Cisco CCIE R&S: Introduction to MPLS VPNs

CCNA 200-301

CCNA 200-301

CCNP Enterprise

CCNP Enterprise

CCNP Security

CCNP Security

CCIE Enterprise Lab

CCIE Enterprise Lab

CCIE Security Lab

CCIE Security Lab

CCNP Service Provider

CCNP Service Provider

CCNP Data Center

CCNP Data Center

CCNP Collaboration

CCNP Collaboration

CCIE DC Lab

CCIE DC Lab

ic_r
ic_l
Cisco CCIE R&S: Introduction to MPLS VPNs
images

MPLS VPN, or MPLS Virtual Private Networks, is considered to be the most popular as well as the widespread implementation of MPLS technology. Many service providers that have run MPLS VPN for years would now be looking at interconnecting their network to the MPLS VPN networks of other service providers to improve the scalability as well as easing of operation of their network. This is where Inter-Autonomous MPLS VPN, as well as Carrier’s Carrier (CSC), comes into the picture. You could learn more about the MPLS VPNs, by joining the prep courses offered by the SPOTO.

Architectural Overview of MPLS VPN

To achieve an MPLS VPN, you would be needed to have some basic building blocks on the PE routers. These building blocks would be consisting of the following: VRF, route distinguisher (RD), route targets (RT), route propagation through MP-BGP, and forwarding of labeled packets.

Virtual Routing Forwarding (VRF)

A virtual routing/forwarding (VRF) is considered to be a VPN routing and forwarding instance. It is the name for the combination of the VPN routing table, the VRF CEF (Cisco Express Forwarding) table, as well as the associated IP routing protocols on the PE router. A PE router has a VRF instance for each attached VPN. Look at the figure below to see that a PE router holds the global IP routing table, but also a VRF routing table per VPN connected to the PE.

Because the routing should be separate as well as private for each customer (VPN) on a PE router, each VPN would be having its routing table. This private routing table would be known as the VRF routing table. The interface on the PE router toward the CE router could belong to only one VRF. As such, all IP packets would be received on the VRF interface are unambiguously identified as belonging to that VRF.

Because there would be a separate routing table per VPN, there would be a separate CEF table per VPN to forward these packets on the PE router. This is considered to be the VRF CEF table. As with the global routing table as well as the global CEF table, the VRF CEF table would be derived from the VRF routing table. You could create the VRF on the PE router with the IP vrf command. You would be utilized the IP vrf forwarding command to assign PE-CE interfaces on the PE router to a VRF.

You could assign an interface to only one VRF, but you could assign several interfaces to the same VRF. The PE router then automatically would be creating a VRF routing table and CEF table. In the case that you would be needed to assign more than one VRF to a single interface, you should configure sub-interface in CE and PE routers as well as assign each sub-interface to a different VPNs.

Route Distinguisher (RD)

The VPN prefixes would be propagated across the MPLS VPN network by Multiprotocol BGP (MP-BGP). The problem is that when BGP would be carried these IPv4 prefixes across the service provider network, they would be needed to be unique. If the customers would have been overlapping IP addressing, the routing would be wrong. To solve this problem, the concept of RDs would have to be conceived to make IPv4 prefixes unique.

An RD is a 64-bit field which would be utilized to make the VRF prefixes unique when MP-BGP carries them. The RD doesn’t indicate which VRF the prefix which would be belonging to. The function of the RD isn’t that of a VPN identifier, because some more complex VPN scenarios might be required more than one RD per VPN. Each VRF instance on the PE router would have one RD assigned to it.

So, If you wish to have more knowledge regarding the MPLS VPNs, you could have it through the training provided by the SPOTO.