What MPLS L3 VPN? | MPLS VPNv4 peering | MPLS LDP peering | How to configure MPLS L3 VPN Static?

 MPLS Layer 3 VPN (L3VPN) is a technology that enables service providers to offer secure and scalable IP-based VPN services to customers. It uses Multiprotocol Label Switching (MPLS) to route traffic efficiently while maintaining separation between different customer networks.

A static MPLS L3VPN typically refers to a setup where static routes are used instead of dynamic routing protocols like BGP or OSPF. This approach can be simpler to configure but may lack flexibility compared to dynamic routing.

Here are some key components of MPLS L3VPN:

• VRF (Virtual Routing and Forwarding): Allows multiple routing tables on a single router.
• MP-BGP (Multiprotocol BGP): Used to exchange VPN routes between provider edge (PE) routers.
• Route Distinguisher (RD): Helps differentiate overlapping IP addresses between customers.
• Route Target (RT): Defines which VPN routes should be imported/exported.

let's see the configuration:

Topology:-

1. Configure the topology as per the diagram 
2. Configure the IP addresses as per the topology
3. Configure EIGRP AS 65100 inside the MPLS CORE network
4. Ensure the connectivity inside MPLS CORE
5. Configure MPLS LDP Peering 
6. Create VRF A-1 for site 1 and VRF A-2 for site 2 (R1&R3)
7. Create route distinguisher value 500:1
8. Create route-target for both import and export value 500:1
9. Apply this on both sites
10. Configure route 1 fa0/0 under VRF A-1
11. Configure route 2 fa0/0 under VRF A-2
12. Configure default route on routers 5 and 4
13. Configure routing between PE and CE routers
14. Configure BGP VPNv4 peering
15. verify with show commands 

R1(config)#interface serial 5/0
R1(config-if)#ip address 12.1.1.1 255.0.0.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface serial 5/2
R1(config-if)#ip address 31.1.1.2 255.0.0.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#interface fastethernet 0/0
R1(config-if)#ip address 192.168.50.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit

R1(config)#interface loopback 1
R1(config-if)#ip address 192.168.11.1 255.255.255.0
R1(config-if)#exit
R1(config)#interface loopback 2
R1(config-if)#ip address 192.168.12.1 255.255.255.0
R1(config-if)#exit
R1(config)#interface loopback 3
R1(config-if)#ip address 192.168.13.1 255.255.255.0
R1(config-if)#exit
R1(config)#interface loopback 4
R1(config-if)#ip address 192.168.14.1 255.255.255.0
R1(config-if)#exit

R2(config)#interface serial 5/0
R2(config-if)#ip address 12.1.1.2 255.0.0.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#interface serial 5/1
R2(config-if)#ip address 23.1.1.1 255.0.0.0
R2(config-if)#no shutdown
R2(config-if)#exit
R2(config)#interface fastethernet 0/0
R2(config-if)#ip address 20.1.1.1 255.0.0.0
R2(config-if)#no shutdown
R2(config-if)#no keepalive
R2(config-if)#exit

R2(config)#interface loopback 1
R2(config-if)#ip address 192.168.21.1 255.255.255.0
R2(config-if)#exit
R2(config)#interface loopback 2
R2(config-if)#ip address 192.168.22.1 255.255.255.0
R2(config-if)#exit
R2(config)#interface loopback 3
R2(config-if)#ip address 192.168.23.1 255.255.255.0
R2(config-if)#exit
R2(config)#interface loopback 4
R2(config-if)#ip address 192.168.24.1 255.255.255.0
R2(config-if)#exit

R3(config)#interface serial 5/2
R3(config-if)#ip address 31.1.1.1 255.0.0.0
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#
R3(config)#interface serial 5/1
R3(config-if)#ip address 23.1.1.2 255.0.0.0
R3(config-if)#no shutdown
R3(config-if)#exit
R3(config)#
R3(config)#interface fastethernet 0/0
R3(config-if)#ip address 192.168.40.1 255.255.255.0
R3(config-if)#no shutdown
R3(config-if)#exit

R3(config)#interface loopback 1
R3(config-if)#ip address 192.168.31.1 255.255.255.0
R3(config-if)#exit
R3(config)#interface loopback 2
R3(config-if)#ip address 192.168.32.1 255.255.255.0
R3(config-if)#exit
R3(config)#interface loopback 3
R3(config-if)#ip address 192.168.33.1 255.255.255.0
R3(config-if)#exit
R3(config)#interface loopback 4
R3(config-if)#ip address 192.168.34.1 255.255.255.0
R3(config-if)#exit

R1(config)#router eigrp 65100
R1(config-router)#network 12.0.0.0
R1(config-router)#network 31.0.0.0
R1(config-router)#network 192.168.11.0
R1(config-router)#network 192.168.12.0
R1(config-router)#network 192.168.13.0
R1(config-router)#network 192.168.14.0
R1(config-router)#no auto-summary
R1(config-router)#exit

R2(config)#router eigrp 65100
R2(config-router)#network 12.0.0.0
R2(config-router)#network 23.0.0.0
R2(config-router)#network 192.168.21.0
R2(config-router)#network 192.168.22.0
R2(config-router)#network 192.168.23.0
R2(config-router)#network 192.168.24.0
R2(config-router)#no auto-summary
R2(config-router)#exit

R3(config)#router eigrp 65100
R3(config-router)#network 23.0.0.0
R3(config-router)#network 31.0.0.0
R3(config-router)#network 192.168.31.0
R3(config-router)#network 192.168.32.0
R3(config-router)#network 192.168.33.0
R3(config-router)#network 192.168.34.0
R3(config-router)#no auto-summary
R3(config-router)#exit

R4(config)#interface fastEthernet 0/0
R4(config-if)#ip address 192.168.40.2 255.255.255.0
R4(config-if)#no shutdown
R4(config-if)#exit

R5(config)#interface fastEthernet 0/0
R5(config-if)#ip address 192.168.50.2 255.255.255.0
R5(config-if)#no shutdown
R5(config-if)#exit

R1(config)#do ping 192.168.50.2
 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.50.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/44/60 ms

R1(config)#ip cef
R1(config)#mpls label protocol ldp
R1(config)#mpls label range 50 99
% Label range changes will take effect at the next reload.
R1(config)#mpls ldp router-id loopback 1

R1(config)#interface serial 5/0
R1(config-if)#mpls ip
R1(config-if)#exit

R1(config)#interface serial 5/2
R1(config-if)#mpls ip
R1(config-if)#exit

*Apr 11 16:41:57.043: %LDP-5-NBRCHG: LDP Neighbor 192.168.21.1:0 (1) is UP
*Apr 11 16:45:34.363: %LDP-5-NBRCHG: LDP Neighbor 192.168.31.1:0 (2) is UP

R1#show mpls ldp neighbor
    Peer LDP Ident: 192.168.21.1:0; Local LDP Ident 192.168.11.1:0
        TCP connection: 192.168.21.1.59807 - 192.168.11.1.646
        State: Oper; Msgs sent/rcvd: 23/24; Downstream
        Up time: 00:04:51
        LDP discovery sources:
          Serial5/0, Src IP addr: 12.1.1.2
        Addresses bound to peer LDP Ident:
          20.1.1.1        12.1.1.2        23.1.1.1        192.168.21.1
          192.168.22.1    192.168.23.1    192.168.24.1
    Peer LDP Ident: 192.168.31.1:0; Local LDP Ident 192.168.11.1:0
        TCP connection: 192.168.31.1.47653 - 192.168.11.1.646
        State: Oper; Msgs sent/rcvd: 19/19; Downstream
        Up time: 00:01:13
        LDP discovery sources:
          Serial5/2, Src IP addr: 31.1.1.1
        Addresses bound to peer LDP Ident:
          23.1.1.2        31.1.1.1        192.168.32.1    192.168.33.1
          192.168.34.1    192.168.31.1

R1#show mpls interface
Interface              IP            Tunnel   Operational
Serial5/0              Yes (ldp)     No       Yes
Serial5/2              Yes (ldp)     No       Yes
 
 
R2(config)#mpls label protocol ldp
R2(config)#mpls label range 100 149
R2(config)#mpls ldp router-id loopback 1

R2(config)#interface serial 5/0
R2(config-if)#mpls ip
R2(config-if)#exit
*Apr 11 16:41:56.579: %LDP-5-NBRCHG: LDP Neighbor 192.168.11.1:0 (1) is UP

R2(config)#interface serial 5/1
R2(config-if)#mpls ip
R2(config-if)#exit

*Apr 11 16:45:16.743: %LDP-5-NBRCHG: LDP Neighbor 192.168.31.1:0 (2) is UP


R2#show mpls ldp neighbor
    Peer LDP Ident: 192.168.11.1:0; Local LDP Ident 192.168.21.1:0
        TCP connection: 192.168.11.1.646 - 192.168.21.1.59807
        State: Oper; Msgs sent/rcvd: 24/23; Downstream
        Up time: 00:04:32
        LDP discovery sources:
          Serial5/0, Src IP addr: 12.1.1.1
        Addresses bound to peer LDP Ident:
          12.1.1.1        31.1.1.2        192.168.12.1    192.168.13.1
          192.168.14.1    192.168.11.1
    Peer LDP Ident: 192.168.31.1:0; Local LDP Ident 192.168.21.1:0
        TCP connection: 192.168.31.1.35815 - 192.168.21.1.646
        State: Oper; Msgs sent/rcvd: 20/19; Downstream
        Up time: 00:01:12
        LDP discovery sources:
          Serial5/1, Src IP addr: 23.1.1.2
        Addresses bound to peer LDP Ident:
          23.1.1.2        31.1.1.1        192.168.32.1    192.168.33.1
          192.168.34.1    192.168.31.1

 
R3(config)#mpls label protocol ldp
R3(config)#mpls label range 150 200
% Label range changes will take effect at the next reload.
R3(config)#mpls ldp router-id loopback 1

R3(config)#interface serial 5/1
R3(config-if)#mpls ip
R3(config-if)#exit
*Apr 11 16:45:16.663: %LDP-5-NBRCHG: LDP Neighbor 192.168.21.1:0 (1) is UP
R3(config)#interface serial 5/2
R3(config-if)#mpls ip
R3(config-if)#exit

R3#show mpls ldp neighbor
    Peer LDP Ident: 192.168.21.1:0; Local LDP Ident 192.168.31.1:0
        TCP connection: 192.168.21.1.646 - 192.168.31.1.35815
        State: Oper; Msgs sent/rcvd: 18/19; Downstream
        Up time: 00:00:46
        LDP discovery sources:
          Serial5/1, Src IP addr: 23.1.1.1
        Addresses bound to peer LDP Ident:
          20.1.1.1        12.1.1.2        23.1.1.1        192.168.21.1
          192.168.22.1    192.168.23.1    192.168.24.1
    Peer LDP Ident: 192.168.11.1:0; Local LDP Ident 192.168.31.1:0
        TCP connection: 192.168.11.1.646 - 192.168.31.1.47653
        State: Oper; Msgs sent/rcvd: 18/18; Downstream
        Up time: 00:00:28
        LDP discovery sources:
          Serial5/2, Src IP addr: 31.1.1.2
        Addresses bound to peer LDP Ident:
          12.1.1.1        31.1.1.2        192.168.12.1    192.168.13.1
          192.168.14.1    192.168.11.1

R1(config)#ip vrf A-1
R1(config-vrf)#rd 500:1
R1(config-vrf)#route-target import 500:1
R1(config-vrf)#route-target export 500:1
R1(config-vrf)#exit

R1#show ip vrf detail
VRF A-1; default RD 500:1; default VPNID <not set>
  No interfaces
  Connected addresses are not in global routing table
  Export VPN route-target communities
    RT:500:1
  Import VPN route-target communities
    RT:500:1

R1#show run | section vrf
ip vrf A-1
 rd 500:1
 route-target export 500:1
 route-target import 500:1

R1#show ip route connected
C    192.168.12.0/24 is directly connected, Loopback2
C    192.168.13.0/24 is directly connected, Loopback3
C    192.168.14.0/24 is directly connected, Loopback4
C    192.168.11.0/24 is directly connected, Loopback1
C    12.0.0.0/8 is directly connected, Serial5/0
C    192.168.50.0/24 is directly connected, FastEthernet0/0

R1(config)#interface fastethernet 0/0
R1(config-if)#ip vrf forwarding A-1
% Interface FastEthernet0/0 IP address 192.168.50.1 removed due to enabling VRF A-1
R1(config-if)#ip address 192.168.50.1 255.255.255.0
R1(config-if)#exit
R1(config)#exit

R1#show ip route vrf A-1
 
Routing Table: A-1
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
 
Gateway of last resort is not set
 
C    192.168.50.0/24 is directly connected, FastEthernet0/0

R1#show ip vrf
  Name                             Default RD          Interfaces
  A-1                              500:1               Fa0/0

R3(config)#ip vrf A-2
R3(config-vrf)#rd 500:1
R3(config-vrf)#route-target import 500:1
R3(config-vrf)#route-target export 500:1
R3(config-vrf)#exit

R3#show ip vrf detail
VRF A-2; default RD 500:1; default VPNID <not set>
  No interfaces
  Connected addresses are not in global routing table
  Export VPN route-target communities
    RT:500:1
  Import VPN route-target communities
    RT:500:1
  No import route-map
  No export route-map
  VRF label distribution protocol: not configured

R3#show run | section vrf
ip vrf A-2
 rd 500:1
 route-target export 500:1
 route-target import 500:1

R3(config)#interface fastethernet 0/0
R3(config-if)#ip vrf forwarding A-2
% Interface FastEthernet0/0 IP address 192.168.40.1 removed due to enabling VRF A-2
R3(config-if)#ip address 192.168.40.1 255.255.255.0
R3(config-if)#exit
R3(config)#exit

R3#show ip route vrf A-2
 
Routing Table: A-2
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
 
Gateway of last resort is not set
 
C    192.168.40.0/24 is directly connected, FastEthernet0/0

R3#show ip vrf
  Name                             Default RD          Interfaces
  A-2                              500:1               Fa0/0

R1(config)#ip route vrf A-1 50.1.1.1 255.255.255.255 192.168.50.2
R1(config)#END

R3(config)#ip route vrf A-2 40.1.1.1 255.255.255.255 192.168.40.2
R3(config)#exit

R4(config)#ip route 0.0.0.0 0.0.0.0 192.168.40.1
R4(config)#end

R5(config)#ip route 0.0.0.0 0.0.0.0 192.168.50.1
R5(config)#end

R1(config)#router bgp 65100

R1(config-router)#no bgp default ipv4-unicast

R1(config-router)#neighbor 192.168.31.1 remote-as 65100

R1(config-router)#neighbor 192.168.31.1 update-source loopback 1

R1(config-router)#address-family vpnv4 unicast

R1(config-router-af)#neighbor 192.168.31.1 activate

R1(config-router-af)#neighbor 192.168.31.1 send-community extended

R1(config-router-af)#neighbor 192.168.31.1 next-hope-self

R1(config-router-af)#neighbor 192.168.31.1 next-hop-self

R1(config-router-af)#exit

R3(config)#router bgp 65100

R3(config-router)#no bgp default ipv4-unicast

R3(config-router)#neighbor 192.168.11.1 remote-as 65100

R3(config-router)#neighbor 192.168.11.1 update-source loopback 1

R3(config-router)#address-family vpnv4 unicast

R3(config-router-af)#neighbor 192.168.11.1 activate

R3(config-router-af)#neighbor 192.168.11.1 send-com

R3(config-router-af)#neighbor 192.168.11.1 send-community extended

R3(config-router-af)#neighbor 192.168.11.1 next-hop-self

R3(config-router-af)#exit

R3(config-router)#exit

R3(config)#exit

*Apr 11 16:16:52.539: %BGP-5-ADJCHANGE: neighbor 192.168.11.1 Up

R1#show ip bgp vpnv4 all summary

BGP router identifier 192.168.14.1, local AS number 65100

BGP table version is 1, main routing table version 1

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd

192.168.31.1    4 65100       4       4        1    0    0 00:01:26        0

R3#show ip bgp vpnv4 all summary

BGP router identifier 192.168.34.1, local AS number 65100

BGP table version is 1, main routing table version 1

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd

192.168.11.1    4 65100       3       3        1    0    0 00:00:39        0

R1(config)#router bgp 65100

R1(config-router)#address-family ipv4 vrf A-1

R1(config-router-af)#redistribute static

R1(config-router-af)#redistribute connected

R1(config-router-af)#exit

R1(config-router)#EXIT

R1(config)#EXIT

R1#show ip route vrf A-1

Routing Table: A-1

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     50.0.0.0/32 is subnetted, 1 subnets

S       50.1.1.1 [1/0] via 192.168.50.2

B    192.168.40.0/24 [200/0] via 192.168.31.1, 00:00:31

     40.0.0.0/32 is subnetted, 1 subnets

B       40.1.1.1 [200/0] via 192.168.31.1, 00:00:47

C    192.168.50.0/24 is directly connected, FastEthernet0/0

R3(config)#router bgp 65100

R3(config-router)#address-family ipv4 vrf A-2

R3(config-router-af)#redistribute static

R3(config-router-af)#redistribute connected

R3(config-router-af)#exit

R3(config-router)#exit

R3(config)#exit

R3#show ip route vrf A-2

Routing Table: A-2

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     50.0.0.0/32 is subnetted, 1 subnets

B       50.1.1.1 [200/0] via 192.168.11.1, 00:01:14

C    192.168.40.0/24 is directly connected, FastEthernet0/0

     40.0.0.0/32 is subnetted, 1 subnets

S       40.1.1.1 [1/0] via 192.168.40.2

B    192.168.50.0/24 [200/0] via 192.168.11.1, 00:01:14

R4#ping 50.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 50.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 92/105/120 ms

R4#traceroute 50.1.1.1

Type escape sequence to abort.

Tracing the route to 50.1.1.1

  1 192.168.40.1 20 msec 48 msec 28 msec

  2 192.168.50.1 [MPLS: Label 25 Exp 0] 68 msec 68 msec 64 msec

  3 192.168.50.2 112 msec 112 msec 112 msec

R5#traceroute 40.1.1.1

Type escape sequence to abort.

Tracing the route to 40.1.1.1

  1 192.168.50.1 28 msec 24 msec 44 msec

  2 192.168.40.1 [MPLS: Label 25 Exp 0] 76 msec 64 msec 92 msec

  3 192.168.40.2 124 msec 108 msec 92 msec

R5#ping 40.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 40.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 88/119/144 ms