Guest

Multiprotocol Label Switching (MPLS)

Multiprotocol Label Switching VPN and Multi-Virtual Route Forwarding Support for the Cisco Integrated Services Routers Family of Access Routers

  • Viewing Options

  • PDF (616.7 KB)
  • Feedback

This application note provides Multiprotocol Label Switching (MPLS) VPN positioning information for the Cisco® Integrated Services Routers (ISR) family of access routers. It describes the high-level positioning of the products for various MPLS roles and provides performance and scalability information and an overview of MPLS feature support.

Positioning Summary

Cisco ISRs serve in various roles, depending on whether they are part of a service-provider-managed MPLS network or a self-deployed (private) MPLS network.

• Service-provider-managed MPLS network: This type of network is typically used by enterprises that want to outsource their network core using an MPLS-based service offering from a service provider.

• Self-deployed (private) MPLS network: This type of network is typically used by larger enterprises that are willing to make a significant investment in network equipment and that employ IT staff comfortable with a high degree of technical complexity. In this case, the enterprise wants to fully control its own MPLS metropolitan-area network (MAN) or WAN and network segmentation across departments, business functions, and user groups without the need for service provider intervention.

In a service-provider-managed MPLS network, Cisco ISRs can serve as the following:

• Customer edge

• Multi-Virtual Route Forwarding (VRF) customer edge

• Carrier Supporting Carrier (CSC) customer edge

In a self-deployed (private) MPLS network, Cisco ISRs can serve as the following:

• Customer edge

• Multi-VRF customer edge

• Label Edge Router (LER)

• Label Switch Router (LSR)

Table 1 summarizes the supported roles in a MPLS network by platform family.

Table 1. Access Router MPLS Positioning

 

Service-Provider-Managed MPLS Network

Self-Deployed MPLS Network

 

Customer Edge

Multi-VRF Customer Edge

CSC Customer Edge

Customer Edge

Multi-VRF Customer Edge

LER

LSR

Cisco 3900 Series ISRs

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Cisco 3800 Series ISRs

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Cisco 2900 Series ISRs

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Cisco 2800 Series ISRs

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Cisco 1900 Series ISRs

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Cisco 1841 ISR

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Cisco 1800 Series ISRs (Fixed)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Cisco 890 Platform ISRs

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Cisco 880 Platform ISRs

Yes

Yes

No

Yes

Yes

No

No

Cisco 870 Platform ISRs

Yes

Yes

No

Yes

Yes

No

No

All access routers - including the Cisco 3900, 3800, 2900, 2800, 1900, and 1800 Series and 890, 880, and 870 platforms - provide traditional customer edge support. Routers in this role are not involved in any tagging or label distribution; they function simply as regular routers.
The Cisco 3900, 3800, 2900, 2800, 1900, and 1800 Series and 890, 880, and 870 platforms provide Multi-VRF customer edge support. No tagging or label distribution is involved, but the physical router supports multiple VRF instances. Recommended positioning limits for throughput and the number of VRF instances range from 2 Mbps and 2 VRF instances on the Cisco 870 platform, up to 350 Mbps and 75 VRFs on the Cisco 3945E ISR.
The Cisco 3900, 3800, 2900, 2800, 1900, and 1800 Series and 890 platform ISRs provide LER, LSR, and CSC customer edge Layer 3 IP VPN (L3VPN) support. The support is specific to low-end configurations, with positioning limits ranging from 4 Mbps, 8 VRF instances, and 8 MPLS traffic engineering (TE) tunnel headends for the Cisco 890 platform, up to 350 Mbps, 75 VRF instances, and 75 MPLS traffic engineering tunnel headends for the Cisco 3945E. The LER and LSR configurations are useful for self-deployed MPLS networks for the given limits, and the CSC customer edge configurations are useful for service-provider-managed MPLS networks.
Although the recommended limits in this document can be exceeded in scenarios in which no other features are running concurrently, Cisco has certified and established these design recommendations to help ensure that real-world designs and uses meet customer expectations. For applications requiring higher or more specific performance characteristics than those described in this document, please evaluate the Cisco ASR 1000 Series Aggregation Services Routers. These platforms are designed and tested for provider edge and provider roles.

Access Router Support for MPLS Roles

Traditional Customer Edge

All access routers are fully supported as customer edge devices (Figure 1). The original MPLS architecture does not extend the label cloud past the provider edge and hence does not impose particular requirements at the customer edge. The feature coverage, scalability, and performance characteristics are analogous to those when the platform is deployed as regular customer premises equipment (CPE) using, for instance, Frame Relay or Asynchronous Transfer Mode (ATM) for uplink transport.

Figure 1. Traditional Customer Edge Role

Multi-VRF Customer Edge

All Cisco 3900, 3800, 2900, 2800, 1900, and 1800 Series and 890, 880, and 870 platform ISRs are supported as Multi-VRF customer edge devices (Figure 2). A Multi-VRF customer edge router facilitates allocation of logical and physical interfaces to different routing tables, forming a VLAN-like configuration on the customer side and mapping to different logical or physical VPN WAN connections. The customer edge device uses only VRF interfaces and VRF routing tables; there is no label imposition or Label Distribution Protocol (LDP) adjacency. Packets are sent to the provider edge (or the WAN in general) as IP packets. Details about the Multi-VRF customer edge concept and performance guidelines are provided in Product Bulletin 1575.
The section "Performance and Scalability" later in this document lists the recommended maximum configurations in terms of aggregate throughput (across all VRF instances) and number of VRF instances in a LAN-to-WAN environment. The recommendations are based on actual test results and predicted needs in a customer premises environment. They leave adequate router capacity for Multilink Point-to-Point Protocol (MLPPP), quality of service (QoS), encryption, and other features commonly deployed on access platforms. Multi-VRF deployed strictly to service VLANs (Ethernet to Ethernet) is significantly faster, and you can comfortably exceed the aggregate throughput recommendations, but performance will vary depending on the router configuration.

Figure 2. Multi-VRF Customer Edge Role

Label Edge Router

The Cisco 3900, 3800, 2900, 2800, 1900, and 1800 Series and 890 platform are supported as LER devices (Figure 3). In this role, the router performs the same functions as a traditional premises equipment router, and these functions include pushing a label in front of the relevant header. One set of interfaces is in the label domain, and another set is outside it, and the router handles traffic between multiple VPNs. The difference is in performance and scalability. A CPE router typically connects a few departmental VPNs or a small number of co-located customer VPNs. Consider these routers for customer-premises-based applications in scenarios in which the network has known and moderate requirements for throughput and number of VPNs.
The section "Performance and Scalability" later in this document lists the recommended maximum configurations in terms of aggregate throughput (across all VRF instances) and number of VRF instances in a LAN-to-WAN environment. The recommendations are based on actual test results and predicted needs in a customer premises environment. They leave adequate router capacity for MLPPP, QoS, encryption, and other features commonly deployed on access platforms. Multi-VRF deployed strictly to service VLANs (Ethernet to Ethernet) is significantly faster, and you can comfortably exceed the aggregate throughput recommendations, but performance will vary depending on the router configuration.

Figure 3. LER Customer Edge Role

CSC Customer Edge

The Cisco 3900, 3800, 2900, 2800, 1900, and 1800 Series and 890 platform are supported as low-end CSC customer edge devices (Figure 4). This support is relevant only for a service-provider-managed MPLS network. Like routers used in the LER customer edge role, the low-end platforms are recommended only for applications that are less demanding in terms of performance and scalability. Consider them for low-end CSC applications in scenarios in which the tunneled MPLS networks belong to a single customer and have known and moderate requirements in terms of throughput and number of VPNs.
The section "Performance and Scalability" later in this document lists the recommended maximum configurations in terms of aggregate throughput (across all VRF instances) and number of VRF instances in a LAN-to-WAN environment. The recommendations are based on actual test results and predicted needs in a customer premises environment. They leave adequate router capacity for MLPPP, QoS, encryption, and other features commonly deployed on access platforms. Multi-VRF deployed strictly to service VLANs (Ethernet to Ethernet) is significantly faster, and you can comfortably exceed the aggregate throughput recommendations, but performance will vary depending on the router configuration.

Figure 4. CSC Customer Edge Role

Label Switch Router

In a self-deployed MPLS network, the Cisco 3900, 3800, 2900, 2800, 1900, and 1800 Series and 890 platform are supported as LSR devices (Figure 5). This support is relevant only for a self-deployed MPLS network. In this role, the router performs the same functions as a traditional provider router. The difference is in performance and scalability. The router in this role typically switches MPLS traffic, and this function includes label swapping. Consider these routers for networks with known and moderate requirements in terms of throughput and number of VPNs.
In a service-provider-managed MPLS network, Cisco ASR 1000 Series routers are fully supported as provider devices. Although similar in feature content and operation to a router in the provider role, access routers are not supported in provider roles. For provider roles, please evaluate the Cisco ASR 1000 Series routers or higher-level platforms. These platforms are specifically designed and tested for provider core roles. For more information, refer to the MPLS technology pages.

Figure 5. LSR Customer Edge Role

Performance and Scalability

Table 2 lists the recommended maximum configurations in terms of aggregate throughput (across all VRF instances) and number of VRF instances in a LAN-to-WAN environment. The recommendations are based on predicted needs in a customer premises environment. They leave router capacity for MLPPP, QoS, encryption, and other features commonly deployed on access platforms.
Multi-VRF deployed strictly to service VLANs (Ethernet to Ethernet) is supported at Fast Ethernet speeds, but performance will vary depending on the router configuration.

Note: For all applications requiring higher-level or more specific performance characteristics than those discussed in this document, please evaluate the Cisco ASR 1000 Series platforms. These routers are specifically designed for provider edge roles in aggregated environments.

Table 2. Recommended Maximum Configurations: Multi-VRF Customer Edge, LER, CSC Customer Edge, and LSR

 

Recommended Maximum Aggregate Throughput

Recommended Maximum Number of VRF Instances

Recommended Maximum VRF Routes (Across All VRF Instances)

Cisco 3900 Series ISRs

Up to 350 Mbps

75

150,000

Cisco 3845 ISR

45 Mbps

25

50,000

Cisco 3825 ISR

16 Mbps

25

50,000

Cisco 2900 Series ISRs

24 Mbps

45

60,000

Cisco 2800 Series ISRs

8 Mbps

15

20,000

Cisco 1900 Series ISRs

6 Mbps

15

30,000

Cisco 1841 ISR

2 Mbps

5

10,000

Cisco 1800 Series ISRs (Fixed)

2 Mbps

5

10,000

Cisco 890 platform ISRs

4 Mbps

8

20.000

Cisco 880 platform ISRs

3 Mbps

4 (no MPLS)

15.000

Cisco 870 platform ISRs

2 Mbps (1 T1/E1)

2 (no MPLS)

10,000

MPLS VPN Technology Overview

Cisco MPLS combines the intelligence of routing with the performance of switching and provides significant benefits to networks with a pure IP architecture as well as to those with IP and ATM or a mix of other Layer 2 technologies. MPLS technology is crucial to scalable VPNs and end-to-end QoS, facilitating efficient use of existing networks to accommodate future growth and provide rapid fault correction of link and node failures. The technology also helps deliver highly scalable, differentiated end-to-end IP services with simpler configuration, management, and provisioning for both Internet providers and subscribers.
MPLS integrates the best of Layer 2 and Layer 3 technologies. MPLS provides IP services such as IP-based QoS, VPN, and traffic engineering across a network that can be based on any Layer 2 technology or a mix of different Layer 2 technologies. IP is the common protocol; Layer 2 protocols vary depending on required speed, services, and geographic location.

Customer Edge, Provider Edge, and Provider Roles

Figure 6 shows a typical MPLS VPN topology, in which customer edge (CE) devices are connected to the MPLS core by means of provider edge (PE) devices. The provider (P) devices perform pure label switching and do not have to handle the complexity that the provider edge devices need to handle, such as longest-match routing decisions based on IP addresses. The customer edge routers are unaware of MPLS in a traditional MPLS architecture. The LER in a customer edge role adjusts the traditional architecture by extending the label domain to the customer premises.

Figure 6. MPLS Topology

Labels are used to indicate both routes and service attributes. At the ingress provider edge, incoming packets are processed, and labels are selected and applied. The core merely reads labels, applies appropriate services, and forwards packets based on the label. Processor-intensive analysis, classification, and filtering happen only once, at the ingress provider edge. At the egress edge, labels are stripped, and packets are forwarded to their final destination.
MPLS gives providers the capability to offer highly scalable, differentiated business IP services end to end, with simpler configuration and management for both providers and subscribers. Using MPLS, service providers can deliver the IP VPN services that businesses demand across either switched or routed networks.

CSC Customer Edge and CSC Provider Edge Roles

CSC is a topology in which one service provider allows another service provider to use a segment of its backbone network (Figure 7). The service provider that provides the segment of the backbone network to the other provider is called the backbone carrier. The service provider that uses the segment of the backbone network is called the customer carrier.
The CSC solution reduces the number of VRF instances and VPN routes that a particular provider edge device needs to maintain. To achieve this reduction, the CSC customer edge device labels the traffic it sends upstream to the CSC provider edge. Hence, CSC requires MPLS to be active on the interface between the CSC customer edge and the CSC provider edge.
CSC functions can be achieved either by deploying Border Gateway Protocol (BGP), IP Version 4 (IPv4), and labels (RFC 3107), or by deploying the Interior Gateway Protocol (IGP) and LDP. The choice is determined by the routing protocol selection.

Figure 7. CSC Topology

Cisco IOS Software Feature Set Requirements

In the old software packaging model (up to and including Cisco IOS ® Software Release 15.0 Mainline), VRF and Multi-VRF support required a Plus feature set. MPLS label-swapping features required an Enterprise feature set.
In the new cross-platform packages available in Cisco IOS Software Releases 15.0 Mainline and 15.0 T and later, the feature sets listed in Table 3 are required.

Table 3. Minimum Required Cisco IOS Feature Set

Platform

Multi-VRF

MPLS Label Switching

Cisco 3900 Series

IP Base

Data license

Cisco 3800 Series

IP Base

Service Provider Services

Cisco 2900 Series

IP Base

Data license

Cisco 2800 Series

IP Base

Service Provider Services

Cisco 1900 Series

IP Base

Data license

Cisco 1841

IP Base

Service Provider Services

Cisco 1800 Series (Fixed-Configuration Models)

IP Base

Advanced IP Services

Cisco 890 Platform

Advanced IP Services

Advanced IP Services

Cisco 880 Platform

Advanced IP Services

Not supported

Cisco 870 Platform

Advanced IP Services

Not supported

Cisco 860 Platform

Not supported

Not supported

Cisco 850 Platform

Not supported

Not supported

For detailed feature support information, please refer to the Cisco Feature Navigator.