MPLS Layer 3 VPNs

Cisco Jun 15, 2025
  • Routing protocol between PE and CE to learn customer routes
  • VRF - Virtual Routing and Forwarding
  • VPNv4 Route - Information added to routes to identify the customer
  • mBGP used to exchange VPNv4 routes between PE routers
  • No encryption on traffic

PE to PE mBGP 

router bgp 65536
	neighbor 5.5.5.5 remote-as 65536
	neighbor 5.5.5.5 update-source Loopback0
	address-family vpnv4
		neighbor 5.5.5.5 activate
		neighbor 5.5.5.5 send-community extended
		
		
show ip bgp neighbors | section capabilities

VRFs

Export - take route out of VRF

Import - adding route into VRF

VRF is locally significant, case sensitive

Route Distinguisher/Targets ASN:# or IP:#. can be the same at both sides

Export on one side needs to match Import on other side

Interface will lose IP address configuration when assigning a vrf

!!IPv4 only
ip vrf 101:ACME 

vrf definition 101:ACME
	rd 1.1.1.1:1
	address-family ipv4
		route-target export 1.1.1.1:101
		route-target import 5.5.5.5:101
		
int fa2/0
	vrf forwarding 101:ACME
	ip address 172.16.101.1 255.255.255.252
	
	
show vrf
show ip route vrf 101:ACME

CE to PE routing

Don’t need to use the same protocol at each site.

next hop self option needed if using BGP

!!PE

router ospf 101 vrf 101:ACME
	network 172.16.101.1 0.0.0.0 area 0
	
router eigrp 1
	address-family ipv4 vrf 101:ACME autonomous-system 101
		network 172.16.0.0
	
router rip
	version 2
	address-family ipv4 vrf 101:ACME
		network 192.168.202.0
		no auto-summary

router bgp 65536
	address-family ipv4 vrf 101:ACME
		neighbor 192.168.202.2 remote-as 65537
	address-family vpnv4
		neighbor 1.1.1.1 next-hop-self

!!CE

router ospf  1
	net 0.0.0.0 255.255.255.255 area 0
	
router eigrp 101
	no auto-summary
	network 0.0.0.0

router rip
	version 2
	network 0.0.0.0
	no auto-summary

router bgp 65537
	neighbor 192.168.202.1 remote-as 65536
	redistribute connected

Redistribution

Not needed if using BGP

VPNv4 Routes - Prefix, RD, RT, VPN Label

show ip bgp vpnv4 rd 1.1.1.1:1 labels OR show bgp vpnv4 unicast rd 1.1.1.1:1 labels

show mpls forwarding-table vrf 101:ACME

router bgp 65536
	address-family ipv4 vrf 101:ACME
		redistribute ospf 101 vrf 101:ACME
		redistribute eigrp 101 vrf 101:ACME
		redistribute rip
		
router ospf 101 vrf 101:ACME
	redistribute bgp 65536 subnets
	
router eigrp 1
	address-family ipv4 vrf 101:ACME autonomous-system 101
		redistribute bgp 65536 metric 1 1 1 1 1
		
router rip
	version 2
	address-family ipv4 vrf 101:ACME
		redistribute bgp 65536 metric 5

Tags

Craig Garnham

Recommended for you