP between the PE routers.

It still won’t work though. Your control plane isn’t the problem but on the data plane, you need a VPN label. You’ll need an LSP for that. You could use LDP or MPLS TE (RSVP).


(NetRuso) #80

Hi Rene,
Sorry but still don’t understand why I need exchange labels between directly connected PEs.
In this scenario I have all the necessary prefixes in the vpnv4 table and in the global table but it doesn’t work.