Forum Replies

  1. Hi Hamood,

    IBGP is used between PE routers to exchange VPNv4 routes. It’s all explained in the next MPLS lessons that you can find in the link below :slight_smile:


  2. Hi Shaun,

    For CCNP ROUTE this will be enough. They expect you to have an “idea” what MPLS is about but you don’t have to configure anything. If you want to learn what MPLS VPN is about, just follow all the lessons in this overview:

    It will explain all the MPLS VPN scenarios.


  3. Hi Praveen,

    These are different topics with different solutions. First of all, keep in mind that VPN is often used to talk about encryption / authentication / security but this is not always the case. Even a VLAN could be considered a VPN, it’s “virtual” and a “private network”.

    Let me give you a quick overview in a nutshell:

    • MPLS VPN: we use this for connectivity. service providers offer MPLS for remote connectivity. For details, check the MPLS material. The "VPN" part of MPLS is that we use VRFs to separate customer routing information and we create unique VPN routes.
    • IPsec VPN: There is no security at all on the network layer, IPsec is a framework that takes care of this.
    • SSL VPN: This is a VPN on the application layer, it's typically used with web browsers so that you don't need any client software on your computer. Take a look at this example that I created with the ASA firewall.


  4. Hi @kayoutoure

    It might help to think about this the other way around, let’s say we don’t use MPLS but BGP on all P and PE routers. This means that:

    * The P routers have to do a lookup in their routing tables for every destination.
    * The P routers have to know about every destination…this means you’ll have to redistribute customer information into BGP.
    * iBGP has to be a full mesh so if you add another P router in your network, you’ll have to establish neighbor adjacencies with all other iBGP routers. You can make your life a bit easier with route reflectors and confederations but it’s still a lot more work than configuring a router with an IGP like OSPF + MPLS.

    There are a lot of different logical topologies you can run on top of MPLS. For example, services like E-line, E-tree and E-lan are also often used on top of MPLS.

  5. Hello Zaman

    MPLS functions on many vendors’ equipment as it is an open method of data-carrying. Cisco chooses to implement MPLS in combination with CEF because of their similarities in functions and the efficiency this introduces. Essentially, CEF functionality complements MPLS.

    MPLS is like CEF because it generates a table with mappings from incoming labels to outgoing labels and next hop. CEF on the other hand generates a table mapping the incoming packets destination to the outgoing interface and next hop. Both function based on the routing table and are generated on startup, allowing for very fast switching of packets.

    On Cisco devices, CEF and MPLS work together. On the ingress edge router the IP destination network of an unlabelled packet will be looked up in the CEF table which contains a mapping to the outgoing label. This is done for efficiency so that the destination doesn’t have to be looked up in the CEF table, then again in the label forwarding information base (LFIB).

    A Label Switched Path (LSP) defines a path in only one direction. This means that it allows data to flow in only one direction between two endpoints. Establishing two-way communications between endpoints requires a pair of LSPs to be established, one for each direction. Because two LSPs are required for connectivity, data flowing in the forward direction may use a different path from data flowing in the reverse direction. This is a similar concept to the fact that if routing is available from point A to point B, it is not necessarily true that routing exists from point B to point A. It must be explicitly defined.

    The pop label is very different than the untagged label. A popped label is when the penultimate (the second-to-last router) performs a pop of the outer label. The inner label is still there, so it forwards it based on that.

    The Untagged keyword shows up in the output of the show mpls forwarding-table command. What it means is that the router has no output label associated with the forwarding equivalence class (FEC … usually an IP prefix). Since there is no output label, the router cannot perform a label swap (or pop) but has to remove the whole MPLS header.

    In this case, the raw IP packet has to be forwarded based on the routing table and the prefixes found there.

    I hope this has been helpful!


77 more replies! Ask a question or join the discussion by visiting our Community Forum