MPLS Layer 3 VPN Explained

Hello Pradnesh

You must configure an RD per VRF, and you can only configure one VRF per interface that connects to a customer router. So if you want to configure more than one RD on a particular customer you must have more than one interface on a PE router connecting to a particular customer premises.

Having said that, what is it that you want to achieve? By assigning different RDs to the same customer, what do you actually want to do? If you let us know that, we may be able to suggest something else that is more suitable…

I hope this has been helpful!

Laz

Hey rene,

During the lesson you keep writing about prefix.
Is a prefix consists the IP address which is 32 bits long or both the IP address and the subnet mask which are 64 bits long combined.

At first place I assumed you meant just the IP address portion but after i saw your diagram I got a bit confused.


Can you please clarify it to me?

Hello Dor

The prefix is the destination network and is denoted using the network address. In the context of MPLS, but also when referring to routing protocols and routing tables, the word prefix is almost always used to describe the destination network. You can find prefixes in the routing table, the BGP table, the MPLS forwarding table, and you can also find them in the routing updates sent by dynamic routing protocols.

For example, in the lesson, 192.168.2.0/24 is a prefix that is shared among routers on the network using MPLS.

I hope this has been helpful!

Laz

Hello Rene,

First of all thanks for the content.

Not really sure, but ins’t an error on the example 2.2 RT (Route Target)

CE advertise prefix PE1 tag the route with the rt I will tent to say this is the export isn’t it ? Then PE2 receives the prefix then import into the vrf and advertise to CE2 instead of exporting, could you please clarify?

Thanks

Hey Laz,

Thank you for the quick respone.

Following your answer, reffering to MPLS, for example - 192.168.10.0/24 (prefix), then how is the prefix 32 bit long if only the ip address (excluding the CIDR) is already 32 bits long?

Hello Luis

The terms import and export have to do with the specific commands placed within the VRF used for the particular customer connected to that PE router. The route-target export command is used to export routes from the CE into the PE router and the MPLS domain. The route-target import command is used to import routes into the CE from the PE.

Now because often the same RT is used for both import and export, this is hard to see. Take a look at the following lesson:

In it, different RTs are used for import and export. You will notice that PE1 uses the 1:1 route target to export prefixes from CE1, and when PE2 receives these, they are indeed appended to RT 1:1 (and not to 2:2 which is the RT for the import command).

I hope this has been helpful!

Laz

Hello Dor

The VPNv4 Address is something that contains the RD (64 bits) and the IPv4 Prefix (32 bits). This refers to a particular prefix from a customer. The VPNv4 addresses are advertised between PE routers. Now it is confusing how this VPNv4 address contains information about the prefix length since it is 96 bits in length, there doesn’t seem to be any room for the prefix length information. If you take a look at the BGP prefix within the NLRI in a Wireshark capture, you’ll see that the Prefix Length is one of the parameters there.

For example, take a look at this NLRI information:
image

The prefix length includes the size of the label as well, which is 24 bits.

So for the first BGP prefix, we have 5.5.5.5/32 with a prefix length of 120:

  • label = 24 bits
  • RD = 64 bits
  • IPv4 prefix = 32
  • total = 120

For the second BGP prefix, we have 55.55.55.0/32 with a prefix length of 112:

  • label = 24 bits
  • RD = 64 bits
  • IPv4 prefix = 24
  • total = 112

Why is the IPv4 prefix 24? Well, it’s 55.55.55.0, which means the last 8 bits are zeros, which means the prefix ends there.

I hope this has been helpful!

Laz

Hey lagapides,

Thank you for the detailed response.

The 32 bit prefix has confused me a lot, so i hope Rene would fix it.

As i see it, the RD is just to make the prefix unique whereas the RT is added to make the prefix exchangeable between the PE’s in the same VRF,
Am I right?

Hello Laz,

Thanks for tour feedback, I got the points about the RT, but if we refer to image below for me is kind of fuzzy:

The step 2 talks about exporting the rt 123:1 on PE2 into vrf CustA, isn’t PE1 already doing this and PE2 importing it, to then advertise prefixes to CE router.

Thanks

Hello Dor

Yes, the RD is used to keep all prefixes in the BGP table unique, and the RT is used to transfer routes between VRF’s/VPNS.

I hope this has been helpful!

Laz

Hello Luis

Yes I understand the confusion. I will ask Rene to clarify this in the diagrams within the lesson.

I hope this has been helpful!

Laz

Hello Ziad

Concerning the first issue, the terms are correct. Take a look at this post:

As for the second typo, yes I will let Rene know to make the change.

Thanks for pointing that out!!

Laz

1 Like

thnx for the great update, now i got the point​:v::+1:

1 Like

Hello @lagapidis @ReneMolenaar.

  • I read somewhere that RD is locally significant. can you please elaborate how?
  • If we use different RDs for same customer on different PEs will it work? & how ?
    example: RD 1:1 on PE1 and RD 2:2 on PE2 for same customer.

Hello Tejas

The RD for a certain VRF does not need to be the same across all of the MPLS domain. The RT will be used to import and export prefixes between VRFs on different PEs.

I believe that this Cisco community thread quite clearly explains it:

Specifically, it states:

MP-BGP exchanges the VPNv4 (RD:IPv4) prefixes between the PEs (P routers are not VPNv4 aware) not IPv4 routes - When a PE receives a VPNv4 route it discards the RD attached to it and attaches its local RD (according to the VRF that the route is going to be injected into according to the attached RT and the local VRFs import RT) - Since for the local router routing table database the VRF is identified via the RD prepended to the IPv4 route to construct the VPNv4 routes.

I hope this has been helpful!

Laz

1 Like

This is not a question, but a comment. I wanted to say this before I get tied up on other things and forget. This site is such a great wealth of knowledge. I find myself coming back here more and more for my Technical questions and needs. Your way of Teaching is so concise, clear, straight forward, and easy to understand and to grasp imo.

I have CBT Nuggets experience, IPTV pro, INE, Udemy, Global Knowledge, and few others in the past and present. But this site for me is my favorite. Keep up the great work Rene and others. I am learning at an accelerated rate and understanding what it is I am applying. This site is a big part of that. Thanks for being responsive as well! Thanks for the great content guys.

1 Like

Hello Desmond

It’s posts like this that make it all worth it. Thanks so much for your kind words, @ReneMolenaar does his best to ensure the content is useful, relevant, and easy to understand, and we do our best to respond as quickly and comprehensively as possible. We do it because we like what we do.

We’ll do our utmost to maintain this QoS if you will (:sunglasses:) of the service.

We’re happy that the site is a helpful tool in your certification journey, as well as in the development of your skills and knowledge…

Keep learning!!

Laz

1 Like

Thank you @THEBILLIONARECLUB for your kind words. I appreciate this. This helps to keep going to create more content :sunglasses:

1 Like

IF we have tunnel running between two PE routers, then why do we need iBGP, what is the purpose.