Orhan Ergun No Comments

MPLS Layer 3 VPN Deployment

In this post I will explain MPLS Layer 3 VPN deployment by providing a case study. This deployment mainly will be for green field environment where you deploy network nodes and protocols from scratch. This post doesn’t cover migration from Legacy transport mechanisms such as ATM and Frame Relay migration as it is covered  in the separate post on the website.

With MPLS, Layer 2 and Layer 3 VPN can be provided and main difference between MPLS Layer 2 and Layer 3 VPN  from the deployment point of view is, in MPLS Layer 3 VPN, customer has a routing neighborship with the Service Provider.

In MPLS Layer 2 VPN, Service Provider doesn’t setup a routing neighborship with the customer.

In the below topology I show you basic MPLS network.


mpls layer 3 vpn deployment

MPLS Network , Components and the Protocols

CE is the Customer Edge device and generally located at the customer location.

PE is the Provider Edge Device and located at the Service Provider POP location.

P is the Provider device and located inside the Service Provider POP location.

Case Study :


In the above topology, Customer is running EIGRP as an IGP and Service Provider infrastructure IGP protocol is IS-IS. Which technologies and the protocols should be enabled on the CE, P and PE devices ?

I will explain each check box in the above picture and you will understand whether we should enable a particular technology or protocol.

On the CE device


EIGRP : EIGRP should be enabled because as it is indicated in the case study, customer wants to use EIGRP as an IGP protocol. On the PE-CE link, EIGRP is activated.

IS-IS : On the CE device, IS-IS is not required.

MPLS : On the CE device, MPLS is not required based on these requirements. MPLS could be enabled if this customer receives Carrier Supporting Carrier Service.

MP-BGP : On the CE device,  MP-BGP (Multi Protocol BGP) is not required.

Redistribution : If Customer uses different protocol in their network, they need to do redistribution. It is not told in the case study thus no need for redistribution. If redistribution is necessary, try to deploy redistribution best practices.

VRF : If customer is not doing layer 3 virtualization , no need for VRF on the CE.

On the PE Device


Same set of protocols will be analyzed. In real life deployment, Service Provider might use different IGP than IS-IS and most probably will have different PE-CE routing protocol per customer as well.

EIGRP : On the PE device EIGRP is enabled for this customer. It is used to receive customer prefixes from the CE device. CE device (customer) advertises its IP prefixes over EIGRP neighborship.

MPLS : MPLS is enabled on the PE device as well. Not on the PE-CE link but towards P (Provider) device.

IS-IS : IS-IS is enabled on the PE device towards P device as well. I explained the IS-IS routing protocol Frequently Asked Questions, you may want to read it. Also reading my  IS-IS design considerations on MPLS Backbone  article  might be useful if you are reading this post.

MP-BGP : Multi Protocol BGP is enabled for the Layer 3 MPLS VPN on the PE devices. Between two PE devices or between PE and the BGP Router Reflector, VPN session is created.

Redistribution : On the PE device, for this customer, redistribution is performed as well. EIGRP prefixes are received from the CE devices and redistributed into BGP on the PE devices.

VRF : On the PE device, for each customer, separate VRF is created. Different customer prefixes are placed in different VRF table.

On the P device

EIGRP : EIGRP is a customer IGP in this deployment, thus EIGRP is not enabled on the P device. If Service Provider would decide to use EIGRP as an infrastructure (It is also called Internal) IGP, then EIGRP would be enabled on P device as well but EIGRP is not common infrastructure IGP protocol in the Service Provider networks.

MPLS : MPLS runs on the P device. Actually only job of the P device in the Service Provider network is packet processing between the edge devices. Thus, Infrastructure IGP and MPLS are the only necessary protocols.

IS-IS : In this case study, IS-IS is the IGP protocol of the Service Provider. That’s why IS-IS is enabled on the P device.

MP-BGP : BGP doesn’t run on the P devices in the MPLS enabled Service Provider network. This concept is known as BGP Free Core.

Redistribution: There is always only one IGP protocol on the P devices. That’s why never need for redistribution.

VRF : There is only one global routing table always on the P devices. That’s why never need for VRF as well.

Be Aware


  • Any routing protocol can be used between the customer and the Service Provider in MPLS Layer 3 VPN. Most common PE-CE routing protocol in  real life is Static Routing and BGP. If you want to understand how OSPF works, have a look at OSPF as a PE-CE routing protocol post.


  • Except BGP, if customer uses any other routing protocol, redistribution is performed on the PE devices. On the PE devices, BGP next hop is automatically changed as PE device, no need to configure ‘ next-hop self ‘. I explained the BGP next hop behavior in IP and MPLS network earlier in a separate post.
  • BGP VPN route reflector can be used to reduce complexity of the BGP mesh and have a scalability in the Service Provider network and can be placed in a central location such as datacenter. VPN BGP route reflector placement is much more flexible than IP Route Reflector and having routing loop is not much of an issue.
  • I will write a separate post on BGP IP and VPN Route Reflector Design Consideration but I recommend you to have a look Fate Sharing post to understand the possible problem of using IP and VPN BGP Route Reflector on the same device which is also called Multi Service Route Reflector.


Leave a Reply

Your email address will not be published.