Enhance Your IT Skills with OrhanErgun.net Online Training in Networking, Security, and Cloud Technologies.

Follow us
Segment Routing and MPLS VPN

Segment Routing and MPLS VPN

MPLS VPN and Segment Routing. Many people have been asking what are the differences between MPLS VPN and Segment Routing. In fact, this is a wrong question, because Segment Routing provides transport, MPLS VPN provides Service.

They are not mutually exclusive but they are complementary. In order to create end to end MPLS VPN service, Segment routing and MPLS VPN have to be provisioned in the network together.

So, Segment Routing is Underlay, MPLS VPN is Overlay. MPLS VPN can be setup without Segment Routing. Instead of Segment Routing as a Transport mechanism, LDP, RSVP,BGP or plane IP can be a Transport for the VPNs. Let me explain all of the above with the below example.


Segment Routing Architecture is covered in RFC 8402. If you are not familiar with Segment Routing at all, I suggest you to read my Segment Routing Key Points post now. If you are okay with the basics, please continue reading. Label 100 for the PE2 (Egress PE) loopback is advertised with the IGP protocol (Not via LDP or RSVP), and all the routers use identical label.(Node/Prefix Label is unique throughout the network) Unlike LDP, label 100 does not change hop by hop with Segment Routing. Through MP-BGP, PE1 still receives a VPN label for the CE2 prefixes from PE2.

BGP next hop is PE2 loopback on PE1. PE2 loopback is assigned label 100 and advertised in the IS-IS sub-TLV or OSPF Opaque LSA advertisements. In the above picture, Label 2000 is the VPN label which is advertised by PE2 to PE1 for the CE2 prefix. If you are familiar with MPLS VPNs, remember that P routers (P-1 and P-2 in the topology) are not aware of VPN label. P1 does not change the core/transport label (Label 100) , it just sends the packet to the P2.

If P2 receives an implicit null label from PE2, P2 does PHP (Penultimate Hop Popping). In sum, only the VPN label is sent to the PE2. Without using LDP but just by using IGP, MPLS VPN service is provided. Segment Routing does not require LDP for the transport tunnel because it uses IGP for the label advertisement.

Please note that Segment Routing eliminates to use LDP only for the transport label operation only. If you setup MPLS layer 2 VPN service and use LDP for PW signaling , Segment Routing and Targeted LDP are used as two control plane protocols to setup MPLS L2 VPN. MPLS is very powerful with its applications.

MPLS layer 2 VPNs (VPWS, VPLS, and VPMS), MPLS Layer 3 VPNs, and MPLS Traffic Engineering are the most common applications of IP/MPLS networks. MPLS Traffic Engineering is used in large enterprise networks, especially in Service Provider and Web OTT. More importantly, you can use all the MPLS applications with Segment Routing. Resource consumption such as the CPU and Memory can be reduced with Segment Routing greatly.

Summary: Segment Routing and MPLS VPN are used in today networks together. Segment Routing just eliminates removing LDP and RSVP as Transport Mechanism , for the Service LDP and BGP is used to provision MPLS Layer 2 or MPLS Layer 3 VPNs. Segment Routing still requires LDP or BGP for the MPLS VPN service. They have to be running together in the network to create end to end MPLS VPN service.

Author:

Orhan Ergun
Orhan Ergun CCIE/CCDE Trainer, Author of Many Networking Books, Network Design Advisor, and Cisco Champion 2019/2020/2021

He created OrhanErgun.Net 10 years ago and has been serving the IT industry with his renowned and awarded training.

Wrote many books, mostly on Network Design, joined many IETF RFCs, gave Public talks at many Forums, and mentored thousands of his students.  

Today, with his carefully selected instructors, OrhanErgun.Net is providing IT courses to tens of thousands of IT engineers.