Orhan Ergun No Comments

Benefits of MPLS – Why MPLS is used ? – MPLS Advantages

Benefits of MPLS, Why MPLS is used on today networks and the Advantages of MPLS will be explained in this post.

As an Encapsulation and VPN mechanism, MPLS brings many benefits to the IP networks. In this article most of them will be explained and design examples will be shared by referring more detailed articles on the website as well.

Below list shows the benefits of MPLS. Although this may not be the full list, comment section always open for your comment and questions.


  • Faster packet processing with MPLS compare to IP

Read more

Orhan Ergun No Comments

BGP in MPLS Layer 3 VPN – BGP as a PE-CE Routing Protocol

BGP can be used as a PE-CE routing protocol in MPLS Layer 3 VPN. Also Service Providers run MP-BGP (Multiprotocol BGP) if they have MPLS Layer 3 VPN.

In this article, MP-BGP will not be explained since it has been explained here earlier in detail.

When BGP is used as a PE-CE routing protocol between the customer and its MPLS Layer 3 VPN Provider, it is important to say that there is no need to redistribute on the Service Provider PE. All the other routing protocol require redistribution from MP-BGP into the routing protocol and vice versa.

In this post, I will explained what are the design considerations when BGP is used as PE-CE routing protocol in MPLS Layer 3 VPN and the how you can mitigate possible routing loop problems.

Last but not least, I will share when CE (Customer Equipment) is multihomed to two PEs (Provider Edge Device), what would be the design considerations if BGP is used in MPLS Layer VPN. Read more

Orhan Ergun 2 Comments

Inter-AS Option AB (a.k.a Option D)

Inter-AS Option AB is also known as Option D or Hybrid Inter AS Option. It is called Hybrid because Inter-AS Option B uses the best capabilities of Inter-AS Option A and Inter-AS Option B. These capabilities will be explained throughout this post.

MPLS VPN providers often need to inter-connect different ASes to provide VPN services to customers.

Inter-AS Option AB first deployed by Cisco but today many vendors including Juniper provides Inter-AS Option AB feature.

But what are the best capabilities of the Inter-AS Option A and Inter-AS Option B ? Read more

Orhan Ergun No Comments

What is MPLS tunnel label and why it is used ?

In networking we use many times different terms to define the same thing. MPLS tunnel label or transport label are just two of those.

Not only transport and tunnel labels but also other terms are used to define the same thing which these labels provide.

Let me explain first why and where MPLS tunnel label is used. Read more

Orhan Ergun 1 Comment

What does PE-CE mean in MPLS ?

What does PE-CE mean in the context of MPLS ? What is CE , P and PE device in MPLS and MPLS VPN ?

These are foundational terms and definition in MPLS.

MPLS is one of the most commonly used encapsulation mechanism in Service Provider networks and before studying more advanced mechanisms, this article is must read.

In order to understand PE-CE, we need to understand first what are PE and CE in MPLS.

Let’s take a look at below figure.


Figure -1 MPLS network PE, P and CE routers Read more

Orhan Ergun 24 Comments

MPLS Design Question

MPLS Design Question – MPLS is one of the most commonly used encapsulation method today. Especially on Wide Area Networks of the Service Providers, Large Enterprises and some datacenters.

Service Providers sell MPLS services to customers for decades. When customers want to have Service Provider redundancy so two MPLS circuit from different Service Providers, Inter AS MPLS service is created between those providers.

Or customers have a location where their MPLS service provider don’t have there but customer wants to have end to end MPLS connectivity between their all locations, again Inter MPLS Service is created between the providers.

If you are a visual learners and want to understand the basics of Inter AS MPLS VPN Options, check my youtube channel and subscribe for the more design videos.

Read more

Orhan Ergun 1 Comment

What does BGP free core mean ?

What is the meaning of BGP free core?

BGP refers to an Internet protocol used between different Autonomous System on the Internet. The purpose of this post is not to explain the fundamentals of BGP, as I believe that readers are already familiar with the basic of BGP and IP routing operation. To understand the rudimentary aspect of BGP, click here to peruse articles on BGP.

Let’s look at the topology shown below to understand the BGP operation and IP destination-based lookup. Read more

Orhan Ergun 2 Comments

What is RSVP-TE ?

What is RSVP-TE (RSVP Traffic Engineering)? 

RSVP-TE refers to a resource reservation protocol that is invented in order to allocate a bandwidth for the individual flows on the network devices.

To say it another way, RSVP-TE are extensions to the RSVP protocol specified in the RFC 3209.

Although, RSVP-TE has been initially invented as a Quality Service Mechanism in an Intserv QoS architecture, it has never been used in modern networks due to scalability problems.

This is also because allocating tremendous number of flows on the networking nodes creates scalability problems. Read more

Orhan Ergun No Comments

MPLS Design Case Study

MPLS Design – MPLS Design Case Studies are the useful resources to learn the design details of MPLS.

You will be provided a brief information about the business and technical requirements. You can share your answer at the comment section below.

Note: This is only one of the case studies in the DesignWorld.

DesignWorld provides video and written content for the network designers.

Read more

Orhan Ergun No Comments

Why Should You Place Less Emphasis on MPLS Traffic Engineering

If I input MPLS traffic engineering on any search engines, I will find about 100 articles on the internet providing the same explanations about MPLS traffic engineering.

But unfortunately, nobody ask these questions: do I really need it? What are the reasons behind the implementation of MPLS Traffic Engineering?

Would it worth the time and energy to deploy and learn such a complex technology if there are many easier, resource-friendly alternatives.

In this article, I will explain all the answers to these questions.  Undoubtedly, MPLS traffic engineering has many used cases and it helps to solve numerous problems in an MPLS enabled networks.

Read more

Orhan Ergun No Comments

Dual Carrier MPLS VPN Design

For the purpose of high availability, critical locations of company A – a customer of VPN service provider – is connected to two different carriers. However, this connectivity requires an important design consideration.

Read more

Orhan Ergun No Comments

Single Vs. Dual Carrier Design

Companies don’t always have high availability. What’s more, there is always a concern of budget and complexity with the high availability even though a number of factors need to be considered during network design.

If the applications of the company do not require high availability, dual carrier or two links to the same carrier is not necessary.

Multihoming refers to a connection to the two different carriers/service providers even though two routers via two links to the same provider is not considered multihomed.

Read more

Orhan Ergun 2 Comments

IGP LDP Synchronization

I implore all my readers to always remember this topic: IGP LDP synchronization. It is important to use IGP LDP synchronization to avoid blackholing, especially when MPLS networks fails to function effectively.


igp ldp synchronization


Read more

Orhan Ergun 4 Comments

Advanced Carrier Supporting Carrier Design

LDP is the most commonly used label distribution protocol in today MPLS networks. Although it lacks of Traffic Engineering, Admission Control, Fast Reroute capabilities, it scales very well because of its Multi Point to Point Label Switched Path.BGP can also assign a label for the IP and also for the VPN prefixes and in this article I will show you how BGP provides extra level of scalability for the MPLS applications.

LDP can also be used to setup a targeted LDP session which is used by many applications such as L2VPNs, Remote LFA Fast Reroute, LDP over RSVP to scale RSVP networks and so on.

In this post I will explain the differences if you use IGP + LDP and the BGP + Label for the IP prefixes.

Read more

Orhan Ergun 15 Comments

What does really MPLS layer 2 VPN mean ?

Couple days before I received an email from one of my readers ( Ahmet Eris )  related with his design. He designed a network infrastructure for his customer and wanted me to take a look as well.

But I realized that Ahmet has some misunderstanding on the usage of MPLS layer 2 VPNs and I thought just briefly mentioning about it can help to my other readers as well. Read more

Orhan Ergun 19 Comments

Seamless MPLS

Seamless MPLS architecture can be used to create large scale MPLS networks, reduce operational touch points for service creation, reduce overall complexity and enable flexible service creation points in the Service Provider networks.

Seamless MPLS architecture is best suited to the very large scale service provider networks that have 10s or 100s of thousands access nodes and very large aggregation networks ,but still want to have a predictable,proven control planeRead more

Orhan Ergun 23 Comments

Carrier Supporting Carrier – CSC

[follow_me]CSC Carrier Supporting Carrier is a hierarchical MPLS VPN architecture between the Service Providers.

Service is an MPLS VPN service mostly but doesn’t have to be as you will see throughout the post. Read more

Orhan Ergun 2 Comments

MPLS Layer 2 and Layer 3 VPN

RFC 2547 defines standard MPLS VPN to carry customer prefixes over the MPLS backbone.

In February 2006 RFC 4364 was published for Inter AS VPNs which is known as Multi AS VPNs. RFC 4364 obsoleted RFC 2547 and  defined many other applications for MPLS VPNs such as CSC which is also known as Carrier Supporting Carrier with the Cisco terminology and Carrier of Carrier with the Juniper definition.

With basic Layer 3 MPLS VPN , Enterprise customers can carry their prefixes from multiple sites over SP backbone . It is multi point to multipoint connection. With the ATOM based MPLS solution which is Cisco’s E-Line solution , customer sites are connected as point to point and with VPLS multipoint to multipoint.

Basic difference with the VPLS and IP/VPN from customer point of view , with VPLS all attached sites share the same L3 network.Service Provider acts as a big switch for the customer. IP/MPLS VPNs use different IP address at each site.

With the IP/VPN also known as BGP or L3 VPN , customer runs IP routing protocol or static route with the Service provider and Customer equipment which is known as CE don’t see other CE as connected like in VPLS or ATOM based MPLS.

Depending on expectations of the customer from the Service Provider , for the MPLS L3/VPN case, customer can run any of the IGP routing protocols including EIGRP, OSPF, IS-IS , BGP or static route. You may want to talk with your Service Provider before you decide since some Service Providers don’t service every routing protocols. Most of them if not all supports BGP.

If customer wants very granular policy control, dual homed site connectivity, and customer network stuff well trained , best choice would be BGP.

In the past fast convergence was an issue with BGP and maybe still with the vanilla BGP configuration, recent enhancements allow BGP to converge super fast thanks to BGP Fast Reroute Mechanism which is BGP PIC.

All IGP protocol’s metric information can be carried over SP MPLS backbone end to end. In this case SP core behaves differently. For OSPF there is Superbackbone and for ISIS there is L3 backbone concepts. This is out of the scope of this post so I will not explain further.But if you want to learn and interested please comment, so I definitely write about them.

One another caveat for PE-CE protocol , for almost all protocol , if customer has backdoor link to another customer site, loop or suboptimal path usage may occur. We prefer generally MPLS link when it is necessary to have low latency , secure , reliable connection compare to Internet based option.

If customer has backup Internet link (Not MPLS but maybe DSL, 3G/LTE, Satellite,Microwave, Cable) and its requirement is low latency , predictable delay variation which is called as jitter , reliable and secure ( Relative ) connection, probably wants to use MPLS connection as primary and Internet connection as a backup although LTE is much cheaper and provides very high bandwidth nowadays and started to take its place as a primary connection on some networks or part of the network such as remote offices.


Orhan Ergun 20 Comments

Inter AS Option A Design Considerations and Comparison

Inter AS Option A is the easiest, most flexible, most secure Inter autonomous system MPLS VPN technology.

In the below topology VPN Customers A and B are connected to two different service providers via MPLS Layer 3 VPN. In order to have end to end MPLS VPN service, Service Providers use special mechanisms. In this article, I will explain the most basic one which is Inter-AS Option A, though there are many other things you need to know about Inter-AS Option A.

Our aim is to carry all the customer routes between the service providers.

There are many different ways of handling this case. In this post, I will explain Inter AS Option A MPLS/VPN, also known as VRF-to-VRF approach.



option a


 Figure 1: Inter-AS OptionA

I will use the topology depicted in fig. 1 throughout this post to explain Inter AS Option A operation.

In the above diagram, we have two service providers and the two customers which require Inter-AS MPLS VPN service.

The PE routers that connect the two providers are also known as ASBR (Autonomous System Boundary Router).

Inter AS Option A: an ASBR router in one Autonomous System attaches directly to an ASBR router in another Autonomous System.

The two ASBR routers are attached to multiple sub-interfaces; at least one of the VPNs whose routes need to be passed from one AS to the other AS is attached. In addition, those sub interfaces associate with the VRF table.

For each customer, service providers could use separate physical connection, instead of sub interface. However, doing that would not produce optimal result for resource utilization.

PE routers connected to the CE devices run MP-IBGP, either through full mesh or through RR (route reflector).


Inter AS Option A allows ASBR routers to keep all the VRFs for customers who require Inter AS service.


SP-A and SP-B ASBR routers maintain VPN forwarding table in LFIB. Furthermore, they keep routing information in RIB and FIB.

Compared to other AS options, ASBRs have high memory usage in Inter AS Option A.

However, other Inter AS VPN options do not have these capabilities.

ASBRs can either run the same routing protocol with the customer on the VRFs or use just EBGP.

For example if the requirement for customer A, is to keep routing information, such as metric end to end, SP-A and SP-B runs  same routing protocol on the ASBRs and the PE devices where the Customer CE device is attached to.

SP-A and SP-B: Inter AS Option A will have to manage redistribution at the ASBRs because the routes appear to the ASBR as BGP route from remote PEs. For customer A, those routes need to be redistributed  from BGP to Customer A PE-CE Routing protocol, and from the Customer A PE-CE routing protocol to BGP.

ASBRs associate each such sub-interface with a VRF.

Inter AS Option A does not require MPLS at the ASBRs unlike the other Inter AS options.

Since we need to have a separate VRF and sub interface for each customer VPN, separate routing protocol, dealing with redistribution for each protocol,  it is operationally cumbersome thus hard to scale.

Among all other Inter AS options since there is only IP routing between the AS, Option A is considered as most secure one.

In addition, it is the easiest option to implement between the AS because Option A does not require another control plane mechanism between service provider ASBRs such as LDP, BGP+label, or BGP-VPNv4.

Between the service providers on ASBRs, either IGP protocols or EBGP is used.

More importantly, other Inter AS Options (Inter AS Option B and Inter AS Option C) require additional control-plane protocols to advertise the customer or infrastructure prefixes between the ASBRs.

Since only IP traffic passes (Not MPLS) between the service providers, most granular QoS implementation is achieved with Option A. (Per sub-interface and IP DSCP vs. MPLS EXP)

For all Inter AS Options, it is very common that customers have to trust to the service provider for data integrity, confidentiality, and availability.

MPLS does not encrypt the packets because if a customer need end-to-end encryption, the user can deploy an IPSEC.

Below Inter AS MPLS VPN Options Comparison Table gives you most comprehensive analysis. In real life and also for the design exams it will be very useful since the comparison are done from the design point of view.



Inter AS MPLS VPN Options Comparison


Do you use MPLS VPN service? Is it from one provider or multiple providers?

Let’s talk about your design in the comment section.

Orhan Ergun No Comments

OSPF and IS-IS for MPLS Traffic Engineering

You need OSPF or IS-IS to distribute link information such as reserved, unreserved and used bandwidth, metric, link colouring information.These informations are used by CSPT ( Constraint based shortest path first ) algorithm.

For those who are familiar with MPLS-Traffic Engineering, path is calculated either at each and every device or with the offline computation tools such as NMS from the central place.

For the distributed computation, CSPF which is one of the flavour of Shortest Path First (SPF) algorithm is used.

CSPF computes a dynamic unidirectional MPLS TE LSP ( Label Switch Path ) by reaching the Traffic Engineering Database (TED).
TED database has different attributes than regular link state database which is created such as reserved , used , unreserved bandwidth on the interfaces, link colouring attributes and so on.Link colouring information is used to avoid SRLG ( Shared Risk Link Group ) path at the transport network.
These information can only be provided by the link state protocols. Thus if you want to calculate the MPLS TE LSP without helping the NMS ( Network Management System ) but on each and every LSR as distributed, you need to use link state routing protocols which are OSPF and IS-IS currently.