JT
JT Exams
Log inStart Free Trial
Networking350-501300-510300-515300-535

CCNP Service Provider: MPLS, Segment Routing, and SP Architecture

Service provider networking operates at a different scale and with different constraints than enterprise networking. CCNP Service Provider tests your ability to design and manage the infrastructure that carries traffic for millions of customers — including MPLS forwarding, BGP at carrier scale, and services like L3VPN and L2VPN that service providers sell to enterprises.

13 min
4 sections · 6 exam key points

MPLS Fundamentals and Label Distribution

MPLS (Multiprotocol Label Switching) inserts a 32-bit shim header between L2 and L3. Label stack: 20-bit label value, 3-bit TC (Traffic Class/EXP), 1-bit S (Bottom of Stack), 8-bit TTL. PHP (Penultimate Hop Popping) removes the outer label one hop before the egress LER, so the egress router does a simple IP lookup. LDP (Label Distribution Protocol) — distributes labels for IGP prefixes. Each router assigns a local label per prefix and advertises to neighbours. Downstream Unsolicited (DU) with Liberal Retention is the default mode. LDP session establishment: discovery via UDP 646 multicast, session via TCP 646. RSVP-TE extends RSVP for traffic engineering — PATH/RESV messages signal LSP bandwidth reservations hop-by-hop. CSPF (Constrained Shortest Path First) computes TE paths using the TE database populated by ISIS-TE or OSPF-TE extensions.

BGP at Scale: Route Reflectors, Confederations, and Policies

At service provider scale, full-mesh iBGP is impractical. Route Reflectors (RR) violate the split-horizon rule and re-advertise iBGP routes — clients don't need to peer with each other, only with the RR. Cluster-ID prevents loops: an RR adds its cluster-ID to the cluster-list, and if an RR receives a route with its own cluster-ID in the cluster-list, it drops it. BGP confederations divide the AS into sub-ASes, each running full-mesh or RR internally. Sub-ASes appear as a single AS externally but carry confederation-specific path attributes (CONFED_SEQUENCE, CONFED_SET) internally. BGP policies: route maps with match/set for attribute manipulation, prefix-lists for fine-grained filtering, communities for tagging routes across the network. Commonly used communities: no-export (don't advertise to eBGP peers), no-advertise (don't advertise to any peer), local-AS (don't send outside confederation).

MPLS VPN: L3VPN and L2VPN Services

MPLS L3VPN (RFC 4364): PE routers maintain per-VPN routing tables (VRFs). MP-BGP carries VPNv4 prefixes (8-byte Route Distinguisher prepended to IPv4 prefix + Route Target communities for import/export policy). The label stack has two labels: outer (transport LSP to remote PE via LDP/RSVP-TE), inner (VPN label identifying the VRF/CE at the remote PE). L2VPN services: VPWS (Virtual Private Wire Service) — point-to-point pseudowire (RFC 4905). VPLS (Virtual Private LAN Service) — multipoint L2 using a mesh of pseudowires, flooding-and-learning within the VPLS instance. Pseudowire encapsulation: Ethernet-tagged or raw, signalled via LDP (RFC 4447) or BGP. EVPN (RFC 7432) modernises L2VPN: BGP EVPN carries MAC reachability, ARP suppression, and multihoming (Type-1/Type-4 routes for ESI-based active-active multihoming).

Segment Routing and Modern SP Architecture

Segment Routing (SR) replaces LDP with IGP-distributed labels. Each router is assigned a Node Segment Identifier (Node-SID) globally unique within the SR domain. Adjacency-SIDs identify specific links. The SR source node imposes a label stack encoding the entire path — no per-hop state needed. SR-MPLS uses the existing MPLS data plane. SRv6 uses IPv6 addresses as segment identifiers, eliminating the label stack entirely — each SID is a 128-bit IPv6 address with an explicit Locator (routable) and Function (action) component. TI-LFA (Topology-Independent Loop-Free Alternates) uses SR to provide 50ms fast reroute without pre-computed tunnels.

Key exam facts — 350-501 / 300-510 / 300-515 / 300-535

  • SPCOR (350-501) is mandatory; electives include SPRI (routing), SPVI (VPN), SPAUTO (automation)
  • PHP (Penultimate Hop Popping) means the last P router pops the label so the PE does a VRF IP lookup, not another label lookup
  • Route Distinguisher makes VPNv4 prefixes globally unique; Route Target controls VRF import/export — they are different things
  • MPLS L3VPN label stack: outer label = transport to remote PE; inner label = VPN/VRF label at the remote PE
  • SR-MPLS Node-SID is globally unique; Adjacency-SID is locally significant to the advertising router
  • TI-LFA computes backup paths post-convergence using the SR label stack, guaranteeing loop-free alternates

Common exam traps

Route Distinguisher determines which routes get imported into a VRF

Route Distinguisher does NOT determine which routes are imported into a VRF — that is the Route Target's job

RSVP-TE automatically load-balances traffic across reserved tunnels

RSVP-TE establishes bandwidth-reserved tunnels but does not automatically balance traffic — you need TE policies or ECMP

SRv6 SIDs are labels appended to the MPLS label stack

SRv6 SIDs are real IPv6 addresses and must be routable in the underlay; they are not labels

Practice this topic

350-501practice questions

Test yourself on CCNP Service Provider

JT Exams routes you to questions in your exact weak areas — automatically, after every session.

Free practice testStart 7-Day Free Trial

No credit card · Cancel anytime

Related certification topics

CCNP Enterprise

350-401300-410

AWS Networking Specialty

ANS-C01