+ Reply to Thread
Results 1 to 18 of 18
  1. Senior Member
    Join Date
    Dec 2014
    Posts
    259
    #1

    Default MPLS and NAT: same purpose?

    NAT translate private ip address into public ip address to differentiate them.
    In MPLS private address is appended with a route distinguisher to differentiate them.
    In this case, those NAT and MPLS serve the same purpose?
    Why use MPLS then?
    Reply With Quote Quote  

  2. SS -->
  3. Woohoo! It's over 1000!
    Join Date
    Aug 2015
    Location
    Australia
    Posts
    1,680

    Certifications
    RHCSA, Linux+, ACSA, ACTC, ACSP, MCSA:7, MCTS, ITIL F, Prince2 Pract, AgilePM Practioner, VCP-DCV, Storage+, CCNA R+S, CCNA Sec, Security+, CEH, CASP
    #2
    The name is the recipe. Multiprotocol Label Switching - can carry multiple protocols with inherent QoS, and uses labels to switch traffic - ie fast switching based on the label and not on protocol headers. MPLS is tuned for the typical modern telecom network which can use one network to carry all data (voice, IP, video or whatever) and perform very fast switching of massive amounts of data (a primary design consideration, although less important these days). Since it runs on layer 2, to provide a consistent interface for layer 3, it also means that the underlying layer 2 and lower technologies can be masked. This makes running networks with heterogenous technologies (eg wireless, copper, fibre, ATM, ethernet, sonnet, HSPD etc etc) a little easier.

    If you want to stretch for an analogy, it's more like VPN, where your IP data is tunnelled through. Your IP data doesn't care that MPLS exists. It sees the MPLS network as basically one wire from the entry to exit. And to some extent, MPLS doesn't care that your data is IP. MPLS is effectively an abstracted layer 2, running on layer 2, hence the layer 2.5 nomer.

    NAT on the other hand, does care very much about IP - at least as far as the header. It is a transformation of layer 3 data - where the IP packets themselves are changed. This is much more resource intensive, and most useful for gateways and "end users". This creates an interruption in the path, which is almost the opposite of MPLS with its near total transparency.
    2017 Goals - MCSA 2008, CISSP, CCNP:R+S, Agile PM
    Reply With Quote Quote  

  4. Senior Member
    Join Date
    Jan 2013
    Location
    Florida
    Posts
    1,321

    Certifications
    CCNP: R&S, CIW: Web Foundations; MCTS: Active Directory; MCP: 2000 Professional; CNA: NetWare 5; CompTIA A+
    #3
    MPLS and NAT are completely different technologies. NAT allows you to map one IP to another or multiple IPs to one IP + multiple Ports. MPLS is a WAN technology used to provide a Layer 2 or Layer 3 connection between remote sites. MPLS uses labels to switch your data across the provider's backbone between sites. The same basic idea purpose as DLCIs in Frame Relay.
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Dec 2014
    Posts
    259
    #4
    If I am an ISP, will I use NAT to translate customer addresses and forward them to the internet or use a dedicated L3VPN tunnel with vpnv4 AF to the internet cloud?
    Reply With Quote Quote  

  6. Member reload@'s Avatar
    Join Date
    May 2016
    Location
    DMV
    Posts
    44

    Certifications
    CCNP, JNCIP
    #5
    If you were an ISP and the customer wants Internet access, then you would allocate a public IP address or address block to the customer. NAT would be handled by the customer. You don't need MPLS to provide Internet service. You can just route their traffic. There is no forwarding them to the Internet. You, as an ISP, are part of the Internet.
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Dec 2014
    Posts
    259
    #6
    Ok for

    NAT: 192.168.X.X to public ip address
    MPLS: 192.168.X.X: Route distinguisher.

    Both of them use 192.168.X.X.. Dont the two of them conflict each other. That is why I ask about them.
    That is why I am asking how an ISP designs a network.
    Reply With Quote Quote  

  8. Junior Member
    Join Date
    May 2016
    Posts
    28
    #7
    With NAT, you translate from one address to another.

    EG I have 192.168.0.0/24 on my home LAN. My ISP gives me a single IP address of 8.9.10.11. My CPE translates from 192.168.0.0/24 to 8.9.10.11, and all my traffic passes over the Internet looking like its sourced from 8.9.10.11.

    Route distinguishers in relation to MPLS are a completely different kettle of fish. These are used for route announcements into BGP for an ISPs VPN customers.

    EG I have customer A and customer B. Both customers are using 10.0.0.0/24 for a site in their respective VPNs. This is an overlapping prefix.

    BGP by default cannot carry both routes, and treat them differently. They look the same as far as it is concerned. To overcome this a RD is used.

    There are a few different schemes that can be used to construct a RD. My preference is the loopback of the device combined with a unique ID for a customer.

    So Customer A I will give unique ID 1001. Customer B will get 1002.

    These two /24s both reside on a single PE. Its loopback address is 192.168.1.1.

    To create the RD you append the unique ID onto the loopback (Again there are a few different methods. This is just one. They all have the same outcome.)

    Customer A RD: 192.168.1.1:1001
    Customer B RD: 192.168.1.1:1002

    Now when a route is announced into BGP from this PE, it prepends the route distinguisher onto the prefix. So the route announcements look like:

    Customer A Route: 192.168.1.1:1001:10.0.0.0/24
    Customer B Route: 192.168.1.1:1002:10.0.0.0/24

    BGP can now differentiate between the two routes.

    When another PE imports the routes, it strips off the RD from the front of the prefix, and installs it into an appropriate VRF. (This is done by another BGP attribute - Route Target)

    Traffic NEVER passes over an ISPs network using any address related to the RD. It is only used when advertising routes into BGP.

    RFC 4364 is probably worth a read if you have serious interest in this.
    Reply With Quote Quote  

  9. Senior Member
    Join Date
    Dec 2014
    Posts
    259
    #8
    Three Questions:
    Where did 10.0.0.0/24 come from?
    Are you sure the PE loopback address is
    192.168.1.1?
    What happens if I want the customer wants L3VPN between 2 sites & also want internet connection for both sites?
    Do they use MPLS or NAT?


    Reply With Quote Quote  

  10. Junior Member
    Join Date
    May 2016
    Posts
    28
    #9
    This is just an example. The addresses can be anything you want. The loopback address of a PE can be anything you want.

    If you really wanted, you could have a loopback address of 192.168.1.1, and a customer prefix of 192.168.1.0/24, then you could have a RD like 192.168.1.1:1001:192.168.1.0/24.

    There is no implicit connection between the beginning part of the address, and the end of the address. The only job of the RD is to make sure that a prefix that is using space that is often overlapped is unique on network within BGP.

    If a customer wants an L3VPN between multiple sites, and want an Internet connection into their VPN, then yes, NAT will typically be used. Usually there is a circuit that connects into the VPN into a firewall. This firewall then has a straight Internet connection with one or more globally routeable addresses routed to it. The firewall then performs NAT from the private addressing on the VPN site to the globally routeable addresses on the Internet side.
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Dec 2014
    Posts
    259
    #10
    Hmm... actually this was what I was trying to ask. In that case is NAT and MPLS applied on the same PE router at the same time when the customer wants L3VPN and internet at the same time?

    In that case do you have any sample configuration?
    Reply With Quote Quote  

  12. Junior Member
    Join Date
    May 2016
    Posts
    28
    #11
    No. In this case, NAT is configured on a CPE. Not the PE.
    Reply With Quote Quote  

  13. Member reload@'s Avatar
    Join Date
    May 2016
    Location
    DMV
    Posts
    44

    Certifications
    CCNP, JNCIP
    #12
    Quote Originally Posted by dppagc View Post
    Ok for

    NAT: 192.168.X.X to public ip address
    MPLS: 192.168.X.X: Route distinguisher.

    Both of them use 192.168.X.X.. Dont the two of them conflict each other. That is why I ask about them.
    That is why I am asking how an ISP designs a network.
    No they don't conflict because NAT is the responsibility of the customer not the ISP. The ISP will not learn about the customer's private IP prefixes when it comes to Internet service.

    Here's a simple breakdown:

    Internet:
    - Provides customer connectivity to the Internet
    - NAT is customer's responsibility
    - ISP only cares about the public IP address allocated to the customer
    - ISP will not learn about the customer's private IP prefixes

    MPLS L3VPN:
    - Provides connectivity between customer sites
    - Private "router-in-the-cloud" for the customer so NAT is not required
    - ISP will learn about the customer's private IP prefixes so that they can be shared between customer sites
    Reply With Quote Quote  

  14. Senior Member
    Join Date
    Dec 2014
    Posts
    259
    #13
    Hmm... this is my question. If both MPLS and NAT is needed are they configured on the same CE interface?
    Reply With Quote Quote  

  15. Went to the dark side.... Moderator networker050184's Avatar
    Join Date
    Jul 2007
    Posts
    11,645

    Certifications
    CCNA, CCNP, CCIP, JNCIA-JUNOS, JNCIS-SP, JNCIP-SP, MCA200
    #14
    NAT could take place there. Or it could not. MPLS could be used just to get customer service to a shared firewall where it's NAT'ed. There are so many use cases your questions aren't very simple to answer with an all encompassing yes or no. As it is 99.99% of the time in networking, the answer is it depends.
    An expert is a man who has made all the mistakes which can be made.
    Reply With Quote Quote  

  16. Senior Member
    Join Date
    Apr 2012
    Location
    Sahuarita AZ
    Posts
    472

    Certifications
    MCSE
    #15
    dppagc, you are over thinking this. Nat is used at a gateway device to allow many hosts with private IPs to access the internet using one public IP. MPLS is used by an ISP to connect a clients sites together, this can sort of be thought as a vpn but at a much lower level. Sites connected over MPLS can be on the same subnet. Also MPLS should be a faster connection with QOS because it is within the ISP networks rather than going over the public internet across multiple providers.
    Reply With Quote Quote  

  17. Senior Member
    Join Date
    Dec 2014
    Posts
    259
    #16
    Okay. Let say we use MPLS but not NAT.
    How is 192.168.1.1:RD going to be identified in the public domain (internet) if only MPLS is used?
    Reply With Quote Quote  

  18. Junior Member
    Join Date
    May 2016
    Posts
    28
    #17
    I think I gave a pretty comprehensive explanation about what an RD is, and how it is used above. It is only used in BGP to differentiate between overlapping addresses between customers. Traffic is never transmitted with RD information attached.
    Reply With Quote Quote  

  19. Went to the dark side.... Moderator networker050184's Avatar
    Join Date
    Jul 2007
    Posts
    11,645

    Certifications
    CCNA, CCNP, CCIP, JNCIA-JUNOS, JNCIS-SP, JNCIP-SP, MCA200
    #18
    Quote Originally Posted by dppagc View Post
    Okay. Let say we use MPLS but not NAT.
    How is 192.168.1.1:RD going to be identified in the public domain (internet) if only MPLS is used?
    It's not. That's the point of an L3VPN. To keep routing tables separate from the global table. MPLS doesn't change the fact RFC1918 space is not routable on the internet.
    An expert is a man who has made all the mistakes which can be made.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks