MULTI- PROTOCOL LABEL SWITCHING LAYER 3 VIRTUAL PRIVATE NETWORKS (MPLS L3VPNs)
According to Wikipedia, MPLS VPN is a family of methods for using multiprotocol label switching (MPLS) to create virtual private networks (VPNs). MPLS VPN is a flexible method to transport and route several types of network traffic using an MPLS backbone.
There are three types of MPLS VPNs deployed in networks today: 1. Point-to-point (Pseudowire) 2. Layer 2 (VPLS) 3. Layer 3 (VPRN). In this article we are going to deal with Layer 3 VPNs of MPLS.
One of the most popular MPLS applications is called MPLS Virtual Private Networks (VPN). MPLS VPNs allow a service provider, or even a large enterprise, to offer Layer 3 VPN services. In particular, SPs oftentimes replace older Layer 2 WAN services such as Frame Relay and ATM with an MPLS VPN service. MPLS VPN services enable the possibility for the SP to provide a wide variety of additional services to its customers because MPLS VPNs are aware of the Layer 3 addresses at the customer locations. Additionally, MPLS VPNs can still provide the privacy inherent in Layer 2 WAN services.
MPLS VPNs use MPLS unicast IP forwarding inside the SP’s network, with additional MPLS-aware features at the edge between the provider and the customer. Additionally, MPLS VPNs use MP-BGP to overcome some of the challenges when connecting an IP network to a large number of customer IP internetworks—problems that include the issue of dealing with duplicate IP address spaces with many customers.
Here at MoigeTech Systems have a wide range of skills when it comes to designing, deploying and troubleshooting MPLS L3VPNs networks. Below is an example of a configured MPLS L3VPNs network and its verification.
MPLS L3VPNs NETWORK TOPOLOGY
In the above network we have two customers, OMWABO BANK and SAFARI SACCO and MOIGETECH is the MPLS L3VPNs Service Provider. These two customers approached MoigeTech and asked to be connected so that each site can see each other site, that is to say, to have an end-to-end connectivity between all sites.
OMWABO BANK has its headquarters in Kisii town and has branches in Kisumu and Eldoret and it is planning to open more branches in the coming days. The routes for the headquarters and the branches are show in the network topology diagram above.
SAFARI SACCO is another financial institution that is headquartered in Kisumu City with branches in Kisii Town and Nairobi. Also this customer wants all sites to learn routes from all other sites so that they have end-to-end reachability between all sites. The routes for the headquarters and other branches are shown in the network topology diagram above.
In this demonstration, we have narrowed down the working of MPLS to three MPLS SP routers which are MOIGETECH-KISII-PE, MOIGETECH-RONGO-P, and MOIGETECH-KISUMU-PE. On the customer side, we are going to deal with, OMWABO-BANK-KISII-CE-HQ, OMWABO-BANK-KSM-CE, SAFARI-SACCO-KISII-CE, and SAFARI-SACCO-KSM-CE-HQ.
So in this demonstration, the router OMWABO-BANK-KISII-CE-HQ at the end of the MPLS deployment should be able to learn 126.96.36.199/24 and 188.8.131.52/24 from the Kisumu branch router. On the other hand, OMWABO-BANK-KSM-CE router should be able to learn 10.0.0.0/24, 10.1.1.0/24, 172.17.0.0/24 and 172.17.1.0/24 from the headquarters in Kisii City.
For the customer SAFARI SACCO will also have SAFARI-SACCO-KISII-CE router will be able to learn routes 10.0.0.0/24, 10.1.1.0, 172.16.0.0/24, 172.16.1.0/24 from the Kisumu Headquarters Router. On the other hand, the SAFARI-SACCO-KSM-CE-HQ router in the Kisumu headquarters will be able learn 172.18.0.0/24 and 172.18.1.0/24 from the Kisii City branch router.
Now will be able to demonstrate how MPLS work with a series of commands issued on the Cisco routers that we have used make this demonstration network.
MPLS L3VPNs VERIFICATION
Show mpls forwarding-table
This first command demonstrates how the MPLS Labels work and also shows labels learned from other routers in the MPLS Backbone.
MOIGETECH-KISII-PE# Show mpls forwarding-table
MOIGETECH-RONGO-P# Show mpls forwarding-table
MOIGETECH-KISUMU-PE# Show mpls forwarding-table
This next command show how the routers in the MPLS Backbone use the LDP Protocol to populate the LFIB table as show below
Show mpls ldp bindings
MOIGETECH-KISII-PE# Show mpls ldp bindings
MOIGETECH-RONGO-P# Show mpls ldp bindings
MOIGETECH-KISUMU-PE# Show mpls ldp bindings
This next command shows a detailed information about all the VRFs configure. In this demonstration, we have two VRFs which are OMWABO and SAFARI which represent OMWABO BANK and SAFARI SACCO.
Show ip vrf detail
MOIGETECH-KISII-PE# Show ip vrf detail
MOIGETECH-KISUMU-PE# Show ip vrf detail
This next command shows the specific VRF of each customer and the routes the BGP protocol has learned from the other PE router through the iBGP.
Show ip bgp vpnv4 vrf OMWABO
MOIGETECH-KISII-PE# Show ip bgp vpnv4 vrf OMWABO
MOIGETECH-KISUMU-PE# Show ip bgp vpnv4 vrf OMWABO
Show ip bgp vpnv4 vrf SAFARI
MOIGETECH-KISII-PE# Show ip bgp vpnv4 vrf SAFARI
MOIGETECH-KISUMU-PE# Show ip bgp vpnv4 vrf SAFARI
This next command shows all the routes learned from the other PE routers for all the VRF configured.
Show ip bgp vpnv4 all
MOIGETECH-KISII-PE# Show ip bgp vpnv4 all
MOIGETECH-KISUMU-PE# Show ip bgp vpnv4 all
This next command shows the routes learned in each specific VRFs of the two customers configured in this example.
Show ip route vrf OMWABO
MOIGETECH-KISII-PE# Show ip route vrf OMWABO
MOIGETECH-KISUMU-PE# Show ip route vrf OMWABO
Show ip route vrf SAFARI
MOIGETECH-KISII-PE# Show ip route vrf SAFARI
MOIGETECH-KISUMU-PE# Show ip route vrf SAFARI
CUSTOMER ROUTE VERIFICATION
CUSTOMER: OMWABO BANK
OMWABO-BANK-KISII-CE-HQ# show ip route
OMWABO-BANK-KSM-CE# show ip route
SAFARI-SACCO-KISII-CE# Show ip route
SAFARI-SACCO-KSM-CE-HQ# Show ip route
And there you have it. A sneak peek into how MPLS L3 VPNs works to support customer IP routes even though different customers may be using the same overlapping IP routes as shown in the example above, where both customers OMWABO BANK and SAFARI SACCO had the same 10.0.0.0/24, 10.1.1.0/24 addresses.
If you want to implement a MPLS VPN solution, you can talk to us and we will be able to design but also deploy and troubleshoot an MPLS VPN solution for you. Our prices are the best in the market at the same time you get the best service ever. We are looking forward to hearing from you.