VRF-Lite+GRE/dot1q or MPLS L3 VPN

VRF-Lite + GRE - I am going to create a new category on the blog in which we will discuss together the different technologies, protocols, designs, and architecture.

You can suggest discussion topics and you all please welcome to join the discussions in the comment box of each topic.

I want to throw the first topic for the discussions! Which Enterprise Architecture is more complex? ( Did you read network complexity article in the blog? ) MPLS VPN Technologies and Design are explained in detail in my Instructor Led CCDE and Self-Paced CCDE course.  

VRF-lite with GRE/dot1q or MPLS L3VPN?

It is a very subjective topic I think there are no absolute corrects thus please share your opinion.

A Collective of our answers will be creating a detailed article and will provide a good resource for the people before they decide on a particular technology, protocol, or architecture.

UPDATE: Let me provide a very brief overview of vrf-lite and MPLS VPNs. How they can be carried through an overlay to provide data plane separation and how the same tasks can be achieved with MPLS layer 3 VPNs. Vrf-lite provides a control and data plane separation without requiring an MPLS as a control or data plane. You don’t need an MPLS encapsulation.

It should be configured hop by hop from source to destination.

Every node on the path should be configured separately.

GRE and dot1.q can provide data plane separation.

Vendor implementations might have hardware limits, so you should be aware of the limits.

The same is true mostly for the MPLS VPNs as well, the routing protocol process is limited and varies based on hardware.

By the way for those who don’t know what is the difference between control and data plane, very abstracted definition : The operations on the user traffic are handled at the data plane, and the operations between the networking devices are explained and handled with control plane operations.

MPLS VPN on the other hand requires a label at least on the control plane. MPLS VPN idea is to hide state from the core thus we provide encapsulation for the underlay.

On the other hand, every node from source to destination keeps state information in the context of Vrf-lite.

If you read the Network Complexity article in the blog, I explained that state information ( Routing tables, MPLS labels, ARP tables, L2 information, etc ) is directly related to the network complexity.

Encapsulation might be provided by the GRE, L2tpv3, LDP, RSVP, Segment Routing, and so on.

We call it transport or underlay, topmost label. (In general, you see and hear LDP but I provided many other possible encapsulations mechanisms) In the context of MPLS L3 VPNs, We have a second level of layering to separate end user traffic from each other. This is achieved through Multi-Protocol BGP (MP-BGP).

Created by
Orhan Ergun

Orhan Ergun, CCIE/CCDE Trainer, Author of Many Networking Books, Network Design Advisor, and Cisco Champion 2019/2020/2021

He created OrhanErgun.Net 10 years ago and has been serving the IT industry with his renowned and awarded training.

Wrote many books, mostly on Network Design, joined many IETF RFCs, gave Public talks at many Forums, and mentored thousands of his students.  

Today, with his carefully selected instructors, OrhanErgun.Net is providing IT courses to tens of thousands of IT engineers. 

View profile

Related courses

MPLS Zero to Hero Training

30:07:04 Hours
51 Lectures


VRF - Virtual Routing and Forwarding Course

02:47:52 Hours
17 Lectures


CCNA - Cisco Certified Network Associate

27:24:01 Hours
98 Lectures