February 9, 2010

Deploying and Configuring MPLS VPNs in IP Tunnel Environments

Service providers (SPs), and Enterprises alike are migrating from existing ATM, Frame Relay (FR), and Time Division Multiplex (TDM) infrastructures to an IP-based backbone. Current IP backbones can no longer be designed just to transport IP packets. Instead, Next Generation (NG) Internet Protocol (IP) backbones must be capable of providing multiple IP services over a single physical infrastructure, using techniques such as differentiated quality of service (QoS) and secure transport layer. In addition, NG IP backbones should provide Layer 2/3 VPNs, IP multicast, IPv6, and granular traffic-engineering capabilities.

Ultimately, these IP backbones should be scalable and flexible enough to support the mission-critical, time-sensitive applications that all modern networks require and to meet new demands for applications, services, and bandwidth. Multiprotocol Label Switching (MPLS), when used on an IP backbone, provides the mechanism to offer rich IP services and transport capabilities to the routing infrastructure.

Additionally providing the capabilities to offer MPLS based VPNʼs over a non-MPLS capable IP core offers an extremely flexible, cost efficient virtualized WAN design that is simple to configure, whilst at the same time maintaining the support for core infrastructure services such as security and QoS

A typical deployment is well suited to a high bandwidth deployment running tunneled MPLS between regional locations, where the number of tunnels is relatively few. However the throughout required for each tunnel may be in the 1 - 10Gbps range.

This white paper examines the advanced Virtual Private Network (VPN) capabilities in next generation application aware WAN designs specifically focusing on MPLS VPN over an IP-only core; that being deployment of MPLS VPN over IP Tunnels (GRE) and will examine the benefits, deployment options, configurations, as well as the associated technologies such as IPSec, QOS and Fragmentation.

Download Paper
(Webtorials registration required. Click here if you forgot your username/password.)


This is the type of detailed, technical paper that our community loves. Getting this level of tutorial information is difficult, and the paper does a great job of meeting that need.

I especially like the fact that the paper goes into a fair level of detail on issues like dealing with fragmentation, encryption, and QoS.

As you explore the depths of this paper, the paper's author, Russell Kelly, is standing by to discuss and answer questions.

I hope you'll take advantage of this great opportunity!

So I'll kick off the discussion...

Recently at Webtorials we've been discussing the benefits of WAN Ethernet services. One of the major advantages of these services is the simplicity. It's about as close as you can get to "plug and play."

This paper is wonderfully detailed, but it also points up the inextricable link between having a high degree of control and the requisite complexity that this involves.

Can you elaborate on what this solution brings that makes it worth the effort?

The capability to offer MPLS based VPNʼs over a non-MPLS capable IP core offers an extremely flexible, cost efficient virtualized WAN design that is simple to configure, whilst at the same time maintaining the support for core infrastructure services such as security and QoS. Any enterprise (or even SP) can tunnel their own internal VPN (virtalized networks), be they L2 or L3, over any IP backbone with ease - giving end-to-end virtualization.

Hi Russell,

I'm hoping you might be able to answer a related question for me. I've been told that the Cisco 7600 is unable to provide NetFlow reporting when configured for MPLS VPNs. Do you know if this is true? Does this also impact other Cisco products? As a sales person for a packet capture and analysis vendor I am interested in understanding the scope of potential market opportunity if implementing MPLS VPN does in fact limit NetFlow.


You can use two following netflow features to create MPLS VPN traffic statistics:

1) ingress IP netflow on VRF interfaces
2) egress IP netflow on VRF interfaces

option 1) will track down traffic entering a VPN on a particular VPN interface
option 2) will track down traffic exiting a VPN on a particular VPN interface

Search Webtorials

Get E-News and Notices via Email




I accept Webtorials' Terms and Conditions.

Trending Discussions

See more discussions...

Featured Sponsor Microsites



Please note: By downloading this information, you acknowledge that the sponsor(s) of this information may contact you, providing that they give you the option of opting out of further communications from them concerning this information.  Also, by your downloading this information, you agree that the information is for your personal use only and that this information may not be retransmitted to others or reposted on another web site.  Continuing past this point indicates your acceptance of our terms of use as specified at Terms of Use.

Webtorial® is a registered servicemark of Distributed Networking Associates. The Webtorial logo is a servicemark of Distributed Networking Associates. Copyright 1999-2018, Distributed Networking Associates, Inc.