MPLS + MPLS VPN Configuration Step by Step

Have you ever ordered something from a distant retailer online and then tracked the package as it made strange and seemingly illogical stops all over the country?

This is similar to how IP routing works on the Internet. When an internet router receives an IP packet, it contains no information other than the destination IP address. There are no instructions on how to get that packet to its destination or how to treat it along the way.

Each router must make a separate forwarding decision for each packet based solely on the network-layer header. As a result, every time a packet arrives at a router, the router must "consider" where to send the packet next. The router accomplishes this by making use of complex routing tables.

Multi-protocol label switching is a method of ensuring reliable connections for real-time applications. MPLS is a technique, not a service; it can provide everything from IP VPNs to metro Ethernet. It's costly, so with the introduction of SD-WAN, businesses are attempting to figure out how to optimize its use in comparison to less expensive connections like the internet.

What exactly does MPLS stand for?


When discussing telecommunications protocols, the term "Multiprotocol Label Switching" (MPLS) is frequently used. MPLS is a protocol or procedure that is used to shape network traffic flows and increase network node speed. MPLS (Multiprotocol Label Switching) is a data forwarding technology that increases network speed and controls network traffic flow. Instead of requiring complex lookups in a routing table at each stop, MPLS directs data through a path via labels.

What exactly is an MPLS network, and how does it work?


MPLS converts a routed network to something more akin to a switched network and provides information transfer speeds not available in a traditional IP-routed network. Paths are established for specific source-destination pairs rather than forwarding packets hop by hop. MPLS does not include any built-in encryption. It is simply a traffic routing mechanism that simulates private lines by directing packets along predetermined labeled paths within the network – while still allowing shared network elements.

Why do we require MPLS?


MPLS provides sophisticated traffic engineering options, allowing traffic to be routed via non-standard paths. This can reduce latency (the time it takes to send/receive data). It also reduces congestion on the paths that were previously avoided due to traffic engineering.

Components OF MPLS


The use of "tunnels" created by MPLS labeling is critical to the success of MPLS and the L3 MPLS VPN. Tunneling in the cloud of a service provider has numerous advantages:

  • Only the edge points (ingress and egress) must comprehend the meaning of the inner network information (prefixes); core routers simply switch traffic based on labels.
  • You can easily and explicitly redirect tunnel traffic.
  • Tunnels within tunnels can be built.
  • The tunnel is less susceptible to data spoofing.
  • The overhead associated with MPLS is relatively low (4 bytes per MPLS header)

Different Types of MPLS


MPLS VPNs are classified into three types: Layer 2 VPNs, Layer 2 circuits, and Layer 3 VPNs. Certain components are shared by all MPLS VPNs: The provider's network's provider edge (PE) routers connect to the customer edge (CE) routers at customer sites.

Why is MPLS more efficient than IP routing?


MPLS is much faster than traditional IP Routing because it uses the label concept to allow packet forwarding (rather than switching). This type of forwarding is more efficient because it does not overload the CPU.

Where does MPLS come into play?


In contrast to other network protocols that route traffic based on source and destination addresses, MPLS routes traffic based on predefined "labels." MPLS has been used by businesses to connect remote branch offices that require access to data or applications stored in the organization's data center or corporate headquarters.

What distinguishes MPLS from the Internet?


MPLS is a private network connection that connects data centers and branch offices. MPLS is typically outsourced, with service providers ensuring network performance, quality, and availability. Because of the latency introduced by distance and the limited bandwidth available via MPLS, the Internet is slower.

Why is MPLS so costly?


MPLS has limited bandwidth and requires longer lead times.
Not only are bandwidth upgrades prohibitively expensive, but they are also not always feasible. MPLS is also restricted and inefficient due to long installation and upgrades lead times.

Is MPLS more efficient than VPN?


There are, however, some trends. MPLS is traditionally designed to be faster than a VPN. Because each individual router does not need to perform an IP lookup, the labeling function in MPLS could theoretically speed up an internet connection.

What is superior to MPLS?


MPLS can be expensive in terms of bandwidth, whereas SD-WAN protects your network from vulnerabilities that MPLS cannot. The short answer is that SD-WAN provides improved visibility, availability, performance, and flexibility. This is why the industry has seen an increase in interest in SD-WAN over the last few years.

MPLS Advantages And Disadvantages


It necessitates WAN optimization to streamline delivery, which adds to the cost of an already expensive solution. It takes a long time to deploy, especially if the offices are spread across multiple states or countries.

Scalability, performance, better bandwidth utilization, reduced network congestion, and a better end-user experience are all advantages of MPLS.

MPLS does not provide encryption, but it is a virtual private network that is isolated from the public Internet. As a result, MPLS is regarded as a secure mode of transport. Furthermore, it is not vulnerable to denial-of-service attacks, which may affect pure IP-based networks.

On the negative side, MPLS was designed for organizations with multiple remote branch offices geographically dispersed across the country or the world, with the majority of traffic directed to enterprise data centers.

Today, businesses have shifted much of their traffic to and from cloud providers, rendering MPLS obsolete.

When businesses migrate to the cloud, the MPLS-based hub-and-spoke model becomes inefficient because it routes traffic through the headquarters (hubs) of the companies, which act as central choke points. Sending traffic directly to the cloud is more efficient. Furthermore, the increased use of cloud services, video, and mobile apps has increased bandwidth requirements, and MPLS services are difficult to scale on demand.

For its time, MPLS was a great innovation, but there are newer technologies that better address today's network architectures. SD-WANs (software-defined wide-area networks) are designed.

SD-WAN vs MPLS


Many network professionals regard MPLS and SD-WAN as either-or options, but the reality is that both have a place in a modern WAN. SD-WANs may one day replace MPLS, but that is decades away. Businesses already have hybrid computing, storage, and applications, so it stands to reason that networks will be hybrid as well.

SD-WAN is the WAN implementation of Software Defined Networking (SDN) concepts. This entails the installation of SD-WAN edge devices that use rules and policies to route traffic along the best path.

SD-WAN is a transport-independent overlay capable of routing any type of traffic, including MPLS. The benefit of SD-WAN is that an enterprise WAN-traffic architect can sit in a centralized location and easily apply policies to all WAN devices.

In contrast, with MPLS, predetermined routes must be painstakingly provisioned, and once the fixed circuits are in place, making changes is not as simple as a point-and-click operation.

However, once an MPLS network is in place, it guarantees real-time traffic performance. Although SD-WAN can route traffic along the most efficient path, there are no guarantees of performance once those IP packets reach the open Internet.

Going forward, the most prudent strategy will be to offload as much MPLS traffic as possible to the public Internet while continuing to use MPLS for time-sensitive applications that require guaranteed delivery. Nobody wants to be in the crosshairs when the CEO's monthly video conference with branch office employees cuts out in the middle of a sentence.

MPLS VPN Configuration Step by Step -


MPLS-VPN-Configuration


I have configured MPLS-VPN using GNS3. The steps are follows: 

Step 1 - Assigning IP address and full connectivity between PE, R3, and PE:

PE 1 

interface Loopback0

 ip address 1.1.1.1 255.255.255.255

 ip ospf 1 area 0

interface FastEthernet0/0

 ip address 10.0.0.1 255.255.255.0

 ip ospf 1 area 0

R3 ---

ip address 4.4.4.4 255.255.255.255

 ip ospf 1 area 0

interface FastEthernet0/0

 ip address 10.0.0.4 255.255.255.0

 ip ospf 1 area 0

interface FastEthernet2/0

 ip address 10.0.1.4 255.255.255.0


 ip ospf 1 area 0


PE 2-

interface Loopback0

 ip address 3.3.3.3 255.255.255.255

 ip ospf 1 area 0

interface FastEthernet0/0

 ip address 10.0.1.3 255.255.255.0

 ip ospf 1 area 0


Step 2 -  Enabling MPLS on PE AND P routers: common commands, mpls ip or mpls ldp autoconfig.

You have to apply mpls ip on all interfaces or mpls ldp autoconfig under each ospf it will enable mpls on all interfaces.

 router ospf 1

 mpls ldp autoconfig

To check mpls interfaces #sh mpls interface 

To verify ldp neighbor #sh mpls ldp neighbor

You can run trace command to check whether ldp is running.


Step 3 - Enabling MP-BGP on PE routers using vpnv4  address family

PE 1: 

router bgp 1

 neighbor 3.3.3.3 remote-as 1

 neighbor 3.3.3.3 update-source Loopback0

   address-family vpnv4

  neighbor 3.3.3.3 activate

PE 2:

router bgp 1

neighbor 1.1.1.1 remote-as 1

 neighbor 1.1.1.1 update-source Loopback0

 address-family vpnv4

  neighbor 1.1.1.1 activate

To verify the BGP session between PE routers run #sh bgp vpnv4 unicast all summary.

--------------------------------------------VRF started------------------------------------------------------

Step 4 - Added two more routers (customer sites) R7 AND R8, created VRF "RED"

ip vrf RED

 rd 4:4

 route-target export 4:4

 route-target import 4:4

Step 5 - Assigned interfaces f2/0 and f2/0 of PE routers into VRF and ip addresses, configured OSPF 2

R7: 

int lo0

ip add 7.7.7.7 255.255.255.255 

ip ospf 2 area 2 

int f0/0

ip add 192.168.1.7 255.255.255.0 

ip ospf 2 area 2

no shut 

R8-

interface Loopback0

 ip address 8.8.8.8 255.255.255.255

 ip ospf 2 area 2

!         

interface FastEthernet0/0

 ip address 192.168.2.8 255.255.255.0


 ip ospf 2 area 2


PE1-

interface FastEthernet2/0

 ip vrf forwarding RED

 ip address 192.168.1.2 255.255.255.0

 ip ospf 2 area 2


PE2-

  interface FastEthernet2/0

 ip vrf forwarding RED

 ip address 192.168.2.4 255.255.255.0

 ip ospf 2 area 2


R2, R3, R4 form are running OSPF with all loopbacks 32 address and have full connectivity. 

R2 and R4 are peering with MP-BGP. MPLS LDP is enabled on all the internal interfaces of R2,R3,R4 except external interfaces. 

The external interfaces have been placed into a VRF (RED) and then customer site routers have been joined to VRF (RED)

The final step to get full connectivity redistribute the routes in OSPF on R2 and R4 into MP-BGP and MP-BGP into OSPF.

Redistribute the OSPF routes from R7 into BGP in the VRF RED on PE1, the OSPF routes from R8 into MP-BGP in the VRF RED on PE2 and then the routes in MP-BGP in PE1 and PE2 back out to OSPF.

Redistribute OSPF into MP-BGP on R2

router bgp 1

address-family ipv4 vrf RED 

redistribute ospf 2

Redistribute OSPF into MP-BGP on R4

router bgp 1

address-family ipv4 vrf RED 

redistribute ospf 2

Redistribute MP-BGP into OSPF on R2

router ospf 2 

redistribute bgp 1 subnets 

Redistribute MP-BGP into OSPF on R4

router ospf 2 

redistribute bgp 1 subnets

See the results: 

R8#trace 7.7.7.7

Type escape sequence to abort.

Tracing the route to 7.7.7.7

VRF info: (vrf in name/id, vrf out name/id)

  1 192.168.2.4 368 msec 252 msec 360 msec

  2 10.0.1.4 [MPLS: Labels 17/19 Exp 0] 1148 msec 1404 msec 1332 msec

  3 192.168.1.2 [MPLS: Label 19 Exp 0] 804 msec 1344 msec 724 msec

  4 192.168.1.7 1152 msec 1488 msec 1380 msec


R7#trace 8.8.8.8

Type escape sequence to abort.

Tracing the route to 8.8.8.8

VRF info: (vrf in name/id, vrf out name/id)

  1 192.168.1.2 428 msec 356 msec 304 msec

  2 10.0.0.4 [MPLS: Labels 16/17 Exp 0] 1784 msec 1200 msec 1460 msec

  3 192.168.2.4 [MPLS: Label 17 Exp 0] 812 msec 888 msec 700 msec

  4 192.168.2.8 1584 msec 1260 msec 924 msec

We can see the above outcome that packets are going over the MPLS and be label switched not routed.

Useful Commands:


#sh mpls ldp binding

#sh mpls forwarding-table

#sh mpls ldp discovery

#sh mpls ldp neighbor

#config#mpls ip

#sh mpls label range

#ip cef to enable cef on interfaces

#mpls label protocols

#sh ip vrf detail

#sh ip route vrf vrf-name

#sh ip vrf interface

#ping vrf vr-name ip-address

#sh ip bgp vpnv4 all summary for mpbgp

#sh ip bgp vpnv4 all for mpbgp

I hope, you have liked this post "MPLS VPN Configuration Step by Step". I look forward to your valuable feedback.

0 Comments: