Du-MPLS

Introduction to MPLS

Gary Day

MPLS Training - Basic

2005 Cisco Systems, Inc. All rights reserved. Version 2.0 Oct-2005

Cisco Confidential

1

1

Business Drivers for MPLS

2003 Cisco Systems, Inc. All rights reserved.

2

Changing Telecom LandscapeOld World Infrastructure Traffic Services Focus Private Networks Business Networks OSS Circuit-Switched Voice-Centric Transport FR-Based VPNs In-House Network-Based New World Packet-Switched Data-Centric IP Value-Added IP-Based VPNs Outsourced Service-Based


3

Customer Requirements

IP Intranet

IP Extranet

Remote Offices

Customers Suppliers Partners


Telecommuters Mobile Users

4

Service Provider RequirementsContent Hosting Private Voice Networks

Managed Intranets Service Portfolio

Multimedia


5

The Barriers

Frame Relay and ATM services are available: They provide connectionoriented service They have inflexible point-topoint bandwidth guarantees But they have good privacy

Carriers customers want IP services: They need connectionless IP services They need more flexible IP quality of service guarantees They need more privacy than the Internet provides6


The Solution - MPLS MULTI-PROTOCOL LABEL SWITCHING A mechanism that delivers the best of both worlds:PRIVACY and QOS of ATM, Frame Relay FLEXIBILITY and SCALABILITY of IP

Foundation for IP business servicesFlexible grouping of users and value-added services

Low cost managed IP servicesscales to large and small private networks


7

MPLS Concepts


8

MPLS concepts Packet forwarding is done based on labels Labels assigned when the packet enters the network Labels inserted between layer 2 and layer 3 headers MPLS nodes forward packets based on the label Separates ROUTING from FORWARDINGRouting uses IP addresses Forwarding uses Labels

Labels can be stacked


9

MPLS Capabilities


10

Relevant MPLS Capabilities The ability to FORWARD on and STACK LABELS allows MPLS to provide some useful features including: IP+ATM IntegrationProvides Layer 3 intelligence in ATM switches

Virtual Private NetworksLayer 3 Provider has knowledge of customer routing Layer 2 Provider has no knowledge of customer routing

Traffic EngineeringForce traffic along predetermined paths


11

Traditional IP over ATM

Put routers around the edge of an ATM network Connect routers using Permanent Virtual Circuits This does not provide optimal integration of IP and ATMMPLS Training - Basic 12

MPLS VPN Layer 3 Private, connectionless IP VPNs Outstanding scalability Customer IP addressing freedom Multiple QoS classesVPN A VPN B VPN C VPN A VPN C VPN B

Connection-Oriented VPN Topology

Secure support for intranets and extranets Easy to provide Intranet/Extranet/ 3rd Party ASP Support over any access or backbone technologyDetermines VPN on PE Router

VPN A

VPN B VPN C VPN A VPN B VPN C

Connectionless VPN Topology

VPN BVPN C

VPN A VPN C VPN B

VPN A

Determines PE Router

VPN A VPN B VPN C VPN A VPN B VPN C

IP PacketMPLS Training - Basic

VPN Label

IGP Label

13

Why Providers like MPLS VPNvs

MPLS VPN Network

Build once, Sell once

Build once, Sell many


14

MPLS VPN Layer 2 Additional Capabilities:Virtual leased line service Offer PVC-like Layer 2-based serviceL2 Pseudowire/Emulated VC L2 Frames Attachment Circuit Attachment Circuit

Reduced costconsolidate multiple core technologies into a single packet-based network infrastructure Simpler provisioning of L2 services Attractive to Enterprise that wish keep routing privateDetermines VC inside the tunnel

Determines PE Router end point

L2 FrameMPLS Training - Basic

VC Label

Tunnel Label15

Traffic Engineering Why traffic engineer?Optimise link utilisation Specific paths by customer or class Balance traffic loadRoute chosen by IP routing protocol Route specified by traffic engineering

Traffic follows pre-specified path Path differs from normally routed path Controls packet flows across a L2 or L3 networkDetermines LSP next hop contrary to IGP

IP PacketMPLS Training - Basic

VPN Label

IGP Label

TE Label16

MPLS Components


17

MPLS Components Edge Label Switching Routers (ELSR or PE)Label previously unlabeled packets - at the beginning of a Label Switched Path (LSP) Strip labels from labeled packets - at the end of an LSP

Label Switching Routers (LSR or P)Forward labeled packets based on the information carried by labels


18

MPLS ComponentsCE PE LSR P LSR PE CE

ELSR

ELSR

ELSR

ELSR

LSR

LSR

C Network (Customer Control)

P Network (Provider Control)



19

Functional Components Forwarding component:Uses label information carried in a packet and label binding information maintained by a Label Switching Router to forward the packet

Control component:Responsible for maintaining correct label binding information among Label Switching Routers


20

Forwarding Component Label Forwarding Information Base (LFIB) Each entry consists of:incoming label outgoing label outgoing interface outgoing MAC address

LFIB is indexed by incoming label LFIB could be either per Label Switching Router or per interface


21

Forwarding Component IOS Label Forwarding Code is based on Cisco Express Forwarding (CEF)Maintenance of label rewrite structures in LFIB Recursive route resolution IP to label switching (label imposition) path


22

Forwarding Component Forwarding algorithm:Extract label from a packet Find an entry in the LFIB with the INCOMING LABEL equal to the label in the packet Replace the label in the packet with the OUTGOING LABEL (from the found entry) Send the packet on the outgoing interface (from the found entry)


23

Label Header (Shim)Bit 1 2 3 4 5 6 7 8 1 2 EXP TTL Label EXP S TTL Label Value (20 bits) Class of Service (3 bits) Bottom of Stack (1 bit) Time to Live S 3 4Byte

Label

Can be used over Ethernet, 802.3, or PPP links Ethertype 0x8847 Four octets per label in stack


24

Label EncapsulationPacket over SONET/SDH Ethernet Frame Relay PVC ATM PVCs Subsequent cells

PPP Ethernet Frame Relay ATM Header ATM Header

Label Label Label Label Data

IP header IP Header IP Header IP Header

Data Data Data Data

F R A M E

LabelATM label switching Subsequent cells

GFC VPI GFC VPI

VCI VCI Label

PTI CLP HEC IP Header PTI CLP HEC Data

Data

C E L L


25

Control Component Labels can be distributed by several protocolsTDP/LDP from IGP routes RSVP for traffic engineering paths BGP for VPN routes

Responsible for binding between labels and routes: Create label binding (local) Distributing label binding information among Label Switching Routers


26

MPLS Forwarding Decisions Packets are forwarded based on the label value IP header and forwarding decision have been decoupled for better flexibility No need to strictly follow unicast destination based routing Allows to have distinct forwarding decision based on different control componentDestination unicast routing, Traffic Engineering Multicast, VPN, QoS


27

Basic MPLS Forwarding


28

MPLS: Forwarding


29

MPLS: ForwardingExisting routing protocols (e.g. OSPF, IGRP) establish routes


30

MPLS: ForwardingLabel Distribution Protocol (e.g., LDP) establishes label to routes mappings


31

MPLS: ForwardingLabel Distribution Protocol (e.g., LDP) creates LFIB entries on LSRsIN OUT I/F MAC 16 32 S0/0 aa-00-bb 18 27 S0/0 aa-00-cc IN OUT Null Null I/F MAC E0/0 aa-00-bb E0/1 aa-00-cc

IN OUT I/F MAC 32 64 S0/0 aa-00-bb 27 18 S0/1 aa-00-cc

IN OUT 64 POP 65 POP

I/F MAC S0/0 aa-00-bb S0/1 aa-00-cc


32

MPLS: ForwardingIngress edge LSR receives packet, performs Layer 3 value-added services, and label packetsIN OUT I/F MAC 16 32 S0/0 aa-00-bb 18 27 S0/0 aa-00-cc IN OUT Null Null I/F MAC E0/0 aa-00-bb E0/1 aa-00-cc





33

MPLS: ForwardingLSRs forward labelled packets using label swappingIN OUT I/F MAC 16 32 S0/0 aa-00-bb 18 27 S0/0 aa-00-cc

IN OUT Null Null -

I/F MAC E0/0 aa-00-bb E0/1 aa-00-cc





34

MPLS: ForwardingEdge LSR at egress removes remaining label* and delivers packetIN OUT I/F MAC 16 32 S0/0 aa-00-bb 18 27 S0/0 aa-00-cc IN OUT Null Null I/F MAC E0/0 aa-00-bb E0/1 aa-00-cc




* Pentulimate hop popping actually occurs. There may may not necessarily be a label in the packet at the ultimate or egress LSR.MPLS Training - Basic 35

Basic Application Framed Based MPLS


36

Traditional RoutingRoute Distribution

1 1 0

0

128.89

You Can Reach 128.89 thru Me You Can Reach 128.89 and 171.69 thru me 2 171.69

Routing Updates (OSPF, EIGRP)MPLS Training - Basic

You Can Reach 171.69 thru Me

37

Traditional RoutingPacket Routing

1 1Data | 128.89.25.4 Data | 128.89.25.4

0

0Data | 128.89.25.4

128.89

Data | 128.89.25.4

2 171.69

Packets Forwarded Based on IP AddressMPLS Training - Basic 38

MPLS ForwardingIn/Out Label FieldsOut Label Out Label Out Label

1 1 0

0

128.89

2 171.69


39

Frame Based MPLSAssigning LabelsOut Label Out Label Out Label

1 1 0

0

128.89

Pop Label for 128.89 Use Label 27 for 128.89 Use Label 29 for 171.69 2 171.69 Use Label 22 for 171.69

Unsolicited Downstream Label AllocationMPLS Training - Basic

40

Frame Based MPLSPacket ForwardingOut Label Out Label Out Label

1 1Data Data Data Data 128.89.25.4 171.69.21.7 Data 171.69.21.7 22 128.89.25.4 27 171.69.21.7 29

0

0Data 128.89.25.4 Data

128.89128.89.25.4

2

Penultimate Hop (Pop the label)171.69


41

Basic Application Hierarchical Routing


42

Internet ScalabilityOut Label Out Label Out Label

1 1 0

0

Loopback 150.10.1.1 EBGP I can reach 128.89,136.50 156.50,119.10 via the BGP next hop 150.10.1.1 using only label 18!MPLS Training - Basic

128.89 136.50 156.50 119.10

2

EBGP171.69 127.18 204.16243

Loopback 150.10.1.2

Basic Application Cell Based MPLS (IP+ATM)


44

MPLS and ATM Label Switching Steps:Make forwarding decision using fixed-length Label Rewrite label with new value Similar to ATM cell switching

Key differences:Label set up: LDP vs ATM Forum Signaling Label granularity: Per-prefix


45

MPLS and ATM Common forwarding paradigmlabel swapping = ATM switching

Use ATM user planeuse VPI/VCI for labels Label is applied to each cell, not whole packet

Replace ATM Forum control plane with the MPLS control component:Network Layer routing protocols (e.g., OSPF, BGP, PIM) + Label Distribution Protocol (e.g., LDP)


46

Label Distribution for ATM Uses LDP in Downstream on Demand mode Referred to as Cell Based MPLS (rather than Frame Based MPLS) Label Virtual Circuit (LVC) labels are requested when topology changes Precedence can be associated with Label Virtual Circuit (LVC) Some LDP extensions for negotiation of ATM specific parameters


47

Summary and Benefits


48

Summary MPLS allows flexible packet classification and network resources optimisation Labels are distributed by different protocolsLDP, RSVP, BGP

Different distribution protocols may co-exist in the same LSR Labels have local (LSR) significanceNo need for global (domain) wide label allocation/ numbering


49

Benefits of MPLS De-couples IP packet forwarding from the information carried in the IP header of the packet Provides multiple routing paradigms (e.g., destination-based, explicit routing, VPN, multicast, CoS, etc) over a common forwarding algorithm (label swapping) Facilitates integration of ATM and IP - from control plane point of view an MPLS-capable ATM switch looks like a router


50

LDP


51

LDP


52

Label Distribution Protocol (LDP) The fundamental concept in MPLS based networks is the meaning of the label The Label Distribution Protocol (LDP) provides a set of methods that allow an Label Switch Router (LSR) to share a particular label and its association with other LSRs


53

LDP Overview IETF standard protocol RFC 3036Distributes bindings for MPLS forwarding along normally routed paths

Runs in parallel with routing protocols Neighbor discovery with UDP (646) Incremental updates over TCP (646) Other label distribution mechanisms can run in parallel Descendent of Cisco proprietary Tag Distribution Protocol (TDP)54


LDP Introduction LDP is not the only protocol that can share knowledge about labels:TDP (Cisco specific)

And other protocols have been extended to support label distribution:BGP RSVP PIM (rfc3107) (draft-ietf-mpls-rsvp-lsp-tunnel-09.txt ) Under development


55

Terminology Upstream and Downstream

Label Switch Path (LSP) direction ! (Packet ow) ! Source Destination IP-Prefix

Upstream! platform!

Downstream! platform!

Label binding {Label, IP-Prex}!


56

Terminology Label Information Base (LIB)A data structure that holds locally assigned labels and labels learned from LDP peers

Label Forwarding Information Base (LFIB)A data structure and way of managing forwarding in which destinations and incoming labels are associated with outgoing interfaces and labels. The LFIB can be updated by routing changes and label advertisements from peers

Forwarding Equivalence Class (FEC)Groups of packets that are forwarded over the same Label Switch Path


57

LIB and LFIB structures156.50.20.0 156.50.20.0 156.50.20.0

Label Distribution!

Label Distribution!S0/2! S0/1! S0/0!

Label Distribution!

Label Information Base (LIB)!Destination In Label (Peer, Out Label)

Routing Information Base (RIB)!Destination Interface

156.50.20.0/24

27

(R2:0, 32), (R3:0, 56), (R4:0, 85)

156.50.20.0/24

S0/0

Label Forwarding Information Base (LFIB)!Destination In Label Out Label Interface

156.50.20.0/24

27

85

S0/0


58

Basic Configurationip cef mpls ip mpls label protocol ldp mpls ldp router-id loopback0 interface e0/0 ip address 10.10.20.0 255.255.255.0 mpls ip Enables LDP on this interface Use LDP protocol as opposed to TDP

Use loopback when establishing LDP session


59

Label Space


60

Concepts LSRs must be able to distinguish between labelled packetsA label corresponds to a particular Forwarding Equivalence Class (FEC)

LSR can distribute the same label/FEC mapping to different neighbours Same label can be assigned to different FECs if and only if the LSR can distinguish the interface from which the packet will arriveThat is, the LSR can identify who the upstream neighbour that inserted the label


61

Classes of Label Space There are two classes of label spaces:INTERFACE LABEL SPACE the label is specific to a particular interface. This is generally found (but not restricted to) in ATM interfaces in MPLS cell mode which uses the VPI/VCI fields as labels. PLATFORM LABEL SPACE the label value/meaning is not specific to an interface, but can be understood by a number of interfaces on the same box. This is generally found in frame mode (This is the Cisco implementation for Frame Mode)


62

Per Interface Label Space Per interface label spaceLabel are unique in a per interface base Used over ATM interfaces Label = VCs With interface label space, an LSR will accept labelled packets from upstream neighbours only if the labels have been previously advertised to that neighbour. No label spoofing Useful when interconnecting MPLS domains


63

Per Interface Label SpaceLFIB on Router CDestination 156.50.4.0/24 156.50.4.0/24 Incoming I/F ATM 0/0 ATM 1/0 IN VPI/VCI 1/73 1/73 Outgoing I/F ATM 1/3 ATM 1/3 OUT VPI/VCI 1/339 1/342

A

ATM 0/0 ATM 1/0C

ATM 1/3

D 156.50.4.0/24

B

LFIB on an LSR contains incoming interface.! Labels have to be assigned for individual interfaces.! The same label can be reused (with a different meaning) on different interfaces.! Label allocation is secure LSRs cannot send packets with labels that were not assigned to them.!MPLS Training - Basic 64

Per Platform Label SpaceLFIB on Router CDestination XA

IN Label X = 25! OUT Label Next Hop 25C

38

Router DD

X=25!

E X

X=38!B

LFIB on a LSR does not contain an incoming interface.! The same label can be used on any interface and is announced to all adjacent LSRs.! The label is announced to adjacent LSRs only once and can be used on any link.! Per-platforms label-space is less secure than per-interface label space.!MPLS Training - Basic 65

LDP Identifier & Sessions


66

LDP Identifiera! b! c! d! LSR ID! LSR IDThe LSR ID is a four byte number that identifies a specific LSR. These four bytes must be unique in the network. Generally they are derived from an interface on the LSR. In IOS (by default) this is the highest IP address, or highest IP address of a loopback if it is available.

n! Label Space ID!

Label Space IDA two byte number that identifies a specific label space on the LSR. The label space id 0x00 is reserved for the platform label space (This is the Cisco default for Frame based MPLS)

LDP IdentifierThe six byte concatenation of the LSR ID and LABEL SPACE ID results in the LDP Identifier. This uniquely identifies the label space.

Example: 156.50.10.1:0MPLS Training - Basic 67

LDP Identifier IOS Commandsrouter#show mpls ldp discovery detail Local LDP Identifier: Local LSR ID, global space 200.200.200.200:0 Discovery Sources: Remote LSR ID discovered Interfaces: Ethernet0/0 (ldp): xmit/recv LDP Id: 10.10.10.10:0 Src IP addr: 100.50.0.2; Transport IP addr: 10.10.10.10

router(config)#mpls ldp router-id loopback0 force Force will change the LSR ID immediately, rather than waiting for reload or current ID being removed


68

LDP Session Each LDP identifier has a separate LDP session per neighbourEach LSR label space has its own distinct LDP session Multiple links between adjacent routers use the same session

Each session has its own TCP (646) connection and discovery process.


69

LDP Sessions and Label SpaceSingle LDP Session !1.0.0.1:0! POS! POS! 1.0.0.1:0! 1.0.0.1:0! POS!

Per Platform Label Space!

Two LDP Sessions !

Ethernet! 1.0.0.1:0!

1.0.0.1:10! ATM! ATM! 1.0.0.1:20!

Per Platform Label Space!

Per Interface Label Space!

One LDP session is established for each announced LDP identifier (Router ID + Label Space). The number of LDP sessions is determined by the number of different label spaces.MPLS Training - Basic 70

LDP Neighbor Discovery


71

LDP Neighbor Discovery Basic DiscoveryDirectly connected LSRs Discovered through hello packets Sent to multicast all-routers-in-subnet address

Extended discoveryNon-directly connected LSRs (e.g., across TE path) Targeted hello packets to specific address Discovery is asymmetric (one in each direction)

Once discovery is done, LDP sessions are established over TCP (646)MPLS Training - Basic 72

Basic LDP DiscoveryUDP: Hello! (1.0.0.2:1064 224.0.0.2:646)!TCP (1.0.0.4:1066 1.0.0.2:646)!

B MPLS_B!

1.0.0.2!NO MPLS !C NO_MPLS_C!

TCP

43 1.0 (1.0.0.2:10

.0.1:646)!

A MPLS_A!

UDP: Hello! (1.0.0.1:1050 224.0.0.2:646)!

1.0.0.1!TCP (1. 0 .0.4:106 5 1.0 .0.1:646 )!

1.0.0.3!

UDP: Hello! (1.0.0.4:1033 224.0.0.2:646)!

D MPLS_!

1.0.0.4! LDP Session is established from the LSR with higher transport address. The establishing router is called the Active LSR.MPLS Training - Basic 73

Extended LDP Discovery LDP neighbor discovery of non adjacent neighborsDiffers from normal discovery only in the addressing of hello packets

Targeted hello packets use unicast IP addressInstead of multicast address

Extended discovery is asymmetric Once a neighbor is discovered, the mechanism to establish a session is the same.


74

LDP Sessions - Non directly connected LSRNormally routed path133.0.0.33

R7!R1!118.1.1.1

R6!

R5!

R8!

R9!Targeted LDP session

R2!

R3 !

R4!Traffic Engineered Path R1 R8

UDP: Hello! (118.1.1.1:1052 133.0.0.33)! UDP: Hello! (133.0.0.33:1052 118.1.1.1)!MPLS Training - Basic 75

LDP Identifier IOS CommandsRouter# show mpls ldp discovery Local LDP Identifier: 118.1.1.1:0 Discovery Sources: Interfaces: Targeted Hello being sent POS2/0 (ldp): xmit/recv LDP Id: 155.0.0.55:0 Tunnel1 (ldp): Targeted -> 133.0.0.33 Targeted Hellos: 118.1.1.1 -> 133.0.0.33 (ldp): active, xmit/recv LDP Id: 133.0.0.33:0 Targeted LDP session is active across the tunnel interface


76

Targeted Configurationip cef mpls ip mpls label protocol ldp mpls ldp router-id loopback0 interface tunnel0 tunnel destination 10.20.10.1 mpls ip Enables LDP with target of 10.20.10.1 mpls ldp discovery targeted-hellos accept

If this command is entered then it means that the router will accept and LDP hellos from other end and establish session


77

Label Stacking across tunnel interfaceR7!R1! R2! R3 ! R4!

R6!

R5!

R8!

R9!

TE ! Labels LDP ! Packet !

TE ! LDP ! Packet !

TE ! LDP ! Packet !

LDP ! Packet !


78

LDP Session Establishment


79

LDP Session NegotiationA MPLS_A! B MPLS_B!

1.0.0.1!

1.0.0.2!

Peers first exchange initialization messages. The session is ready to exchange label mappings after receiving the first keepalive.


80

LDP Session NegotiationA MPLS_A! B Establish TCP session! Initialization message! MPLS_B!

1.0.0.1!

1.0.0.2!



81

LDP Session NegotiationA MPLS_A! B Establish TCP session! Initialization message! Initialization message! Keepalive! MPLS_B!

1.0.0.1!

1.0.0.2!



82

LDP Session NegotiationA MPLS_A! B Establish TCP session! Initialization message! Initialization message! Keepalive! Keepalive! Address message .! MPLS_B!

1.0.0.1!

1.0.0.2!



83

LDP Session Maintenance LSRs maintain their session by:Continued periodic transmission of discovery Hello packets to indicate willingness to label switch on link Periodic transmission of keepalive messages on session TCP connection to monitor integrity of TCP connection

In session establishment, if there is a Init fatal notification, there is an backoff starting at less than 15 seconds and exponentially increasing to 2 minutes. Only the active LSR does this. Hello configuration TLV could be used to speed up session establishment.84


LDP Neighbours IOS commandUnsolicited downstream label allocation router#show mpls ldp neighbor Peer LDP Ident: 10.13.1.52:0; Local LDP Ident 10.13.1.59:0 TCP connection: 10.13.1.52.646 - 10.13.1.59.12331 State: Oper; Msgs sent/rcvd: 143/144; Downstream Up time: 00:00:55 LDP discovery sources: FastEthernet9/0/0, Src IP addr: 10.13.5.22 Addresses bound to peer LDP Ident: 10.13.1.52 10.13.5.18 200.37.52.5 200.6.52.13 10.13.0.52 10.13.5.22

These are the interface IP addresses of the LDP peer 10.13.1.52MPLS Training - Basic 85

LDP Session Detail IOS Commandrouter#show mpls ldp neighbor detail Peer LDP Ident: 10.13.1.52:0; Local LDP Ident 10.13.1.59:0 TCP connection: 10.13.1.52.646 - 10.13.1.59.12331 State: Oper; Msgs sent/rcvd: 150/153; Downstream; Last TIB rev sent 1138 Up time: 00:07:49; UID: 74; Peer Id 0; Hello holdtime, Hello Interval LDP discovery sources: FastEthernet9/0/0; Src IP addr: 10.13.5.22 holdtime: 15000 ms, hello interval: 5000 ms Addresses bound to peer LDP Ident: 10.13.1.52 10.13.5.18 200.37.52.5 200.6.52.13 10.13.0.52 10.13.5.22 Peer holdtime: 180000 ms; KA interval: 60000 ms; Peer state: estab

LDP TCP session holdtime, keepalive interval


86

Label Distribution, Control and Retention


87

Label Distribution MethodsRouter Control Retention Advertisement Control Retention Advertisement Independent Liberal Unsolicited Downstream IP+ATM Ordered Conservative On-demand

Whether labels are distributed regardless if there an outgoing label is available for the prefix Whether received labels are kept on local router Whether labels are distributed if requested

The modes shown here are generally how Router and ATM switches are configured for MPLSMPLS Training - Basic 88

Label Distribution: Unsolicited Downstream

A

B

C

B X

B

Label for a prex is allocated and advertised to all neighbor LSRs, regardless of whether the neighbors are upstream or downstream LSRs for the destination.!MPLS Training - Basic 89

Label Distribution: Unsolicited DownstreamLIB on Router B"Network X LSR Local Label 25

X = 25!A B

X = 25!C E X D

Label for a prex is allocated and advertised to all neighbor LSRs, regardless of whether the neighbours are upstream or downstream LSRs for the destination.!MPLS Training - Basic 90

Label Distribution: Downstream on DemandRouting Table B"Network X Next-Hop C

Routing Table C"Network X Next-Hop D

Routing Table D"Network X Next-Hop E

Routing Table E"Network X Next-Hop Conn

RQ X!B C D E X

A LSR can always assign a label for a prex, even if it has no downstream label. ! Independent control can only be used for LSRs with layer-3 capabilities.!MPLS Training - Basic 91

LSP Control: Independent ControlRouting Table B"Network X Next-Hop C




RQ X!B C D E X

LFIB on Router CDestination X IN Label X = 25! OUT Label Next Hop 37 Router E


LSP Control: Independent ControlRouting Table B"Network X Next-Hop C




RQ X!B C D E X

X=37!LFIB on Router CDestination X IN Label X = 25! OUT Label Next Hop 37 Router E


LSP Control: Ordered ControlNetwork X Next-Hop C Network X Next-Hop D Network X Next-Hop E Network X Next-Hop Conn

RQ X!B C

RQ X!D

RQ X!E

X=37!Destination X

X=17!LFIB on Router C

X=82!

X

IN Label X = 25! OUT Label Next Hop 37 17 Router E

A LSR can only assign a label if it has already received a label from the next-hop LSR; otherwise it must request a label from the next-hop LSR. Used in IP+ATM switches!MPLS Training - Basic 94

Label Retention: Liberal Retention ModeLIB on Router A"Network X LSR B Label 25 -

LIB on Router C"Network X LSR B Label 25 -

X = 25!A B

X = 25!C E X D

LIB on Router D"Network X LSR B Label 25 -

Every LSR stores the received label in its LIB, even when the label is not received from a next-hop LSR.! Liberal retention mode improves convergence speed.!MPLS Training - Basic 95

Label Retention: Conservative Retention ModeLIB on Router A"Network X LSR B Label 25 -

LIB on Router C"Network X LSR Label -

X = 25!A B

X = 25!C E X D

LIB on Router D"Network X LSR Label -

LSR stores only the labels received from next-hop LSRs; all other labels are ignored.! Downstream-on-demand distribution is required during the convergence phase.!MPLS Training - Basic 96

Some IOS commands


97

IOS Show commandsrouter#sh mpls ldp neig | inc TCP TCP connection: 10.7.0.1.646 - 10.7.0.3.11011 TCP connection: 10.7.0.5.11026 - 10.7.0.3.646 TCP connection: 10.7.0.6.11024 - 10.7.0.3.646 TCP connection: 10.7.0.9.11034 - 10.7.0.3.646 router#show mpls ldp bind 10.5.0.8 255.255.255.252 tib entry: 10.5.0.8/30, rev 46 local binding: tag: 33 LIB structure remote binding: tsr: 10.7.0.5:0, tag: 17 remote binding: tsr: 10.7.0.1:0, tag: 29 remote binding: tsr: 10.7.0.6:0, tag: 19 This one chosen remote binding: tsr: 10.7.0.9:0, tag: 20 router#show tag for 10.5.0.8 Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel Id switched interface 33 20 10.5.0.8/30 0 Et3/0 10.5.0.17 LFIB structureMPLS Training - Basic 98

IOS Show commandsrouter#show ip route 10.5.0.8 Routing entry for 10.5.0.8/30 Known via "ospf 1", distance 110, metric 30, type intra area Last update from 10.5.0.17 on Ethernet3/0, 1w0d ago Routing Descriptor Blocks: * 10.5.0.17, from 10.7.0.2, 1w0d ago, via Ethernet3/0 Route metric is 30, traffic share count is 1 router#show mpls ldp neig 10.7.0.9 Peer LDP Ident: 10.7.0.9:0; Local LDP Ident 10.7.0.3:0 TCP connection: 10.7.0.9.11034 - 10.7.0.3.646 State: Oper; Msgs sent/rcvd: 12932/12965; Downstream Up time: 1w0d LDP discovery sources: Ethernet3/0, Src IP addr: 10.5.0.17 Addresses bound to peer LDP Ident: 10.5.0.17 10.7.0.9 10.5.0.38 10.5.0.46 10.6.3.1 10.5.0.57 10.6.3.5 10.5.0.2199


VPN Concepts


100

What is an MPLS-VPN? An IP network infrastructure delivering private network services over a public infrastructureUse a layer 3 backbone Scalability, easy provisioning Global as well as non-unique private address space QoS Controlled access Easy configuration for customers


101

VPN Models There are two basic types of design models that deliver VPN functionality Overlay Model Peer Model


102

The Overlay model Private trunks over a TELCO/SP shared infrastructureLeased/Dialup lines FR/ATM circuits IP (GRE) tunnelling

Transparency between provider and customer networks Optimal routing requires full mesh over over backbone


103

The Peer model Both provider and customer network use same network protocol and control plane CE and PE routers have routing adjacency at each site All provider routers hold the full routing information about all customer networks Private addresses are not allowed May use the virtual router capabilityMultiple routing and forwarding tables based on Customer Networks


104

MPLS-VPN = True Peer model MPLS-VPN is similar in operation to peer model Provider Edge routers receive and hold routing information only about VPNs directly connected Reduces the amount of routing information a PE router will store Routing information is proportional to the number of VPNs a router is attached to MPLS is used within the backbone to switch packets (no need of full routing)


105

MPLS VPN Connection Model


106

MPLS VPN Connection Model A VPN is a collection of sites sharing a common routing information (routing table) A site can be part of different VPNs A VPN has to be seen as a community of interest (or Closed User Group) Multiple Routing/Forwarding instances (VRF) on PE


107

MPLS VPN Connection ModelSite-4! Site-1!

VPN-C!

VPN-A!Site-2! Site-3!

VPN-B!

A site belonging to different VPNs may or MAY NOT be used as a transit point between VPNs If two or more VPNs have a common site, address space must be unique among these VPNsMPLS Training - Basic 108

MPLS VPN Connection Model The VPN backbone is composed by MPLS LSRsPE routers (edge LSRs) P routers (core LSRs)

The customer router connecting to the VPN backbone is called the Customer Edge (CE) PE routers are faced to CE routers and distribute VPN information through MP-BGP to other PE routersVPN-IPv4 addresses, Extended Community, Label

P routers do not run MP-BGP and do not have any VPN knowledgeMPLS Training - Basic 109

MPLS VPN ComponentsCE PE LSR P LSR PE CE

ELSR

ELSR

ELSR

ELSR

LSR

LSR


P Network (Provider Control)



110

PECE Routing


111

PE-CE RoutingCE1 PE CE2PE-CE routing!

PE and CE routers exchange routing information through eBGP, Static, OSPF, ISIS, RIP, EIGRP The CE router runs standard routing software, not aware it is connected to a VPN networkMPLS Training - Basic 112

PE-CE routing protocols Static/BGP are the most scalableSingle PE router can support 100s or 1000s of CE routers

BGP is the most flexibleParticularly for multi-homing but not popular with Enterprise Very useful if Enterprise requires Internet routes

Use the others to meet customer requirementsOSPF popular with Enterprises but sucks up processes EIGRP not popular with Service Providers (Cisco proprietary) IS-IS less prevalent in Enterprise environments RIPv2 provides very simple functionalityMPLS Training - Basic 113

Routing Protocol Contexts

Routing processes

BGP

RIP

Static Routing processes run within specific routing contexts

Routing contexts

BGP 1

BGP 2

BGP 3

RIP 1

RIP 2

Populate specific VPN routing table and FIBs (VRF) Interfaces are assigned to VRFs"

VRF Routing tables VRF Forwarding tablesVRF Site A VRF Site B VRF Site C


114

OSPF and Single Routing Instances

Routing processes

OSPF

OSPF

OSPF With OSPF there is a single process per VRF Same for IS-IS No routing contexts Prior to 12.0(27)S and 12.3(4)T maximum of 28 processes allowed

Routing contexts

VRF Routing tables VRF Forwarding tables

VRF Site A

VRF Site B

VRF Site C


115

Routing Tables


116

Routing TablesCE1VRF!

PE CE2PE-CE routing! VPN Backbone IGP (OSPF, ISIS)!

Global Routing Table!

PE routers maintain separate routing tables Global Routing TableAll the PE and P routes populated by the VPN backbone IGP (ISIS or OSPF)

VPN Routing and Forwarding Tables (VRF)Routing and Forwarding table associated with one or more directly connected sites (CEs) VRF are associated to (sub/virtual/tunnel) interfaces Interfaces may share the same VRF if the connected sites may share the same routing informationMPLS Training - Basic 117

IGP and label distribution in the backboneCE1 CE2 LFIB for PE-1Dest PE2 P2 P1 Next Hop P1 P1 S0/0 IN 17 18 19 OUT 50 65 POP

PE1

P1

P2

PE2

CE3 CE4

LFIB for P1Dest PE2 P2 PE1 Next Hop P2 E0/2 S3/0 IN 50 65 67 OUT 34 POP POP

LFIB for P2Dest PE2 P1 PE1 Next Hop P1 E0/1 P1 IN 34 38 39 OUT POP POP 67

LFIB for PE2Dest P1 P2 PE1 Next Hop P2 P2 P2 IN 44 36 18 OUT 38 65 39

All routers (P and PE) run an IGP and label distribution protocol Each P and PE router has routes for the backbone nodes and a label is associated to each route MPLS forwarding is used within the coreMPLS Training - Basic 118

VPN Routing and Forwarding TableCE1 CE2MP-iBGP session!

PE1

P1

P2

PE2

CE3 CE4

Multiple routing tables (VRFs) are used on PEs Each VRF contain customer routes Customer addresses can overlap VPNs are isolated Multi-Protocol BGP (MP-BGP) is used to propagate these addresses + labels between PE routers onlyMPLS Training - Basic 119

MPLS VPN RequirementsCE1 CE2MP-iBGP session!

PE1

P1

P2

PE2

CE3 CE4

VPN services allowCustomers to use the overlapping address space Isolate customer VPNs Intranets Join VPNs - Extranets

MPLS-VPN backbone MUSTDistinguish between customer addresses Forward packets to the correct destinationMPLS Training - Basic 120

VPN Address OverlapCE1 CE2MP-iBGP session!

PE1

P1

P2

PE2

CE3 CE4

BGP propagates ONE route per destinationStandard path selection rules are used

What if two customers use the same address? BGP will propagate only one route - PROBLEM !!! Therefore MP-BGP must DISTINGUISH between customer addressesMPLS Training - Basic 121

VPN Address OverlapCE1 CE2MP-iBGP session!

PE1

P1

P2

PE2

CE3 CE4

When PE router receives VPN routes from MP-BGP how do we know what VRF to place route in? How do we distinguish overlapping addresses between two VPNs


122

Route-Target and Route-Distinguisherupdate X ! update X !

x x

CE1 CE2

PE1

P1

P2

PE2

CE3 CE4

MP-iBGP session! update X ! update X ! VPN-IPv4 updates are translated into IPv4 address and inserted into the VRF corresponding to the RT value

VPN-IPv4 update: RD1:X, Next-hop=PE1 RT=RED, Label=10!

VPN-IPv4 update: RD2:X, Next-hop=PE1 RT=ORANGE, Label=12!

MP-BGP prepends an Route Distinguisher (RD) to each VPN route in order to make it unique MP-BGP assign a Route-Target (RT) to each VPN route to identify VPN it belongs to (or CUG)Route-Target is the colour of the routeMPLS Training - Basic 123

Route Propagation through MP-BGPupdate X ! update X !

x x

CE1 CE2

PE1

P1

P2

PE2

CE3 CE4

MP-iBGP session! update X ! update X ! VPN-IPv4 updates are translated into IPv4 address and inserted into the VRF corresponding to the RT value

VPN-IPv4 update: RD1:X, Next-hop=PE1 RT=RED, Label=10!

VPN-IPv4 update: RD2:X, Next-hop=PE1 RT=ORANGE, Label=12!

When a PE router receives an MP-BGP VPN route:It checks the route-target value to VRF route-targets If match then route is inserted into appropriate VRF The label associated with the VPN route is stored and used to send packets towards the destinationMPLS Training - Basic 124

Multi-Protocol BGP Propagates VPN routing informationCustomer routes held in VPN Routing and Forwarding tables (VRFs)

Only runs on Provider EdgeP routers are not aware of VPNs only labels

PEs are fully meshedUsing Route Reflectors or direct peerings between PE routers


125

Forwarding Example


126

MPLS VPN Protocols OSPF/IS-ISUsed as IGP provides reachability between all Label Switch Routers (PE P PE)

TDP/LDPDistributes label information for IP destinations in core

MP-BGP4Used to distribute VPN routing information between PEs

RIPv2/BGP/OSPF/eiGRP/ISIS/StaticCan be used to route between PE and CE


127

VPN Components VRF TablesHold customer routes at PE

Route-DistinguisherAllows MP-BGP to distinguish between identical customer routes that are in different VPNs

Route-TargetsUsed to import and export routes between different VRF tables (creates Intranets and Extranets)

Route-mapsAllows finer granularity and control of importing exporting routes between VRFs instead of just using route-targetMPLS Training - Basic 128

MPLS VPN OperationCE = RT? PE RD + RD + VPN labels, RTs PRR

= RT? PE

CE

P

PE CE RD +

RR

PE CE

RD + RD + VPN labels, RTs

Import routes into VRF if route-targets match (export = import) Customer routes placed into separate VRF tables at each PE IGP (OSPF,ISIS) used to establish reachability to destination networks. Label Distribution Protocol establishes mappings to IGP addresses CE-PE dynamic routing (or static) populate the VRF routing tables MP-BGP between PE router to distribute routes between VPNsMPLS Training - Basic

129

MPLS VPN Label Stack There are at least two labels when using MPLS-VPN The first label is distributed by TDP/LDPDerived from an IGP route Corresponds to a PE address (VPN egress point) PE addresses are MP-BGP next-hops of VPN routes

The second label is distributed MP-BGPCorresponds to the actual VPN route Identifies the PE outgoing interface or routing table

L2 Header

Label 1

Label 2

L3 Header

Data

Frame, e.g. HDLC, PPP, EthernetMPLS Training - Basic 130

MPLS VPN Forwarding Example

CE PE P CE PESwap IGP Label (From LFIB) Push VPN Label (Red Route) Push IGP Label (Green PE Router)MPLS Training - Basic

CE PE P CE PEPOP IGP Label (Pentultimate Hop)

Pop VPN Label (Red Route)131

VPN Topologies


132

Basic Intranet Full MeshFinance Site 3 VLAN 205

F FF FF FFinance Site 1 MPLS Core

F FF FF F

F FF FF F

Finance Site 2

VRF

Each site has of all other sites (same VPN)CE can be router or switch

MP-BGP VPNv4 updates propagated between PEs Routing is optimal in the backboneNo site is used as central point for connectivityMPLS Training - Basic 133

Basic Extranet Partial MeshEngineering Site B (EB) DA DA EB DA E EB E EA E EB EA E E MPLS Core

Engineering Site A (EA)

E Design Site A (DA)

E E E

D E

D D D

Design Site B (DB) D

VRF EB EB D EB D D D D

Basic Extranet Routes can be imported directly into corresponding VRF NAT may be necessary if Enterprise have overlapping addressing Import granularity can be very fineSingle host address can be imported as Extranet routeMPLS Training - Basic 134

Branch to HQ Hub and SpokeBank Branch 3S3

VRFS3 S1h X S2h

BGP/OSPF/ RIProuting Spoke OUT S2h S1h S3h

Optional Firewall NAT to X

MPLS Core Bank Branch 2S2 S2 S1h X S3h

S1 S2 S3 X Hub IN BGP/OSPF/RIP routing

VRF Bank Branch 1

S1 S2h X S3h

Central HQ

VRFS1

Forces all branches through the Central HQ Spokes cannot communicate directly Appropriate security screening can be applied Firewalls can be used with NAT to ensure correct return pathMPLS Training - Basic 135

Per Group Internet AccessLegal VRFL L L L D3 L Gateway 3 S S S S D1

D3

Internet

Legal Only

Sales MPLS CoreL

D2

S M Gateway 2

Internet

Legal/Sales & Marketing Backup

MarketingM M M D1 S MI 1

D

InternetGateway 1

Sales and Marketing

Choose appropriate Internet Gateway per group requirements Use other gateways as backup in case of failure Gateways can provide different service attributes/levelsSpeed of access Type of Content accessed Address translation if requiredMPLS Training - Basic 136

VPN with Internet This example uses default route only to access Internet If customer addresses are RFC1983 then NAT must be doneCan be done at Internet Gateway or at customer edge

Another model could use default route pointing to gateway in the global tableThis assumes that customer uses registered address space


137

Enterprise Disaster RecoveryBackup Data Centre (LOCALPREF=50) C CC C CC Primary Data Centre (LOCALPREF=100)

S1 C S2 C C S3 VRF S1 C CC S2 C CC

S1 C S2 C C S3 Site 3

Site 1

MPLS Core

S3 C CC

Site 2

Disaster recovery can be provided to each site in the Enterprise If Primary site fails, Backup site takes over with no intervention Virtualisation/Mirroring takes place between Primary/SecondaryMPLS Training - Basic 138

MPLS VPN Mechanisms


139

Virtual Routing and Forwarding Table A VRF is the routing and forwarding instance for a set of sites with identical connectivity requirements. Data structures associated with a VRF:IP routing table Cisco Express Forwarding (CEF) forwarding table Set of rules and routing protocol parameters (routing protocol contexts) List of interfaces that use the VRF

Other information associated with a VRF:Route Distinguisher (RD) Set of import and export route targetsMPLS Training - Basic 140

Need for Routing Protocol ContextsVPN A!10.1.1.0/24!

There are two backbones with overlapping addresses.!MPLS VPN Backbone!

CE-VPN-A

!

VPN B!

PE Router!

CE-VPN-B

!

10.1.1.0/24!

Routing Information Protocol (RIP) is running in both VPNs.! RIP in VPN A has to be different from RIP in VPN B, but Cisco IOS software supports only one RIP process per router.!141


VPN-Aware Routing Protocols Routing context = routing protocol run in one VRFSupported by VPN-aware routing protocols: External BGP (EBGP), OSPF, RIP version 2 (RIPv2), EIGRP, IS-IS, Dtatic routes Implemented as several instances of a single routing process (EBGP, RIPv2) or as several routing processes (OSPF) Independent per-instance router variables for each instance


142

VRF Routing Table Contains routes that should be available to a particular set of sites Analogous to standard Cisco IOS software routing table; supports same set of mechanisms VPN interfaces (physical interface, subinterfaces, logical interfaces) assigned to VRFsMany interfaces per VRF Each interface assignable to only one VRF


143

Routing Contexts, VRF, and MP-BGP Interaction: 1/9RIP Routing Process!CE-RIP-A

VRF-A Routing Table!

BGP Routing Process! Backbone! Multiprotocol ! BGP!

!

Instance for VRF-A! Instance for VRF-B! VRF-B Routing Table!

CE-RIP-B

!

Instance for VRF-A!CE-BGP-A

!Instance for VRF-B!

CE-BGP-B

!

Two VPNs attached to the same PE router! Each VPN represented by a VRF (VRF-A and VRF-B)! RIP and BGP running between PE and CE routers!MPLS Training - Basic 144




!


CE-RIP-B

!



CE-BGP-B

!

RIP-speaking CE routers announce their prexes to the PE router via RIP.! Instance of RIP process associated with the VRF into which the PE-CE interface belongs collects the routes and inserts them into VRF routing table.!MPLS Training - Basic 145




!


CE-RIP-B

!



CE-BGP-B

!

BGP-speaking CE routers announce their prexes to the PE router via BGP.! Instance of BGP process associated with the VRF into which the PE-CE interface belongs collects the routes and inserts them into VRF routing table.!MPLS Training - Basic 146




!


CE-RIP-B

!



CE-BGP-B

!

RIP routes entered in the VRF routing table are redistributed into BGP for further propagation into the MPLS VPN backbone.! Redistribution between RIP and BGP has to be congured for proper MPLS VPN operation.!MPLS Training - Basic 147



BGP Routing Process! Multiprotocol ! BGP!

!

Instance for VRF-A!

CE-RIP-B

!

Instance for VRF-B!

VRF-B Routing Table!



CE-BGP-B

!

Route distinguisher is prepended during route export to the BGP routes from VRF instance of BGP process to convert them into VPNv4 prexes. Route targets are attached to these prexes.! VPNv4 prexes are propagated to other PE routers.!MPLS Training - Basic 148




!

Instance for VRF-A!

CE-RIP-B

!

Instance for VRF-B!




CE-BGP-B

!

VPNv4 prexes are received from other PE routers.! The VPNv4 prexes are inserted into proper VRF routing tables based on their route targets and import route targets congured in VRFs.! Route distinguisher is removed during this process.!MPLS Training - Basic 149




!

Instance for VRF-A!

CE-RIP-B

!

Instance for VRF-B!




CE-BGP-B

!

Routes received from backbone MP-BGP and imported into a VRF are forwarded as IPv4 routes to EBGP CE neighbors attached to that VRF.!MPLS Training - Basic 150




!

Instance for VRF-A!

CE-RIP-B

!

Instance for VRF-B!




CE-BGP-B

!

MP-IBGP routes imported into a VRF are redistributed into the instance of RIP congured for that VRF.! Redistribution between BGP and RIP has to be congured for end- to-end RIP routing between CE routers.!MPLS Training - Basic 151




!

Instance for VRF-A!

CE-RIP-B

!

Instance for VRF-B!




CE-BGP-B

!

Routes redistributed from BGP into a VRF instance of RIP are sent to RIP-speaking CE routers.!


152

Configuring VRF tables


153

Configuring VRF Tables VRF configuration tasks:Create a VRF table Assign RD to the VRF Specify export and import route targets Assign interfaces to VRFs


154

Creating VRF Tables and Assigning RDsrouter(cong)#"

ip vrf name

!!

Creates a new VRF or enters conguration of an existing VRF.! VRF names are case-sensitive.! VRF is not operational unless you congure RD.! VRF names have only local signicance.!router(cong-vrf)#"

rd route-distinguisher!

Assigns a route distinguisher to a VRF.! You can use ASN:xx or A.B.C.D:xx format for RD.! Each VRF in a PE router has to have a unique RD.!MPLS Training - Basic 155

Specify Export and Import RTsrouter(cong-vrf)#"

route-target export RT

!!

Species an RT to be attached to every route exported from this VRF to MP-BGP! Allows specication to many export RTsall to be attached to every exported route!router(cong-vrf)#"

route-target import RT!

Species an RT to be used as an import lteronly routes matching the RT are imported into the VRF! Allows specication of many import RTsany route where at least one RT attached to the route matches any import RT is imported into the VRF!


156

Specify Export and Import RTsrouter(cong-vrf)#"

route-target both RT!

In cases where the export RT matches the import RT, use this form of route-target command.!

Sample router conguration for simple customer VPN:!ip vrf Customer_ABC rd 12703:15 route-target export 12703:15 route-target import 12703:15MPLS Training - Basic 157

Assigning an Interface to VRF Tablerouter(cong-if)#"

ip vrf forwarding vrf-name

!!

Associates an interface with the specied VRF! Existing IP address removed from the interface when interface is put into VRFIP address must be recongured! CEF switching must be enabled on interface! Sample router conguration:!ip cef ! interface serial 0/0 ip vrf forwarding Customer_ABC ip address 10.0.0.1 255.255.255.252MPLS Training - Basic 158

Sample VPN NetworkMPLS VPN Backbone!CE-RIP-A1! CE-RIP-A2!

CE-BGP-A1!

CE-BGP-A2!

PE-Site-X!CE-RIP-B1!

PE-Site-Y!CE-RIP-B2!

The network supports two VPN customers. Customer A runs RIP and BGP with the service provider; customer B uses only RIP. Both customers use network 10.0.0.0.


159

Sample VPN Network VRF ConfigurationMPLS VPN Backbone! ip vrf Customer_ACE-RIP-A1!

rd 115:43 route-target both 115:43

CE-RIP-A2!

CE-BGP-A1!


! ip vrf Customer_B CE-BGP-A2! rd 115:47 route-target both 115:47 PE-Site-Y! ! interface serial 1/0/1 CE-RIP-B2! ip forwarding vrf Customer_A ip address 10.1.0.1 255.255.255.252 ! interface serial 1/0/2 ip vrf forwarding Customer_A ip address 10.1.0.5 255.255.255.252 ! interface serial 1/1/3 ip vrf forwarding Customer_B ip address 10.2.0.1 255.255.255.252160


Configuring MP-BGP


161

BGP Address Families The BGP process in an MPLS VPN-enabled router performs three separate tasks:Global BGP routes (Internet routing) are exchanged as in traditional BGP setup VPNv4 prefixes are exchanged through MP-BGP VPN routes are exchanged with CE routers through perVRF EBGP sessions.

Address families (routing contexts) are used to configure these three tasks in the same BGP process.


162

Selecting the BGP Address Familyrouter(cong)#"

router bgp as-number

!!

Selects global BGP routing process!router(cong-router)#"

address-family vpnv4

!!

Selects conguration of VPNv4 prex exchanges under MP-BGP sessions!router(cong-router)#"

address-family ipv4 vrf vrf-name

!!

Selects conguration of per-VRF PE-CE EBGP parameters!MPLS Training - Basic 163

BGP Neighbors MP-BGP neighbors are configured under the BGP routing process.These neighbors need to be activated for each global address family they support. Per-address-family parameters can be configured for these neighbors.

VRF-specific EBGP neighbors are configured under corresponding address families.


164

Configuring MP-BGP MPLS VPN MP-BGP configuration steps:Configure MP-BGP neighbor under BGP routing process Configure BGP address family VPNv4 Activate configured BGP neighbor for VPNv4 route exchange Specify additional parameters for VPNv4 route exchange (filters, next hops, and so forth)


165

Configuring MP-IBGProuter(cong)#"

router bgp AS-number! neighbor IP-address remote-as AS-number! neighbor IP-address update-source loopback-interface

!!

All MP-BGP neighbors have to be congured under global BGP routing conguration.! MP-IBGP sessions have to run between loopback interfaces.!router(cong-router)#"

address-family vpnv4!

Starts conguration of MP-BGP routing for VPNv4 route exchange.! Parameters that apply only to MP-BGP exchange of VPNv4 routes between already congured IBGP neighbors are congured under this address family.!MPLS Training - Basic 166

Configuring MP-IBGProuter(cong-router-af)#"

neighbor IP-address activate

!!

The BGP neighbor dened under BGP router conguration has to be activated for VPNv4 route exchange.!router(cong-router-af)#"

neighbor IP-address next-hop-self!

The next-hop-self command must be congured on the MP-IBGP session for proper MPLS VPN conguration if EBGP is being run with a CE neighbor.!MPLS Training - Basic 167

BGP Community Propagationrouter(cong-router-af)#"

neighbor IP-address send-community [extended | both]

!!

This command congures propagation of standard and extended BGP communities attached to VPNv4 prexes.! Default value: only extended communities are sent.! Extended BGP communities attached to VPNv4 prexes must be exchanged between MP-BGP neighbors for proper MPLS VPN operation.! To propagate standard BGP communities between MP-BGP neighbors, use the both option.!


168

Sample MP-IBGP ConfigurationMPLS VPN Backbone!CE-RIP-A1! CE-RIP-A2!

CE-BGP-A1!

CE-BGP-A2!


PE-Site-Y!

interface loopback 0 ip address 172.16.1.1 255.255.255.255 CE-RIP-B2! ! router bgp 115 neighbor 172.16.1.2 remote-as 115 neighbor 172.16.1.2 update-source loopback 0 ! address-family vpnv4 neighbor 172.16.1.2 activate neighbor 172.16.1.2 next-hop-self neighbor 172.16.1.2 send-community both169


Disabling IPv4 Route Exchangerouter(cong-router)#"

no bgp default ipv4 unicast

!!

Exchange of IPv4 routes between BGP neighbors is enabled by defaultevery congured neighbor will also receive IPv4 routes! This command disables default exchange of IPv4 routesneighbors that need to receive IPv4 routes have to be activated for IPv4 route exchange! Use this command when the same router carries Internet and VPNv4 routes and you dont want to propagate Internet routes to some PE neighbors.!


170

Sample Router Configuration Neighbor 172.16.32.14 receives only Internet routes. Neighbor 172.16.32.15 receives only VPNv4 routes. Neighbor 172.16.32.27 receives Internet and VPNv4 routes.

router bgp 12703 no bgp default ipv4 unicast neighbor 172.16.32.14 remote-as 12703 neighbor 172.16.32.15 remote-as 12703 neighbor 172.16.32.27 remote-as 12703 ! Activate IPv4 route exchange neighbor 172.16.32.14 activate neighbor 172.16.32.27 activate ! Step#2 VPNv4 route exchange address-family vpnv4 neighbor 172.16.32.15 activate neighbor 172.16.32.27 activateMPLS Training - Basic 171

Configuring PE-CE Routing


172

Configuring PE-CE Routing Protocols PE-CE routing protocols are configured for individual VRFs. Per-VRF routing protocols can be configured in two ways:There is only one BGP or RIP process per router, per-VRF parameters are specified in routing contexts, which are selected with the address family command. A separate OSPF process has to be started for each VRF.

Overall number of routing processes per router is limited to 32Will be lifted in 12.0(27)S


173

VRF Routing Context for BGP and RIProuter(cong)#"

router bgp AS-number! address-family ipv4 vrf vrf-name! ... Per-VRF BGP denitions ...

!!

Per-VRF BGP context is selected with the address-family command.! CE EBGP neighbors are congured in VRF context, not in the global BGP conguration.!router(cong)#"

router rip! address-family ipv4 vrf vrf-name! ... Per-VRF RIP denitions ...! Similar to BGP, select per-VRF RIP context with the address-family command.! Congure all per-VRF RIP parameters therestarting with network numbers.!MPLS Training - Basic 174

Configuring per-VRF BGP Routing CE neighbors have to be specified within the perVRF context, not in global BGP. CE neighbors have to be activated with the neighbor activate command. All non-BGP per-VRF routes have to be redistributed into per-VRF BGP context to be propagated by MP-BGP to other PE routers. Per-VRF BGP context has auto-summarization and synchronization disabled by default.


175

Sample PE-CE BGP ConfigurationMPLSCE-RIP-A1!

router bgp 65001 VPN Backbone! neighbor 10.200.1.2 remote-as 115 CE-RIP-A2 network 10.1.0.0 mask 255.255.0.0 !

CE-BGP-A1!

CE-BGP-A2!


PE-Site-Y!CE-RIP-B2!

router bgp 115 ! address-family ipv4 vrf Customer_A neighbor 10.200.1.1 remote-as 65001 neighbor 10.200.1.1 activateMPLS Training - Basic 176

Configuring RIP PE-CE Routing A routing context is configured for each VRF running RIP RIP parameters have to be specified in the VRF Some parameters configured in the RIP process are propagated to routing contexts (for example, RIP version) Only RIPv2 is supported


177

RIP Metric Propagationrouter(cong)#"

router rip! address-family ipv4 vrf vrf-name! redistribute bgp metric transparent

!!

BGP routes have to be redistributed back into RIP if you want to have end-to-end RIP routing in the customer network.! The RIP hop count is copied into BGP multi-exit discriminator attribute (default BGP behavior).! The RIP hop count has to be manually set for routes redistributed into RIP.! With metric transparent option, BGP MED is copied into the RIP hop count, resulting in a consistent end-to-end RIP hop count.!MPLS Training - Basic 178

Sample RIP ConfigurationMPLS VPN Backbone!CE-RIP-A1! CE-RIP-A2!

CE-BGP-A1!

CE-BGP-A2!


PE-Site-Y!

router rip CE-RIP-B2! version 2 address-family ipv4 vrf Customer_ABC network 10.0.0.0 redistribute bgp 12703 metric transparent ! router bgp 12703 address-family ipv4 vrf Customer_ABC redistribute rip179


Configuring OSPF PE-CE Routing A separate OSPF routing process is configured for each VRF running OSPF. OSPF route attributes are attached as extended BGP communities to OSPF routes redistributed into MP-BGP. Routes redistributed from MP-BGP into OSPF get proper OSPF attributes.No additional configuration is needed.


180

Configuring PE-CE OSPF Routingrouter(cong)#"

router ospf process-id vrf name! ... Standard OSPF parameters ...!

This command congures the per-VRF OSPF routing process.! Sample router conguration:!router ospf 123 vrf Customer_ABC network 0.0.0.0 255.255.255.255 area 0 redistribute bgp 12703 ! router bgp 12703 address-family ipv4 vrf Customer_ABC redistribute ospf 123MPLS Training - Basic 181

Configuring Per-VRF Static Routesrouter(cong)#"

ip route vrf name static route parameters

!!

This command congures per-VRF static routes. ! The route is entered in the VRF table.! On Ethernet Interfaces, you must specify the the next hop as well as the outgoing interface! Sample router conguration:!ip route vrf Customer_ABC 10.0.0.0 255.0.0.0 10.250.0.2 ethernet 0/0 ! router bgp 12703 address-family ipv4 vrf Customer_ABC redistribute staticMPLS Training - Basic 182

Monitoring MPLS VPN Operation


183

Monitoring VRFrouter#"

show ip vrf

!!

Displays the list of all VRFs congured in the router!router#"

show ip vrf detail

!!

Displays detailed VRF conguration!router#"

show ip vrf interfaces

!!

Displays interfaces associated with VRFs!MPLS Training - Basic 184

show ip vrfRouter#show ip vrf Name SiteA2 SiteB SiteX Router# Default RD 103:30 103:11 103:20 Interfaces Serial1/0.20 Serial1/0.100 Ethernet0/0


185

show ip vrf detailRouter#show ip vrf detail VRF SiteA2; default RD 103:30 Interfaces: Serial1/0.20 Connected addresses are not in global routing table No Export VPN route-target communities Import VPN route-target communities RT:103:10 No import route-map Export route-map: A2 VRF SiteB; default RD 103:11 Interfaces: Serial1/0.100 Connected addresses are not in global routing table Export VPN route-target communities RT:103:11 Import VPN route-target communities RT:103:11 RT:103:20 No import route-map No export route-mapMPLS Training - Basic 186

show ip vrf interfacesRouter#show ip vrf interfaces Interface IP-Address Serial1/0.20 150.1.31.37 Serial1/0.100 150.1.32.33 Ethernet0/0 192.168.22.3

VRF SiteA2 SiteB SiteX

Protocol up up up


187

Monitoring VRF Routingrouter#"

show ip protocols vrf name

!!

Displays the routing protocols congured in a VRF!router#"

show ip route vrf name

!!

Displays the VRF routing table!router#"

show ip bgp vpnv4 vrf name

!!

Displays per-VRF BGP parameters (PE-CE neighbors )!MPLS Training - Basic 188

show ip protocol vrfRouter#show ip protocol vrf SiteX Routing Protocol is "rip" Sending updates every 30 seconds, next due in 10 seconds Invalid after 180 seconds, hold down 180, flushed after 240 Outgoing update filter list for all interfaces is Incoming update filter list for all interfaces is Redistributing: rip, bgp 3 Default version control: send version 2, receive version 2 Interface Send Recv Triggered RIP Key-chain Ethernet0/0 2 2 Routing for Networks: 192.168.22.0 Routing Information Sources: Gateway Distance Last Update Distance: (default is 120)


189

show ip route vrfRouter#show ip route vrf SiteA2 Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set O O B B B B 203.1.20.0/24 [110/782] via 150.1.31.38, 02:52:13, Serial1/0.20 203.1.2.0/32 is subnetted, 1 subnets 203.1.2.1 [110/782] via 150.1.31.38, 02:52:13, Serial1/0.20 203.1.1.0/32 is subnetted, 1 subnets 203.1.1.1 [200/1] via 192.168.3.103, 01:14:32 203.1.135.0/24 [200/782] via 192.168.3.101, 02:05:38 203.1.134.0/24 [200/1] via 192.168.3.101, 02:05:38 203.1.10.0/24 [200/1] via 192.168.3.103, 01:14:32

rest deleted


190

show ip bgp vpnv4 vrf neighborRouter#show ip bgp vpnv4 vrf SiteB neighbors BGP neighbor is 150.1.32.34, vrf SiteB, remote AS 65032, external link BGP version 4, remote router ID 203.2.10.1 BGP state = Established, up for 02:01:41 Last read 00:00:56, hold time is 180, keepalive interval is 60 seconds Neighbor capabilities: Route refresh: advertised and received Address family IPv4 Unicast: advertised and received Received 549 messages, 0 notifications, 0 in queue Sent 646 messages, 0 notifications, 0 in queue Route refresh request: received 0, sent 0 Minimum time between advertisement runs is 30 seconds For address family: VPNv4 Unicast Translates address family IPv4 Unicast for VRF SiteB BGP table version 416, neighbor version 416 Index 4, Offset 0, Mask 0x10 Community attribute sent to this neighbor 2 accepted prefixes consume 120 bytes Prefix advertised 107, suppressed 0, withdrawn 63 rest deleted


191

show ip bgp vpnv4 all summaryRouter#show ip bgp vpnv4 all summary BGP router identifier 10.7.0.5, local AS number 100 BGP table version is 35, main routing table version 35 20 network entries and 40 paths using 4980 bytes of memory 5 BGP path attribute entries using 300 bytes of memory 6 BGP rrinfo entries using 144 bytes of memory 4 BGP extended community entries using 96 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP activity 21/43 prefixes, 41/1 paths, scan interval 15 secs Neighbor V PfxRcd 10.7.0.17 4 10.7.0.18 4 rest deleted AS MsgRcvd MsgSent 100 100 13041 13041 13037 13037 TblVer 35 35 InQ OutQ Up/Down 0 0 0 1w2d 0 1w2d State/ 13 13


192

Monitoring MP-BGP Sessions

router#"

show ip bgp neighbor

!!

Displays global BGP neighbors and the protocols negotiated with these neighbors!


193

show ip bgp neighbor (1/2)Router#show ip bgp neighbor 192.168.3.101 BGP neighbor is 192.168.3.101, remote AS 3, internal link BGP version 4, remote router ID 192.168.3.101 BGP state = Established, up for 02:15:33 Last read 00:00:33, hold time is 180, keepalive interval is 60 seconds Neighbor capabilities: Route refresh: advertised and received Address family IPv4 Unicast: advertised and received Address family VPNv4 Unicast: advertised and received Received 1417 messages, 0 notifications, 0 in queue Sent 1729 messages, 2 notifications, 0 in queue Route refresh request: received 9, sent 29 Minimum time between advertisement runs is 5 seconds For address family: IPv4 Unicast BGP table version 188, neighbor version 188 Index 2, Offset 0, Mask 0x4 1 accepted prefixes consume 36 bytes Prefix advertised 322, suppressed 0, withdrawn 230 ... ContinuedMPLS Training - Basic 194

show ip bgp neighbor (2/2)Router#show ip bgp neighbor 192.168.3.101 ... Continued For address family: VPNv4 Unicast BGP table version 416, neighbor version 416 Index 2, Offset 0, Mask 0x4 NEXT_HOP is always this router Community attribute sent to this neighbor 6 accepted prefixes consume 360 bytes Prefix advertised 431, suppressed 0, withdrawn 113 Connections established 7; dropped 6 Last reset 02:18:33, due to Peer closed the session ... Rest deleted


195

Monitoring an MP-BGP VPNv4 Tablerouter#!

show ip bgp vpnv4 all

!!

Displays whole VPNv4 table!router#!

show ip bgp vpnv4 vrf name!

Displays only BGP parameters (routes or neighbors) associated with specied VRF! Any BGP show command can be used with these parameters!router#!

show ip bgp vpnv4 rd value!

Displays only BGP parameters (routes or neighbors) associated with specied RD!MPLS Training - Basic 196

show ip bgp vpnv4 vrf Router#show ip bgp vpnv4 vrf SiteA2 BGP table version is 416, local router ID is 192.168.3.102 Status codes: s suppressed, d damped, h history, * valid, > best, i internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 103:30 (default for vrf SiteA2) *> 150.1.31.36/30 0.0.0.0 0 32768 ? *>i150.1.31.128/30 192.168.3.101 0 100 0 ? *>i150.1.31.132/30 192.168.3.101 0 100 0 ? *>i203.1.1.1/32 192.168.3.103 1 100 0 65031 i *> 203.1.2.1/32 150.1.31.38 782 32768 ? *>i203.1.10.0 192.168.3.103 1 100 0 65031 i *> 203.1.20.0 150.1.31.38 782 32768 ? *>i203.1.127.3/32 192.168.3.101 1 100 0 ? *>i203.1.127.4/32 192.168.3.101 782 100 0 ? *>i203.1.134.0 192.168.3.101 1 100 0 ? *>i203.1.135.0 192.168.3.101 782 100 0 ?


197

show ip bgp vpnv4 rd Router#show ip bgp vpnv4 rd 103:30 203.1.127.3 BGP routing table entry for 103:30:203.1.127.3/32, version 164 Paths: (1 available, best #1, table SiteA2) Not advertised to any peer Local, imported path from 103:10:203.1.127.3/32 192.168.3.101 (metric 10) from 192.168.3.101 (192.168.3.101) Origin incomplete, metric 1, localpref 100, valid, internal, best Extended Community: RT:103:10


198

Monitoring per-VRF CEF and LFIB structuresrouter#!

show ip cef vrf name

!!

Displays per-VRF CEF table!router#!

show ip cef vrf name prex detail

!!

Displays details of an individual CEF entry, including label stack!router#!

show tag-switching forwarding vrf name

!!

Displays labels allocated by MPLS VPN for routes in specied VRF!MPLS Training - Basic 199

show ip cef vrfRouter#show ip cef vrf SiteA2 203.1.1.1 255.255.255.255 detail 203.1.1.1/32, version 57, cached adjacency to Serial1/0.2 0 packets, 0 bytes tag information set local tag: VPN-route-head fast tag rewrite with Se1/0.2, point2point, tags imposed: {26 39} via 192.168.3.103, 0 dependencies, recursive next hop 192.168.3.10, Serial1/0.2 via 192.168.3.103/32 valid cached adjacency tag rewrite with Se1/0.2, point2point, tags imposed: {26 39}

The show ip cef command can also display the label stack associated with the MP-IBGP route.MPLS Training - Basic 200

show tag-switching forwarding vrfRouter#show tag-switching forwarding Local Outgoing Prefix tag tag or VC or Tunnel Id 26 Aggregate 150.1.31.36/30[V] 37 Untagged 203.1.2.1/32[V] 38 Untagged 203.1.20.0/24[V] vrf SiteA2 Bytes tag switched 0 0 0

Outgoing interface Se1/0.20 Se1/0.20

Next Hop point2point point2point

Router#show tag-switching forwarding vrf SiteA2 Local Outgoing Prefix Bytes tag tag tag or VC or Tunnel Id switched 37 Untagged 203.1.2.1/32[V] 0 MAC/Encaps=0/0, MTU=1504, Tag Stack{} VPN route: SiteA2 Per-packet load-sharing

tags 37 detail Outgoing Next Hop interface Se1/0.20 point2point


201

Monitoring Labels on VPNv4 Routesrouter#!

show ip bgp vpnv4 [ all | rd value | vrf name ] tags

!!

Displays labels associated with VPNv4 routes!Router#show ip bgp vpnv4 all tags Network Next Hop In tag/Out tag Route Distinguisher: 100:1 (vrf1) 2.0.0.0 10.20.0.60 34/notag 10.0.0.0 10.20.0.60 35/notag 12.0.0.0 10.20.0.60 26/notag 10.20.0.60 26/notag 13.0.0.0 10.15.0.15 notag/26


202

MPLS Troubleshooting


203

MPLS Troubleshooting Agenda

Troubleshooting falls under two categories CONTROL PlaneInvolves LDP, LIB, etc.

FORWARDING PlaneInvolves FIB, LFIB, etc.


204

MPLS Control Plane LDP is one of the primary ways, but not the only one, to enable MPLS on an interface; other ways areTDP BGP+Label RSVP

Each of these protocols can distribute a label for IPv4 prefixes Enabling MPLS meansthe ability to send/receive MPLS packets on an interface


205

MPLS Control PlaneThis Section Is All About LDP (and Its Related Components) LDP vs. TDP LDP (Discovery, Session Setup, Label Xchange) RIB/FIB/LIB/LFIB Relationship Troubleshooting Tips Troubleshooting Case Studies


206

MPLS Control Plane: LDP vs. TDP LDP is quite similar to TDP LDP is standardized by IETF LDP has more features such as abort, MD5 authentication, notification, backoff logic, etc. LDP is now the default on Cisco routers


207

MPLS Control Plane Control PlaneLDP vs. TDP LDP (Discovery, Session Setup, Label Xchange) RIB/FIB/LIB/LFIB Relationship Troubleshooting Tips Troubleshooting Case Studies

Forwarding Plane


208

MPLS Control Plane: LDP LDP/TDP operates in three stepsNeighbor Discovery Session establishment Label Distribution/exchange

Once labels are exchanged, LIB is built LIB and FIB together helps to build LFIB


209

MPLS Control Plane: TDP (i) TDP Neighbors are discovered via TDP Hellos (like most of the routing protocols) TDP Hellos are sent to 255.255.255.255 TDP hellos are sent to UDP port = 711 TDP hellos are sent only after mpls ip is configured on an interface

Tx Hello (PE1:0)

PE1!MPLS Training - Basic

Rx Hello (PE2:0)

PE2!210

MPLS Control Plane: LDP (i) LDP Neighbors are discovered via LDP Hellos (like most of the routing protocols) LDP Hellos are sent to 224.0.0.2 LDP hellos are sent to UDP port = 646 LDP hellos are sent only after both mpls ip and mpls label protocol ldp are configured on an interface **

Tx Hello (PE1:0)

PE1!MPLS Training - Basic

Rx Hello (PE2:0)

PE2!211

** If LDP is the global default, then interface-level LDP is not needed.

MPLS Control Plane: LDP (i) LDP_ID should be hardcoded viampls ldp router-ID

The above wont do any good unless is UP when LDP gets started Existing LDP_ID (usually an interface) is shut/unshut

Following avoids both shortcomingsmpls ldp router-ID force


212

MPLS Control Plane: LDP (i) Use the same Loopback0 as the router-ID for LDP, IGP, BGP, etc. Assign an IP address to the Loopback0 from the separate IP address subnet (or space) Avoid the IGP summarization of prefixes that correspond to the router-ids


213

MPLS Control Plane: LDP (i) sh mpls ldp discovery [detail]Must show xmit/recv on LDP enabled interfacePE1#sh mpls ldp discovery Local LDP_ID Local LDP Identifier: Xmit & Received 10.13.1.61:0 Hellos Discovery Sources: Interfaces: Ethernet0/0 (ldp): xmit/recv Discovered E0/0 is configured LDP Id: 10.13.1.101:0 Neighbours with LDP LPD_ID Ethernet1/0 (ldp): xmit/recv LDP Id: 10.13.1.101:0

debug mpls ldp transport connectionsShould give information regarding whether the HELLOS are advertised/receivedMPLS Training - Basic 214

MPLS Control Plane: LDP (i) sh mpls interface [detail]Lists whether MPLS is enabled and the application that enabled MPLS on the interfacePE2#sh mpls interface Interface Serial2/0 PE2#

Serial2/0IP Yes (ldp) Tunnel No Operational Yes

PE2!

P1!! interface Serial2/0 description To P1 ser2/0 ip address 10.13.2.6/30 mpls label protocol ldp tag-switching ip tag-switching mtu 1508 !

MPLS EnabledPE2#sh mpls interface ser2/0 detail Interface Serial2/0: IP labeling enabled (ldp) LSP Tunnel labeling not enabled BGP tagging not enabled Tagging operational Fast Switching Vectors: IP to MPLS Fast Switching Vector MPLS Turbo Vector MTU = 1508 PE2#

LDP Enabled

MPLS MTU


215

MPLS Control Plane: LDP (i) This slide is to show that BGPipv4+label (or MPeBGP) is another application that can enable MPLS; WHATS DIFFERENT HERERSP-PE-SOUTH-6#sh mpls int Interface IP Fddi1/0/0 Yes (ldp) ATM1/1/0.108 No RSP-PE-SOUTH-6# Tunnel No No Operational Yes Yes

MPLS is Operational. LDP not enabled LDP not enabled BGP+Label Enabled

RSP-PE-SOUTH-6#sh mpls int ATM1/1/0.108 de Interface ATM1/1/0.108: IP labeling not enabled LSP Tunnel labeling not enabled BGP tagging enabled Tagging operational Optimum Switching Vectors: IP to MPLS Feature Vector MPLS Feature Vector Fast Switching Vectors: IP to MPLS Fast Feature Switching Vector MPLS Feature Vector MTU = 4470 RSP-PE-SOUTH-6#

MPLS MTU


216

MPLS Control Plane: LDP (ii) After discovering each other, they want to get cozy and establish the session.(Even routers have the dating concept)

LDP INITIALIZATION, KEEPALIVE and ADDRESS messages are exchanged to establish LDP session LSR_ID (Transport address) MUST be IP reachableLDP Session Hello

PE1!10.13.1.61/32

Hello

P1!10.13.1.101/32


217

MPLS Control Plane: LDP (ii)LDP_ID =>LSR_IDW! !! X Y Z !! !! n! LSR ID! Label Space ID!

The LSR_ID is a four byte number that identifies a specific LSR. It is derived from an interface on the LSR. By default, it is the highest IP address, or highest IP address of a loopback if its available.

Label_Space_IdA two byte number that identifies a specific label space on the LSR. 0x00 is reserved for the platform label space (i.e. frame-mode MPLS). Non-zero refers to the interface label space (i.e. cell-mode MPLS).


218

MPLS Control Plane: LDP (ii) LDP session is a TCP session (port = 646) Multiple links between two routers still mean single LDP sessionLDP_ID PE1#sh mpls ldp neighbor Peer LDP Ident: 10.13.1.101:0; Local LDP Ident 10.13.1.61:0 TCP connection: 10.13.1.101.11031 - 10.13.1.61.646 Unsolicited Label State: Oper; Msgs sent/rcvd: 58/60; Downstream Distribution Up time: 00:39:27 LDP discovery sources: Interfaces on Ethernet0/0, Src IP addr: 10.13.1.5 which peers Ethernet1/0, Src IP addr: 10.13.1.9 identified Addresses bound to peer LDP Ident: 10.13.1.9 10.13.1.5 10.13.2.5 10.13.1.101 Peers connected interfaces PE1#sh tcp brief| i 646 43ABB020 10.13.1.101.11031MPLS Training - Basic

10.13.1.61.646

ESTAB219

MPLS Control Plane: LDP (ii)Relevant LDP Session Commands/Debugs: sh mpls ldp neighbor [neighbor]Shows LDP neighbor and relevant info

sh mpls ldp neighbor [interface]LDP neighbors discovered over this interface

Debug mpls ldp session io|stateUseful when the session doesnt come up

Debug mpls ldp messages sent|receiveShows all the LDP messages sent or received


220

MPLS Control Plane: LDP (iii) Now, the LDP session is established, LDP neighbors start exchanging label bindings via LABEL MAPPING message (after the Keepalive gets exchanged) Label binding => prefix + Label Label bindings are stored in the LIBLIB => Label Information BaseLabel exchange 10.13.1.61/32

PE1!

P1!10.13.1.101/32


221

MPLS Control Plane: LDP (iii) LIB entry can be verified with the followingPE1#sh mpls ip bindings 10.13.1.62 32 10.13.1.62/32 in label: 20 out label: 2001 lsr: 10.13.1.101:0 PE1#Ok. I hear you 10.13.1.101:0. I have the binding from you in my LIB now But whether I use your binding or not will be dictated by RIB entry This is 10.13.1.101:0. Use label 2001 to reach 10.13.1.62/32

5

Local binding Remote binding

10.13.1.61/32Oh ok. Per RIB, 10.13.1.101 is the next-hop for 10.13.1.62/32. I have to use label 2001 in LFIB.

PE1!

E0/0 E0/1

P1!10.13.1.101/32

10.13.1.62/32

PE1#sh Local tag 20 PE1#

mpls forwarding 10.13.1.62 Outgoing Prefix tag or VC or Tunnel Id 2001 10.13.1.62/32 2001 10.13.1.62/32

Bytes tag switched 0 0

Outgoing interface Et0/0 Et1/0

Next Hop 10.13.1.5 10.13.1.9


222

MPLS Control Plane: LDP (iii) sh mpls ip binding detailLists all prefixes with labels and LDP neighbors

sh mpls ip binding detLists ACLs (if any), prefix bindings, and LDP neighbors Notice Advertised to: field

sh mpls ip binding advertisement-aclsLists LDP filter, if there is any, on the first line. Prefixes followed by Advert acl(s): are advertised via LDP, others are not


223

MPLS Control Plane Control PlaneLDP vs. TDP LDP (Discovery, Session Setup, Label Xchange) RIB/FIB/LIB/LFIB Relationship Troubleshooting Tips Troubleshooting Case Studies

Forwarding Plane


224

RIB/FIB/LIB/LFIB RIB is the Routing Information Base that is analogous to the ip routing table FIB aka CEF is Forwarding information base that is derived from the ip routing table LIB is Label Information Base that contains all the label bindings learned via LDP LFIB is Label Forwarding Information Base that is derived from FIB entries and corresponding LIB entries Lets go through the pictorial view


225

MPLS Control Plane: RIB/FIB/LIB/LFIBControl planeRouting Protocols DatabaseRouting Updates from other routers

Label Bindings Learned Via LDP from Other Routers

Forwarding planeIncoming IP Packet

IP forwarding table (FIB) Label forwarding table (LFIB)

Managed by CEF

Incoming MPLS Packet

Outgoing MPLS/IP Packet

Population of RIB/FIB/LIB/LFIB in a LSRMPLS Training - Basic 226

MPLS Control Plane: DebugsBe Careful on the Production Routers debug mpls ldp advertisementsUseful to see label bindings that are advertised

debug mpls ldp bindingUseful to see label bindings that are received

debug mpls ldp message sent|receivedUseful for the protocol understanding purposes


227

MPLS Control Plane Control PlaneLDP vs. TDP LDP (Discovery, Session Setup, Label Xchange) RIB/FIB/LIB/LFIB relationship Troubleshooting Tips Troubleshooting Case Studies

Forwarding Plane


228

MPLS Control Plane: Troubleshooting Tips1. Check for same label protocol to be configured on both sides of the interfaceSh mpls ldp discovery | inc ldp|tdp

5

2. Check whether correct local LSR_ID is used on both LSRs (sh mpls ldp disc)sh mpls ldp discovery2nd line in output

PE1#sh mpls ldp disc | i ldp|tdp Ethernet0/0 (ldp): xmit/recv PE1#

3. Dont assume that the neighbor discovery means everything is good

PE1#sh mpls ldp disco Local LDP Identifier: 10.13.1.61:0


229

MPLS Control Plane: Troubleshooting Tips4. Check IP reachability to remote LSR_ID on both LSRsping PE1#ping 10.13.1.101 source 10.13.1.61 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.13.1.101, timeout is 2 seconds: Packet sent with a source address of 10.13.1.61 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/49/72 ms PE1#

5. Check for ACL or ICMP unreachable blockages

6. Untagged outgoing label for /32 routes i.e. PEs loopbacks is almost always alarmingsh mpls ldp bind

7. Check the label binding for a prefix on both LSRs

PE1#sh mpls ldp bind 10.13.1.62 32 tib entry: 10.13.1.62/32, rev 16 local binding: tag: 17 remote binding: tsr: 10.13.1.101:0, tag: 2001 PE1#MPLS Training - Basic 230

MPLS Control Plane: Troubleshooting Tips8. Good practice is to configure the Loopback0 as the router-ID for LDPmpls ldp router-id loopback0 force


231

MPLS Control Plane Control PlaneLDP vs. TDP LDP (Discovery, Session Se

Du-MPLS

Documents

mpls vpn layer

vpn b vpn c vpn

vpn c vpn b vpn

labels mpls training

routers mpls training

solution mpls

pe router vpn

mpls components edge