MPLS Layer 3 VPN communication between CE routers

When configuring MPLS Layer 3 VPNs such as that shown in the diagram below, direct communication between the CEs is not possible.


Specifically, communication between the networks on the Fa0/0 interfaces is not possible. This is because these networks are not advertised to the remote CE router.

If you issue the following command from CE1:


CE1 will send an echo request to the L0 interface of CE2 using the IP address of Fa0/1 as the source address. The ping will reach the L0 interface of CE2, but will not return because CE2 does not have the network in its routing table. Similarly, CE1 does not have the subnet in its routing table.

These routes are not needed to make MPLS Layer 3 VPNs work!

In order to correctly verify MPLS Layer 3 VPN connectivity, the source of the ping should be the local loopback, like so:

ping source loopback 0