Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts
56
Posted byCCNA R&S2 years ago
Archived

What is MPLS as WAN service?

As everybody know Cisco will be upgrading the CCNA to v3 in August. There are some new topics included in the exam. One of these topics is called MPLS WAN service. In the v2 the MPLS WAN service was just mentioned and there were not much details. However, in v3 the topic is expanded. I've noticed that there is misconception that the actual MPLS protocol will be studied. So I decided to write a post about what is MPLS as WAN Service and how the configuration looks like from the enterprise point of view.

What is MPLS as WAN service?

Let's say you work for a company that has two offices - site 1 and site 2 - in two different locations across the country. Instead of getting standard consumer Internet service, you order MPLS WAN service from an ISP. The service comes with SLA (speed, latency, time to fix, etc). The ISP responsibility is to get your IP packets from site 1 to site 2 in accordance with the SLA.

I'll use the following diagram for the scenario. Each site has a LAN subnet; in this case I am using /32 loopback address for simplicity. Site 1's LAN IP is 55.55.55.55/32, site 2's is 66.66.66.66/32.

To achieve this the ISP has to provision two lines for you - site 1 to the nearest ISP POP and site 2 to its nearest POP. On layer 1 the line can be copper or fiber Ethernet, T1, etc. On Layer 2 the service can be Frame Relay, Ethernet, ATM, PPP, etc. Once the lines are provisioned the ISP gives you IP for site 1 and IP for site 2 - 192.168.1.2/30 and 172.16.1.2/30 respectively. Your responsibility will be to configure your interfaces towards the ISP. In the example I am using Ethernet:

SITE-1:

CE-SITE-1#show ip int br | e una
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            192.168.1.2     YES manual up                    up
Loopback0                  55.55.55.55     YES manual up                    up

SITE-2:

CE-SITE-2#show ip int br | e una
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            172.16.1.2      YES manual up                    up
Loopback0                  66.66.66.66     YES manual up                    up

In order for the ISP to carry your packets from one site to the other, you'll need to run a routing protocol between your CE (Customer Edge router) and the ISP's PE (Provider Edge router) and advertise your networks/subnets to the ISP. The ISP will re-advertise these networks to the other site. This way you will have routing between the two sites. In the example I'll be using OSPF between Site 1 and the ISPs PE and EIGRP between Site 2 and ISP's PE.

SITE-1:

CE-SITE-1#show run | s router ospf
router ospf 1
 network 55.55.55.55 0.0.0.0 area 0
 network 192.168.1.0 0.0.0.3 area 0

SITE-2:

CE-SITE-2#show run | s router eigrp
router eigrp 2
 network 66.66.66.66 0.0.0.0
 network 172.16.1.0 0.0.0.3

If the ISP has provisioned the whole service, you will see the OSPF/EIGRP neighborship up and both the LAN and the WAN networks in the routing tables on both CEs:

SITE 1:

CE-SITE-1#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
192.168.1.1       1   FULL/DR         00:00:39    192.168.1.1     FastEthernet0/0

CE-SITE-1#show ip route | b Ga
Gateway of last resort is not set

      55.0.0.0/32 is subnetted, 1 subnets
C        55.55.55.55 is directly connected, Loopback0
      66.0.0.0/32 is subnetted, 1 subnets
O E1     66.66.66.66 [110/2] via 192.168.1.1, 00:34:55, FastEthernet0/0
      172.16.0.0/30 is subnetted, 1 subnets
O E1     172.16.1.0 [110/2] via 192.168.1.1, 00:34:55, FastEthernet0/0
      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.1.0/30 is directly connected, FastEthernet0/0
L        192.168.1.2/32 is directly connected, FastEthernet0/0

SITE 2:

CE-SITE-2#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(2)
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   172.16.1.1              Fa0/0              9 00:20:44  718  4308  0  4

CE-SITE-2#show ip route | b Ga
Gateway of last resort is not set

      55.0.0.0/32 is subnetted, 1 subnets
D EX     55.55.55.55 [170/30720] via 172.16.1.1, 00:18:36, FastEthernet0/0
      66.0.0.0/32 is subnetted, 1 subnets
C        66.66.66.66 is directly connected, Loopback0
      172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        172.16.1.0/30 is directly connected, FastEthernet0/0
L        172.16.1.2/32 is directly connected, FastEthernet0/0
      192.168.1.0/30 is subnetted, 1 subnets
D EX     192.168.1.0 [170/30720] via 172.16.1.1, 00:18:36, FastEthernet0/0

Depending on the ISP policies you may see two different trace routes between the sites.

1.The ISP may not want to show you the whole path across their network:

SITE 1:

CE-SITE-1#traceroute 66.66.66.66
Type escape sequence to abort.
Tracing the route to 66.66.66.66
VRF info: (vrf in name/id, vrf out name/id)
  1 192.168.1.1 12 msec 8 msec 4 msec
  2 172.16.1.1 [MPLS: Label 21 Exp 0] 36 msec 56 msec 48 msec
  3 172.16.1.2 88 msec 48 msec 64 msec

SITE 2:

CE-SITE-2#traceroute 55.55.55.55
Type escape sequence to abort.
Tracing the route to 55.55.55.55
VRF info: (vrf in name/id, vrf out name/id)
  1 172.16.1.1 28 msec 16 msec 16 msec
  2 192.168.1.1 [MPLS: Label 16 Exp 0] 84 msec 48 msec 60 msec
  3 192.168.1.2 88 msec 80 msec 36 msec

2.The ISP doesn't care and you can see the whole path:

SITE 1:

CE-SITE-1#traceroute 66.66.66.66
Type escape sequence to abort.
Tracing the route to 66.66.66.66
VRF info: (vrf in name/id, vrf out name/id)
  1 192.168.1.1 28 msec 8 msec 8 msec
  2 10.1.2.2 [MPLS: Labels 18/21 Exp 0] 36 msec 48 msec 44 msec
  3 10.2.3.3 [MPLS: Labels 18/21 Exp 0] 48 msec 48 msec 48 msec
  4 172.16.1.1 [MPLS: Label 21 Exp 0] 44 msec 48 msec 40 msec
  5 172.16.1.2 40 msec 56 msec 56 msec

SITE 2:

CE-SITE-2#traceroute 55.55.55.55
Type escape sequence to abort.
Tracing the route to 55.55.55.55
VRF info: (vrf in name/id, vrf out name/id)
  1 172.16.1.1 36 msec 16 msec 16 msec
  2 10.3.4.3 [MPLS: Labels 16/16 Exp 0] 44 msec 68 msec 56 msec
  3 10.2.3.2 [MPLS: Labels 16/16 Exp 0] 56 msec 64 msec 48 msec
  4 192.168.1.1 [MPLS: Label 16 Exp 0] 56 msec 60 msec 56 msec
  5 192.168.1.2 48 msec 68 msec 48 msec

On the trace routes you can see MPLS labels. These are because the ISP is using the MPLS protocol in their network and the forwarding in the ISP network is based on these labels.

The ISP is getting the routes from you and advertises them to another site of yours. The routing information is kept separate so that the routes from ISP's network or the routes from other customers don't mix up.

Essentially the whole service is called MPLS Layer 3 VPN. I don't know why they call it only MPLS, it only confuses people in my opinion.

EDIT: Added output for the OSPF and EIGRP neighborships.

45 comments
97% Upvoted
This thread is archived
New comments cannot be posted and votes cannot be cast
level 1
CCNP R&S8 points · 2 years ago

You are absolutely correct in your conclusion that the proper terminology is MPLS Layer 3 VPN, or L3VPN. Some ISPs offer L2VPN which also uses MPLS in the core.

level 2
CCNA R&SOriginal Poster9 points · 2 years ago · edited 2 years ago

Yes and they call it Metro Ethernet rather than L2VPN. I am planning to do write up on it as well.

level 3
CCENT, NET+, A+3 points · 2 years ago

Looking forward to the writeup on Metro-E/VPLS!

level 3

Nice, that's the one I've dealt with a ton, carrier-side and enterprise-side, have been wanting to get into MPLSl3vpn and your guide is awesome!

level 1
CCNA RS/W, BCNP, BCvRE5 points · 2 years ago

Great write up!

If anyone in here has any questions regarding how MPLS is used on the ISP side, I can answer them.

Quick way to visualize it from the client side :

MPLS L3VPN : The provider "cloud" is just like a single router all your sites connect to. You need a routing protocol (or static routes) to exchange information with the provider.

MPLS L2PVN, also called VPLS or Metro-E : The provider "cloud" is like a single switch. All of your sites will see each other. You can often even carry VLAN information across the WAN.

level 2
¯\_(ツ)_/¯ 2 points · 2 years ago · edited 2 years ago

0.03673146863995003

level 3
CCNA RS/W, BCNP, BCvRE2 points · 2 years ago

Not personally, but I know we have about 2 or 3,000 ME3400 currently deployed for our MetroE offering. We are currently swapping a large part of our internal "clients" to ASR920 due to an MPLS re-architecture, maybe I'll be able to get an ME3400 to play with.

level 4
¯\_(ツ)_/¯ 2 points · 2 years ago · edited 2 years ago

0.7888130724480662

level 5
CCNA RS/W, BCNP, BCvRE2 points · 2 years ago

Yep, I can't tell you the exact reason why (secret!), but I can assure you that it make sense! ;-)

level 6
¯\_(ツ)_/¯ 2 points · 2 years ago · edited 2 years ago

0.24658948972960226

level 7
CCNA RS/W, BCNP, BCvRE2 points · 2 years ago

Oh yeah, the ASR9k would have been way overkill!

The ASR920 is a 1U, multiple port "aggregation router". Which means it's exactly the same as an L3 switch that supports MPLS L3VPN and routing protocols. So you are pretty much spot on with your MLS comparison.

The ASR9k is another thing completely. We run them in the real big PoPs.

level 7

The 920 runs XE, and it's the ME3600 replacement.

I've used plenty of ME switches and have plenty of 3600x's and 920's now going out.

level 8
¯\_(ツ)_/¯ 1 point · 2 years ago · edited 2 years ago

0.691911267829122

level 9

Cisco's moving heavily towards the "The equipment is overkill, just unlock with licensing", especially in regards to all its ASR equipment. My 9k's shipped with big labels on them specifically telling you what SKU to order to use the rest of the built in ports.

The ASR920 isn't without it's issues, and have near daily reports sent of new bugs found. But the 3600x's STILL being this old that they're EOL have daily reports as well. To be honest, the 3600 is terrible. I have to choose between multicast traffic, or SSH management. If I try both, it will slowly just crash itself and requires a physical reboot. They made several models that had too much on them in some aspects, but not enough in others. Two Te interfaces doesn't let you expand much, especially these days that 1G internal links is all but worthless in ISP space.

EDIT: And the ASR920 being a replacement to the 3400 is overkill, but I'm sure they're going to kill the 3600/3800 along with it soon and also have the 920 take it over. That 3400 model is only 24 Fa and 2 Gi, so to have the replacement be 24 Gi and 4 Te is an awfully big leap.

level 5
CCNP R&S1 point · 2 years ago

The ASR920 isn't much more expensive than the ME3400. It also has the advantage of being able to push MPLS to the edge, and is capable of delivering 10Gbps services.

level 6
¯\_(ツ)_/¯ 1 point · 2 years ago · edited 2 years ago

0.9329525543645922

level 7
CCNP R&S1 point · 2 years ago

The 920 is basically the replacement for 3600/3800, which are approaching end of life/sale. Not sure on dates, but yeah, ageing platform.

level 3
Meow 🐈🐈Meow 🐱🐱 Meow Meow🍺🐈🐱Meow A+!1 point · 2 years ago

Yeah, their biggest difference is their version of private-vlans is baked into the port behaviour by default.

level 4
¯\_(ツ)_/¯ 1 point · 2 years ago · edited 2 years ago

0.7991252992207627

level 5
Meow 🐈🐈Meow 🐱🐱 Meow Meow🍺🐈🐱Meow A+!1 point · 2 years ago

Yeah but that goes without saying :)

Oh well ASRs everywhere!

level 6
¯\_(ツ)_/¯ 1 point · 2 years ago · edited 2 years ago

0.5205065284205391

level 7
CCNP R&S1 point · 2 years ago

Yeah the ASR1000 range is a solid platform. It's a shame their throughput licences are absurdly expensive.

level 8
¯\_(ツ)_/¯ 1 point · 2 years ago · edited 2 years ago

0.6536940138759596

level 2
Network Engineer1 point · 2 years ago

Can Metro-E be completely layer 2? We have it, but still use OSPF to advertise site IPs to each other. I guess if we only used VLANs between sites we wouldn't have to?

level 3
CCNA R&SOriginal Poster2 points · 2 years ago

It is layer 2. You can run routing protocols between the sites and they'll be direct neighbors. The ISP will carry only the layer 2 frames between the sites, the layer 3 is the site owner's responsibility.

level 1
Meow 🐈🐈Meow 🐱🐱 Meow Meow🍺🐈🐱Meow A+!3 points · 2 years ago

You sir have earned a kitty

level 2
CCNA R&SOriginal Poster2 points · 2 years ago

Oh, wow, didn't expect that. Thanks! :)

level 1
2 points · 2 years ago

What is VPLS? I have read it uses MPLS.

level 2
CCNA R&SOriginal Poster4 points · 2 years ago · edited 2 years ago

VPLS is L2VPN service. The MPLS protocol is used on the ISP side only. From enterprise point of view, the remote sites will seem as if they are connected through a switch, they will be seeing each other on layer 2.

level 1
Meow 🐈🐈Meow 🐱🐱 Meow Meow🍺🐈🐱Meow A+!2 points · 2 years ago

Just to add to this, most of the time the CE will use BGP with a private AS to simplify the MPLS implementation on the ISP side.

But depending on your requirements you can potentially use any routing protocol you want assuming the ISP is willing to play ball with you.

level 1

Great breakdown especially since I am on the tail end of the ICND2 book which just broke down HDLC, PPP, and Frame Relay!

But I am still confused and have been for awhile. Why in the world would anyone subscribe to a WAN service?

As you mentioned in your post. Someone with two sites can either get internet service or WAN service. But actually they would need both internet service and WAN service if they wanted to go the WAN route. Everyone needs internet nowadays unless you are saying that site two would WAN to site one then go out to the internet from there.

But I digress. I'm wondering why anyone would use a WAN. I'm a novice in all this but if I wanted to connect to another site, why not just use standard internet to get there. I could talk to a file server through public IP, or what have you on the distant site, easy piece of cake. Can you explain why WAN is even used nowadays? The book lists one or two reasons. Such as it can be more secure than internet VPN but that's about it. Please explain.

level 2
CCNA R&SOriginal Poster3 points · 2 years ago

You have SLA which you don't have with the regular Internet service. You can have L3VPN service between the sites and each site can have separate Internet service. The inter-site traffic will be going through the L3VPN service as more reliable.

Another scenario your sites may have Internet connection and L3VPN service to a/the data center. You need more reliable connection the DC and this is where the SLA comes into play. Especially if your exchange servers and domain controllers, for example, are in the DC you must have reliable connection. Can't afford to not have email service and access to the AD for long periods of time.

level 2
CCENT, NET+, A+3 points · 2 years ago

On mobile so a short reply but most larger companies will have point to point links from remote offices back their headquarters where the connection to the Internet will be. That way the remote office have a connection to the Internet plus a connection to their headquarters (email, file shares, etc.). Better quality of service than having a connection to the Internet and then a VPN into the main office through the Internet. Plus point to point links are yours and yours alone, no chance for capture of data like it is across the Internet.

level 3

Ok. That makes sense. But one question. I saw that in the book as well about a chance of capture across the Internet instead of through WAN. But i don't understand that. The packets are still going through an ISP. So there not only your facilities that the packets flow through. Also I don't understand how someone would capture general Internet traffic either.

level 2
Network Engineer1 point · 2 years ago

If you're using Internet service at your sites, you'll need some kind of VPN so they can talk to each other, you don't want that going over the Internet. This is provided in MPLS or VPLS but not with local internet providers. Now you're talking firewalls at each site an VPN tunnels, messy. Then yea, you'll need a separate internet connection, but usually you'll backhaul that traffic to your data center or HQ. They are on the decline though with technologies like SD-WAN becoming prominent. Plug in all those cheap Internet connections and go. MPLS service from AT&T is expensive as shit. I'm happy to see them being dumped cause I had the same thought as you. Why would you want this?

level 1

So set up any interface with an IP, set up something to broadcast routes, plug in to the carrier and you're done as far as the CCNA cares? They're not going to ask about things like timing on a T1 or encapsulation differences on different media?

level 2
CCNA R&SOriginal Poster2 points · 2 years ago

Leased lines, HDLC and PPP are covered in different section of the book - point-to-point WANs. MPLS L3 (MPLS WAN) and L2 VPNs (Metro Ethernet) are private WAN services.

level 3

Ahhh, cool cool! Thanks!

level 1

Basically it doesn't sound like they are going to go in much more depth than the Alcatel Lucent NRS1 did on MPLS. Out of curiosity are you going to need to identify in a topology where a label is getting pushed vs popped?

level 2
CCNA R&SOriginal Poster1 point · 2 years ago

The Cisco equivalent to NRS 1 is the service provide track. All the interesting things are there - MPLS protocol (LIB, LFIB, label forwarding, popping, swapping, pushing, PHP), LDP, RSVP, BGP, MP-BGP, IS-IS, multicast, QoS among others.

level 3

Gotcha. I'm actually somewhat interested in the service provider track, but I haven't seen a lot of materials for even the CCNA SP nevermind the higher level tiers.

level 4
CCNA R&SOriginal Poster1 point · 2 years ago · edited 2 years ago

CBT have videos for SPNGN1 and SPNGN2, INE have for CCIE SP but that's about it. You have to go through the exam topics and find materials to learn on your own, unfortunately. I am also planning to go this track but I am thinking shooting for CCIE directly.

level 5

I found the CBT series and didn't realize that INE had one. Good to know. I'm not as confident about trying to directly shoot for a CCIE, but good luck with that.

level 1
Comment deleted1 year ago
level 2
CCNA R&SOriginal Poster1 point · 1 year ago

You know promoting brain dump sites is against the rules of this sub?

/u/the-packet-thrower, /u/jpeek

Community Details

35.9k

Subscribers

98

Online

Create Post
r/ccna Rules
1.
No posting of illegal materials
2.
No posting of braindumps
3.
Be courteous and helpful
4.
Don't ask others to complete your labs
Cookies help us deliver our Services. By using our Services or clicking I agree, you agree to our use of cookies. Learn More.