Hi MPLS team,
I understood MPLS L3 VPN concept along with your brief example.
However, I have one doubt based on your example “MPLS Layer 3 VPN Configuration” inwhich VPN label has been advertised by PE1 and PE2. This VPN label is same number or PE1 and PE2 advertised different number…? you explained PE1 side but PE2 side through cli was not mentioned.
similarly 6VPE you have mentioned same VPN label for PE1 and PE2. So VPN label for PE1 and PE2 are same number…? or different number that i am confusing…
Please show appropriate cli for PE1 and PE2 in your explanation.
In an MPLS L3 VPN, the VPN label is not the same for PE1 and PE2. Each PE router generates its own VPN labels for the VPN routes it advertises to its peers. However, when these labels traverse the MPLS network, they remain the same throughout the journey of the packet. When the packet arrives at PE2, you will see that it will have the same VPNv4 label.
This can be seen in the lesson, if you take a look at the output from the show mpls forwarding-table command on PE2, you will see the local label marked as 19, which is the same value as the VPNv4 label that was originally sent from PE1.
The VPN label used to reference a particular customer network remains the same throughout the communication. For example, in the 6VPE lesson, he PE2 router will assign a VPN label of 19 to the 2001:DB8:5:5::5/128 network (its own customer network) and will advertise that throughout the topology. PE1 learnes about that, and this is why in the output of the show bgp ipv6 unicast command, you can see a label value of 19.
When PE1 advertises its VPN label for its customer network of 2001:DB8:1:1::1/128, it too assigns the label number of 19, but this is independent of that assigned by PE2 to its customer network. The fact that the numbers are the same may be what is confusing. This is independent and can be any number. But these don’t cause any problems if they are the same because they are used in completely different contexts. Does that make sense?
I tried to read all the questions but didn’t find any answer. I hop you didn’t already replied.
We are configuring a BGP session in the IPv4 family between PE1 and CE1. How can the routes learned from this AF appear in the VPNv4 AF? Is there a kinf of automatic redistribution between the 2 AFs?
In the context of MPLS VPN on Cisco IOS devices, the redistribution of routes from the CE-facing VRF (vrf CUSTOMER) into the MPLS core (VPNv4 address family) for advertisement to other PE routers via iBGP is handled automatically when the following conditions are met:
VRF Configuration: Routes learned on a VRF interface from a CE are automatically placed into the VRF routing table for that VRF.
BGP Configuration: The PE router has BGP configured with the address-family ipv4 vrf CUSTOMER context, which specifies how to handle IPv4 routes within that VRF.
Route Target Configuration: The VRF is configured with Route Targets that control the import and export of routes to and from the VPNv4 routing table.
No additional redistribution commands need to be applied in order for those routes to appear in the VPNv4 address family. Does that make sense?
Thanks for giving a solid insight into L3 VPN configuration, really helps me with my CCNP Service Provider studies. My only question is: Will you also cover concepts and implementation of MPLS L3 Multicast VPN’s some time in the future? I surfed through many YouTube tutorials, Cisco press whitepapers, configuration guides, but the presentation of the topic was a bit vague and still leaves me with a lot of uncertainty. But your style of explanation always clarifies things much better.
It’s great to hear that you find Rene’s content useful, clear, and understandable. It is true that Rene doesn’t have a more detailed coverage of MPLS L3 Multicast VPNs, however, if you like you can make a suggestion for such a lesson at the following Member Ideas page:
You may find that others have made similar suggestions and you can add your voice to theirs. Rene chooses to create new content based on the most popular topics as they appear there.
I have few questions.
1st: why can’t we ping from ce1 to ce2 without source loop back 0, and if I don’t want to use source is that possible?
2nd: If I added to PCs at CE sites, will they be able to ping each other or do I need to make
changes.
3rd: Why I can’t Ping CE2 from PE1 even though I’m getting CE2 5.5.5.5 in routes, but I can ping CE1 4.4.4.4.
4.0.0.0/32 is subnetted, 1 subnets
B 4.4.4.4 [20/0] via 192.168.1.4, 00:36:44
5.0.0.0/32 is subnetted, 1 subnets
B 5.5.5.5 [200/0] via 3.3.3.3, 00:23:45
100.0.0.0/24 is subnetted, 1 subnets
B 100.100.100.0 [20/0] via 192.168.1.4, 00:08:13
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, GigabitEthernet2/0
L 192.168.1.1/32 is directly connected, GigabitEthernet2/0
B 200.200.200.0/24 [200/0] via 3.3.3.3, 00:07:30
R1#ping vrf RED 4.4.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/66/84 ms
R1#ping vrf RED 5.5.5.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
MPLS is designed to allow networks behind the CEs to communicate with each other. Communication of the CE routers directly from their MPLS-facing interfaces is unnecessary to make the whole thing work. Take a look at this NetworkLessons note on the topic. You can make CEs communicate with each other directly by injecting the networks between the CE and PE routers into the MPLS domain, but that would serve no purpose since CEs don’t need to communicate directly.
If you added PCs behind each CE, they would be able to reach each other. Much like the pinging from loopback to loopack, from PC to PCE will work correctly.
Hello Rene,
This is a very informative and straightforward post. I have a question that perhaps you can answer. I would like to connect OSPF sites using MPLS VPNs. Do you have a lesson for this specific topic? Can I just use this configuration and just add OSPF? Thanks
It describes an MPLS Layer 3 VPN with OSPF running between the CE and PE routers to share the local routes of each customer location. If you have any further questions, let us know!