MPLS VPN support for VPNv6

Similar Messages

• MPLS VPN Supported Platforms

  Does the 3745 router support MPLS VPN?

  ignore this message - brain fade - I was talking about the 3750ME

• Can L2-MPLS VPN support point-to-multipoint?

  thanks

  My excuses to waris, you are correct. The current implementation of EoMPLS only supports point-to-point.
  Here's a URL that should help you configuring VPLS:
  http://www.cisco.com/univercd/cc/td/doc/product/core/cis7600/cfgnotes/optical/122sx/mpls.htm#1231821
  Hope this helps,

• MPLS VPNs - Latency

  Hello All,
  I have a MPLS VPN setup for one of my sites. We have a 10M pipe (Ethernet handoff) from the MPLS SP, and it is divided into 3 VRFs.
  6M - Corp traffic
  2M - VRF1
  2M - VRF2
  The users are facing lot of slowness while trying to access application on VRF1. I can see the utilization on the VRF1 is almost 60% of it's total capacity (2M). Yesterday when trying to ping across to the VRF1 Peer in the MPLS cloud, I was getting a Max response time of 930ms.
  xxxxx#sh int FastEthernet0/3/0.1221
  FastEthernet0/3/0.1221 is up, line protocol is up
    Hardware is FastEthernet, address is 503d.e531.f9ed (bia 503d.e531.f9ed)
    Description: xxxxx
    Internet address is x.x.x.x/30
    MTU 1500 bytes, BW 2000 Kbit, DLY 1000 usec,
       reliability 255/255, txload 71/255, rxload 151/255
    Encapsulation 802.1Q Virtual LAN, Vlan ID  1221.
    ARP type: ARPA, ARP Timeout 04:00:00
    Last clearing of "show interface" counters never
  I also see a lot of Output drops on the physical interface Fa0/3/0. Before going to the service provider, can you please tell me if this can be an issue with the way QoS is configured on these VRFs?
  xxxxxxx#sh int FastEthernet0/3/0 | inc drops
    Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 3665
  Appreciate your help.
  Thanks
  Mikey

  Hi Kishore,
  Thanks for the clarification. Let me speak to the service provider and see if we can sort out the Output drops issue.
  I had a few more queries.
  1) Will output drops also contribute to the latency here?
  2) The show int fa0/3/0.1221 output below only shows the load on the physical interface (fa0/3/0) and not of that particuar interface.Right?
  xxxxxx#sh int fa0/3/0.1221 | inc load
       reliability 255/255, txload 49/255, rxload 94/255
  xxxxx#sh int fa0/3/0 | inc load
       reliability 255/255, txload 49/255, rxload 94/255
  I can try and enable IP accounting on that sub-interface (VRF) and see the load. Thoughts?
  3) As you said, if the 2M gets maxed out I would see latency as the shaper is getting fully utilized. But I don't see that on the interface load as mentioned above? I have pasted the ping response during the time load output was taken. I can;t read much into the policy map output, but does it talk anything about 2M being fully utilized and hence packets getting dropped.
  xxxxxxx#ping vrf ABC x.x.x.x re 1000
  Type escape sequence to abort.
  Sending 1000, 100-byte ICMP Echos to x.x.x.x, timeout is 2 seconds:
  Success rate is 99 percent (997/1000), round-trip min/avg/max = 12/216/1972 ms
  xxxx#sh policy-map interface fa0/3/0.1221
  FastEthernet0/3/0.1221
    Service-policy output: ABC
      Class-map: class-default (match-any)
        114998 packets, 36909265 bytes
        5 minute offered rate 11000 bps, drop rate 0 bps
        Match: any
        Traffic Shaping
             Target/Average   Byte   Sustain   Excess    Interval  Increment
               Rate           Limit  bits/int  bits/int  (ms)      (bytes)
            2000000/2000000   12500  50000     50000     25        6250
          Adapt  Queue     Packets   Bytes     Packets   Bytes     Shaping
          Active Depth                         Delayed   Delayed   Active
          -      0         114998    36909265  1667      2329112   no
  Thanks
  Mikey

• What RFC for MPLS is supported?

  Hi,
  does anybody know what rfc's regarding mpls are supported by cisco (f.e. ASR9000 or Nexus 7000)?
  TiA,
  Stephan

  Hi Stephan,
  this is the list for ASR9k:
  RFC 2547, BGP/MPLS VPNs          
  RFC 2702, Requirements for Traffic Engineering Over MPLS
  RFC 2858, Multiprotocol Extensions for BGP-4         
  RFC 3031, Multiprotocol Label Switching Architecture            
  RFC 3032, MPLS Label Stack Encoding         
  RFC 3063, MPLS Loop Prevention Mechanism           
  RFC 3140, Per Hop Behavior Identification Codes          
  RFC 3270, Multi-Protocol Label Switching (MPLS) Support of Differentiated Services (E-LSPs only)           
  RFC 3443, Time To Live (TTL) Processing in Multi-Protocol Label Switching (MPLS) Networks          
  RFC 3469, Framework for Multi-Protocol Label Switching (MPLS)-based Recovery          
  RFC 3564, Requirements for Support of Differentiated Services-aware MPLS Traffic Engineering            
  RFC 4124, Protocol Extensions for Support of Diffserv-aware MPLS Traffic Engineering          
  RFC 4125, Maximum Allocation Bandwidth Constraints Model for Diffserv-aware MPLS Traffic Engineering         
  RFC 4127, Russian Dolls Bandwidth Constraints Model for Diffserv-aware MPLS Traffic Engineering         
  RFC 4379, Detecting Multi-Protocol Label Switched (MPLS) Data Plane Failures.          
  RFC 3815, Definitions of Managed Objects for the Multiprotocol Label Switching (MPLS), Label Distribution Protocol (LDP)                                     
  RFC 4448, Encapsulation Methods for Transport of Ethernet over MPLS Networks
  RFC 5462, Multiprotocol Label Switching (MPLS) Label Stack Entry: "EXP" Field Renamed to "Traffic Class" Field.
  HTH,
  Ivan.

• How can I find the all path available for a MPLS VPN in SP network

  How can I find the all path available for a MPLS VPN in SP network between PE to PE and CE to CE?

  Hi There
  If we need to find all the available paths for a remote CE from a local PE it will depend upon whether its a RR or non-RR design. If the MP-iBGP deisgn is non-RR  the below vrf specific command
  sh ip bgp vpnv4 vrf "vrf_name"  will show us the MP-iBGP RT for that particular VPN. It will show us the next hop. Checking the route for same in the Global RT will show us the path(s) available for same ( load-balancing considered) .Then we can do a trace using the Local PE MP-iBGP loopback as source to remote PE's MP-iBGP loopback to get the physical Hops involved.
  However if the design is RR-based there might be complications involved when the RR is in the forwarding path ie we have NHS being set to RR-MP-iBGP loopback and the  trace using the Local PE MP-iBGP loopback as source to remote PE's MP-iBGP loopback will get us the physical Hops involved.
  If we have redundant RRs being used with NHS being set then the output of sh ip bgp vpnv4 vrf "vrf_name" will show us two different available paths for the remote CE destination but just one being used.
  RR-based design with no NHS being used will always to cater to single path for the remote CE detsination.
  So in any case the actual path used for the remote CE connectivity would be a single unless we are using load-balancing.
  Hope this helps you a bit on your requirement
  Thanks & Regards
  Vaibhava Varma

• Pls tell me usefull URLs for MPLS VPN different scenario .....

  pls tell me usefull URLs for MPLS VPN different scenarios. presently i am doing research on this topic so pls tell me useful URLs so that i can get help.

  Here's a good start: http://www.cisco.com/go/mpls
  Hope that helps - pls rate the post if it does.
  Paresh

• IOS for 2801 having support for MPLS

  Assalam o Alaikum,
  Is there any IOS for 2801 router which has the support for MPLS?

  Alaikum Al Salam,
  Please use Cisco Feature Navigator to find information about Cisco IOS software images and the supported features for your platform(s) :
  http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp
  Search by feature and choose MPLS, and then choose Cisco 2801 as the platform, you'll get a list of the IOSs that support MPLS on your platform, and please always check the required DRAM and Flash.
  BR,
  Mohammed Mahmoud.

• Central Site Internet Connectivity for MPLS VPN User

  What are the solutions of Central site Internet connectivity for a MPLS VPN user, and what is the best practice?

  Hello,
  Since you mentioned that Internet Access should be through a central site, it is clear that all customer sites (except the central) will somehow have a default (static/dynamic) to reach the central site via the normal VPN path for unknown destinations. Any firewall that might be needed, would be placed at the central site (at least). So, the issue is how the central site accesses the Internet.
  Various methods exist to provide Internet Access to an MPLS VPN. I am not sure if any one of them is considered the best. Each method has its pros and cons, and since you have to balance various factors, those factors might conflict at some point. It is hard to get simplicity, optimal routing, maximum degree of security (no matter how you define "security"), reduced memory demands and cover any other special requirements (such as possibility for overlapping between customer addresses) from a single solution. Probably the most secure VPN is the one which is not open to the Internet. If you open it to the Internet, some holes also open inevitably.
  One method is to create a separate Internet_Access VPN and have other VPNs create an extranet with that Internet_Access VPN. This method is said to be very secure (at least in terms of backbone exposure). However, if full routing is a requirement, the increased memory demands of this solution might lead you to prefer to keep the internet routing table in the Global Routing Table (GRT). You might have full routing in the GRT of PEs and Ps or in PEs only (second is probably better).
  Some names for solutions that exist are: static default routing, dynamic default routing, separate BGP session between PE and CE (via separate interface, subinterface or tunnel), extranet with internet VRF (mentioned earlier), extranet with internet VRF + VRF-aware NAT.
  The choice will depend on the requirements of your environment. I cannot possibly describe all methods here and I do not know of a public document that does. If you need an analysis of MPLS VPN security, you may want to take a look at Michael Behringer's great book with M.Morrow "MPLS VPN Security". Another book that describes solutions is "MPLS and VPN Architectures" by Ivan Pepelnjak. There is a Networkers session on MPLS VPNs that lists solutions. There is also a relevant document in CCO:
  http://www.cisco.com/en/US/tech/tk436/tk428/technologies_configuration_example09186a00801445fb.shtml (covering static default routing option).
  Kind Regards,
  M.

• MPLS-VPN w/NAT for Internet connectivity.

  We have implemented MPLS-VPN and site-to-site connectivity seems to be working fairly well. However, we are having strange issue when trying to access the Internet. For some odd reason, we are not able to get to some sites such as ebay.com, latimes.com, nytimes.com, moviefone.com. We are running dynamic NAT and the topology looks like this:
  Laptop----CE-------PE-----NAT------BR-----Internet
  This is a simple layout of what we have currently in the lab. NAT router is not running MPLS but we are using VRF to create sub-interfaces on FE connecting PE and NAT router for each customers. I have access-list allowing 10.x.x.x/8.
  Laptop-CE - 10.0.0.8/30
  CE-PE - 10.0.0.0/30
  PE-NAT - 10.0.1.0/30
  Also, we are able to ping, trace, ftp, use remote desktop, pcanywhere. It seems to be only affecting http. We've been working on this for couple of days now and we've hit a wall. Any help will be greatly appreciated.
  JK

  I had a slightly different yet similar problem a few months ago on our mpls network with the CE devices, and turned out the DF bit had to be set to 0 to enable fragmentation _prior_ to traffic entering the core.
  Fixed it right up by setting a policy on the ethernet port.
  -Jeff

• Performance end to end testing and comparison between MPLS VPN and VPLS VPN

  Hi,
  I am student of MSc Network Security and as for my project which is " Comparison between MPLS L3 VPN and VPLS VPN, performance monitoring by end to end testing " I have heard a lot of buzz about VPLS as becoming NGN, I wanted to exppore that and produce a comparison report of which technology is better. To accomplish this I am using GNS3, with respect to the MPLS L3 VPN lab setup that is not a problem but I am stuck at the VPLS part how to setup that ? I have searched but unable to find any cost effective mean, even it is not possible in the university lab as we dont have 7600 series
  I would appreciate any support, guidence, advice.
  Thanks
  Shahbaz

  Hi Shahbaz,
  I am not completely sure I understand your request.
  MPLS VPN and VPLS are 2 technologies meant to address to different needs, L3 VPN as opposed as L2 VPN. Not completely sure how you would compare them in terms of performance. Would you compare the performance of a F1 racing car with a Rally racing car?
  From the ISP point of view there is little difference (if we don't want to consider the specific inherent peculiarities of each technology) , as in the very basic scenarios we can boil down to the following basic operations for both:
  Ingress PE impose 2 labels (at least)
  Core Ps swap top most MPLS label
  Egress PE removes last label exposing underlying packet or frame.
  So whether the LSRs deal with underlying L2 frames or L3 IP packets there is no real difference in terms of performance (actually the P routers don't even notice any difference).
  About simulators, I am not aware of anyone able to simulate a L2 VPN (AtoM or VPLS).
  Riccardo

• Ask the Expert:Concepts, Configuration and Troubleshooting Layer 2 MPLS VPN – Any Transport over MPLS (AToM)

  With Vignesh R. P.
  Welcome to the Cisco Support Community Ask the Expert conversation.This is an opportunity to learn and ask questions about  concept, configuration and troubleshooting Layer 2 MPLS VPN - Any Transport over MPLS (AToM) with Vignesh R. P.
  Cisco Any Transport over MPLS (AToM) is a solution for transporting Layer 2 packets over an MPLS backbone. It enables Service Providers to supply connectivity between customer sites with existing data link layer (Layer 2) networks via a single, integrated, packet-based network infrastructure: a Cisco MPLS network. Instead of using separate networks with network management environments, service providers can deliver Layer 2 connections over an MPLS backbone. AToM provides a common framework to encapsulate and transport supported Layer 2 traffic types over an MPLS network core.
  Vignesh R. P. is a customer support engineer in the Cisco High Touch Technical Support center in Bangalore, India, supporting Cisco's major service provider customers in routing and MPLS technologies. His areas of expertise include routing, switching, and MPLS. Previously at Cisco he worked as a network consulting engineer for enterprise customers. He has been in the networking industry for 8 years and holds CCIE certification in the Routing & Switching and Service Provider tracks.
  Remember to use the rating system to let Vignesh know if you have received an adequate response. 
  Vignesh might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the  Service Provider sub-community discussion forum shortly after the event. This event lasts through through September 21, 2012. Visit this forum often to view responses to your questions and the questions of other community members.

  Hi Tenaro,
  AToM stands for Any Transport over MPLS and it is Cisco's terminology used for Layer 2 MPLS VPN or Virtual Private Wire Service. It is basically a Layer 2 Point-to-Point Service. AToM basically supports various Layer 2 protocols like Ethernet, HDLC, PPP, ATM and Frame Relay.
  The customer routers interconnect with the service provider routers at Layer 2. AToM eliminates the need for the legacy network from the service provider carrying these kinds of traffic and integrates this service into the MPLS network that already transports the MPLS VPN traffic.
  AToM is an open standards-based architecture that uses the label switching architecture of MPLS and can be integrated into any network that is running MPLS. The advantage to the customer is that they do not need to change anything. Their routers that are connecting to the service provider routers can still use the same Layer 2 encapsulation type as before and do not need to run an IP routing protocol to the provider edge routers as in the MPLS VPN solution.
  The service provider does not need to change anything on the provider (P) routers in the core of the MPLS network. The intelligence to support AToM sits entirely on the PE routers. The core label switching routers (LSRs) only switch labeled packets, whereas the edge LSRs impose and dispose of labels on the Layer 2 frames.
  Whereas pseudowire is a connection between the PE routers and emulates a wire that is carrying Layer 2 frames. Pseudowires use tunneling. The Layer 2 frames are encapsulated into a labeled (MPLS) packet. The result is that the specific Layer 2 service—its operation and characteristics—is emulated across a Packet Switched Network.
  Another technology that more or less achieves the result of AToM is L2TPV3. In the case of L2TPV3 Layer 2 frames are encapsulated into an IP packet instead of a labelled MPLS packet.
  Hope the above explanation helps you. Kindly revert incase of further clarification required.
  Thanks & Regards,
  Vignesh R P

• Best practice MPLS design/configuration for small service provider

  We are a small regional service provider and did not have MPLS supported on our network.  To start supporting MPLS, I’d like to get opinions and recommendations on the best practice configuration. 
  Here is what we have today –
  We have our own BGP AS and multiple /24s.
  We are running OSPF on the Cores and BGP on the Edge routers peering with ISPs.
  We peer with multiple tier-1 ISPs for internet traffic. We do not provide public transit.
  What we want for phase one MPLS implementation –
  Configure basic MPLS /vpn functionality.
  No QoS optimization required for phase 1.
  We have Cisco ME 3600X for  PE. Any recommendations will be appreciated.

  Not sure what kind of devices or routers you have in your network but looks for if you have support for labeled multicast for MVPN support. That will avoid other complexity of using other control protocols (like PIM) in core.
  PE redundancy can be obtained by BGP attributes, CE-PE connectivity can be tunned using IGP or VRRP/HSRP...
  You can have mutiple RSVP TEs for various contract traffic and you can bind various kind of traffic to different RSVP Tunnels based on contract or service with your customer.
  RSVP-TE with link/node protection design will be of great help to achieve quicker failover.

• Managing Route-Map based MPLS VPN

  1) How to derive the VPN information of the MPLS VPN configured using route-maps? As I understand, stitching route-maps information to derive VPN is complex as it is difficult to derive & correlate the filters tied to each of the route-maps that are tied to a VRF :(
  2) Is there any MIB to get from the MIB
  a) Route-maps tied to each VRF
  b) What is the filter associated with each route-map?
  c) Definition of each of the above filter
  It would have been nice if the route-maps' name had global-significance within AS, so that we could have treated route-maps, pretty much like the route-tragets. Alas, I doubt it is :(
  It should be noted here that if the MPLS VPN is configured using route targets, the VPN information derivation is fairly straight forward throught MplsVpn MIB.
  So, the question is what is the simplest way to derive the MPLS VPN info given that they are configured using route-maps in BGP for labelled-route-distribution & for the pkt association with the VRFs.
  Thanks,
  Suresh R

  Each CE in a customer VPN is also added to the management VPN by selecting the Join the management VPN option in the service request user interface.
  The function of the management route map is to allow only the routes to the specific CE into the management VPN. The Cisco IOS supports only one export route map and one import route map per VRF.
  http://www.cisco.com/en/US/products/sw/netmgtsw/ps4748/products_user_guide_chapter09186a0080353ac3.html

• Mapping Model in MPLS VPNs

  Hi:
  Based on paper titled "L3 MPLS VPN Enterprise Consumer Guide" page 52, figure 44. (http://www.cisco.com/en/US/partner/netsol/ns465/networking_solutions_white_papers_list.html).
  1) The figure discards the "streaming video" and "bulk data" traffics within the mapping process. Why? What happens with these traffics? Both traffics are discarded or simply they need to be mapped to "Best Effort"? Please explain.
  2)In the same figure, "Interactive Video" is mapped to "Realtime" SP class with "Voice" traffic. Is this "Interactive Video" traffic always no TCP-based? If the opposite is true, why is it mixing TCP & UDP over the same "Realtime" class?

  Hi,
  That articles mentions that these protocols tend to use transport-layer protocols such as UDP and RTSP. That is true but there are a lot of different streaming protocols around and some of them do use TCP. In fact, even RTSP supports the use of TCP. And you can also stream via HTTP (Windows Media supports this, for example).
  So you see, there can be a mix of TCP and UDP traffic here.
  The other, more critical, reason for not mixing interactive-traffic with streaming (one-way) traffic is the drastically different jitter/latency requirements for the two. Streaming traffic will easily sustain latency in the order of seconds and jitter is not even a problem. Whereas interactive traffic will not. That is why you should not mix the two.
  Hope that helps - pls rate the post if it does.
  Paresh