LTRMPL-2108 MPLS and Its Applications

MPLS and Its
Applications
Ravi Narahari, Technical Leader
Grant Pieterse, Solutions Integration Architect
LTRMPL-2108
Cisco Spark
Questions?
Use Cisco Spark to chat with the
speaker after the session
How
1. Find this session in the Cisco Live Mobile App
2. Click “Join the Discussion”
3. Install Spark or go directly to the space
4. Enter messages/questions in the space
Cisco Spark spaces will be cs.co/ciscolivebot#LTRMPL-2108

available until July 3, 2017.
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public
Agenda - LTRMPL-2108
• Introduction to MPLS
• MPLS Forwarding
• Layer 3 VPN and its flavors
• Traffic Engineering
• Layer 2 VPN
• Wrap up Summary
Session Structure
• Theory - @ 90 minutes
• Hands on - @ 150 minutes
• Interactive Q&A
Theory commences
Introduction to MPLS
What is MPLS?
• Brief Summary
• It’s all about labels …

• Use the best of both worlds
• Layer-2 (ATM/FR): efficient forwarding and traffic engineering
• Layer-3 (IP): flexible and scalable
• MPLS forwarding plane

• Use of labels for forwarding Layer-2/3 data traffic
• Labeled packets are being switched instead of routed
• Leverage layer-2 forwarding efficiency
• MPLS control/signaling plane

• Use of existing IP control protocols extensions + new protocols
to exchange label information
• Leverage layer-3 control protocol flexibility and scalability
LTRMPL-2108 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Technology Comparison
• Key Characteristics of IP, Native Ethernet, and MPLS
IP Native Ethernet MPLS
Destination address based Destination address based Label based

Forwarding table learned Forwarding table learned Forwarding table learned from
Forwarding
from control plane from data plane control plane
TTL support No TTL support TTL support
Ethernet Loop avoidance Routing Protocols

Control Plane Routing Protocols
and signaling protocols MPLS protocols
Packet Encapsulation IP Header 802.3 Header MPLS shim header
QoS 8 bit TOS field in IP header 3-bit 802.1p field in VLAN tag 3 bit TC field in label
OAM IP ping, traceroute E-OAM MPLS OAM
Topics
• Basics of MPLS Signaling and Forwarding
• MPLS reference architecture Service (Clients) Management

• MPLS Labels Layer-3 VPNs Layer-2 VPNs
• MPLS signaling and

forwarding operations
MPLS OAM
Transport
• MPLS OAM IP/MPLS (LDP/RSVP-TE/BGP)
MPLS Forwarding
MPLS Reference Architecture
• Different Type of Nodes in a MPLS Network
• P (Provider) router
MPLS Domain
• Label switching router (LSR)
• Switches MPLS-labeled packets
P P
CE PE PE CE
• PE (Provider Edge) router
• Edge router (LER)
• Imposes and removes MPLS CE CE
labels
PE P P PE
• CE (Customer Edge) router
Label switched traffic
• Connects customer network to
MPLS network
MPLS Labels
• Label Definition and Encapsulation
MPLS Label Stack Entry
• Labels used for making Label = 20 bits TC S TTL
forwarding decision TC = Traffic Class: 3 Bits; S = Bottom of Stack; TTL = Time to Live
• Multiple labels can be used for

MPLS packet encapsulation
No limit on the number of
labels in a stack. LAN MAC Header Label, S=1 Layer 3
Packet
• Outer label always used for MPLS Label Stack (1 label)
switching MPLS packets in
network
• Inner labels usually used for LAN MAC Header Label, S=0 Label, S=1 Layer 3
services (e.g. L2/L3 VPN) Packet
MPLS Label Stack (2 labels)
MPLS QoS
• QoS Marking in MPLS Labels
• MPLS label contains 3 TC bits

• Used for packet classification and
prioritization
• Similar to Type of Service (ToS) field MPLS DiffServ Marking
in IP packet (DSCP values) in Traffic Class Bits IP DiffServ Marking
• DSCP values of IP packet mapped

into TC bits of MPLS label TC DSCP
• At ingress PE router
Layer-2 Header MPLS Header Layer 3 Header
• Most providers have defined 3–5
service classes (TC values)
• Different DSCP <-> TC mapping
schemes possible
• Uniform mode, pipe mode, and short
pipe mode
Basic MPLS Forwarding Operations
• How Labels Are Being Used to Establish End-to-end Connectivity
• Label imposition (Push) Label Imposition Label Swap Label Swap Label Disposition
(Push) (PoP)
• By ingress PE router; classify and
label packets
• Based on Forwarding Equivalence
Class (FEC) P P
CE PE L1
L3
PE CE
L2
• Label swapping
• By P router; forward packets using
labels; indicates service class & CE CE
destination
PE P P PE
• Label disposition (Pop)
• By egress PE router; remove label
and forward original packet to
destination CE
MPLS Path (LSP) Setup and Traffic Forwarding
• MPLS Traffic Forwarding and MPLS Path (LSP) Setup
• LSP signaling IP MPLS

• Either LDP* or RSVP Destination address based Label based
• Leverages IP routing Forwarding table learned Forwarding table learned
Forwarding from control plane from control plane
• Routing table (RIB) TTL support TTL support
• Exchange of labels OSPF, IS-IS, BGP

Control Plane OSPF, IS-IS, BGP
• Label bindings LDP, RSVP
• Downstream MPLS node advertises what Packet

IP Header One or more labels
label to use to send traffic to node Encapsulation
• MPLS forwarding QoS 8 bit TOS field in IP header 3 bit TC field in label
• MPLS Forwarding table (FIB)

OAM IP ping, traceroute MPLS OAM
* LDP signaling assumed for next the examples
MPLS Path (LSP) Setup
• Signaling Options
LDP RSVP
• LDP signaling
• Leverages existing routing Forwarding path
LSP or TE Tunnel
LSP
Primary and, optionally, backup
• RSVP signaling
Based on TE topology database
• Aka MPLS RSVP/TE Forwarding Based on IP routing database Shortest-path and/or other
Calculation Shortest-Path based constraints
• Enables enhanced capabilities, such as (CSPF calculation)
Fast ReRoute (FRR)

Packet
Single label One or two labels
Encapsulation
• Can use both protocols
simultaneously Initiated by head-end node towards
tail-end node
• They work differently, they solve By each node independently
Uses routing protocol
different problems Signaling Uses existing routing
protocols/information
extensions/information
Supports bandwidth reservation
• Dual-protocol deployments are very Supports link/node protection
common
MPLS Path (LSP) Setup with LDP
• Step 1: IP Routing (IGP) Convergence
• Exchange of IP routes Forwarding Table Forwarding Table Forwarding Table

In Address Out Out In Address Out Out In Address Out Out
• OSPF, IS-IS, EIGRP, etc. Label Prefix I’face Label Label Prefix I’face Label Label Prefix I’face Label
128.89 1 128.89 0 128.89 0
• Establish IP 171.69 1 171.69 1
reachability … … … … … …
0 128.89
0 0
1
0
1
You Can Reach 128.89 Thru Me
You Can Reach 128.89 and 11
171.69 Thru Me
Routing Updates You Can Reach 171.69 Thru Me

171.69
(OSPF, EIGRP, …)
IP Packet Forwarding Example
• Basic IP Packet Forwarding
Forwarding
• IP routing information Table
Forwarding Forwarding
exchanged between nodes Table Table Address I/F
• Via IGP (e.g., OSFP, IS-IS) Address I/F Address I/F

128.89 0
128.89 1 128.89 0 171.69 1
• Packets being forwarded 1 1
171.69 171.69 …
based on destination IP … …
address
• Lookup in routing table (RIB) 128.89
0
0 128.89.25.4 Data
1 128.89.25.4 Data
1
128.89.25.4 Data 128.89.25.4 Data
171.69
MPLS Path (LSP) Setup with LDP
• Step 2: Assignment of Remote Labels
Forwarding Table Forwarding Table Forwarding Table

• Local label mapping are sent to In Address Out Out In Address Out Out In Address Out Out
connected nodes Label Prefix I’faceLabel Label Prefix I’faceLabel Label Prefix I’faceLabel
- 128.89 1 20 20 128.89 0 30 30 128.89 0 -
• Receiving nodes update - 171.69 1 21 21 171.69 1 36

… … … … … … … … … … … …
forwarding table
• Out label 0 128.89
0 0
1
• LDP label advertisement 0
1
happens in parallel Use Label 20 for 128.89 and 11
Use Label 30 for 128.89
(downstream unsolicited) Use Label 21 for 171.69
Label Distribution Use Label 36 for 171.69

Protocol (LDP) 171.69
(Downstream
Allocation)
MPLS Traffic Forwarding with LDP
• Hop-by-hop Traffic Forwarding Using Labels
Forwarding Table Forwarding Table Forwarding Table
• Ingress PE node adds label In Address Out Out In Address Out Out In Address Out Out
to packet (push) Label Prefix I’faceLabel Label Prefix I’faceLabel Label Prefix I’faceLabel
- 128.89 1 20 20 128.89 0 30 30 128.89 0 -
• Via forwarding table - 171.69 1 21 21 171.69 1 36
… … … … … … … … … … … …
• Downstream node use
label for forwarding 0 128.89
0
decision (swap) 0
0
128.89.25.4 Data
1
• Outgoing interface 1 30 128.89.25.4 Data
128.89.25.4 Data 20 128.89.25.4 Data 11
• Out label
• Egress PE removes label Forwarding based on 171.69

and forwards original Label
packet (pop)
MPLS Traffic Forwarding with LDP
• Quick recap
• Routing protocol distributes routes

• LDP distributes labels that map to routes
• Packets are forwarded using labels
• …
• So what?
• …
• MPLS’s benefit shows up later, in two places:
1. Divergence from IP routed shortest path
2. Payload-independent tunneling
MPLS OAM
• Tools for Reactive and Proactive Trouble Shooting of MPLS Connectivity
• MPLS LSP Ping

• Used for testing end-to-end MPLS connectivity similar to IP ping
• Can we used to validate reachability of LDP-signaled LSPs, TE tunnels, and PWs
• MPLS LSP Trace

• Used for testing hop-by-hop tracing of MPLS path similar to traceroute
• Can we used for path tracing LDP-signaled LSPs and TE tunnels
• MPLS LSP Multipath (ECMP) Tree Trace

• Used to discover of all available equal cost LSP paths between PEs
• Unique capability for MPLS OAM; no IP equivalent!
• Auto IP SLA
• Automated discovery of all available equal cost LSP paths between PEs
• LSP pings are being sent over each discovered LSP path
Summary
• Key Takeaways
• MPLS networks consist of PE routers at in/egress and P routers in core

• Traffic is encapsulated with label(s) at ingress (PE router)
• Labels are removed at egress (PE router)
• MPLS forwarding operations include label imposition (PUSH), swapping, and
disposition (POP)
• LDP and RSVP can be used for signaling label mapping information to set up
an end-to-end Label Switched Path (LSP)
• RSVP label signaling enables setup of TE tunnels, supporting enhanced traffic
engineering capabilities; traffic protection and path management
MPLS Virtual Private Networks
MPLS Virtual Private Networks
• Topics
• Definition of MPLS VPN Service (Clients) Management

service
• Basic MPLS VPN deployment
Layer-3 VPNs Layer-2 VPNs 
scenario
MPLS OAM
Transport
• Technology options
 IP/MPLS (LDP/RSVP-TE/BGP)
 MPLS Forwarding
What Is a Virtual Private Network?
• Definition
• Set of sites which communicate with each other in a secure way

• Typically over a shared public or private network infrastructure
• Defined by a set of administrative policies
• Policies established by VPN customers themselves (DIY)
• Policies implemented by VPN service provider (managed/unmanaged)
• Different inter-site connectivity schemes possible

• Full mesh, partial mesh, hub-and-spoke, etc.
• VPN sites may be either within the same or in different organizations
• VPN can be either intranet (same org) or extranet (multiple orgs)
• VPNs may overlap; site may be in more than one VPN
MPLS VPN Example
• Basic Building Blocks
• VPN policies PE-CE VPN Signaling PE-CE

• Configured on PE routers (manual Link Link
operation)
PE P P PE
CE CE
• VPN signaling
VPN VPN
• Between PEs Policy Policy
• Exchange of VPN policies VPN VPN
CE Policy Policy CE
• VPN traffic forwarding
PE P P PE
• Additional VPN-related MPLS label
encapsulation
• PE-CE link
Label Switched Traffic
• Connects customer network to MPLS
network; either layer-2 or layer-3
MPLS VPN Models
• Technology Options
MPLS VPN Models
• MPLS Layer-3 VPNs
• Peering relationship between CE
and PE MPLS Layer-2 VPNs MPLS Layer-3 VPNs
• MPLS Layer-2 VPNs • CE connected to PE via IP-

Point-to-Point Multi-Point based connection (over any
• Interconnect of layer-2 Attachment Layer-2 VPNs Layer-2 VPNs layer-2 type)
Circuits (ACs) – Static routing
• CE • CE
connected connected to – PE-CE routing protocol;
to PE via PE via eBGP, OSPF, IS-IS
p2p L2 mp2mp • CE routing has peering
connection Ethernet relationship with PE router; PE
• CE-CE L2 connection routers are part of customer
connectivity • CE-CE L2 routing
• CE-CE connectivity • PE routers maintain customer-
routing; no • CE-CE specific routing tables and
SP routing; no exchange customer=specific
involvement SP routing information
involvement
MPLS Layer-3 Virtual Private
Networks
MPLS Layer-3 Virtual Private Networks
• Topics
• Technology components Service (Clients) Management
• VPN control plane mechanisms Layer-3 VPNs Layer-2 VPNs 

• VPN forwarding plane
MPLS OAM
Transport
• Deployment use cases
• Business VPN services
• Network segmentation
• Data Center access

 MPLS Forwarding
MPLS Layer-3 VPN Overview
• Technology Components
• VPN policies
• Separation of customer routing via virtual VPN routing table (VRF)
• In PE router, customer interfaces are connected to VRFs
• VPN signaling
• Between PE routers: customer routes exchanged via BGP (MP-iBGP)
• VPN traffic forwarding
• Separation of customer VPN traffic via additional VPN label
• VPN label used by receiving PE to identify VPN routing table
• PE-CE link
• Can be any type of layer-2 connection (e.g., FR, Ethernet)
• CE configured to route IP traffic to/from adjacent PE router
• Variety of routing options; static routes, eBGP, OSPF, IS-IS
Virtual Routing and Forwarding Instance
• Virtual Routing Table and Forwarding to Separate Customer Traffic
• Virtual routing and forwarding table

• On PE router CE
• Separate instance of routing (RIB) and VPN 1 VRF
forwarding table Green
PE
• Typically, VRF created for each CE MPLS Backbone

customer VPN
• Separates customer traffic VPN 2 VRF
Blue
• VRF associated with one or more
customer interfaces
• VRF has its own routing instance for
PE-CE configured routing protocols
• E.g., eBGP
VPN Route Distribution
• Exchange of VPN Policies Among PE Routers
• Full mesh of BGP sessions BGP Route Reflector

PE-CE PE-CE
among all PE routers Link Link
• Or BGP Route Reflector

PE P P PE
(common) CE CE
• Multi-Protocol BGP extensions Blue VRF Blue VRF
(MP-iBGP) to carry VPN policies CE

Red VRF Red VRF
CE
• PE-CE routing options PE P P PE

• Static routes
• eBGP
• OSPF Label Switched Traffic
• IS-IS
VPN Control Plane Processing
Make customer routes unique:

• Route Distinguisher (RD):
8-byte field, VRF parameters; unique value to make VPN IP routes unique
• VPNv4 address: RD + VPN IP prefix
Selective distribute VPN routes:
• Route Target (RT): 8-byte field, VRF parameter, unique value to define the
import/export rules for VPNv4 routes
• MP-iBGP: advertises VPNv4 prefixes + labels
VPN Control Plane Processing
• Interactions Between VRF and BGP VPN Signaling
BGP advertisement:
1. CE1 redistribute IPv4 route to VPN-IPv4 Addr = RD:16.1/16
BGP Next-Hop = PE1
PE1 via eBGP Route Target = 100:1
eBGP: Label=42
eBGP:
2. PE1 allocates VPN label for 16.1/16 16.1/16
prefix learnt from CE1 to create
unique VPNv4 route PE1 P P PE2
CE1 Blue VPN CE2
3. PE1 redistributes VPNv4 route
into MP-iBGP, it sets itself as a ip vrf blue-vpn
next hop and relays VPN site VRF
Name
parameters:
RD 1:100
= blue-vpn
route-target export
routes to PE2 RD = 1:100
1:100
Import Route-Target
route-target import = 100:1
Export Route-Target = 100:1
1:100
4. PE2 receives VPNv4 route
and, via processing in local
VRF (green), it redistributes
original IPv4 route to CE2
VPN Forwarding Plane Processing
• Forwarding of Layer-3 MPLS VPN Packets
1. CE2 forwards IPv4 packet to PE2

2. PE2 imposes pre-allocated VPN
label to IPv4 packet received from
CE2 IPv4 IGP
Label C
VPNv4
Label
IPv4 IGP
Label B
VPNv4
Label
IPv4 IGP
Label A
VPNv4
Label
IPv4 IPv4
 Learned via MP-IBGP IPv4 IPv4

Packet Packet
3. PE2 imposes outer IGP label A P1 P2
(learned via LDP) and forwards PE1 PE2
CE1 CE2
labeled packet to next-hop
P-router P2
4. P-routers P1 and P2 swap outer
IGP label and forward label packet
to PE1
 A->B (P2) and B->C (P1)
5. Router PE1 strips VPN label and
IGP labels and forwards IPv4
packet to CE1
Service Provider Deployment Scenario
• MPLS Layer-3 VPNs for Offering Layer-3 Business VPN Services
Managed VPN Service
• Deployment Use Case
Unmanaged VPN Service
• Delivery of IP VPN services to
business customers Edge Core Core Edge
CPE VPN CPE
• Benefits
• Leverage same network for
multiple services and customers Network
CPE Edge Core
(CAPEX) Segment
• Highly scalable MPLS Node CE PE P
• Service enablement only Typical ASR1K ASR9K CRS-1
requires edge node Platforms
configuration (OPEX) ISR/G2 7600 ASR9K
• Different IP connectivity can be ASR1K

easily configured; e.g., ASR903
full/partial mesh ME3800X
Enterprise Deployment Scenario
• MPLS Layer-3 VPNs for Implementing Network Segmentation
• Deployment Use Case MPLS VPNs for L3 Network

Segmentation
• Segmentation of enterprise
Edge Core Core Edge
network to provide selective Access VPN Access
connectivity for specific user
groups and organizations
• Benefits Network
Access Edge Core
Segment
• Network segmentation only
MPLS Node CE PE P
requires edge node configuration
• Flexible routing; different IP Typical ASR1K 7600 CRS-1
Platforms
connectivity can be easily ISR/G2 ASR1K ASR9K
configured; e.g., full/partial mesh 7600
6500
Data Center Deployment Scenario
• MPLS Layer-3 VPNs for Segmented L3 Data Center Access and Interconnect
MPLS VPNs terminating on DC
• Deployment Use Case aggregation
• Segmented WAN Layer-3 at MPLS VPNs

at DC edge
Data Center edge
Access
• Layer-3 segmentation in Data Top Of Rack Distribution
Core Core Edge
Center
• Benefits Data Center
• Only single Data Center edge Network
Distribution Core Edge
node needed for segmented Segment
layer-3 access MPLS Node CE or PE P or CE PE
• Enables VLAN/Layer-2 scale (> Typical N7K N7K ASR9K
4K) Platforms 6500 6500 7600
Summary
• Key Takeaways
• MPLS Layer-3 VPNs provide IP connectivity among CE sites

• MPLS VPNs enable full-mesh, hub-and-spoke, and hybrid IP connectivity
• CE sites connect to the MPLS network via IP peering across PE-CE links
• MPLS Layer-3 VPNs are implemented via VRFs on PE edge nodes
• VRFs providing customer routing and forwarding segmentation
• BGP used for signaling customer VPN (VPNv4) routes between PE nodes
• To ensure traffic separation, customer traffic is encapsulated in an additional
VPN label when forwarded in MPLS network
• Key applications are layer-3 business VPN services, enterprise network
segmentation, and segmented layer-3 Data Center access
Traffic Engineering
MPLS Traffic Engineering
• Topics
• RSVP Service (Clients) Management
• Path Calculation
 Layer-3 VPNs Layer-2 VPNs 
• FRR
MPLS OAM
Transport
 MPLS Forwarding
MPLS Path (RSVP) Setup
• MPLS-TE lets you deviate from the IGP shortest-cost path

• This gives you lots of flexibility around how you send traffic across your network
• Three steps:
1. Information distribution
2. Path calculation
3. LSP signaling
• Flood link characteristics in the IGP IP/MPLS

• Reservable bandwidth, link colors, other
properties
TE
Topology
database
n Link with insufficient bandwidth

• IGP: Find shortest (lowest Find
shortest n Link with sufficient bandwidth
cost) path to all nodes. path to R8
with 8Mbps
IP/MPLS
• TE: Per node, find the shortest R1

(lowest cost) path which 15 3
5
meets constraints. 10
R8
10 8
10
10
TE
Topology
database
• Set up the calculated path using RSVP

(Resource ReSerVation Protocol) IP/MPLS
Head end
• Once labels are learned, they’re
programmed just like LDP labels
• At the forwarding level, you can’t tell whether
your label came from RSVP or LDP L=16
• All the hard work is in the control plane RESV Tail end
• No per-packet forwarding hit for any of this
PATH
TE LSP
MPLS TE Fast ReRoute (FRR)
• Implementing Network Failure Protection Using MPLS RSVP/TE
• Steady state Router A Router B Router D Router E

• Primary tunnel:
• A→B→D→E
• Backup tunnel:
• B → C → D (pre-provisioned)
• Failure of link between router B

and D
Router X Router Y
• Traffic rerouted over backup Router C
tunnel Primary Tunnel
• Recovery time 50 ms Backup Tunnel

• Actual Time Varies—Well Below 50 ms in Lab
Tests
Summary
• Key Takeaways
• RSVP is used for signaling label mapping information to set up an end-to-end

Label Switched Path (LSP)
• RSVP label signaling enables setup of TE tunnels, supporting enhanced traffic
engineering capabilities; traffic protection and path management
MPLS Layer-2 Virtual Private
Networks
• Topics
• L2VPN technology options Management

Service (Clients)
• P2P VPWS services (PWs)
• Overview & Technology Basics  Layer-3 VPNs Layer-2 VPNs 
• VPN control plane
MPLS OAM
• VPN forwarding plane Transport
• MP2MP VPLS services

• Overview & Technology Basics  IP/MPLS (LDP/RSVP-TE/BGP)
• VPN control plane

• VPN forwarding plane  MPLS Forwarding
• Deployment use cases

• L2 Business VPN services
• Data Center Interconnect
• Technology Options
• VPWS services MPLS Layer-2 VPNs

• Point-to-point
• Referred to as Pseudowires
(PWs) Point-to-Point Multipoint-to-Multipoint
Layer-2 VPNs (VPWS) Layer-2 VPNs
• VPLS services
• Multipoint-to-Multipoint
EVPN
• EVPN VPLS
• BGP-based mp2mp
• PBB-EVPN PBB-EVPN
• Combines scale tools from
PBB with BGP learning from
EVPN
MPLS L2 VPN
• Why so many solutions?
• Started with p2p, but that doesn’t scale well

• Many issues to solve with multipoint
• Discovery: who do I talk to?
• Signaling: what label(s) do I send them?
• Learning: what MACs are at which sites?
• Connectivity: can CEs be multihomed? ECMP or
redundancy?
• Can solve in the control plane or in the data
plane
• Control plane: BGP or LDP?
• Data plane is often expensive
Virtual Private Wire Services (VPWS)
• Overview of Pseudowire (PW) Architecture
• Based on IETF’s Pseudo-Wire Attachment Attachment

Circuit (AC) Circuit (AC)
(PW) Reference Model Pseudo-Wire 1
• Enables transport of any Layer-2 CE

PE P P PE
CE
traffic over MPLS Layer-2 Layer-2
• PE-CE link is referred to as

Attachment Circuit (AC) CE CE
Layer-2 Layer-2
Pseudo-Wire 2
• Provides a p2p service PE P P PE
• Discovery: manual (config)

Emulated Layer-2 Service
• Signaling: LDP Label Switched Traffic
• Learning: data plane
VPWS Control Plane Processing
• Signaling of a New Pseudo-Wire
1. New Virtual Circuit (VC) cross-

connect connects customer L2
interface (AC) to new PW via VC ID
and remote PE ID 3 Label Mapping Messages
2. New targeted LDP session between 4 4

2 LDP session
PE1 and PE2 is established, in case PE P P PE
one CE CE
does not already exist
1 1
3. PE binds VC label with customer
layer-2 interface and sends label-
mapping to remote PE Emulated Layer-2 Service
4. Remote PE receives LDP label

binding message and matches VC
ID with local configured VC cross-
connect
VPWS Forwarding Plane Processing
• Forwarding of Layer-2 Traffic Over PWs
1. CE2 forwards L2 packet to PE2.

2. PE2 pushes VC (inner) label to L2
packet received from CE2 Eth IGP PW Eth IGP PW Eth IGP PW Eth Eth
Label C Label Label B Label Label A Label
• Optionally, a control word is added
as well (not shown) Ethernet Ethernet
Frame
Frame
3. PE2 pushed outer (Tunnel) label PE1 P1 P2 PE2

CE1 CE2
and forwards packet to P2
4. P2 and P1 forward packet using
outer (tunnel) label (swap)
5. Router PE2 pops Tunnel label and,
based on VC label, L2 packet is
forwarded to customer interface to
CE1, after VC label is removed
• In case control word is used, new
layer-2 header is generated first
Virtual Private LAN Services
• Overview of VPLS Architecture
• VPLS network acts like a virtual Attachme Attachme

switch that emulates nt
Circuit
nt
Circuit
conventional L2 bridge (AC) P P (AC)
PE PE
CE CE
• Fully meshed or Hub-Spoke Layer Layer
topologies supported -2 -2
• LDP, BGP variants CE CE

Layer Layer
• Provides a mp2mp service -2 PE P P PE -2
• Discovery: manual or auto

Emulated Virtual Switch
• Signaling: LDP or BGP Label Switched Traffic
• Learning: data plane Pseudo-
Wire
EVPN
• Provides mp2mp BGP advertisement:

L2VPN/EVPN Addr = CE1.MAC
• Discovery: BGP, using MPLS BGP Next-Hop = PE1
Route Target = 100:1
VPN mechanisms (RT) Label=42
• Signaling: BGP
• Learning: Control plane (BGP) BGP RR
PE PE
CE1 CE3
• Allows for multihomed CEs
CE2 CE4
PE PE

PBB-EVPN
• Combines Provider Backbone BGP advertisement:

Bridging (802.1ah) with EVPN L2VPN/EVPN Addr = PE1.B-MAC
• Scales better than straight EVPN BGP Next-Hop = PE1
Route Target = 100:1
• Removes the need to flood all MAC Label=42
addresses in BGP
CE-CE MAC addresses learned in the data plane)
• Provides mp2mp BGP RR
PE PE
• Discovery: BGP, using MPLS CE1 CE3
VPN mechanisms (RT)

• Signaling: BGP CE2 CE4
• Learning: Forwarding plane PE PE
• Allows for multihomed CEs

Service Provider Deployment Scenario
• PWs for Offering Layer-2 Business VPN Services
• Deployment Use Case Layer-2 VPN Service

• Delivery of E-LINE services to
business customers PE P P PE
CE CE
• Benefits
• Leverage same network for
multiple services and Network
CE PE P
customers (CAPEX) Segment
• Highly scalable Typical M3400 ME3800X CRS-1
• Service enablement only Platforms
ASR901 ASR903 ASR9K
requires edge node
ASR9K
configuration (OPEX)
Data Center Deployment Scenario Data Center
• VPLS for Layer-2 Data Center Interconnect (DCI) Services
DC
Edge
• Deployment Use Case Data Center Core Core Edge
• E-LAN services for Data Center
interconnect DC Data Center
Edge Edge
DC
• Benefits Edge
• Single WAN uplink to connect to
multiple Core Core Edge
Data Centers
• Easy implementation of Network
DC Edge Core Edge
segmented layer-2 traffic Segment
between Data Centers MPLS Node CE P PE
Typical ASR9K CRS-1 ASR9K

Platforms 7600 ASR9K 7600
6500
Summary
• Key Takeaways
• L2VPNs enable transport of any Layer-2 traffic over MPLS network

• L2 packets encapsulated into additional VC label
• Both LDP and BGP can be used L2VPN signaling
• PWs suited for implementing transparent point-to-point connectivity between
Layer-2 circuits (E-LINE services)
• VPLS suited for implementing transparent point-to-multipoint connectivity
between Ethernet links/sites (E-LAN services)
• Typical applications of L2VPNs are layer-2 business VPN services and Data
Center interconnect
Theory Ends. Hands on
Commences – Enjoy !
Overview of the MPLS
Labs
• Section 1: Basic MPLS Forwarding
• Section 2: MPLS Layer 3 VPN (L3VPN)
• Section 3: MPLS Traffic-Engineering
• Section 4: MPLS Layer 2 (L2VPN)
Detailed Physical Topology
IP/MPLS
172.16.255.1 172.16.0.0
172.16.255.129
10.1.1/24 AS65016
CE1 e0/0.1 e0/0.1 P1
.2/32 .1/30
s1/0 s1/0 .9/30
s1/1 Area 0 IP/MPLS
172.16.1/24 172.17.0.0
PE1 s1/1
.10/30 P2 PE5-ASBR PE4-ASBR
.1/30
192.168.255.0/30 AS65017 PE2
s1/2 172.17.0.0/30 CE2
.1/30 .2/30 .1/30 .2/30 .1/30 .2/30 10.6.1/24
s1/2 172.16.0/24 s1/0 s1/0 e0/0 e0/0 s1/0 s1/0 s1/1 s1/1
.2/30 172.16.2/24
.6/30
CE3 PE3 s1/3 172.16.255.130 172.16.255.2 172.17.255.1 172.17.255.2
s1/3
.2/30 .1/30 .5/30
e0/0.1 e0/0.1 s1/0 s1/0 P3
10.1.1/24 172.16.3/24
172.16.255.3 172.16.255.131
Section 1: Basic MPLS Forwarding
Section 1: Basic MPLS Forwarding Overview
• Get familiarized with the lab topology.
• Execute show commands and understand the concepts of Label and Label Switched path.
• You will configure a few routers for a given exercise. Some devices are pre-configured.
• Use MPLS PING and TRACE commands to test connectivity.
• Slides with the ‘tools’ sign Indicate hands on configuration.
Reachability from PE1 (Within AS 65016)
[PE1]#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 12 subnets, 2 masks PE3 Loopback

O 172.16.255.3/32 [110/145] via 172.16.1.1, 10:12:36, Serial1/0
O 172.16.255.2/32 [110/145] via 172.16.1.1, 10:12:36, Serial1/0 PE5-ASBR

Loopback
C 172.16.255.1/32 is directly connected, Loopback0
---snip----
Configure LSP on PE1
hostname [PE1]
Enabling Label
!
Distribution
mpls label protocol ldp
!
Protocol
interface Serial1/0
mpls ip
!
Provisioning a
Label Switched
Path - LSP
Show MPLS Forwarding Table on PE1
[PE1]#show mpls forwarding-table Outgoing Label
Local Outgoing Prefix Bytes Label Outgoing Next Hop
for FEC
Label Label or Tunnel Id Switched interface
16 19 172.16.255.131/32 \ 172.16.255.130/32
0 Se1/0 point2point
17 16 172.16.255.130/32 \
0 Se1/0 point2point
18 Pop Label 172.16.255.129/32 \
0 Se1/0 point2point
19 20 172.16.3.0/30 0 Se1/0 point2point
20 Pop Label 172.16.0.8/30 0 Se1/0 point2point
21 18 172.16.0.4/30 0 Se1/0 point2point
22 Pop Label 172.16.0.0/30 0 Se1/0 point2point
23 21 172.16.255.3/32 0 Se1/0 point2point
24 22 172.16.2.0/30 0 Se1/0 point2point
25 23 172.16.255.2/32 0 Se1/0 point2point Pop Tag for
Connected
Interfaces
Test MPLS LSP Using MPLS Ping on PE1
[PE1]#ping mpls ipv4 172.16.255.2 255.255.255.255 MPLS PING to PE5
Sending 5, 100-byte MPLS Echos to 172.16.255.2/32,
timeout is 2 seconds, send interval is 0 msec:
Codes: '!' - success, 'Q' - request not transmitted,

'.' - timeout, 'U' - unreachable,
'R' - downstream router but not target,
'M' - malformed request
Type escape sequence to abort.

!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =
60/75/132 ms
Test MPLS LSP Using MPLS Trace on PE1
[PE1]#trace mpls ipv4 172.16.255.2 255.255.255.255 MPLS Trace to PE5
Tracing MPLS Label Switched Path to 172.16.255.2/32, timeout is 2 seconds
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,

'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'l' - Label switched with FEC change, 'd' - see DDMAP for return code,
'X' - unknown return code, 'x' - return code 0

0 172.16.1.2 MRU 1500 [Labels: 23 Exp: 0]
I 1 172.16.1.1 MRU 1500 [Labels: 23 Exp: 0] 22 ms
I 2 172.16.0.10 MRU 1504 [Labels: implicit-null Exp: 0] 41 ms
! 3 172.16.2.2 62 ms
[PE1]#
Section 2: MPLS Layer 3 VPN (L3VPN)
Section 2: MPLS L3VPN Overview
• Configure Intranet: Customer VRF Blue is provisioned as a MPLS VPN
• Configure Extranet: Leak a route from VRF Blue to VRF Green
• Configure Internet Access: Provision internet access to customer VRF Blue
• Configure Inter-AS: Option 10B
L3VPNs Topology Intranet – Provisioning VPN Blue
IP/MPLS
11.1.1.1 172.16.255.1
172.16.255.129
172.16.0.0
11.1.1.2 AS 100 AS65016
11.1.1.3 P1
CE1
PE1 AS 11.2.1.1
P2 PE5-ASBR 65017 11.2.1.2
11.2.1.3
12.1.1.1 172.16.0/24 PE4-ASBR
12.1.1.2 172.16.2/24
12.1.1.3 CE3 PE3 172.16.255.130 172.16.255.2
172.17.255.1
P3
172.16.3/24
14.1.1.1
14.1.1.2 172.16.255.131
172.16.255.3
14.1.1.3
VPN—Blue
VPN—Green
Intranet
• Define BGP Communities (RT) Cintranet
• At all of the PE for vrf blue

Export all routes into provider’s BGP with Cintranet
Import into local VRF routes with Cintranet
Configure VRF Blue on PE1
hostname [PE1]
Note: Route-
!
Target Is Different
ip vrf blue
rd 65016:1
from RD
route-target export 1:1
route-target import 1:1
!
! Make Interface
interface Ethernet0/0.1
Ethernet 0/0.1
encapsulation dot1Q 100
Part of VRF Blue
ip vrf forwarding blue
ip address 10.1.1.2 255.255.255.0
no ip directed-broadcast
!
Check VRF Information on PE1
[PE1]#show ip vrf
Name Default RD Interfaces
blue 65016:1 Et0/0.1
[PE1]#show ip vrf detail blue
VRF blue (VRF Id = 1); default RD 65016:1; default VPNID <not set>
Interfaces:
Et0/0.1
VRF Blue
VRF Table ID = 1
Detail
Export VPN route-target communities
RT:1:1
Import VPN route-target communities
RT:1:1 Export/Import
No import route-map
Details
No global export route-map
No export route-map
VRF label distribution protocol: not configured
VRF label allocation mode: per-prefix
VRF Blue Routing Table on PE1
[PE1]#show ip route vrf blue
Routing Table: blue

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static
route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set Only Connected

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
Route Exists
C 10.1.1.0/24 is directly connected, Ethernet0/0.1
L 10.1.1.2/32 is directly connected, Ethernet0/0.1
Ping CE1 from PE1 (VRF Blue)
10.1.1.1 Does
[PE1]#ping vrf blue 10.1.1.1
Exist in the
VRF Blue
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
Table!
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/24/32 ms
[PE1]#ping 10.1.1.1
10.1.1.1 Does
Not Exist in
Type escape sequence to abort. the Global
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds: Table!
.....
Success rate is 0 percent (0/5)
CE-PE Routing
IP/MPLS
11.1.1.1
AS 172.16.255.1 172.16.255.129172.16.0.0
11.1.1.2 100 AS65016
11.1.1.3 P1
CE1 AS
PE1 65017 11.2.1.1
P2 PE5-ASBR 11.2.1.2
11.2.1.3
12.1.1.1 PE4-ASBR
12.1.1.2 172.16.2/24
12.1.1.3 CE3 PE3 172.16.255.130 172.16.255.2
172.17.255.1
172.16.3/24 P3
14.1.1.1
14.1.1.2 172.16.255.131
172.16.255.3
14.1.1.3
VPN—Blue
Static VPN—Green
BGP
Configure BGP Routing on PE1
router bgp 65016
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 172.16.255.2 remote-as 65016
VRF Blue CE1-PE1
neighbor 172.16.255.2 update-source Loopback0
neighbor 172.16.255.3 remote-as 65016 Protocol is eBGP
no auto-summary
!
address-family ipv4 vrf blue
redistribute connected
neighbor 10.1.1.1 activate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 172.16.255.2 activate Address Family
neighbor 172.16.255.2 send-community extended
neighbor 172.16.255.3 activate VPNv4 Config with
Remote PE5 & PE3
exit-address-family
! LTRMPL-2108 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
VRF Blue BGP Table on PE1
[PE1]#show ip bgp vpnv4 vrf blue <truncated output>
BGP table version is 28, local router ID is 172.16.255.1
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 65016:1 (default for vrf blue)
*> 10.1.1.0/24 0.0.0.0 0 32768 ? Local Routes
* 10.1.1.1 0 0 100 ? from CE1
*>i10.2.1.0/24 172.16.255.3 0 100 0 ?
*>i10.5.1.0/24 172.16.255.2 0 100 0 ? Routes from
*> 11.1.1.1/32 10.1.1.1 0 0 100 ? PE5-ASBR
*> 11.1.1.2/32 10.1.1.1 0 0 100 ?
*> 11.1.1.3/32 10.1.1.1 0 0 100 ?
*>i11.2.1.1/32 172.16.255.2 0 100 0 65017 i Routes from
*>i11.2.1.2/32 172.16.255.2 0 100 0 65017 i PE3
*>i11.2.1.3/32 172.16.255.2 0 100 0 65017 i
*>i14.1.1.1/32 172.16.255.3 0 100 0 ?
*>i14.1.1.2/32 172.16.255.3 0 100 0 ?
*>i14.1.1.3/32 172.16.255.3 0 100 0 ?
VPN Labels for VRF Blue on PE1
[PE1]#show ip bgp vpnv4 vrf blue labels
Network Next Hop In label/Out label
Route Distinguisher: 65016:1 (blue)
10.0.100.0/30 10.1.1.1 26/nolabel
10.0.200.0/30 10.1.1.1 27/nolabel
10.1.1.0/24 10.1.1.1 32/nolabel
0.0.0.0 32/nolabel
10.1.2.0/24 10.1.1.1 28/nolabel
10.2.1.0/24 172.16.255.3 nolabel/24
10.5.1.0/24 172.16.255.2 nolabel/16 VPN Label 19
11.1.1.1/32 10.1.1.1 29/nolabel
11.1.1.2/32 10.1.1.1 30/nolabel from PE5-ASBR
11.1.1.3/32 10.1.1.1 31/nolabel
11.2.1.1/32 172.16.255.2 nolabel/17
11.2.1.2/32 172.16.255.2 nolabel/18
11.2.1.3/32 172.16.255.2 nolabel/19
14.1.1.1/32 172.16.255.3 nolabel/25
14.1.1.2/32 172.16.255.3 nolabel/26
14.1.1.3/32 172.16.255.3 nolabel/27
VRF Blue Routing Table on PE1
[PE1]#show ip route vrf blue <truncated output>
Routing Table: blue
10.0.0.0/24 is subnetted, 3 subnets
B 10.2.1.0 [200/0] via 172.16.255.3, 00:17:25
C 10.1.1.0 is directly connected, Ethernet0/0.1
Local Route
B 10.5.1.0 [200/0] via 172.16.255.2, 00:03:24
Learned from
B 11.1.1.3 [20/0] via 10.1.1.1, 00:26:50
CE1
B 11.2.1.1 [200/0] via 172.16.255.2, 00:26:41
B 11.1.1.2 [20/0] via 10.1.1.1, 00:26:50
Route from
B 11.2.1.2 [200/0] via 172.16.255.2, 00:26:41
B 11.1.1.1 [20/0] via 10.1.1.1, 00:26:50
PE5-ASBR
B 11.2.1.3 [200/0] via 172.16.255.2, 00:26:41
B 14.1.1.2 [200/0] via 172.16.255.3, 00:17:27 Route from
B 14.1.1.3 [200/0] via 172.16.255.3, 00:17:27 PE3
B 14.1.1.1 [200/0] via 172.16.255.3, 00:17:27
Label Stack on PE1
[PE1]#show ip cef vrf blue 11.2.1.3
11.2.1.3/32
nexthop 172.16.1.1 Serial1/0 label 23 19
23: IGP/LDP Label

19: VPN Label
NOTE: Labels May
Differ
Extranet Topology
11.1.1.1 172.16.255.1 IP/MPLS

172.16.255.129
172.16.0.0
RT 1:2 AS65016
11.1.1.2
AS 100 P1
11.1.1.3 RT 1:1
CE1
PE1 AS 11.2.1.1
P2 PE5-ASBR 65017 11.2.1.2
11.2.1.3
172.16.0/24 PE4-ASBR
RT 1:1
172.16.2/24
CE3 PE3 172.16.255.130 172.16.255.2
12.1.1.1 RT 2:1 172.17.255.1
12.1.1.2
12.1.1.3
P3
172.16.3/24
172.16.255.3 172.16.255.131
Static
BGP
Extranet
VPN—Blue
VPN—Green
Extranet
• Define three BGP Communities (RT) Cblue , Cgreen
and Cextranet
• At the PE attached to extranet site
•Export routes using a export-map into providers BGP with extranet routes marked
Cextranet and intranet routes marked Cblue
•Import into local VRF only routes with Cblue
• At the PE attached to remote sites

•Export all routes to provider BGP with (for Green VRF) Cgreen and (for Blue VRF) Cblue
•Import into local VRF routes matching Cgreen or Cblue
and Cextranet
Configure Extranet on PE1
ip vrf blue
rd 65016:1 All Exports Should Be
no route-target export 1:1 Controlled by Route Map
export map set-ext-community set-ext-community
!
If the Prefix Is
!
11.1.1.1 then Set the
access-list 10 permit 11.1.1.1
Route Target to 1:2
route-map set-ext-community permit 10
match ip address 10
set extcommunity rt 1:2 Route Target Set to
! 1:1 for Other
route-map set-ext-community permit 20 Prefixes
set extcommunity rt 1:1
!
[PE1]clear ip bgp vpnv4 unicast update-group Activate export map
Extranet Route(s) in VRF Green on PE3
[PE3]#show ip route vrf green <truncated output>
Routing Table: green
Only Extranet
Route Gets
C 10.1.1.0 is directly connected, Ethernet0/0.1 Imported into
11.0.0.0/32 is subnetted, 1 subnets VRF Green and
B 11.1.1.1 [200/0] via 172.16.255.1, 00:00:34 Not Other VRF
12.0.0.0/32 is subnetted, 3 subnets Blue Routes
S 12.1.1.1 [1/0] via 10.1.1.1
S 12.1.1.2 [1/0] via 10.1.1.1
S 12.1.1.3 [1/0] via 10.1.1.1
Internet Access
IP/MPLS
172.16.255.1 172.16.255.129
172.16.0.0
Internet AS 100 AS65016
P1
Gateway CE1
e0/0.1 e0/0.1 Spoke2
PE1 AS 11.2.1.1
P2 PE5-ASBR 65017 11.2.1.2
11.2.1.3
172.16.0/24 PE4-ASBR
RT 1:1
172.16.2/24
CE3 PE3 172.16.255.130 172.16.255.2
172.17.255.1
14.1.1.1 RT 1:1
14.1.1.2 10.1.3/24
14.1.1.3
P3
172.16.3/24
Spoke1 172.16.255.3 172.16.255.131
Static
VRF—Blue = Export 1:1, Import 1:1 BGP
MPLS VPN Example: Internet
• Define one BGP Communities (RT) Cblue
• At the PE attached to Internet site
Export default route into providers BGP with Cblue
Import into local VRF routes with Cblue
• At the PE attached to remote sites
Import/export all routes learned into providers BGP with Cblue
Configure Internet Access on PE1
ip vrf blue
Modify VRF Blue
rd 65016:1 Configuration
route-target export 1:1
!
encapsulation dot1Q 100 Configure
ip vrf forwarding blue
ip address 10.1.1.2 255.255.255.0
Ethernet0/0.1
!
Configure Internet Access on PE1
router bgp 65016
neighbor 172.16.255.3 remote-as 65016 BGP Does Not
! Send Default Route
Automatically
exit-address-family
!
address-family ipv4 vrf blue
redistribute static
default-information originate
Default Static
no auto-summary
no synchronization
Pointing to
exit-address-family Internet GW
!
ip classless Router CE1
ip route vrf blue 0.0.0.0 0.0.0.0 10.1.1.1
!
!
VRF Blue Default Route for Internet Access on PE3
Routing Table: blue
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-
2 Default Route to
ia - IS-IS inter area, * - candidate default, U - per-user static Internet Gateway
route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
CE1 Through
+ - replicated route, % - next hop override
PE1
Gateway of last resort is 172.16.255.1 to network 0.0.0.0
B* 0.0.0.0/0 [200/0] via 172.16.255.1, 00:00:43

B 10.0.100.0/30 [200/0] via 172.16.255.1, 00:06:45
Inter-AS Deployment Scenarios
Multiple Options
This lab section configures option 10B
1. Back-to-back VRFs
Option 10A
PE5-ASBR PE4-ASBR
2. MP-eBGP for VPNv4
Option 10B
3. Multihop MP-eBGP AS #2
PE1 AS #1 between RRs
Option 10C PE2
CE1 CE2
VPN-A
RFC 4364 (obsoletes 2547bis) VPN-A
Inter-AS VPN – VPN Blue peers with AS 65016 and 65017
Lab Topology
PE1 IP/MPLS
172.16.255.1
172.16.255.129
172.16.0.0
CE1 AS65016
.2/32 .1/30 P1
11.1.1.1 RT 1:1 S1/0 s1/0 IP/MPLS
11.1.1.2 172.16.1/24 172.17.0.0
11.1.1.3 AS 100 P2 PE5-ASBR PE4-ASBR
AS65017 PE2 CE2
RT 1:1
13.1.1.1
13.1.1.2
CE3 PE3 172.16.255.130 172.16.255.2 172.17.255.1 AS 200 13.1.1.3
172.17.255.2
P3
172.16.255.3 172.16.255.131
eBGP
Static
BGP + Label
MP-BGP (VPNv4)
Configure Inter-AS on PE5-ASBR
no ip vrf blue
!
no router bgp 65016 Remove VRF Blue
!
router bgp 65016
no bgp default route-target filter
Let Us Start with a Clean BGP
bgp log-neighbor-changes Config- wait till the process gets
neighbor 172.16.255.1 update-source Loopback0 deleted
neighbor 192.168.255.2 remote-as 65017 Route-Target Filter Required
! Because ASBRs Will Not Have VRFs
address-family ipv4
neighbor 192.168.255.2 activate Configured locally
neighbor 192.168.255.2 send-label
no auto-summary
no synchronization eBGP + Label (RFC-3107)
network 172.16.255.2 mask 255.255.255.255
network 192.168.255.2 mask 255.255.255.255 Especially Needed if This Is Inter-
exit-address-family
! Provider Because We Don’t Want to
Run IGP + LDP Between Two
neighbor 172.16.255.1 send-community extended Different Autonomous Systems
neighbor 172.16.255.1 next-hop-self
neighbor 172.16.255.3 send-community extended eBGP + VPNv4 Between PE5-ASBR
neighbor 192.168.255.2 activate & PE4-ASBR Option 10B (RFC-4364)
exit-address-family LTRMPL-2108 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 97
Configure Inter-AS on PE4-ASBR
!
no router bgp 65017
!
router bgp 65017
no synchronization
no bgp default ipv4-unicast Required Because ASBRs Will Not
no bgp default route-target filter
Have VRFs Configured locally
no auto-summary
!
!
address-family ipv4
neighbor 192.168.255.1 activate eBGP + Label (RFC-3107)
no auto-summary
no synchronization
network 172.17.255.1 mask 255.255.255.255
network 192.168.255.1 mask 255.255.255.255
exit-address-family
!
neighbor 172.17.255.2 send-community extended eBGP + VPNv4 Between ASBRs
Option 10B (RFC-4364)
exit-address-family
!
VRF Blue on PE1
Routing Table: blue
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
Gateway of last resort is 10.1.1.1 to network 0.0.0.0
B 10.2.1.0/24 [200/0] via 172.16.255.3, 1d08h
B 10.1.2.0/24 [20/0] via 10.1.1.1, 1d08h
C 10.1.1.0/24 is directly connected, Ethernet0/0.1
B 10.6.1.0/30 [200/0] via 172.16.255.2, 00:22:24
B 11.1.1.3 [20/0] via 10.1.1.1, 1d08h
Inter-AS
B 11.1.1.2 [20/0] via 10.1.1.1, 1d08h Routes
B 11.1.1.1 [20/0] via 10.1.1.1, 1d08h Known via
13.0.0.0/32 is subnetted, 3 subnets PE5-ASBR
B 13.1.1.1 [200/0] via 172.16.255.2, 00:22:24
B 13.1.1.3 [200/0] via 172.16.255.2, 00:22:27
B 13.1.1.2 [200/0] via 172.16.255.2, 00:22:27
B 14.1.1.2 [200/0] via 172.16.255.3, 1d08h
B 14.1.1.3 [200/0] via 172.16.255.3, 1d08h
B 14.1.1.1 [200/0] via 172.16.255.3, 1d08h
S* 0.0.0.0/0 [1/0] via 10.1.1.1
VRF Blue Reachability in Inter-AS Scenario on PE1
[PE1]#ping vrf blue 13.1.1.1 Make Sure CE2 Is Reachable

Sending 5, 100-byte ICMP Echos to
13.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5),
round-trip min/avg/max = 48/58/80
ms
[PE1]#trace vrf blue 13.1.1.1

Tracing the route to 13.1.1.1
1 172.16.1.1 [MPLS: Labels 46/68 Exp 0] 64 msec 48 msec 48 msec
2 172.16.0.10 [MPLS: Labels 39/68 Exp 0] 56 msec 48 msec 48 msec
3 172.16.2.2 [MPLS: Label 68 Exp 0] 56 msec 48 msec 56 msec Inter-AS Link on PE4-ASBR
4 192.168.255.2 [MPLS: Label 36 Exp 0] 40 msec 48 msec 40 msec
5 10.6.1.2 [MPLS: Label 35 Exp 0] 56 msec 56 msec 48 msec
6 10.6.1.1 48 msec * 44 msec
[PE1]#
Congratulations!
You have completed section 2.
Section 3: MPLS Traffic Engineering
Section 3: MPLS Traffic Engineering Overview
• Configure explicit path
• Configure backup tunnels
• Configure Fast Reroute
Verifying Interfaces Enabled for MPLS TE on PE1
[PE1]#show mpls interface TE Not
Interface IP Tunnel BGP Static Enabled
Operational
Serial1/0 Yes (ldp) No No No Yes
on Any
Interface
Configure MPLS TE on PE1
hostname [PE1]
! Enable MPLS TE on
mpls traffic-eng tunnels This Router
!
interface serial1/0
mpls traffic-eng tunnels Enable MPLS TE on
ip rsvp bandwidth Serial1/0 and
! Advertise Available
router ospf 16
Bandwidth
mpls traffic-eng router-id loopback0
mpls traffic-eng area 0
! Enable MPLS TE
Extensions for OSPF
[PE1]#show mpls interfaces

Interface IP Tunnel BGP Static TE Enabled
Operational on Interface
Serial1/0 Yes (ldp) Yes No No Yes
Verify MPLS TE Link Advertisements on PE1
[PE1]#show mpls traffic-eng link-management advertisements
Flooding Status: ready
Configured Areas: 1
Link/Neighbor Address
IGP Area[1] ID:: ospf 16 area 0
System Information::
Flooding Protocol: OSPF
Header Information::
IGP System ID: 172.16.255.1
MPLS TE Router ID: 172.16.255.1
Flooded Links: 1 Link Metrics
Link ID:: 0
Link Subnet Type: Point-to-Point
Link IP Address: 172.16.1.2
IGP Neighbor: ID 172.16.255.129, IP 172.16.1.1
Link Physical and
TE metric: 48 Maximum Reservable
IGP metric: 48
SRLGs: None Bandwidth
Physical Bandwidth: 2048 kbits/sec
Res. Global BW: 1536 kbits/sec
Res. Sub BW: 0 kbits/sec
Available Bandwidth at
Downstream:: the Eight Priority Levels
Global Pool Sub Pool
----------- ----------
Reservable Bandwidth[0]: 1536 0 kbits/sec Attribute Flags to
<truncated output>-- deleted 1 through 6 for space Color Links
Reservable Bandwidth[7]: 1536 0 kbits/sec
Attribute Flags: 0x00000000
affinity 0x00000000
mask 0x0000FFFF)
Verify MPLS TE Topology Database (Brief) on PE1
[PE1]#show mpls traffic-eng topology brief
My_System_id: 172.16.255.1 (ospf 16 area 1)
Signaling error holddown: 10 sec Global Link Generation 3
IGP Id: 172.16.255.129, MPLS TE Id:172.16.255.129 Router Node (ospf 16 area 0) Remote End
link[0]: Point-to-Point, Nbr IGP Id: 172.16.255.1, nbr_node_id:1, gen:3
frag_id 0, Intf Address:172.16.1.1, Nbr Intf Address:172.16.1.2
as Advertised
TE metric:48, IGP metric:48, attribute_flags:0x0 by Neighbor
SRLGs: None
==snip===
Local End as
IGP Id: 172.16.255.1, MPLS TE Id:172.16.255.1 Router Node (ospf 16 area 0)
Advertised to
link[0]: Point-to-Point, Nbr IGP Id: 172.16.255.129, nbr_node_id:2, gen:2
frag_id 0, Intf Address:172.16.1.2, Nbr Intf Address:172.16.1.1
Neighbor
TE metric:48, IGP metric:48, attribute_flags:0x0
SRLGs: None
Verify MPLS TE Topology Database on PE1
[PE1]#show mpls traffic-eng topology
My_System_id: 172.16.255.1 (ospf 16 area 0)
Signalling error holddown: 10 sec Global Link Generation 14
IGP Id: 172.16.255.129, MPLS TE Id:172.16.255.129 Router Node (ospf 16 area 0)

Addressing,
link[0]: Point-to-Point, Nbr IGP Id: 172.16.255.131, nbr_node_id:6, gen:12 Metrics and
frag_id: 1, Intf Address: 172.16.0.1, Nbr Intf Address: 172.16.0.2
TE metric: 64, IGP metric: 64, attribute flags: 0x0 Attributes
SRLGs: None
physical_bw: 1544 (kbps), max_reservable_bw_global: 1158 (kbps)
max_reservable_bw_sub: 0 (kbps)
Global Pool Sub Pool

Physical and
Total Allocated Reservable Reservable Maximum
BW (kbps) BW (kbps) BW (kbps)
--------------- ----------- ---------- Bandwidth
bw[0]: 0 1158 0
bw[1]: 0 1158 0
bw[2]: 0 1158 0
Available
bw[3]: 0 1158 0 Bandwidth at
bw[4]: 0 1158 0
bw[5]: 0 1158 0 the Eight
bw[6]: 0 1158 0 Priority Levels
bw[7]: 0 1158 0
Tunnel Paths from
PE1 to PE5-ASBR and PE3
IP/MPLS
172.16.0.0
172.16.255.1 172.16.255.129 AS65016
P1 Area 0
.2/32 .1/30
PE1
s1/0 s1/0 .9/30
s2/0
172.16.1/24
s0/0
.10/30 P2
.1/30
s0/0
.1/30 .2/30
PE5-ASBR
s2/0 172.16.0/24
s1/0 s1/0
.2/30
.6/30 172.16.2/24
s2/0 172.16.255.130 172.16.255.2
s0/0
.2/30 .1/30 .5/30
PE3
s1/0 s1/0 P3
172.16.3/24
172.16.255.3 172.16.255.131
TE Tunnel
Configure TE Tunnel with Explicit Path on PE1
hostname [PE1]
Destination PE5-ASBR
!
interface Tunnel1
description PE1-P1-P2-PE5-ASBR Bandwidth and
ip unnumbered Loopback0 Priority
tunnel destination 172.16.255.2
tunnel mode mpls traffic-eng Use Path PE1-TO-
tunnel mpls traffic-eng priority 7 7 PE5-ASBR
tunnel mpls traffic-eng bandwidth 512
tunnel mpls traffic-eng path-option 10 explicit name PE1-TO-PE5-ASBR Protection
tunnel mpls traffic-eng fast-reroute Desired
!
ip route 172.16.255.2 255.255.255.255 Tunnel1 Traffic to PE5-
! ASBR Loopback0
ip explicit-path name PE1-TO-PE5-ASBR enable Routed to
next-address 172.16.255.129
Tunnel1
Explicit Path
!
Hops
Verify Tunnel Operation (Brief) on PE1
[PE1]#show mpls traffic-eng tunnels brief
Signaling Summary:
LSP Tunnels Process: running
RSVP Process: running
Forwarding: enabled
Periodic reoptimization: every 3600 seconds, next in 2490 seconds
Periodic FRR Promotion: Not Running
Periodic auto-bw collection: disabled
TUNNEL NAME DESTINATION UP IF DOWN IF STATE/PROT Status
PE1-P1-P2-PE5-ASBR 172.16.255.2 - Se1/0 up/up
Displayed 1 (of 1) heads, 0 (of 0) midpoints, 0 (of 0) tails
[PE1]# Tunnel Count
[PE1]#ping mpls traffic-eng tunnel1
Sending 5, 100-byte MPLS Echos to Tunnel1,
timeout is 2 seconds, send interval is 0 msec: LSP Ping
Codes: '!' - success, 'Q' - request not transmitted, Through
Tunnel 1
!!!!!
[PE1]#
Verify Tunnel Operation on PE1
[PE1]#show mpls traffic-eng tunnels Status
P2P TUNNELS/LSPs:
Name: PE1-P1-P2-PE5-ASBR (Tunnel1) Destination: 172.16.255.2
Status:
Admin: up Oper: up Path: valid Signalling: connected
Path
path option 10, type explicit PE1-TO-PE5-ASBR (Basis for Setup, path weight 192) and Cost
Config Parameters:
Bandwidth: 512 kbps (Global) Priority: 7 7 Affinity: 0x0/0xFFFF
Metric Type: TE (default) Bandwidth,
AutoRoute: disabled LockDown: disabled Loadshare: 512 [3906250] bw-based
auto-bw: disabled
Active Path Option Parameters:
Priority and
State: explicit path option 10 is active Affinity (Link
BandwidthOverride: disabled LockDown: disabled Verbatim: disabled
InLabel : -
OutLabel : Serial1/0, 24 Attributes)
Next Hop : 172.16.1.1
RSVP Signalling Info:
Src 172.16.255.1, Dst 172.16.255.2, Tun_Id 1, Tun_Instance 1
RSVP Path Info:
Label Pushed
My Address: 172.16.1.2
Explicit Route: 172.16.1.1 172.16.0.10 172.16.2.2 172.16.255.2 and Output
Record Route: NONE
Tspec: ave rate=512 kbits, burst=1000 bytes, peak rate=512 kbits Interface
RSVP Resv Info:
Record Route: 172.16.255.129(24) 172.16.255.130(24)
172.16.255.2(3) Explicit Route
Fspec: ave rate=512 kbits, burst=1000 bytes, peak rate=512 kbits
History:
Tunnel: Signaled
Time since created: 2 minutes, 54 seconds
Time since path change: 2 minutes, 28 seconds
Number of LSP IDs (Tun_Instances) used: 1
Current LSP: [ID: 1]
Explicit Route
Uptime: 2 minutes, 28 seconds
P2MP TUNNELS: Recorded
P2MP SUB-LSPS:
Configure a TE Tunnel with Explicit Path on PE1
hostname [PE1] Destination PE3
!
interface Tunnel2 Bandwidth and
description PE1-P1-P3-PE3 Priority
ip unnumbered Loopback0
no ip directed-broadcast Use Path EXPL-
tunnel destination 172.16.255.3 PE1-TO-PE3
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng priority 7 7 Protection
tunnel mpls traffic-eng bandwidth 512
Desired
tunnel mpls traffic-eng path-option 10 explicit name EXPL-PE1-TO-PE3
tunnel mpls traffic-eng fast-reroute
Traffic to PE3
!
Loopback0
ip route 172.16.255.3 255.255.255.255 Tunnel2
!
Routed to
ip explicit-path name EXPL-PE1-TO-PE3 enable Tunnel2
next-address 172.16.0.2 Path with
next-address 172.16.3.2 Explicit Hops
! LTRMPL-2108 © 2017 Cisco and/or its affiliates. All rights reserved. Cisco Public 113
Verify Tunnel Operation (Brief) on PE1
[PE1]#sh mpls tr tunnels brief
Signaling Summary:
Forwarding: enabled
PE1-P1-P2-PE5-ASBR 172.16.255.2 - Se1/0 up/up
PE1-P1-P3-PE3 172.16.255.3 - Se1/0 up/up
[PE1]#ping mpls traffic-eng tunnel2 Tunnel Count
Sending 5, 100-byte MPLS Echos to Tunnel2,
Codes: '!' - success, 'Q' - request not transmitted, LSP Ping
'.' - timeout, 'U' - unreachable, Through
Tunnel2

!!!!!
[PE1]#
Backup Tunnels
IP/MPLS
172.16.0.0
172.16.255.1 172.16.255.129 AS65016
P1
.2/32 .1/30 Area 0
PE1
s1/0 s1/0 .9/30
s1/1
172.16.1/24
s1/1
.10/30 P2
.1/30
s1/2
.1/30 .2/30
PE5-ASBR
S1/2 172.16.0/24
s1/0 s1/0
.2/30
.6/30 172.16.2/24
s1/3 172.16.255.130 172.16.255.2
s1/3
.2/30 .1/30 .5/30
PE3
s1/0 s1/0 P3
172.16.3/24
172.16.255.3 172.16.255.131
Primary TE Tunnel
Backup TE Tunnel
Configure a Backup TE Tunnel on P1
hostname [P1]
Destination P2
!
interface Tunnel1 Use Path EXPL-
description P1-P3-P2-BACKUP P1-TO-P2 to
ip unnumbered Loopback0
Reach NHOP
tunnel destination 172.16.255.130
tunnel mode mpls traffic-eng Tunnel1 as
tunnel mpls traffic-eng path-option 10 explicit name EXPL-P1-TO-P2 Backup for
!
Failures on
interface Serial1/1
mpls traffic-eng backup-path Tunnel1
Serial1/1
!
ip explicit-path name EXPL-P1-TO-P2 enable Path with
next-address 172.16.0.2 Explicit Hops
!
Verify Tunnel Operation (Brief) on P1
[P1]#show mpls traffic-eng tunnels brief
Signaling Summary:
Forwarding: enabled
P1-P3-P2-BACKUP 172.16.255.130 - Se1/2 up/up
PE1-P1-P2-PE5-ASBR 172.16.255.2 Se1/0 Se1/1 up/up
PE1-P1-P3-PE3 172.16.255.3 Se1/0 Se1/2 up/up
Displayed 1 (of 1) heads, 2 (of 2) midpoints, 0 (of 0) tails Tunnel Count
[P1]#
Configure Auto-Tunnel Backup on P1
hostname [P1]
! Automatically
mpls traffic-eng auto-tunnel backup nhop-only
[P1]#show mpls traffic-eng tunnels brief Create NHOP
Signalling Summary: Backup when
Passive LSP Listener: running Required
Forwarding: enabled
auto-tunnel:
backup Enabled (1 ), id-range:65436-65535 Interface
onehop Disabled (0 ), id-range:65336-65435 Range for
mesh Disabled (0 ), id-range:64336-65335
Periodic reoptimization: every 3600 seconds, next in 1280 seconds Automatically
Periodic auto-tunnel: Created
backup notinuse scan: every 3600 seconds, next in 3140 seconds Backup
P2P TUNNELS/LSPs: Tunnels
TUNNEL NAME DESTINATION UP IF DOWN IF STATE/PROT
P1-P3-P2-BACKUP 172.16.255.130 - Se1/2 up/up
[P1]_t65436 172.16.255.131 - Se1/1 up/up
PE1-P1-P2-PE5-ASBR 172.16.255.2 Se1/0 Se1/1 up/up Status
PE1-P1-P3-PE3 172.16.255.3 Se1/0 Se1/2 up/up
P2MP TUNNELS: Displayed 0 (of 0) P2MP heads
P2MP SUB-LSPS:
Tunnel Count
Displayed 0 P2MP sub-LSPs:0 (of 0) heads, 0 (of 0) midpoints, 0 (of 0) tails
Verify Backup Tunnel Operation on P1 Backup Tunnel
[P1]#show mpls traffic-eng tunnels backup
P1-P3-P2-BACKUP
LSP Head, Admin: up, Oper: up
Operational
Tun ID: 1, LSP ID: 1, Source: 172.16.255.129
Destination: 172.16.255.130
Fast Reroute Backup Provided:
Protects One
Protected i/fs: Se1/1
Protected LSPs/Sub-LSPs: 1, Active: 0
Primary Tunnel
Backup BW: any pool unlimited; inuse: 512 kbps
Backup flags: 0x0
[P1]_t65436
Backup Tunnel
LSP Head, Admin: up, Oper: up
Tun ID: 65436, LSP ID: 1, Source: 172.16.255.129
Operational
Destination: 172.16.255.131
Fast Reroute Backup Provided:
Protected i/fs: Se1/1
Protects One
Protected LSPs/Sub-LSPs: 1, Active: 0
Backup BW: any pool unlimited; inuse: 512 kbps
Primary Tunnel
Backup flags: 0x0
[P1]#show mpls traffic-eng fast-reroute database
P2P Headend FRR information: FRR in Ready
Protected tunnel In-label Out intf/label FRR intf/label Status
--------------------------- -------- -------------- -------------- ------ State for
P2P LSP midpoint frr information:
Primary
LSP identifier
---------------------------
In-label
--------
Out intf/label
--------------
FRR intf/label
--------------
Status
------
Tunnels
172.16.255.1 1 [1] 24 Se1/1:24 Tu1:24 ready
172.16.255.1 2 [1] 25 Se/2:24 Tu65436:24 ready
MPLS TE-FRR in Action on P1
hostname [P1]
!
interface Serial1/1 Shut Protected
shut Interface
!
[P1]#show mpls traffic-eng fast-reroute database
P2P Headend FRR information:
Protected tunnel In-label Out intf/label FRR intf/label Status
--------------------------- -------- -------------- -------------- ------ FRR in
P2P LSP midpoint frr information: Active State
LSP identifier In-label Out intf/label FRR intf/label Status
--------------------------- -------- -------------- -------------- ------ for Primary
172.16.255.1 1 [1] 24 Se1/1:24 Tu1:24 active
Tunnels
hostname [P1]
!
interface Serial1/1 Unshut
no shut
!
Protected
Interface
Congratulations!
Section 4: MPLS L2VPN
Section 4: MPLS L2VPN Overview
• Configure Ethernet VLAN Pseudowires
• Configure Multisegment Pseudowire with interworking
Ethernet VLAN Pseudowire
IP/MPLS
172.16.0.0
172.16.255.1 AS65016
CE1
e0/0 e0/0
PE1
PE3
CE3
e0/0 e0/0
172.16.255.3
Pseudowire
TE Tunnel
Configure Ethernet VLAN Pseudowire on PE1&PE3
hostname [PE1]
! Pseudowire Profile
pseudowire-class ETHER-PW
encapsulation mpls
! VLAN 10 as
interface Ethernet0/0.10 Attachment Circuit
no cdp enable Connect to PW
xconnect 172.16.255.3 100 pw-class ETHER-PW Peer for VC Id 100
!
hostname [PE3]
! Pseudowire Profile
pseudowire-class ETHER-PW
encapsulation mpls
! VLAN 15 as
interface Ethernet0/0.15 Attachment Circuit
no cdp enable Connect to PW
xconnect 172.16.255.1 100 pw-class ETHER-PW
Peer for Matching
!
VC Id 100
Verify Xconnect/Pseudowire Operation (Brief) PE3
[PE3]#show xconnect all detail
Legend: XC ST=Xconnect State, S1=Segment1 State, S2=Segment2 State Xconnect
UP=Up, DN=Down, AD=Admin Down, IA=Inactive, NH=No Hardware
XC ST Segment 1 S1 Segment 2 S2 Segments
------+---------------------------------+--+---------------------------------+-- and Status
UP ac Et0/0.15:15(Eth VLAN) UP mpls 172.16.255.1:100 UP
Interworking: none Local VC label 98
Remote VC label 67
pw-class: ETHER-PW
[PE3]#show mpls l2transport vc PW Brief

Status
Local intf Local circuit Dest address VC ID Status
------------- -------------------------- --------------- ---------- ----------
Et0/0.15 Eth VLAN 15 172.16.255.1 100 UP
[PE3]#
Verify Pseudowire Operation on PE3 Attachment
[PE3]#show mpls l2transport vc detail<truncated output>
Local interface: Et0/0.15 up, line protocol up, Eth VLAN 15 up Circuit Status
Destination address: 172.16.255.1, VC ID: 100, VC status: up
Preferred path: not configured PW Status
Default path: active
Next hop: point2point Label Stack
Output interface: Se1/0, imposed label stack {37 67}
Create time: 00:01:40, last status change time: 00:01:36 (IGP, VC)
Signaling protocol: LDP, peer 172.16.255.1:0 up
MPLS VC labels: local 98, remote 67 LDP Session
Group ID: local 0, remote 0
MTU: local 1500, remote 1500 VC Labels
Remote interface description:
Sequencing: receive disabled, send disabled Sequencing
VC statistics:
packet totals: receive 2, send 2 Disabled
byte totals: receive 760, send 848
packet drops: receive 0, seq error 0, send 0 Pseudowire
Packet/Byte
[PE3]#
Counters
Pseudowire Connectivity Verification on PE3
Ping
[PE3]#ping mpls pseudowire 172.16.255.1 100
Sending 5, 100-byte MPLS Echos to 172.16.255.1/0,
Pseudowire to
Peer
172.16.255.1
Codes: '!' - success, 'Q' - request not transmitted, with VC id 100

!!!!!
[PE3]#
Multi-Segment Pseudowire (Switching) with
Interworking
IP/MPLS
172.16.0.0
172.16.255.1
CE1 AS65016
e0/0 e0/0 IP/MPLS

PE1 PE5-ASBR PE4-ASBR 172.17.0.0
192.168.255.0/30
AS65017 PE2 CE2
.1/30 .2/30
e0/0 e0/0 s1/1 s1/1
172.16.255.2 172.17.255.1 172.17.255.2
Pseudowire Segment 1
Pseudowire Switch Point
Configure Intra and Inter-AS Pseudowire on PE1
hostname [PE1]
!
IP Interworking
pseudowire-class ETHER-FR-IP-PW (PW Type 11)
encapsulation mpls
interworking ip
! VLAN 15 as
encapsulation dot1Q 15 Attachment Circuit
no cdp enable Connect to PW Peer
xconnect 172.16.255.2 200 pw-class ETHER-FR-IP-PW
! for VC id 200
Define Intra and Inter-AS Pseudowire on PE5
hostname [PE5-ASBR] Stitch Intra-AS and

!
l2 vfi PW-SWITCH-POINT point-to-point Inter-AS PWs
neighbor 172.17.255.1 100 encapsulation mpls
neighbor 172.16.255.1 200 encapsulation mpls Advertise Loopback
!
router bgp 65016 for Directed LDP
no synchronization Across AS Boundary
network 172.16.255.2 mask 255.255.255.255
neighbor 192.168.255.2 remote-as 65017 Advertise Label to
address-family ipv4 eBGP Peer
Verify Xconnect and Pseudowire Operation on PE5
[PE5-ASBR]#show xconnect all detail<truncated output>
Legend: XC ST=Xconnect State, S1=Segment1 State, S2=Segment2 State Xconnect
UP=Up, DN=Down, AD=Admin Down, IA=Inactive, NH=No Hardware
XC ST Segment 1 S1 Segment 2 S2 Segments
------+---------------------------------+--+---------------------------------+-- (MPLS) and
UP mpls 172.16.255.1:200 UP mpls 172.17.255.1:100 UP
Status
[PE5-ASBR]#
[PE5-ASBR]#show mpls l2transport vc

PW Brief
Local intf Local circuit Dest address VC ID Status
------------- -------------------------- --------------- ---------- ----------
Status
MPLS PW 172.17.255.1:100 172.16.255.1 200 UP
MPLS PW 172.16.255.1:200 172.17.255.1 100 UP PW
[PE5-ASBR]#
[PE5-ASBR]#show vfi
Switched at
VFI name: PW-SWITCH-POINT, type: point-to-point VFI PW-
Neighbors connected via pseudowires:
Router ID Pseudowire ID SWITCH-
172.17.255.1
172.16.255.1
100
200
POINT
[PE5-ASBR]#
Verify Pseudowire Operation Connects to PW
[PE5-ASBR]#show mpls l2transport vc detail<truncated output>
172.16.255.1:200
Local interface: MPLS PW 172.17.255.1:100 up
Destination address: 172.16.255.1, VC ID: 200, VC status: up
Preferred path: not configured
Default path: active
Next hop: point2point
PW Status
Output interface: Se1/0, imposed label stack {35 68}
Create time: 00:01:44, last status change time: 00:01:37
Label Stack
Signaling protocol: LDP, peer 172.16.255.1:0 up (IGP, VC)
MPLS VC labels: local 160, remote 68
Group ID: local 0, remote 0 LDP Session
MTU: local 1500, remote 1500
Remote interface description: VC Labels
Sequencing: receive transparent, send transparent
Sequencing resync disabled Sequencing
VC statistics:
packet totals: receive 0, send 0
Transparent
byte totals: receive 0, send 0
packet drops: receive 0, seq error 0, send 0 Pseudowire
Packet/Byte
[PE5-ASBR]#
Counters
Congratulations!
You accomplished MPLS L3 VPN,

MPLS TE and MPLS L2VPN
implementation.
Terminology Reference
• Acronyms Used in MPLS Reference Architecture
Terminology Description
AC Attachment Circuit. An AC Is a Point-to-Point, Layer 2 Circuit Between a CE and a PE.
AS Autonomous System (a Domain)
CoS Class of Service
ECMP Equal Cost Multipath
IGP Interior Gateway Protocol
LAN Local Area Network
LDP Label Distribution Protocol, RFC 3036.
LER Label Edge Router. An Edge LSR Interconnects MPLS and non-MPLS Domains.
LFIB Labeled Forwarding Information Base
LSP Label Switched Path
LSR Label Switching Router
NLRI Network Layer Reachability Information
P Router An Interior LSR in the Service Provider's Autonomous System
PE Router An LER in the Service Provider Administrative Domain that Interconnects the Customer Network and the Backbone Network.
PSN Tunnel Packet Switching Tunnel
Terminology Reference
• Acronyms Used in MPLS Reference Architecture
Terminology Description
Pseudo-Wire A Pseudo-Wire Is a Bidirectional “Tunnel" Between Two Features on a Switching Path.
PWE3 Pseudo-Wire End-to-End Emulation
QoS Quality of Service
RD Route Distinguisher
RIB Routing Information Base
RR Route Reflector
RT Route Target
RSVP-TE Resource Reservation Protocol based Traffic Engineering
VPN Virtual Private Network
VFI Virtual Forwarding Instance
VLAN Virtual Local Area Network
VPLS Virtual Private LAN Service
VPWS Virtual Private WAN Service
VRF Virtual Route Forwarding Instance
VSI Virtual Switching Instance
Complete Your Online
Session Evaluation
• Give us your feedback to be
entered into a Daily Survey
Drawing. A daily winner will
receive a $750 gift card.
• Complete your session surveys
through the Cisco Live mobile
app or on www.CiscoLive.com/us.
Don’t forget: Cisco Live sessions will be

available for viewing on demand after the
event at www.CiscoLive.com/Online.
Continue Your Education
• Demos in the Cisco campus
• Walk-in Self-Paced Labs
• Lunch & Learn
• Meet the Engineer 1:1 meetings
• Related sessions
Thank you

LTRMPL-2108 MPLS and Its Applications

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

LTRMPL-2108 MPLS and Its Applications

Uploaded by

Copyright:

Available Formats

MPLS and Its

Cisco Spark spaces will be cs.co/ciscolivebot#LTRMPL-2108

• It’s all about labels …

• MPLS forwarding plane

• MPLS control/signaling plane

IP Native Ethernet MPLS

Destination address based Destination address based Label based

Ethernet Loop avoidance Routing Protocols

Packet Encapsulation IP Header 802.3 Header MPLS shim header

OAM IP ping, traceroute E-OAM MPLS OAM

• MPLS reference architecture Service (Clients) Management

• MPLS signaling and

• MPLS OAM IP/MPLS (LDP/RSVP-TE/BGP)

• Multiple labels can be used for

• MPLS label contains 3 TC bits

• DSCP values of IP packet mapped

• LSP signaling IP MPLS

• Exchange of labels OSPF, IS-IS, BGP

• Downstream MPLS node advertises what Packet

• MPLS Forwarding table (FIB)

Fast ReRoute (FRR)

• Exchange of IP routes Forwarding Table Forwarding Table Forwarding Table

Routing Updates You Can Reach 171.69 Thru Me

• Via IGP (e.g., OSFP, IS-IS) Address I/F Address I/F

Forwarding Table Forwarding Table Forwarding Table

• Receiving nodes update - 171.69 1 21 21 171.69 1 36

(downstream unsolicited) Use Label 21 for 171.69

Label Distribution Use Label 36 for 171.69

• Egress PE removes label Forwarding based on 171.69

• Routing protocol distributes routes

• MPLS LSP Ping

• MPLS LSP Trace

• MPLS LSP Multipath (ECMP) Tree Trace

• MPLS networks consist of PE routers at in/egress and P routers in core

• Definition of MPLS VPN Service (Clients) Management

• Set of sites which communicate with each other in a secure way

• Different inter-site connectivity schemes possible

• VPN policies PE-CE VPN Signaling PE-CE

• MPLS Layer-2 VPNs • CE connected to PE via IP-

• Technology components Service (Clients) Management

• VPN control plane mechanisms Layer-3 VPNs Layer-2 VPNs 

• Data Center access

• Virtual routing and forwarding table

• Typically, VRF created for each CE MPLS Backbone

• Full mesh of BGP sessions BGP Route Reflector

• Or BGP Route Reflector

• Multi-Protocol BGP extensions Blue VRF Blue VRF

(MP-iBGP) to carry VPN policies CE

• PE-CE routing options PE P P PE

Make customer routes unique:

1. CE2 forwards IPv4 packet to PE2

 Learned via MP-IBGP IPv4 IPv4

• Different IP connectivity can be ASR1K

• Deployment Use Case MPLS VPNs for L3 Network

• Segmented WAN Layer-3 at MPLS VPNs

• MPLS Layer-3 VPNs provide IP connectivity among CE sites

• RSVP Service (Clients) Management

• MPLS-TE lets you deviate from the IGP shortest-cost path

• Flood link characteristics in the IGP IP/MPLS

n Link with insufficient bandwidth

• TE: Per node, find the shortest R1

• Set up the calculated path using RSVP

• Steady state Router A Router B Router D Router E

• Failure of link between router B