MPLS Layer 3 VPN PE-CE RIP

In my previous lessons I explained the basics of MPLS L3 VPNs and I explained in detail how to configure it. This time, we are going to configure MPLS VPN PE-CE with RIP as the routing protocol between the customer and service provider.

RIP is a simple routing protocol and easy to implement with MPLS VPN. Here’s the topology we will use:

MPLS L3 VPN PE CE

This is the same topology that I used in my previous examples. Let’s see what the configuration is like…

Configuration

IGP and LDP

We will start with the configuration of the service provider network, we’ll have to configure an IGP (OSPF) and LDP on the PE1, P and PE2 router. Let’s add some loopbacks that are required for LDP:

PE1(config)#interface loopback 0
PE1(config-if)#ip address 2.2.2.2 255.255.255.255
P(config)#interface loopback 0
P(config-if)#ip address 3.3.3.3 255.255.255.255
PE2(config)#interface loopback 0
PE2(config-if)#ip address 4.4.4.4 255.255.255.255

Now we can configure OSPF:

PE1(config)#router ospf 1
PE1(config-router)#network 192.168.23.0 0.0.0.255 area 0
PE1(config-router)#network 2.2.2.2 0.0.0.0 area 0
PE1(config-router)#mpls ldp autoconfig
P(config)#router ospf 1
P(config-router)#network 192.168.23.0 0.0.0.255 area 0
P(config-router)#network 192.168.34.0 0.0.0.255 area 0
P(config-router)#network 3.3.3.3 0.0.0.0 area 0
P(config-router)#mpls ldp autoconfig
PE2(config)#router ospf 1
PE2(config-router)#network 192.168.34.0 0.0.0.255 area 0
PE2(config-router)#network 4.4.4.4 0.0.0.0 area 0
PE2(config-router)#mpls ldp autoconfig

This time I used the mpls ldp autoconfig command to automatically enable LDP for all OSPF enabled interfaces. Let’s do a quick check to see if LDP is enabled:

P#show mpls ldp neighbor | include Peer
    Peer LDP Ident: 2.2.2.2:0; Local LDP Ident 3.3.3.3:0
    Peer LDP Ident: 4.4.4.4:0; Local LDP Ident 3.3.3.3:0

Our P router in the middle has two neighbors so this is looking good. Just in case, let’s verify if there is connectivity between PE1 and PE2:

PE1#traceroute 4.4.4.4 source loopback 0
Type escape sequence to abort.
Tracing the route to 4.4.4.4
VRF info: (vrf in name/id, vrf out name/id)
  1 192.168.23.3 [MPLS: Label 17 Exp 0] 0 msec 0 msec 4 msec
  2 192.168.34.4 0 msec 0 msec *

PE1 and PE2 are able to reach each other and you can see we are using label switching.

VRFs on the PE Routers

Our next step in the configuration is to configure the VRFs. I will use a VRF called “CUSTOMER”, the route distinguisher and route-target will be 1:1.

PE1 & PE2
(config)#ip vrf CUSTOMER
(config-vrf)#rd 1:1
(config-vrf)#route-target both 1:1

Don’t forget to add the interfaces facing the customer routers into the VRF:

PE1(config)#interface FastEthernet 0/0
PE1(config-if)#ip vrf forwarding CUSTOMER
PE1(config-if)#ip address 192.168.12.2 255.255.255.0
PE2(config)#interface FastEthernet 0/1
PE2(config-if)#ip vrf forwarding CUSTOMER
PE2(config-if)#ip address 192.168.45.4 255.255.255.0

Let’s check if the PE routers are able to ping the CE routers from the VRF:

PE1#ping vrf CUSTOMER 192.168.12.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
PE2#ping vrf CUSTOMER 192.168.45.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.45.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

So far so good…

IBGP between PE1 and PE2

Our two PE routers require iBGP to exchange the VPNv4 routes. Let’s configure this:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 662 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

515 Sign Ups in the last 30 days

satisfaction-guaranteed
100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: , ,


Forum Replies

  1. Hi Rene, Andrew
    I am afraid I still don’t understand one thing- why do we need vpn label if we have both RD and RT’s ?
    It was said the router wouldn’t know what VRF the route belongs to… well:
    When PE1 advertises the route to PE2 , this route is unique for BGP because of RD and PE2 also knows in what VRF to install it thanks to Route Target value.
    So the MPLS VPN label seems to be redundant as the BGP can figure the VRF out based solely on the Route Targets …
    What am I missing in this puzzle :slight_smile: Thank you
    Edit- ok, I think I mix up the control and data plane again

    ... Continue reading in our forum

  2. Hi @kumaracp10,

    Many thanks for your excellent question. If you are referring to MPLS labels, this is primarily used as a method to quickly switch IP packets within the MPLS core. This is the most basic feature of MPLS so it is used in all MPLS networks even if there is no VPN overlay. The 1st MPLS tag exists only to enable MPLS forwarding plane operations.

    **If we decide to operate a VPN over MPLS, a second MPLS tag is added** to allow PEs to know how to efficiently forward incoming packets.

    In MPLS there are two basic rules that help us unpick the architec

    ... Continue reading in our forum

  3. Hi Rene,

    I have couple of doubts.

    1. Why we need RD? We have for example VRF Red or VRF Blue which is separate from each other so why we are using RD to make the prefix unique.
    2. After using RD, PE Router will come to know which prefix will be import to which CE Router but again we are using RT here for import and export though we have RD.

    Thanks,
    Manami

  4. Hello Fabrice

    The specific benefits as described by Cisco are the following:

    Benefits
    The MPLS VPN ID feature provides the following benefits:

    • Remote access applications, such as the Remote Authentication Dial-In User Service (RADIUS) and Dynamic Host Configuration Protocol (DHCP), can use the MPLS VPN ID feature to identify a VPN. RADIUS can use the VPN ID to assign dial-in users to the proper VPN, based on each user’s authentication information.

    • A VPN is private and uses a private address space that might also be used by another VPN or by the Internet. T

    ... Continue reading in our forum

118 more replies! Ask a question or join the discussion by visiting our Community Forum