larger cover

Add To My Wish List

Register your product to gain access to bonus material or receive a coupon.

Selecting MPLS VPN Services

eBook (Watermarked)

  • Sorry, this book is no longer in print.
  • About Watermarked eBooks
  • This PDF will be accessible from your Account page after purchase and requires the free Adobe® Reader® software to read it.

    The eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

    Watermarked eBook FAQ

Not for Sale
  • Description
  • Sample Content
  • Updates
  • Copyright 2006
  • Dimensions: 7-3/8" x 9-1/8"
  • Edition: 1st
  • eBook (Watermarked)
  • ISBN-10: 1-58705-396-9
  • ISBN-13: 978-1-58705-396-2

A guide to using and defining MPLS VPN services

  • Analyze strengths and weaknesses of TDM and Layer 2 WAN services
  • Understand the primary business and technical issues when evaluating IP/MPLS VPN offerings
  • Describe the IP addressing, routing, load balancing, convergence, and services capabilities of the IP VPN
  • Develop enterprise quality of service (QoS) policies and implementation guidelines
  • Achieve scalable support for multicast services
  • Learn the benefits and drawbacks of various security and encryption mechanisms
  • Ensure proper use of services and plan for future growth with monitoring and reporting services
  • Provide remote access, Internet access, and extranet connectivity to the VPN supported intranet
  • Provide a clear and concise set of steps to plan and execute a network migration from existing ATM/Frame Relay/leased line networks to an IP VPN

IP/MPLS VPNs are compelling for many reasons. For enterprises, they enable right-sourcing of WAN services and yield generous operational cost savings. For service providers, they offer a higher level of service to customers and lower costs for service deployment.

Migration comes with challenges, however. Enterprises must understand key migration issues, what the realistic benefits are, and how to optimize new services. Providers must know what aspects of their services give value to enterprises and how they can provide the best value to customers.

Selecting MPLS VPN Services helps you analyze migration options, anticipate migration issues, and properly deploy IP/MPLS VPNs. Detailed configurations illustrate effective deployment while case studies present available migration options and walk you through the process of selecting the best option for your network. Part I addresses the business case for moving to an IP/MPLS VPN network, with a chapter devoted to the business and technical issues you should review when evaluating IP/MPLS VPN offerings from major providers. Part II includes detailed deployment guidelines for the technologies used in the IP/MPLS VPN.

This book is part of the Networking Technology Series from Cisco Press®, which offers networking professionals valuable information for constructing efficient networks, understanding new technologies, and building successful careers.

Table of Contents

Part I      Business Analysis and Requirements of IP/MPLS VPN

Chapter 1   Assessing Enterprise Legacy WANs and IP/VPN Migration
Current State of Enterprise Networks 

Evolutionary Change of Enterprise Networks 

Acme, a Global Manufacturer 

      Acme’s Global Span 

      Business Desires of Acme’s Management 

      Acme’s IT Applications Base 

      Acme’s IT Communications Infrastructure 

New WAN Technologies for Consideration by Acme 

      Layer 3 IP/MPLS VPN Services 

      Layer 2 IP/MPLS VPN Services 

Convergence Services 

      Internet Access 

      Mobile Access and Teleworker Access 

      Voice Services: Service Provider Hosted PSTN Gateway 

      Voice Services: Service Provider Hosted IP Telephony 


Chapter 2   Assessing Service Provider WAN Offerings  

Enterprise/Service Provider Relationship and Interface 

Investigation Required in Selecting a Service Provider 

      Coverage, Access, and IP 

      Financial Strength of the Service Provider 



      IP Version 6 

      Provider Cooperation/Tiered Arrangements 

      Enhanced Service-Level Agreement 

      Customer Edge Router Management 

Service Management 

      Customer Reports and SLA Validation 


Chapter 3   Analyzing Service Requirements  

Application/Bandwidth Requirements 

Backup and Resiliency 

Enterprise Segmentation Requirements 

      Mapping VLANs to VPNs in the Campus 

Access Technologies 

      Frame Relay 


      Dedicated Circuit from CE to PE 

      ATM PVC from CE to PE 

      Frame Relay PVC from CE to PE 

      Metro Ethernet 

QoS Requirements 


      Packet Delay and Jitter 

      Packet Loss 

      Enterprise Loss, Latency, and Jitter Requirements 

      QoS at Layer 2 

Subscriber Network QoS Design 

      Baseline New Applications 

      Develop the Network 

Security Requirements 

      Topological and Network Design Considerations 

      SP-Managed VPNs 

Multiprovider Considerations 


Case Study: Analyzing Service Requirements for Acme, Inc. 

      Layer 2 Description 

      Existing Customer Characteristics That Are Required in the New    Network 

      DefenseCo’s Backbone Is a Single Autonomous System 

      Reasons for Migrating to MPLS 

      Evaluation Testing Phase 

      Routing Convergence 

      Jitter and Delay 

      Congestion, QoS, and Load Testing 

      Vendor Knowledge and Technical Performance 

      Evaluation Tools 


      Lessons Learned  

      Transition and Implementation Concerns and Issues 

      Post-Transition Results 



Part II     Deployment Guidelines  

Chapter 4   IP Routing with IP/MPLS VPNs  

Introduction to Routing for the Enterprise MPLS VPN 

      Implementing Routing Protocols 

      Network Topology 

      Addressing and Route Summarization 

      Route Selection 


      Network Scalability 




Site Typifying WAN Access: Impact on Topology 

      Site Type: Topology 

      WAN Connectivity Standards 

      Site Type A Attached Sites: Dual CE and Dual PE 

      Site Type B/3 Dual-Attached Site–Single CE, Dual PE  

      Site Type B/3 Dual-Attached Site–Single CE, Single PE 

      Site Type D Single-Attached Site–Single CE with Backup 

      Convergence: Optimized Recovery 

      IP Addressing 

      Routing Between the Enterprise and the Service Provider 

      Using EIGRP Between the CE and PE 

      How EIGRP MPLS VPN PE-to-CE Works 

      PE Router: Non-EIGRP-Originated Routes 

      PE Router: EIGRP-Originated Internal Routes 

      PE Router: EIGRP-Originated External Routes 

      Multiple VRF Support 

      Extended Communities Defined for EIGRP VPNv4 

      Metric Propagation 

      Configuring EIGRP for CE-to-PE Operation 

      Using BGP Between the CE and PE 

      Securing CE-PE Peer Sessions 

      Improving BGP Convergence 

Case Study: BGP and EIGRP Deployment in Acme, Inc. 

      Small Site–Single-Homed, No Backup 

      Medium Site–Single-Homed with Backup 

      Medium Site–Single CE Dual-Homed to a Single PE 

      Large Site–Dual-Homed (Dual CE, Dual PE) 

      Load Sharing Across Multiple Connections 

      Very Large Site/Data Center–Dual Service Provider MPLS VPN 

      Site Typifying Site Type A Failures 

      Solutions Assessment 



      Cisco Press 

Chapter 5   Implementing Quality of Service  

Introduction to QoS 

      Building a QoS Policy: Framework Considerations 

QoS Tool Chest: Understanding the Mechanisms 

      Classes of Service 

      Hardware Queuing 

      Software Queuing 

      QoS Mechanisms Defined 

      Pulling It Together: Build the Trust 

Building the Policy Framework 

      Classification and Marking of Traffic 

      Trusted Edge 

      Device Trust 

      Application Trust 

      CoS and DSCP 

      Strategy for Classifying Voice Bearer Traffic 

      QoS on Backup WAN Connections 

      Shaping/Policing Strategy 

      Queuing/Link Efficiency Strategy 

IP/VPN QoS Strategy 

      Approaches for QoS Transparency Requirements for the Service Provider


      QoS CoS Requirements for the SP Network 

      WRED Implementations 

Identification of Traffic 

      What Would Constitute This Real-Time Traffic? 

QoS Requirements for Voice, Video, and Data 

      QoS Requirements for Voice 

      QoS Requirements for Video 

      QoS Requirements for Data 

The LAN Edge: L2 Configurations 

      Classifying Voice on the WAN Edge 

      Classifying Video on the WAN Edge 

      Classifying Data on the WAN Edge 

Case Study: QoS in the Acme, Inc. Network 

      QoS for Low-Speed Links: 64 kbps to 1024 kbps 

QoS Reporting 



Chapter 6   Multicast in an MPLS VPN  

Introduction to Multicast for the Enterprise MPLS VPN 

      Multicast Considerations 

Mechanics of IP Multicast 


      Source Trees Versus Shared Trees 

      Protocol-Independent Multicast 

      Interdomain Multicast Protocols 

      Source-Specific Multicast 

      Multicast Addressing 

      Administratively Scoped Addresses 

      Deploying the IP Multicast Service 

      Default PIM Interface Configuration Mode 

      Host Signaling 


Multicast Deployment Models 

      Any-Source Multicast 

      Source-Specific Multicast 

      Enabling SSM  206
Multicast in an MPLS VPN Environment: Transparency 

      Multicast Routing Inside the VPN 

Case Study: Implementing Multicast over MPLS for Acme 

      Multicast Addressing 

      Multicast Address Management 

      Predeployment Considerations 

      MVPN Configuration Needs on the CE 

      Boundary ACL 

      Positioning of Multicast Boundaries 

      Configuration to Apply a Boundary Access List 

      Rate Limiting 

      MVPN Deployment Plan 

      Preproduction User Test Sequence 

What Happens When There Is No MVPN Support? 

      Other Considerations and Challenges 



Chapter 7   Enterprise Security in an MPLS VPN Environment  

Setting the Playing Field 

Comparing MPLS VPN Security to Frame Relay Networks 

      Security Concerns Specific to MPLS VPNs 

Issues for Enterprises to Resolve When Connecting at Layer 3 to Provider Networks 

      History of IP Network Attacks 

      Strong Password Protection 

      Preparing for an Attack 

      Identifying an Attack  

      Initial Precautions 

      Basic Attack Mitigation 

Basic Security Techniques 

      Remote-Triggered Black-Hole Filtering 

      Loose uRPF for Source-Based Filtering 

      Strict uRPF and Source Address Validation 

      Sinkholes and Anycast Sinkholes 

      Backscatter Traceback 

      Cisco Guard 

Distributed DoS, Botnets, and Worms 

      Anatomy of a DDoS Attack 


      Worm Mitigation 

Case Study Selections 



      Comparing MPLS VPN to Frame Relay Security 

      ACL Information 

      Miscellaneous Security Tools 

      Cisco Reference for MPLS Technology and Operation 

      Cisco Reference for Cisco Express Forwarding 

      Public Online ISP Security Bootcamp 

      Tutorials, Workshops, and Bootcamps 

      Original Backscatter Traceback and Customer-Triggered Remote-     Triggered Black-Hole Techniques 

      Source for Good Papers on Internet Technologies and Security 

      Security Work Definitions 

      NANOG SP Security Seminars and Talks 

      Birds of a Feather and General Security Discussion Sessions at NANOG 

Chapter 8   MPLS VPN Network Management  

The Enterprise: Evaluating Service Provider Management Capabilities 


      SLA Monitoring 

      Fault Management 


      Root Cause Analysis 

The Enterprise: Managing the VPN 






The Service Provider: How to Meet and Exceed Customer Expectations 


      Fault Monitoring 

      OAM and Troubleshooting 

      Fault Management 

      SLA Monitoring 




Chapter 9   Off-Net Access to the VPN  

Remote Access 

      Dial Access via RAS 

      Dial Access via L2TP 

      Connecting L2TP Solutions to VRFs 

      DSL Considerations 

      Cable Considerations 

IPsec Access 

      GRE + IPsec on the CPE 

      CE-to-CE IPsec 

      The Impact of Transporting Multiservice Traffic over IPsec 

      Split Tunneling in IPsec 

Supporting Internet Access in IP VPNs 

Case Study Selections 



      General PPP Information 

      Configuring Dial-In Ports 


      Layer 2 Tunnel Protocol Fact Sheet 

      Layer 2 Tunnel Protocol 

      VPDN Configuration Guide 

      VPDN Configuration and Troubleshooting 

      Security Configuration Guide 

      RADIUS Configuration Guide 

      Broadband Aggregation to MPLS VPN 

      Remote Access to MPLS VPN 

      Network-Based IPsec VPN Solutions 


      GRE + IPsec 


      Split Tunneling 

      Prefragmentation  373

Chapter 10  Migration Strategies  

Network Planning 

      Writing the RFP 

      Architecture and Design Planning with the Service Providers 

      Project Management 

      SLAs with the Service Providers 

      Network Operations Training 

Implementation Planning 

      Phase 1  

      Phase 2 

      Phase 3 

      Phase 4 

On-Site Implementation 

Case Study Selections 


Part III Appendix  

Appendix Questions to Ask Your Provider Regarding Layer 3 IP/MPLS VPN Capability  


Cisco Press Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Cisco Press and its family of brands. I can unsubscribe at any time.


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about Cisco Press products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.


Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites; develop new products and services; conduct educational research; and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.


If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.


This site is not directed to children under the age of 13.


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at and we will process the deletion of a user's account.


Users can always make an informed choice as to whether they should proceed with certain services offered by Cisco Press. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive:

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020