MPLS and NAT: same purpose?

dppagcdppagc Member Posts: 293
NAT translate private ip address into public ip address to differentiate them.
In MPLS private address is appended with a route distinguisher to differentiate them.
In this case, those NAT and MPLS serve the same purpose?
Why use MPLS then?

Comments

  • OctalDumpOctalDump Member Posts: 1,722
    The name is the recipe. Multiprotocol Label Switching - can carry multiple protocols with inherent QoS, and uses labels to switch traffic - ie fast switching based on the label and not on protocol headers. MPLS is tuned for the typical modern telecom network which can use one network to carry all data (voice, IP, video or whatever) and perform very fast switching of massive amounts of data (a primary design consideration, although less important these days). Since it runs on layer 2, to provide a consistent interface for layer 3, it also means that the underlying layer 2 and lower technologies can be masked. This makes running networks with heterogenous technologies (eg wireless, copper, fibre, ATM, ethernet, sonnet, HSPD etc etc) a little easier.

    If you want to stretch for an analogy, it's more like VPN, where your IP data is tunnelled through. Your IP data doesn't care that MPLS exists. It sees the MPLS network as basically one wire from the entry to exit. And to some extent, MPLS doesn't care that your data is IP. MPLS is effectively an abstracted layer 2, running on layer 2, hence the layer 2.5 nomer.

    NAT on the other hand, does care very much about IP - at least as far as the header. It is a transformation of layer 3 data - where the IP packets themselves are changed. This is much more resource intensive, and most useful for gateways and "end users". This creates an interruption in the path, which is almost the opposite of MPLS with its near total transparency.
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • theodoxatheodoxa Member Posts: 1,340 ■■■■□□□□□□
    MPLS and NAT are completely different technologies. NAT allows you to map one IP to another or multiple IPs to one IP + multiple Ports. MPLS is a WAN technology used to provide a Layer 2 or Layer 3 connection between remote sites. MPLS uses labels to switch your data across the provider's backbone between sites. The same basic idea purpose as DLCIs in Frame Relay.
    R&S: CCENT CCNA CCNP CCIE [ ]
    Security: CCNA [ ]
    Virtualization: VCA-DCV [ ]
  • dppagcdppagc Member Posts: 293
    If I am an ISP, will I use NAT to translate customer addresses and forward them to the internet or use a dedicated L3VPN tunnel with vpnv4 AF to the internet cloud?
  • reload@reload@ Member Posts: 44 ■■□□□□□□□□
    If you were an ISP and the customer wants Internet access, then you would allocate a public IP address or address block to the customer. NAT would be handled by the customer. You don't need MPLS to provide Internet service. You can just route their traffic. There is no forwarding them to the Internet. You, as an ISP, are part of the Internet.
  • dppagcdppagc Member Posts: 293
    Ok for

    NAT: 192.168.X.X to public ip address
    MPLS: 192.168.X.X: Route distinguisher.

    Both of them use 192.168.X.X.. Dont the two of them conflict each other. That is why I ask about them.
    That is why I am asking how an ISP designs a network.
  • daveybdaveyb Member Posts: 28 ■□□□□□□□□□
    With NAT, you translate from one address to another.

    EG I have 192.168.0.0/24 on my home LAN. My ISP gives me a single IP address of 8.9.10.11. My CPE translates from 192.168.0.0/24 to 8.9.10.11, and all my traffic passes over the Internet looking like its sourced from 8.9.10.11.

    Route distinguishers in relation to MPLS are a completely different kettle of fish. These are used for route announcements into BGP for an ISPs VPN customers.

    EG I have customer A and customer B. Both customers are using 10.0.0.0/24 for a site in their respective VPNs. This is an overlapping prefix.

    BGP by default cannot carry both routes, and treat them differently. They look the same as far as it is concerned. To overcome this a RD is used.

    There are a few different schemes that can be used to construct a RD. My preference is the loopback of the device combined with a unique ID for a customer.

    So Customer A I will give unique ID 1001. Customer B will get 1002.

    These two /24s both reside on a single PE. Its loopback address is 192.168.1.1.

    To create the RD you append the unique ID onto the loopback (Again there are a few different methods. This is just one. They all have the same outcome.)

    Customer A RD: 192.168.1.1:1001
    Customer B RD: 192.168.1.1:1002

    Now when a route is announced into BGP from this PE, it prepends the route distinguisher onto the prefix. So the route announcements look like:

    Customer A Route: 192.168.1.1:1001:10.0.0.0/24
    Customer B Route: 192.168.1.1:1002:10.0.0.0/24

    BGP can now differentiate between the two routes.

    When another PE imports the routes, it strips off the RD from the front of the prefix, and installs it into an appropriate VRF. (This is done by another BGP attribute - Route Target)

    Traffic NEVER passes over an ISPs network using any address related to the RD. It is only used when advertising routes into BGP.

    RFC 4364 is probably worth a read if you have serious interest in this.
  • dppagcdppagc Member Posts: 293
    Three Questions:
    Where did 10.0.0.0/24 come from?
    Are you sure the PE loopback address is
    192.168.1.1?
    What happens if I want the customer wants L3VPN between 2 sites & also want internet connection for both sites?
    Do they use MPLS or NAT?


  • daveybdaveyb Member Posts: 28 ■□□□□□□□□□
    This is just an example. The addresses can be anything you want. The loopback address of a PE can be anything you want.

    If you really wanted, you could have a loopback address of 192.168.1.1, and a customer prefix of 192.168.1.0/24, then you could have a RD like 192.168.1.1:1001:192.168.1.0/24.

    There is no implicit connection between the beginning part of the address, and the end of the address. The only job of the RD is to make sure that a prefix that is using space that is often overlapped is unique on network within BGP.

    If a customer wants an L3VPN between multiple sites, and want an Internet connection into their VPN, then yes, NAT will typically be used. Usually there is a circuit that connects into the VPN into a firewall. This firewall then has a straight Internet connection with one or more globally routeable addresses routed to it. The firewall then performs NAT from the private addressing on the VPN site to the globally routeable addresses on the Internet side.
  • dppagcdppagc Member Posts: 293
    Hmm... actually this was what I was trying to ask. In that case is NAT and MPLS applied on the same PE router at the same time when the customer wants L3VPN and internet at the same time?

    In that case do you have any sample configuration?
  • daveybdaveyb Member Posts: 28 ■□□□□□□□□□
    No. In this case, NAT is configured on a CPE. Not the PE.
  • reload@reload@ Member Posts: 44 ■■□□□□□□□□
    dppagc wrote: »
    Ok for

    NAT: 192.168.X.X to public ip address
    MPLS: 192.168.X.X: Route distinguisher.

    Both of them use 192.168.X.X.. Dont the two of them conflict each other. That is why I ask about them.
    That is why I am asking how an ISP designs a network.
    No they don't conflict because NAT is the responsibility of the customer not the ISP. The ISP will not learn about the customer's private IP prefixes when it comes to Internet service.

    Here's a simple breakdown:

    Internet:
    - Provides customer connectivity to the Internet
    - NAT is customer's responsibility
    - ISP only cares about the public IP address allocated to the customer
    - ISP will not learn about the customer's private IP prefixes

    MPLS L3VPN:
    - Provides connectivity between customer sites
    - Private "router-in-the-cloud" for the customer so NAT is not required
    - ISP will learn about the customer's private IP prefixes so that they can be shared between customer sites
  • dppagcdppagc Member Posts: 293
    Hmm... this is my question. If both MPLS and NAT is needed are they configured on the same CE interface?
  • networker050184networker050184 Mod Posts: 11,962 Mod
    NAT could take place there. Or it could not. MPLS could be used just to get customer service to a shared firewall where it's NAT'ed. There are so many use cases your questions aren't very simple to answer with an all encompassing yes or no. As it is 99.99% of the time in networking, the answer is it depends.
    An expert is a man who has made all the mistakes which can be made.
  • netsysllcnetsysllc Member Posts: 479 ■■■■□□□□□□
    dppagc, you are over thinking this. Nat is used at a gateway device to allow many hosts with private IPs to access the internet using one public IP. MPLS is used by an ISP to connect a clients sites together, this can sort of be thought as a vpn but at a much lower level. Sites connected over MPLS can be on the same subnet. Also MPLS should be a faster connection with QOS because it is within the ISP networks rather than going over the public internet across multiple providers.
  • dppagcdppagc Member Posts: 293
    Okay. Let say we use MPLS but not NAT.
    How is 192.168.1.1:RD going to be identified in the public domain (internet) if only MPLS is used?
  • daveybdaveyb Member Posts: 28 ■□□□□□□□□□
    I think I gave a pretty comprehensive explanation about what an RD is, and how it is used above. It is only used in BGP to differentiate between overlapping addresses between customers. Traffic is never transmitted with RD information attached.
  • networker050184networker050184 Mod Posts: 11,962 Mod
    dppagc wrote: »
    Okay. Let say we use MPLS but not NAT.
    How is 192.168.1.1:RD going to be identified in the public domain (internet) if only MPLS is used?

    It's not. That's the point of an L3VPN. To keep routing tables separate from the global table. MPLS doesn't change the fact RFC1918 space is not routable on the internet.
    An expert is a man who has made all the mistakes which can be made.
Sign In or Register to comment.