How to deploy MPLS VPN’s on Cisco gear

How to deploy MPLS VPN’s on Cisco gear


There is no easier way to simplify your enterprise routing and path isolation than implementing MPLS/VPNs RFC 4364. Label Distribution Protocol (LDP) is the transport method to insert a label into the header to be forwarded down the Label Switch Path (LSP) by the Label Switch Router (LSR)

Most routers past the SOHO market support MPLS in hardware. On the chassis switches it gets trickier. On 6500’s the Sup32 and Sup720 support MPLS in hardware.

There was talk of the new 4500 Sups supporting it but I didn’t see any mention other than VRF support so I am sure it has slipped or fell off, like half the other late delivered features from Cisco recently.

There is no easier way to simplify your enterprise routing and path isolation than implementing MPLS/VPNs RFC 4364. Label Distribution Protocol (LDP) is the transport method to insert a label into the header to be forwarded down the Label Switch Path (LSP) by the Label Switch Router (LSR)

Most routers past the SOHO market support MPLS in hardware. On the chassis switches it gets trickier. On 6500’s the Sup32 and Sup720 support MPLS in hardware.

There was talk of the new 4500 Sups supporting it but I didn’t see any mention other than VRF support so I am sure it has slipped or fell off, like half the other late delivered features from Cisco recently.

 

ip vrf data

 rd xxx:10

route-target export xxx:11 (!–your iBGP ASN = xxx is a good approach)

 route-target import xxx:11

 

mpls label protocol ldp (!–Choose LDP in case Cisco tries to default to TDP)

 

interface Loopback0 (!—loopback address for iBGP peering. Loopback is best pr

actice for iBGP peering since you do not want peering to be associated to a physical interface unless it is an eBGP peering.)

ip address x.x.x.x 255.255.255.255 (/32)

 

interface TenGigabitEthernet1/2

 mtu 9216 (!–make room for the additional 8bytes in the header.)

 ip address x.x.x.x 255.255.255.252

 mpls label protocol ldp (!–redundant but wth)

 mpls ip (!–enable LDP peering to seek an adjacency with its neighbor)

 

router bgp 65001 (!—iBGP ASN – Autonomous System Number)

 bgp log-neighbor-changes

 neighbor x.x.x.x remote-as 65001 (!—Your upstream router to peer too)

 neighbor 172.24.68.1 update-source Loopback0 (!—Set the loopback as the iBGP source)

 

address-family ipv4 (!–IP version 4 protocol)

  neighbor x.x.x.x activate (!–This is your upstream BGP peer address)

  neighbor x.x.x.x send-community both

 

 address-family vpnv4 (!– multiprotocol BGP MP-BGP allows for IPv4, IPv6, multicast etc)

  neighbor x.x.x.x activate (!–This is your upstream BGP peer address)

  neighbor x.x.x.x send-community both

 

address-family ipv4 vrf data (!—This is where you advertise or redistribute routes into you VRF routing table)

 redistribute connected (!—This is what allows for the route to be advertised into the VRF)

no synchronization

 exit-address-family

 

interface Vlan151 (!– add the SVI into the “data” vrf)

 ip vrf forwarding data (adds the interface to the “data” vrf)

 ip address x.x.x.x 255.255.255.0

 

!–Native IGP. The example has OSPF. ISIS is just as good if not more scalable. Both are link state using Dijkastra’s algorithm.

router ospf 101

 log-adjacency-changes

 network x.x.x.x 0.0.0.0 area 0 (!– advertise the loopback)

 network x.x.x.x 0.0.0.3 area 0 (!– advertise the /30)

 

Useful commands:

Show mpls ldp neighbors

Show ip route vrf data

Show ip bgp summary

Show ip ospf neighbor