MPLS VPN Support


Note For complete syntax and usage information for the commands used in this chapter, see these publications:

http://www.cisco.com/en/US/products/ps11846/prod_command_reference_list.html

  • Cisco IOS Release 15.1SY supports only Ethernet interfaces. Cisco IOS Release 15.1SY does not support any WAN features or commands.


 


Tip For additional information about Cisco Catalyst 6500 Series Switches (including configuration examples and troubleshooting information), see the documents listed on this page:

http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html

Participate in the Technical Documentation Ideas forum


 

Prerequisites for MPLS VPN

None.

Restrictions for MPLS VPN

  • When configuring MPLS VPN, note that VPNs are recirculated when the number of VPNs is over 511.
  • MPLS VPN supports these commands:

address-family

exit-address-family

import map

ip route vrf

ip route forwarding

ip vrf

neighbor activate

rd

route-target

For information about these commands, see these publications:

http://www.cisco.com/en/US/products/ps11846/prod_command_reference_list.html

Cisco IOS Release 15.1SY supports only Ethernet interfaces. Cisco IOS Release 15.1SY does not support any WAN features or commands.

Information About MPLS VPN Support

The IP VPN feature for MPLS allows a Cisco IOS network to deploy scalable IP Layer 3 VPN backbone services to multiple sites deployed on a shared infrastructure while also providing the same access or security policies as a private network. VPN based on MPLS technology provides the benefits of routing isolation and security, as well as simplified routing and better scalability. See this publication for more information about MPLS VPNs:

http://www.cisco.com/en/US/docs/ios-xml/ios/mpls/config_library/15-sy/mp-15-sy-library.html

Figure 8-1 VPNs with MPLS Service Provider Backbone

 

At the ingress PE, the PFC makes a forwarding decision based on the packet headers. The PFC contains a table that maps VLANs to VPNs. In the switch architecture, all physical ingress interfaces in the system are associated with a specific VPN. The PFC looks up the IP destination address in the CEF table but only against prefixes that are in the specific VPN. (The table entry points to a specific set of adjacencies and one is chosen as part of the load-balancing decision if multiple parallel paths exist.)

The table entry contains the information on the Layer 2 header that the packet needs, as well as the specific MPLS labels to be pushed onto the frame. The information to rewrite the packet goes back to the ingress module where it is rewritten and forwarded to the egress line interface.

VPN traffic is handled at the egress from the PE based upon the per-prefix labels or aggregate labels. If per-prefix labels are used, then each VPN prefix has a unique label association; this allows the PE to forward the packet to the final destination based upon a label lookup in the FIB.


Note The PFC allocates only one aggregate label per VRF.


If aggregate labels are used for disposition in an egress PE, many prefixes on the multiple interfaces may be associated with the label. In this case, the PFC must perform an IP lookup to determine the final destination. The IP lookup may require recirculation.

How to Configure MPLS VPNs

For information on configuring MPLS VPN, see tis publication:

http://www.cisco.com/en/US/docs/ios-xml/ios/mpls/config_library/15-sy/mp-15-sy-library.html


Note If you use a Layer 3 VLAN interface as the MPLS uplink through a Layer 2 port peering with another MPLS device, then you can use another Layer 3 VLAN interface as the VRF interface.


Configuration Example for MPLS VPNs

This sample configuration shows LAN CE-facing interfaces. MPLS switching configuration in Cisco IOS Release 15.1SY is identical to configuration in other releases.

!ip vrf blues
rd 100:10
route-target export 100:1
route-target import 100:1
!
mpls label protocol ldp
mpls ldp logging neighbor-changes
!
interface Loopback0
ip address 10.4.4.4 255.255.255.255
!
interface GigabitEthernet4/2
description Catalyst link to P2
no ip address
!
interface GigabitEthernet4/2.42
encapsulation dot1Q 42
ip address 10.0.3.2 255.255.255.0
tag-switching ip
!
interface GigabitEthernet7/3
description Catalyst link to CE2
no ip address
!
interface GigabitEthernet7/3.73
encapsulation dot1Q 73
ip vrf forwarding blues
ip address 10.19.7.1 255.255.255.0
!
router ospf 100
log-adjacency-changes
network 10.4.4.4 0.0.0.0 area 0
network 10.0.0.0 0.0.255.255 area 0
!
router ospf 65000 vrf blues
log-adjacency-changes
redistribute bgp 100 subnets
network 10.19.0.0 0.0.255.255 area 0
!
router bgp 100
no synchronization
bgp log-neighbor-changes
neighbor 10.3.3.3 remote-as 100
neighbor 10.3.3.3 description MP-BGP to PE1
neighbor 10.3.3.3 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 10.3.3.3 activate
neighbor 10.3.3.3 send-community extended
exit-address-family
!
address-family ipv4 vrf blues
redistribute connected
redistribute ospf 65000 match internal external 1 external 2
no auto-summary
no synchronization
exit-address-family
!