Having discussed Layer-3 MPLS VPNs, let’s look at some of the behind-the-scenes protocols that make things work.
First, we’ll need to make the routes at the customer sites known to the PE devices. Since the CEs and PEs are routers, we can accomplish this any of these three methods:
- Static/default routing
- An IGP
- BGP
It’s not required that a particular customer use the same method at all of its sites. For example, a remote sales office might be set up with static routes (on the PE) and a default (on the CE), whereas regional offices might use an IGP as the CE-PE protocol, while the corporate HQ uses BGP as the CE-PE protocol.
Now that the routes from a customer’s site are known by a PE router, what’s needed is to advertise the customer routes across the provider’s cloud to the other PEs. For this, we use MP-BGP (Multi-Protocol BGP). It’s called “Multi-Protocol” because in addition to advertising IPv4 routes (as with standard BGP), it can also advertise other things. In a Layer-3 MPLS VPN environment, the “other things” would be:
- VPNv4 routes
- MPLS Route Targets
- MPLS labels
The VPNv4 routes are the IPv4 prefixes for the various customers, modified by prepending a “RD” (Route Distinguisher) to make them customer-specific, and thus preventing address collisions. An “RT” (Route Target) is used to tell a far-side PE into which VRF to insert a particular customer prefix. The MPLS label is the “VPN” (inner or bottom) label that’s pushed by the ingress PE on data packets, so that the egress PE knows which VRF applies to that data packet.
To support MP-BGP within the provider’s cloud (specifically the advertisement of PE loopbacks), an IGP is needed. This could be one or more of the following:
- OSPF
- IS-IS
- EIGRP
Aside from OSPF and IS-IS being open standards, they have another potential advantage over EIGRP for an MPLS provider, which is that they support MPLS “TE” (Traffic Engineering), while EIGRP does not. This means that for providers planning to do MPLS-TE, EIGRP is not an option.
Speaking of labels, in addition to the VPN label carried by MP-BGP, there is another label used by MPLS — the LSP (top or outer) label. This is the label that’s used to get the data packet to the egress PE, and is swapped hop-by-hop by the P routers as a data packet traverses the WAN cloud. This LSP label is advertised using one of the following protocols:
- TDP (Tag Distribution Protocol)
- LDP (Label Distribution Protocol)
- RSVP (Resource Reservation Protocol)
TDP is Cisco’s proprietary protocol for advertising LSP labels (“tags”, in the pre-MPLS Cisco jargon) from one router to another. LDP (RFC 3036) is the open-standard replacement for TDP, and it offers additional features. RSVP (RFC 2205) is used by MPLS Traffic Engineering to reserve bandwidth along a particular LSP.
Next time, we’ll examine some of the other things that can be done with MPLS.
