Hi Rene,
I have couple of doubts.
Thanks,
Manami
Hello Manami
It is true that there is a VRF for each customer at each PE router. In the example in the lesson, Customer A sends a routing update to PE1. PE1 knows that this route belongs to customer A because it has come in on the interface connected to customer A. It is then placed in the appropriate routing table.
However, when PE1 redistributes this route to PE2, there is no way to distinguish which customer it belongs to. Both Customer A and B routing updates will go to PE2 via the same interface. So the RD is required so the PE router will know to which customer the routes belong.
Once the PE receives these routes, it knows to which customer they belong, however, it does not know what to do with it. The router will NOT automatically export each route to the correct customer VRF. This is why the RT is required.
Essentially, the RD makes the route unique (even if the same IP ranges are used) and the RT, by being added to all routes for the Customer A VRF, allow the routers to know which VRF to import and export to.
I hope this has been helpful!
Laz
Hi Laz,
Thank you. Awesome explanation.
I have one more doubt.
Why we are saying MPLS SP network to BGP Free Core? We are running iBGP in MPLS Network?
Can you please help me to understand.
Thanks,
Manami
Hi Manami,
We run iBGP but only on the PE (Provider Edge) routers. The P routers form the core, and those donât run BGP.
Rene
Awesome simplified lessons here! I did not know forum has such in depth explanations too! Any plans for half duplex VRF explanation?
Glad to hear you like it 
I might add something on half duplex VRF. I still have MPLS VPN hub and spoke on the list, adding half duplex to it shouldnât be much work.
The Conclusion says âIn the next lesson I will show you the configuration of everything that I explained above âŠâ. The next lesson I see is âDMVPNâ.
Hello Maodo.
The next lesson I see in the series is MPLS L3 VPN Configuration.
See the bottom right of the screenshot below:
If you see something different, let us know and we can look further into the problem.
I hope this has been helpful!
Laz
Hi lagapides,
I send you the printscreen of what I see at the bottom of the page displayed by the link 
https://networklessons.com/cisco/ccnp-route/mpls-layer-3-vpn-explained/
Depending on the course category, you get to see a different menu. For example:
This is the same lesson but it belongs to both the âmplsâ and âccnp routeâ category. Depending on the category, you get a different menu. It is a bit confusing that the one in CCNP route says âin the next lessonâŠâ and then it jumps to DMVPN so I changed the wording in the conclusion a bit. I didnât add those extra MPLS VPN lessons in CCNP route since there isnât much MPLS on the CCNP ROUTE blueprint. This is something Iâll keep an eye on in the future
Hi Guys,
Is the transport label part of the MPLS header or the IP header?
Is the VPN label part of the MPLS header or the IP header?
Just wanted to clarify,
Thanks,
Gareth.
Hello Gareth
Terminology can get a little hazy when talking about headers and labels and fields etc. I will attempt to clarify.
When an IP packet is recieved by a PE, a transport label, or MPLS label is added in front of the IP header (between the datalink and IP headers). This transport label can be considered an MPLS header which contains the label value, QoS markings, a Bottom of Stack flag and a TTL. This is not part of the IP header, but it is actually the MPLS header or label itself.
When MPLS VPN is used, an additional header/label is added. This is the VPN label. This is not part of the IP header or the MPLS header but it is an independant entity.
Essentially, when using MPLS, (depending on what text you read and who you ask), these labels may or may not be considered headers. Labels would probably be the best characterization, and it is the most often used term because they basically add a bit of information that allows MPLS and MPLS VPN to function.
I hope this has been helpful!
Laz
Thanks Rene,
Hi Rene,
I am afraid I still donât understand one thing- why do we need vpn label if we have RTâs ?
It was said the router wouldnât know what VRF the route belongs to⊠well:
When PE1 advertises the route to PE2 , PE2 knows what VRF to install it thanks to Route Target value.
So the MPLS VPN label seems to be redundant as the BGP can figure the VRF out based solely on the Route Targets âŠ
( I know I am confused in Data and Control Plane, so if you can please give a detailed explanation for the reason why we require VPN Label though we have RTâs )
Thank you.
Hi Guys,
To encrypt traffic passing through the service provider, can we implement IPSec on MPLS VPN network at the CE routers Since MPLS does not offer confidentiality.
Does the CE require to route data identified to be encrypted through the service provider in a virtual tunnel.
Thanks.
Simple, thorough and to the point. Wonderful. Been looking for this. Thanks Rene. Tom
René,
I donât understand this topic BGP extended community value.
Please can u explain it in detail?
Hi Samil,
To understand this, you need to have a clear understanding of the difference between the control and data plane. Simplified, the control plane is for âroutingâ or âforwardingâ decisions, the data plane is where the actual forwarding happens.
On the control plane, we use route-targets to define where to import/export a route to. Itâs nice that the router knows what to do when it receives a packet, but we still need to get that packet to that routerâŠ
For the actual forwarding (data plane), we use labels to âswitchâ a packet from one router to another. It is explained in detail here:
Look for the âTransport and VPN labelâ section.
Rene
Hi Faisal,
MPLS is just a transport mechanism so when it comes to VPNs, it doesnât matter much if you run it over MPLS or something else. You can either use a site-to-site VPN between two routers or use DMVPN.
Rene
Hi Djan,
Hereâs a basic overview of BGP communities:
For MPLS VPN, we use the extended community to add the route-target to a prefix.
Rene