What is MPLS?

 Multiprotocol Label Switching (MPLS) is fundamentally a packet-forwarding

technology.
 It utilizes labels to guide data forwarding decisions.
 This approach replaces complex IP routing lookups at each hop.
 MPLS works by assigning a short, fixed-length label to each packet.
 Subsequently, routers forward packets based on these labels.
 This label-based forwarding results in faster and more efficient traffic flow.
 MPLS operates between Layer 2 (Data Link) and Layer 3 (Network) of the OSI
model. It uses Layer 3 routing information to assign labels (which are Layer 2.5
information) and then forwards packets based on these fixed-length labels at Layer 2
switching speed.

1. www.pacw.org

www.pacw.org

Different ways to categorize MPLS:

By Application / Service:

 MPLS VPN (Virtual Private Network): This is the most common application. It allows
service providers to create secure, isolated IP networks for customers over a shared
MPLS infrastructure. There are different types of MPLS VPNs:
o Layer 3 MPLS VPN: The service provider handles routing between customer
sites within the VPN. Each customer gets a separate Virtual Routing and
Forwarding (VRF) instance on the provider edge (PE) routers.
o Layer 2 MPLS VPN (VPLS - Virtual Private LAN Service): Provides a Layer
2 bridged network between customer sites, making them appear as if they are on
the same LAN segment.
o Point-to-Point (VPWS - Virtual Private Wire Service) / Pseudowire: Creates a
Layer 2 virtual circuit between two customer sites, emulating a leased line.
 MPLS Traffic Engineering (MPLS TE): Used to optimize network utilization and
provide Quality of Service (QoS) by establishing explicit Label Switched Paths (LSPs)
with specific bandwidth guarantees and routing constraints.
 Carrier Supporting Carrier (CSC): Enables one service provider to use the MPLS
infrastructure of another provider to offer MPLS services to its own customers.
 Internet Routing: MPLS can be used within service provider networks to enhance the
scalability and performance of Internet routing.
 QoS (Quality of Service) over MPLS: MPLS headers can carry QoS information,
allowing for differentiated treatment of traffic within the MPLS domain.

By Signaling Protocol:
  LDP (Label Distribution Protocol): A standard protocol used by LSRs to advertise and
exchange label mappings for FECs. It dynamically establishes LSPs based on the
underlying IP routing. LDP typically follows the shortest path determined by the IGP
(Interior Gateway Protocol).
 RSVP-TE (Resource Reservation Protocol - Traffic Engineering): An extension of
RSVP used for establishing traffic-engineered LSPs. It allows for explicit path selection,
bandwidth reservation, and other traffic engineering capabilities. RSVP-TE can create
LSPs that don't necessarily follow the shortest IGP path.
 Static LSPs: LSPs that are manually configured on each router along the path. This is
less scalable but can be useful for specific, fixed paths.

By Layer of Operation (Often referred to as "Layer 2.5"):

 MPLS operates between Layer 2 (Data Link) and Layer 3 (Network) of the OSI model. It
uses Layer 3 routing information to assign labels (which are Layer 2.5 information) and
then forwards packets based on these fixed-length labels at Layer 2 switching speed.

By Connection Type:

 Point-to-Point: Connects two specific sites or endpoints (e.g., Layer 2 VPWS).

 Point-to-Multipoint: One source sends traffic to multiple destinations (can be used in
multicast VPN scenarios).
 Multipoint-to-Multipoint: Allows multiple sites to communicate with each other within
a single VPN (e.g., Layer 2 VPLS, Layer 3 VPN).

Newer Architectures:

 Segment Routing (SR) / MPLS-SR: A more recent architecture that leverages the
MPLS data plane but uses a source-routing paradigm. The ingress router imposes a stack
of segments (identifiers) onto the packet, instructing each router on how to forward it.
This simplifies the control plane and offers more flexibility compared to traditional LDP
or RSVP-TE.

Think of it like a train system: instead of each station figuring out the entire route for a
passenger, a ticket (the label) directs the train to the next appropriate stop.

Key MPLS Concepts

Label:
 A short (typically 20-bit) identifier that is inserted between the Layer 2 header and the
Layer 3 header of a packet. This label carries forwarding information.

 Label (20 bits): The core identifier used for forwarding decisions by MPLS routers.
Locally significant, it points to LFIB entries.
 Traffic Class (TC) / Experimental (EXP) (3 bits): Carries QoS information for
differentiated traffic treatment within the MPLS domain.
 Bottom of Stack (S) (1 bit): Indicates if the current label is the last one in a potential
label stack (used in VPNs, TE). '1' means it's the bottom.
 Time to Live (TTL) (8 bits): Prevents looping within the MPLS network by
decrementing at each hop; packet is discarded if it reaches zero.

Label Switched Path (LSP):

A unidirectional path through the MPLS network that a packet follows. LSPs are
established based on various criteria, such as destination prefixes or traffic engineering
requirements.

Label Switching Router (LSR):

Any router within the MPLS network that can forward packets based on labels. LSRs
perform label operations (push, swap, pop).

Label Edge Router (LER):

Routers at the edge of the MPLS network.

o Ingress LER: The router that receives unlabeled IP packets from the customer
network and assigns labels to them (label imposition or push).
o Egress LER: The router that receives labeled packets and removes the labels
before forwarding them to the destination IP network (label disposition or pop).

Forwarding Equivalence Class (FEC):

 A group of IP packets that are forwarded in the same way over the MPLS network.
Typically, packets with the same destination IP prefix belong to the same FEC.

 Follow the same Label Switched Path (LSP).

 Receive the same MPLS label(s) at the ingress router.
 Experience the same forwarding treatment (e.g., same QoS).

Think of a FEC as a destination group. Instead of each router making independent forwarding
decisions based on the full destination IP address of every packet, the ingress router classifies
packets into FECs and assigns them a label that represents that FEC. Subsequent routers then
only need to look at the label to know how to forward the packet.

Key Aspects of FECs:

Classification at the Ingress LER:

 The Ingress Label Edge Router (LER) is responsible for examining incoming IP packets
and determining which FEC they belong to. This classification is based on various
criteria.

Label Binding:

 Once a packet is classified into a FEC, the ingress LER associates (binds) an MPLS label
to that FEC. This label is then imposed onto the packet.

Forwarding Based on Labels:

Within the MPLS core, Label Switching Routers (LSRs) forward packets solely based on
the incoming label. They don't need to re-examine the original IP header to make
forwarding decisions. The label acts as a shortcut, directing the packet along the pre-
established LSP for that FEC.

FEC Granularity:

The granularity of a FEC can vary. Common examples include:

o Destination IP Prefix: All packets destined for a specific IP subnet (e.g.,

192.168.1.0/24) can be grouped into a single FEC. This is the most common
scenario in basic MPLS.
o Destination IP Address: In some cases, each specific destination IP address
could be treated as a separate FEC.
o Source and Destination IP Address: The FEC could be defined by both the
source and destination IP addresses.
o Quality of Service (QoS) Requirements: Packets with different QoS
requirements (e.g., voice vs. data) destined for the same IP prefix could be
classified into different FECs to ensure differentiated treatment.
 o VPN Membership: In MPLS VPNs, all traffic belonging to a specific VPN
would typically be part of one or more FECs associated with that VPN.

Label Distribution Protocol (LDP) and FECs:

LDP is the protocol used by LSRs to advertise the label bindings for specific FECs to
their neighbors. When a router decides it needs a label for a particular FEC (e.g., a
destination prefix it has learned through the IGP), it will request a label mapping from its
upstream LDP neighbor.

Label Distribution Protocol (LDP):

 Its primary responsibility is advertising label mappings between LSRs.

 It also manages these label mappings.
 This occurs within non-traffic-engineered MPLS networks.
 LDP enables the dynamic creation of LSPs.
 It also facilitates the dynamic maintenance of LSPs.
 The establishment and upkeep of LSPs are based on underlying IP routing information.

 This IP routing information is provided by an IGP (e.g., OSPF, ISIS).

Purpose:

 Distributes labels: LDP allows LSRs to inform their neighbors about the labels they
have assigned to specific Forwarding Equivalence Classes (FECs).
 Establishes LSPs: By exchanging label mappings, LDP builds the necessary label
forwarding information (LFIB) on each LSR along a path, creating an LSP for each FEC.
 Dynamic operation: LDP automatically adapts to changes in the underlying IP routing
topology. If the IGP path changes, LDP will update the label mappings accordingly.
 Simplicity: Compared to RSVP-TE (used for traffic engineering), LDP is simpler to
configure and operate as it primarily follows the IGP's shortest path.

How LDP Works:

 Neighbor Discovery: LDP uses Hello messages to discover neighboring LSRs. These
are typically sent as UDP multicast packets to the "all routers on this subnet" address
(224.0.0.2) on UDP port 646. Routers advertise their LDP Router ID (usually a loopback
interface IP address) in these Hello messages.
 Session Establishment: Once two LDP-enabled routers discover each other, they
establish an LDP session using a reliable TCP connection on port 646. The router with
the higher transport address (usually its LDP Router ID) initiates the TCP connection.
 Parameter Negotiation: During session establishment, LDP peers negotiate parameters
like LDP version, label distribution mode, keepalive timers, and label space.
 Label Advertisement: After the session is established, LSRs advertise label mappings
for the FECs they know about (typically IP prefixes learned from the IGP). They use
 Label Mapping messages to inform their neighbors about the label they are using for a
particular FEC.
 Label Request (Downstream-on-Demand): In some configurations (Downstream-on-
Demand), an LSR might explicitly request a label for a specific FEC from its downstream
neighbor using a Label Request message.
 Label Release: When a prefix becomes unreachable or an LDP session is terminated,
LSRs send Label Release messages to inform their neighbors that the label binding for
that FEC is no longer valid.
 Label Withdrawal: An LSR can also proactively withdraw a previously advertised label
binding using a Label Withdraw message.
 Maintaining Adjacency and Sessions: LDP peers exchange Hello and Keepalive
messages to ensure the neighbor adjacency and LDP session remain active. If no Hello or
Keepalive messages are received within the negotiated hold time, the neighbor and
session are considered down, and associated labels are withdrawn.

Key Concepts Related to LDP:

 LDP Router ID: A unique identifier for each LDP instance on a router, typically a stable
IP address like a loopback interface address.
 Transport Address: The IP address used as the source and destination for the TCP
connection that forms the LDP session. It's often the same as the LDP Router ID.
 Label Space: Can be per-platform (labels are unique across the entire router) or per-
interface (labels are unique per interface). Most modern implementations use per-
platform.
 Label Distribution Control Mode:
o Independent: An LSR can advertise a label for a FEC as soon as it learns about
the FEC from the IGP, without waiting for a label from its downstream neighbor.
This is the default on Cisco IOS.
o Ordered: An LSR only advertises a label for a FEC if it is the egress router for
that FEC or if it has received a label for that FEC from its next-hop router. This
can help prevent transient forwarding loops during convergence.

Example

 Independent: Each person starts filling their bucket and passing it along as soon as they have
some water, without necessarily waiting for the person downstream to be ready. This is faster but
could lead to some spillage if the downstream person isn't ready.

 Ordered: Each person only starts filling their bucket and passing it along once they see the
person downstream is ready to receive it and has their bucket empty. This is more coordinated
and reduces spillage (loops) but might be slightly slower to get the water to the fire.

 Label Retention Mode:

o Liberal: An LSR keeps all received label mappings from its neighbors, regardless
of whether the neighbor is the current next hop for the FEC.
 o Conservative: An LSR only keeps label mappings from the neighbor that is the
current best next hop for the FEC according to the IGP.

4. Configuration (Example - Cisco IOS):

Code snippet
! Enable MPLS globally
mpls ip

! Configure LDP Router ID (using loopback interface)

mpls ldp router-id Loopback0 force
interface Loopback0
ip address <loopback_ip> 255.255.255.255

! Enable LDP on interfaces participating in MPLS

interface GigabitEthernet0/0
ip address ...
mpls ip

interface GigabitEthernet0/1
ip address ...
mpls ip

5. Verification (Example - Cisco IOS):

 show mpls ldp neighbor: Displays LDP neighbors and their status.
 show mpls ldp bindings: Shows the label mappings learned and advertised by the
router.
 show mpls interfaces: Verifies which interfaces have MPLS and LDP enabled.
 show mpls ldp discovery: Provides details about LDP neighbor discovery.
 show mpls ldp session: Shows the status of established LDP sessions

Control Plane:

The part of the MPLS network responsible for building and maintaining the forwarding
information base (FIB) and the label information base (LIB). Protocols like LDP and
routing protocols operate in the control plane.

Data Plane:

The part of the MPLS network responsible for the actual forwarding of data packets
based on the labels.

Penultimate Hop popping (PHP)

It means remove the label one hop before its destination
Benefit: Reduces processing on the egress LER.

Implicit Null (Label Value 3):

 Signal: Egress LER tells the penultimate LSR to pop via label value 3.
 Data Plane: Label 3 is never in the actual packet.
 Action: Penultimate LSR pops the label.

Explicit Null (Label Value 0 for IPv4, 2 for IPv6):

 Signal: Egress LER advertises label 0 or 2.

 Data Plane: Penultimate LSR swaps to label 0 or 2.
 Action: Egress LER receives and then pops label 0 or 2.
 Purpose: Can help preserve MPLS QoS across the last hop.

Difference between VRF and VRF-lite

Feature MPLS VRF VRF Lite

MPLS Requirement Requires MPLS core No MPLS required

RD Uses Route Distinguisher No Route Distinguisher

RT Uses Route Targets No Route Targets

MP-BGP Used for route distribution Not used

Labeling Uses MPLS labels for forwarding No MPLS labels

Scalability Highly scalable Limited scalability

Complexity More complex Less complex (than MPLS VRF)

Enterprise segmentation, basic CE

Primary Use Service Provider L3VPNs segmentation

MPLS Operations: Push, Swap, Pop

1. Push (Label Imposition): The ingress LER receives an unlabeled IP packet. It looks up
the destination IP address in its routing table, determines the corresponding FEC, and
then imposes an MPLS label onto the packet. The label now dictates how the packet will
be forwarded within the MPLS domain.
2. [Ethernet Header] [MPLS Label] [IP Header] [Data]
3. Swap (Label Switching): An intermediate LSR receives a labeled packet. It looks up the
incoming label in its Label Forwarding Information Base (LFIB). The LFIB tells the
router to swap the incoming label with an outgoing label and forward the packet to the
next hop.
4. [Ethernet Header] [New MPLS Label] [IP Header] [Data]
 5. Pop (Label Disposition): The egress LER receives a labeled packet. It looks up the
incoming label in its LFIB. The LFIB instructs the router to remove the MPLS label and
forward the original IP packet towards its final destination.
6. [Ethernet Header] [IP Header] [Data]

Example Scenario and Configuration (Basic LDP)

Let's consider a simple MPLS network with three routers: P1 (Ingress LER), P2 (Transit LSR),
and P3 (Egress LER). They are connected in a linear topology. We want to enable MPLS for the
192.168.1.0/24 network reachable via P3.

Assumptions:

 Basic IP connectivity is already configured between the router interfaces.

 OSPF is running as the Interior Gateway Protocol (IGP) to exchange routing information.
MPLS LDP relies on an underlying IGP to establish adjacencies and discover neighbors.

Configurations:

P1 (Ingress LER):

Code snippet
! Enable MPLS globally
mpls ip

! Enable LDP on the interface connected to P2

interface GigabitEthernet0/0
ip address 10.1.1.1 255.255.255.252
mpls ip

! Enable LDP on the interface connected to the customer network (assuming it's
GigabitEthernet0/1)
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
mpls ip

! Configure LDP router ID (typically the loopback interface IP)

mpls ldp router-id Loopback0 force
interface Loopback0
ip address 1.1.1.1 255.255.255.255

P2 (Transit LSR):

Code snippet
! Enable MPLS globally
mpls ip

! Enable LDP on the interface connected to P1

interface GigabitEthernet0/0
ip address 10.1.1.2 255.255.255.252
mpls ip
! Enable LDP on the interface connected to P3
interface GigabitEthernet0/1
ip address 10.1.1.5 255.255.255.252
mpls ip

! Configure LDP router ID

mpls ldp router-id Loopback0 force
interface Loopback0
ip address 2.2.2.2 255.255.255.255

P3 (Egress LER):

Code snippet
! Enable MPLS globally
mpls ip

! Enable LDP on the interface connected to P2

interface GigabitEthernet0/0
ip address 10.1.1.6 255.255.255.252
mpls ip

! Enable LDP on the interface connected to the customer network (assuming it's
GigabitEthernet0/1)
interface GigabitEthernet0/1
ip address 192.168.1.254 255.255.255.0
mpls ip

! Configure LDP router ID

mpls ldp router-id Loopback0 force
interface Loopback0
ip address 3.3.3.3 255.255.255.255

Explanation of Configuration:

 mpls ip: This command enables MPLS forwarding on the router.

 interface <interface> followed by mpls ip: This enables LDP to advertise labels for
prefixes reachable through that interface and to participate in label switching.
 mpls ldp router-id Loopback0 force: This configures the LDP router ID, which is
used to identify the LDP instance. Using a stable loopback interface IP is recommended.
The force keyword is used to update the router ID if LDP is already running.

Verification with show Commands

Here are some essential show commands to verify the MPLS configuration and operation:

Check LDP Neighbors:

Code snippet
show mpls ldp neighbor

This command displays the LDP neighbors the router has established adjacencies with. You
should see the LDP router IDs and interface information of the neighboring LSRs. A healthy
MPLS network requires LDP adjacencies to be established between directly connected MPLS-
enabled routers.

Example Output (on P1):

Peer LDP Identifier : 2.2.2.2:0

TCP connection: 10.1.1.1.646 - 10.1.1.2.646
State : ESTABLISHED
Discovery Sources:
GigabitEthernet0/0 : LDP hello sent/received
Addresses advertised:
1.1.1.1
10.1.1.0/30
10.1.1.1/32

Check MPLS Forwarding Table (LFIB):

Code snippet
show mpls forwarding-table

This command displays the Label Forwarding Information Base (LFIB), which is used by the
data plane to make forwarding decisions. It shows the incoming label, the operation to perform
(swap, pop), the outgoing label (if swap), and the next hop.

Example Output (on P2):

Local Outgoing Prefix Bytes Label Outgoing Next Hop

Label Label or VC Switched interface
17 18 192.168.1.0/24 0 Gi0/1 10.1.1.6
18 Pop 10.1.1.0/30 0 Gi0/1 10.1.1.6
19 Pop 10.1.1.1/32 0 Gi0/1 10.1.1.6
20 17 10.1.1.4/30 0 Gi0/0 10.1.1.1
21 17 10.1.1.2/32 0 Gi0/0 10.1.1.1

 Local Label: The label the router uses to identify incoming packets for a specific FEC.
 Outgoing Label: The label the router will impose (swap to) on packets being forwarded
for that FEC.
 Prefix or VC: The IP prefix or Virtual Circuit associated with the label.
 Outgoing Interface: The interface the labeled packet will be sent out on.
 Next Hop: The IP address of the next hop router.

Check Label Bindings (LIB):

Code snippet
show mpls ldp bindings

This command displays the Label Information Base (LIB), which contains all the label bindings
the router has learned from its LDP neighbors and advertised locally.

Example Output (on P1):

Local LSR ID: 1.1.1.1:0

No label bindings for VRF default

Peer LSR ID Label

2.2.2.2:0 18 10.1.1.0/30
2.2.2.2:0 19 10.1.1.1/32
2.2.2.2:0 17 192.168.1.0/24

This output shows that P1 has learned from its neighbor (P2, with LDP ID 2.2.2.2:0) that packets
destined for 192.168.1.0/24 should be labeled with 17.

Verify MPLS on Interfaces:

Code snippet
show mpls interfaces

This command shows the interfaces on which MPLS is enabled.

Example Output (on P1):

Interface IP Tunneling/VRF ID Status

Gi0/0 none Enabled
Gi0/1 none Enabled

5. Ping with MPLS Echo Request (for connectivity testing within the MPLS domain):

Code snippet
ping mpls ipv4 <destination-ip> [label <outgoing-label>]

This command sends an MPLS echo request to verify connectivity along the LSP. You can
optionally specify the outgoing label to test a specific part of the path.

Example (from P1 to P3's loopback):

Code snippet
ping mpls ipv4 3.3.3.3

6. Traceroute with MPLS:

Code snippet
traceroute mpls ipv4 <destination-ip>
 This command traces the path of an MPLS packet to the destination, showing the labels at each
hop.

Example (from P1 to a host in 192.168.1.0/24):

Code snippet
traceroute mpls ipv4 192.168.1.10

Advanced MPLS Topics (Brief Overview)

1. MPLS VPN (Virtual Private Network): A widely used application of MPLS that
allows service providers to create secure and isolated VPNs for their customers over a
shared MPLS infrastructure. This involves concepts like VRFs (Virtual Routing and
Forwarding instances), Route Distinguishers (RDs), and Route Targets (RTs).
2. MPLS Traffic Engineering (MPLS TE): Uses RSVP-TE (Resource Reservation
Protocol - Traffic Engineering) to establish explicit LSPs with specific bandwidth
guarantees and path constraints. This helps optimize network utilization and provide QoS
(Quality of Service).
3. Quality of Service (QoS) in MPLS: MPLS headers contain experimental (EXP) bits
(also known as the Traffic Class (TC) field) that can be used to carry QoS information.
These bits can be mapped to different forwarding behaviors within the MPLS network.
4. MPLS over GRE/IPsec: MPLS can be encapsulated within GRE or IPsec tunnels to
extend MPLS services over non-MPLS-enabled networks or to provide additional
security.
5. Segment Routing (SR): A newer MPLS control-plane architecture that relies on source
routing. Instead of each router independently deciding the next hop based on labels, the
ingress router imposes a stack of segments (identifiers) onto the packet, instructing each
router along the path on how to forward it. SR can simplify MPLS operation and enhance
flexibility.

MPLS L2 VPN
MPLS Layer 2 VPNs are a technology used to extend Layer 2 networks (like Ethernet, Frame
Relay, or ATM) over an MPLS backbone. This technology is widely used by service providers to
offer VPN services to customers who want to connect geographically dispersed locations with
the same Layer 2 network.

Key Concepts

1. MPLS Backbone: The core of an MPLS Layer 2 VPN is an MPLS network operated by
a service provider. MPLS is a protocol for speeding up and shaping network traffic
flows.
2. Virtual Private Network (VPN): MPLS Layer 2 VPNs provide a virtual private network
service, meaning each customer's traffic is isolated from others, even though it may
traverse the same physical network.

3. Layer 2 Extension: The technology extends Layer 2 traffic (Ethernet, Frame Relay,
ATM) over an MPLS network, allowing customers to connect different sites with Layer 2
connectivity.

Types of MPLS Layer 2 VPNs

1. Point-to-Point (Pseudowire): The most basic form, also known as Virtual Private Wire
Service (VPWS). It connects two locations in a point-to-point fashion, emulating a
physical leased line using MPLS.
2. Virtual Private LAN Service (VPLS) : This is more complex and allows for multipoint
connectivity, effectively emulating a traditional LAN across the MPLS network. VPLS
makes it possible for multiple sites to connect as if they are on the same LAN.
3. Hierarchical VPLS (H-VPLS): An extension of VPLS, H-VPLS simplifies the
management and scalability of large VPLS deployments by introducing a hierarchy into
the VPLS architecture

Operational Mechanism

 Label Switching: MPLS operates by prefixing packets with an MPLS header containing
one or more labels. These labels are used to make forwarding decisions in the network.
 Encapsulation: Layer 2 frames from the customer's network are encapsulated and
transported over the MPLS network. At the receiving end, the frames are decapsulated
and delivered to the appropriate Layer 2 network.
 Traffic Isolation: MPLS uses Label Switched Paths (LSPs) and unique labels to keep
different customers' traffic segregated, ensuring privacy and security.

Benefits
 Flexibility and Scalability: Allows businesses to connect multiple sites with different Layer 2
protocols over a single MPLS network.
 Quality of Service (QoS): Supports sophisticated QoS capabilities, ensuring prioritization of
critical business traffic.
 Reduced Complexity: Simplifies the network by providing WAN connectivity without the need
to manage complex Routing architectures.
 Bandwidth Efficiency: MPLS can optimize bandwidth utilization and provide more efficient
network traffic flow management.
 Considerations
 Provider Dependence: The customer relies on the service provider's MPLS network for
connectivity.
 Cost: Can be more expensive than traditional internet-based VPNs, especially for small
businesses.
 Complexity in Deployment: Requires a good understanding of both MPLS and Layer 2
networking concepts for effective implementation.

Configration

VPLS emulates a LAN over an MPLS network, so different sites share the
Ethernet broadcast domain. MPLS tunnel is set up between every pair of PEs
(full-mesh).
VPWS is an L2 point-to-point service provisioned by Layer 2 VPN, which delivers
the virtual equivalent of a leased line. Any Transport Over MPLS (AToM) is
Cisco’s implementation of VPWS for IP/MPLS networks.

Native packets or frames that are received on ingress PE are encapsulated with
two MPLS labels (tunnel and VC) and sent across PWs to the egress PE router

 Tunnel/transport label (top label)

 VC/VPN label (bottom label)

The ingress PE router first pushes the VC label on the frame and then the tunnel
label. The MPLS packet is forwarded based on tunnel label hop by hop until it
reaches the egress PE.

It is worth saying that when the egress PE router receives an MPLS packet, the
tunnel (the topmost) label is already removed by the PE router due
to Penultimate-Hop-Popping (PHP) behavior. Therefore, only the VC label is
presented within the MPLS packet.

NOTE: The tunnel label is derived through the Label Distribution Protocol (LDP).

VC label identifies a particular circuit (PW) in a tunnel and egress AC on the

egress PE. This label is on the bottom of the label stack. When the egress PE
router receives the packet from Pseudowire, it looks up the VC label in the
forwarding information base, removes the VC label (label 21), and forwards the
frame to AC.

NOTE: P routers are completely unaware of customers’ network. They

just forward frames based on the top MPLS label.
PE1
pseudowire-class R1_L2-R6_L2
encapsulation mpls
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface GigabitEthernet0/0
no ip address
xconnect 5.5.5.5 10 encapsulation mpls pw-class R1_L2-R6_L2

interface GigabitEthernet0/1
ip address 11.0.0.1 255.255.255.0
mpls ip
!
router ospf 1
network 2.2.2.2 0.0.0.0 area 0
network 11.0.0.0 0.0.0.255 area 0

P Configuration
Configuration of MPLS core is pretty straightforward; we only enable MPLS
switching on the interfaces toward PE and P routers and OSPF. Make sure that
LDP router ID is forced to a loopback interface.
interface Loopback0
ip address 3.3.3.3 255.255.255.255

interface GigabitEthernet0/0
ip address 12.0.0.1 255.255.255.0
mpls ip

interface GigabitEthernet0/1
ip address 11.0.0.2 255.255.255.0
mpls ip

router ospf 1
network 3.3.3.3 0.0.0.0 area 0
network 11.0.0.0 0.0.0.255 area 0
network 12.0.0.0 0.0.0.255 area 0

CE1 Configuration
Customer devices require configuration of the loopback interface so that EIGRP
can select the IP on that interface as the router-id and configuration of EIGRP
itself.
Cinterface Loopback0
ip address 1.1.1.1 255.255.255.255

interface Loopback1
ip address 192.168.1.1 255.255.255.0

interface GigabitEthernet0/0
ip address 10.0.0.1 255.255.255.252

router eigrp 1
network 1.1.1.1 0.0.0.0
network 10.0.0.0 0.0.0.3
network 192.168.1.0
MPLS L3 VPN
Okay, here's a concise, step-by-step explanation and configuration example for MPLS L3 VPN:

Concept: MPLS L3 VPNs provide private, routed IP connectivity between customer sites over a
shared MPLS infrastructure using VRFs on PE routers to isolate routing. MP-BGP exchanges
VPN routes with Route Distinguishers (RDs) and Route Targets (RTs).

Step-by-Step:

1. Define VRF: On each PE router connected to a customer site, create a Virtual Routing
and Forwarding (VRF) instance for that customer.
2. Assign RD: Configure a Route Distinguisher (RD) for the VRF. This makes customer
routes unique within the MPLS core.
3. Configure RTs: Define export and import Route Targets (RTs) for the VRF. These
control which VPN routes are advertised to and accepted from other PEs.
4. Interface to VRF: Assign the physical or logical interface connected to the Customer
Edge (CE) router to the customer's VRF.
5. CE-PE Routing: Configure a routing protocol (e.g., OSPF, BGP, static routes) between
the CE router and the PE router within the VRF. This allows the PE to learn the
customer's local routes.
6. MP-BGP Peering: Establish MP-BGP peering between the PE routers. This protocol is
used to exchange VPN routes (prefixes + RD + RT) and labels.
7. Advertise VPN Routes: Configure MP-BGP to advertise the routes learned within the
VRF to other PE routers that have matching import RTs.
8. Label Distribution: MPLS label switching in the core forwards traffic based on labels
associated with the VPN routes advertised via MP-BGP.

 routers.
Step-by-Step Configuration:

1. Configure PE1:

Code snippet
! Enable MPLS globally (if not already done)
mpls ip

! Define the VRF for the customer

ip vrf CUSTOMER-A
rd 100:1 ! Route Distinguisher (ASN:NN or IP:NN - locally significant)
route-target export 1:100 ! Export RT (community attribute)
route-target import 1:100 ! Import RT (community attribute)

! Configure the interface facing CE1 and associate it with the VRF
interface GigabitEthernet0/0
ip vrf forwarding CUSTOMER-A
ip address 10.1.12.1 255.255.255.0
no shutdown

! Configure routing between CE1 and PE1 within the VRF (OSPF example)
router ospf 1 vrf CUSTOMER-A
router-id 10.1.12.1
network 10.1.12.0 0.0.0.255 area 0

! Configure MP-BGP peering with PE2

router bgp 65000
neighbor 2.2.2.2 remote-as 65000
neighbor 2.2.2.2 update-source Loopback0
address-family ipv4 vrf CUSTOMER-A
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family

2. Configure PE2:

Code snippet
! Enable MPLS globally (if not already done)
mpls ip

! Define the VRF for the customer

ip vrf CUSTOMER-A
rd 100:1 ! Must match the RD on PE1 for the same VPN
route-target export 1:100 ! Must match the import RT on PE1
route-target import 1:100 ! Must match the export RT on PE1

! Configure the interface facing CE2 and associate it with the VRF
interface GigabitEthernet0/0
ip vrf forwarding CUSTOMER-A
ip address 10.1.23.2 255.255.255.0
no shutdown

! Configure routing between CE2 and PE2 within the VRF (OSPF example)
router ospf 1 vrf CUSTOMER-A
router-id 10.1.23.2
network 10.1.23.0 0.0.0.255 area 0

! Configure MP-BGP peering with PE1

router bgp 65000
neighbor 1.1.1.1 remote-as 65000
neighbor 1.1.1.1 update-source Loopback0
address-family ipv4 vrf CUSTOMER-A
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
exit-address-family

3. Configure CE1:

Code snippet
router ospf 1
router-id 192.168.1.1
network 192.168.1.0 0.0.0.255 area 0
network 10.1.12.0 0.0.0.255 area 0

4. Configure CE2:

Code snippet
router ospf 1
router-id 192.168.2.1
network 192.168.2.0 0.0.0.255 area 0
network 10.1.23.0 0.0.0.255 area 0

Verification:

On PE1 and PE2, use the following commands:

 show ip vrf: Displays the configured VRFs and their status.

 show ip route vrf CUSTOMER-A: Shows the routing table for the "CUSTOMER-A"
VRF. You should see the routes learned from the remote CE via MP-BGP. Look for
routes with the RD prepended (e.g., 100:1:192.168.2.0/24).
 show bgp vpnv4 unicast all: Displays all VPN-IPv4 routes learned via MP-BGP,
including the RD and Route Target information.
 show mpls forwarding-table vrf CUSTOMER-A: Shows the MPLS forwarding table
entries associated with the "CUSTOMER-A" VRF. You should see labels associated with
the VPN routes.
 show ldp neighbor: Verify LDP adjacencies with the P routers in the core.

End-to-End Testing:
1. Ensure IP addresses are configured on hosts within the 192.168.1.0/24 network (behind
CE1) and the 192.168.2.0/24 network (behind CE2).
2. Try pinging from a host behind CE1 to a host behind CE2. The traffic should be routed
across the MPLS L3VPN.
3. Traceroute from one host to the other can help verify the path taken.