routers and with PE routers and exchange information about core subnetworks and loopbacks. BGP deployment on P routers is not needed for proper MPLS VPN operation; BGP deployment might be needed, however, to support traditional Internet connectivity that has not yet migrated to MPLS. PE Router Perspective
Figure shows how PE routers exchange routes. The PE routers are the only routers in MPLS VPN architecture that see all routing aspects of the MPLS VPN. PE routers are able to exchange three routes: Note
Static routing can also be used between the CE and PE. End-to-End Routing Update Flow
Figure provides an overview of end-to-end routing information flow in an MPLS VPN network. These steps describe the stages of routing information flow. The flow goes from the IPv4 routing updates entering the MPLS VPN backbone through their propagation as VPNv4 routes across the backbone: Step 1 PE routers receive IPv4 routing updates from the CE routers and install the updates in the appropriate VRF table. Step 2 The customer routes from VRF tables are exported as VPNv4 routes into MPBGP and propagated to other PE routers. Step 3 The PE routers receiving MPBGP updates import the incoming VPNv4 routes into their VRF tables based on RTs that are attached to the incoming routes and on import RTs that are configured in the VRF tables. Step 4 The VPNv4 routes that are installed in the VRF tables are converted to IPv4 routes and then propagated to the CE routers. The CE routers, PE routers, and P routers have specific requirements for end-to-end routing information flow.
Content 4.4 Describing MPLS VPN Technology 4.4.8 MPLS VPNs and Packet Forwarding MPLS works by prepending packets with an MPLS header, containing one or more “labels.” This is called a label stack. You can use an MPLS label stack to tell the egress PE router what to do with the VPN packet. The ingress PE router labels each VPN packet with a label uniquely identifying the egress PE router. The PE router sends the VPN packet across the network and all the routers in the network subsequently switch labels without having to look into the packet itself. Figure represents an MPLS label with two labels in the stack. Figure illustrates the concept. When using the label stack, the ingress PE router labels the incoming IP packet with two labels: The second label in the stack points toward an outgoing interface whenever the CE router is the next hop of the VPN route. The second label in the stack points to the VRF table for aggregate VPN routes, VPN routes pointing to a null interface, and routes for directly connected VPN interfaces. The two-level MPLS label stack satisfies these MPLS VPN forwarding requirements: VPN PHP
PHP, the removal of the top label in the stack on the hop prior to the egress router, can be performed in frame-based MPLS networks as described by Figure . In these networks, the last P router in the label switched path (LSP) tunnel pops the LDP label, as previously requested by the egress PE router through LDP. The PE router receives a labeled packet that contains only the VPN label. In most cases, a single label lookup that is performed on that packet in the egress PE router is enough to forward the packet toward the CE router. The full IP lookup through the FIB is performed only once, in the ingress PE router, even without PHP.
Content 4.4 MPLS Lab Exercises 4.5.1 Lab 4.1 Configuring Frame Mode MPLS Lab Activity Lab Exercise: Lab 4.1 Configuring Frame Mode MPLS In this lab, you will configure a simple Enhanced Interior Gateway Routing Protocol (EIGRP) network to route IP packets. You will run Multiprotocol Label Switching (MPLS) over the IP internetwork to fast-switch Layer 2 frames.
Content 4.4 MPLS Lab Exercises 4.5.2 Lab 4.2 Challenge Lab: Implementing MPLS VPNs (Optional) Lab Activity Lab Exercise: Lab 4.2 Challenge Lab: Implementing MPLS VPNs (Optional) As a network engineer at a service provider corporation, you suggest rolling out MPLS as a new transport technology to facilitate VPNs between customer sites that connect through your network. Your CIO has asked you to implement proof-of-concept in a lab environment, starting with a small implementation of MPLS VPNs before moving up to more moderately sized test cases. MPLS VPN technology is a powerful technology that leverages the multiprotocol aspect of MPLS to switch MPLS frames between VPN endpoints while hiding the customer networks from the MPLS transport network that connects them. In other words, the intermediate transport network has no knowledge of the customer’s IP networks, but is still able to label-switch frames based on information it receives from MPLS Label Distribution Protocol (LDP) relationships. You decide to model one of your current customer’s connections and then show how MPLS VPNs can be used to carry customer traffic through the provider network. The International Travel Agency currently uses your network to connect from its corporate headquarters to a remote branch office, so you choose this customer network to model in your demonstration. First, set up the model of both the service provider’s network and the agency’s network. Then use appropriate routing and forwarding techniques to set up an MPLS VPN between the provider edge routers to which the customer connects. SP1, SP2, and SP3 will represent a service provider network, and HQ and BRANCH will represent the International Travel Agency routers at their headquarters and at a branch site.
Content Summary This module described how Multiprotocol Label Switching (MPLS) forwards packets based on information that is contained in labels. The MPLS network was explained as a network where labels are assigned and distributed. The Label Information Base (LIB), Forwarding Information Base (FIB), and Label Forwarding Information Base (LFIB) tables are defined as tables where label information is populated and stored. The two major virtual private network (VPN) design options—overlay VPN and peer-to-peer VPN—have many benefits and drawbacks that are examined in detail. MPLS VPN architecture was explained in this module as combining the best features of the overlay and peer-to-peer VPN models.