I’m currently preparing for the MPLS test under the CCIP track. It’s the last test I need for the certification. I figured it would be fun to show everyone some of the MPLS networks I have been designing for learning purposes…

When I first started working with MPLS, I wasn’t sure how much I was going to actually like it. There are a lot of technologies in the Cisco world that I can implement well, but liking them is another story – yes, some things aren’t fun to configure (can you say ISDN?).

If anyone has started looking at the new CCNP track, you will find yourself having to learn about MPLS soon enough! I recently finished teaching the ISCW course, and there is a decent amount of MPLS on the exam. I think my excitement about MPLS sort of instilled itself into my students. I often find myself going off on a tangent sometimes, but you can never have too much MPLS!

By far, the coolest application for MPLS is the VPN technologies. Virtual routing and forwarding tables (vrf tables) are too good for words! Quite simply, MPLS VPNs take the best aspects from traditional peer-to-peer and overlay VPNs.

[1]

Now let’s get down to the good stuff here and check out the diagram for what I’ve been playing with. It’s by no means complete, but it’s a working progress. We have two customers (A and B) who are connecting to the service provider (CE-customer edge, PE-provider edge, P-provider/core). Customer A has a VPN connection with its branch office on the right. You’re probably wondering why I have only one site for Customer B. I will later implement an overlapping VPN between the Customer A and B central sites (extranet VPN). The PE-CE routing protocols are currently BGP, but I will also include EIGRP and OSPF. BGP between the CE and PE routers is probably the easiest way because you don’t have to mess with redistribution. The PE and P routers are running OSPF internally in the core. The P routers are “BGP-free” meaning they don’t have to carry any BGP information. Their main goal in life is to exchange label information via LDP and switch the MPLS packets (much more scalable and cost effective). The PE routers are where a majority of the configuration is done.

Basic MPLS configuration is very easy but when it comes to VPN application, it’s far more advanced. The PE routers have vrf tables which are basically separate routing tables for each customer. Flashing back to the peer-to-peer VPN model, it wasn’t fun trying to deal with overlapping address spaces between customers. Now the provider has a separate routing table for each customer, and doesn’t have to implement any tedious route filtering. Every PE router must peer with every other PE router (Route reflectors can still be used) via MP-BGP (multi-protocol BGP). The customer routes are then exchanged between PE routers. The routes are exchanged in the form of vpnv4 prefixes, which are a combination of a route distinguisher and the customer IPv4 prefix (RD: IPv4 prefix). The RD helps keep the customer routes unique (remember overlapping addresses) as they are exchanged between PE routers.

So, at this point I have the Customer A VPN working correctly. I still have a lot more to do, and I plan to keep archives of my running-configs as I work through this. I will gladly share my running-configs with anyone who is interested. I’m using Dynamips for this network and will also share .net configs. If the demand is high enough, I will post all configs with future posts.

TO DO:

-Introduce Internet connectivity (with and without vrf table)
-BGP attribute manipulation (Customer A is multi-homed)
-CE-PE routing (EIGRP, OSPF)
-Drink more Mountain Dew for energy