MPLS Introduction

MPLS Introduction
Session Number Presentation_ID
2001, Cisco Systems, Inc. All rights reserved.
Agenda
Introduction to MPLS
LDP
MPLS VPN
Monitoring MPLS
Presentation_ID
MPLS Concept
At Edge:
Classify packets Label them
In Core:
Forward using labels (as opposed to IP addr) Label indicates service class and destination
Edge Label Switch Router
(ATM Switch or Router)
Label Switch Router (LSR)

Router ATM switch + Tag Switch Controller
Label Distribution Protocol (LDP)
Presentation_ID
MPLS concept
MPLS: Multi Protocol Label Switching Packet forwarding is done based on Labels. Labels are assigned when the packet enters into the network. Labels are on top of the packet. MPLS nodes forward packets/cells based on the label value (not on the IP information).
Presentation_ID
MPLS concept
MPLS allows:
Packet classification only where the packet enters the network. The packet classification is encoded as a label. In the core, packets are forwarded without having to re-classify them.
- No further packet analysis - Label swapping
Presentation_ID
MPLS Operation
1a. Existing routing protocols (e.g. OSPF, IS-IS) establish reachability to destination networks. 1b. Label Distribution Protocol (LDP) establishes label to destination network mappings. 4. Edge LSR at egress removes(POP) label and delivers packet.
2. Ingress Edge LSR receives packet, performs Layer 3 value-added services, and labels(PUSH) packets.
Presentation_ID
3. LSR switches packets using label swapping(SWAP) .

6
Label Switch Path (LSP)
IGP domain with a label distribution protocol
IGP domain with a label distribution protocol
LSP follows IGP shortest path
LSP diverges from IGP shortest path
LSPs are derived from IGP routing information

LSPs may diverge from IGP shortest path LSPs are unidirectional
Return traffic takes another LSP
Presentation_ID
Encapsulations
ATM Cell Header
GFC
VPI
VCI
PTI
CLP HEC
DATA
Label
PPP Header (Packet over SONET/SDH)
PPP Header
Label Header
Layer 3 Header
LAN MAC Label Header
MAC Header
Label Header
Layer 3 Header
Presentation_ID
Label Header
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Label
EXP S
TTL
Label = 20 bits S = Bottom of Stack, 1 bit
EXP = Class of Service, 3 bits TTL = Time to Live, 8 bits
Header= 4 bytes, Label = 20 bits. Can be used over Ethernet, 802.3, or PPP links Contains everything needed at forwarding time
Presentation_ID
Loops and TTL
In IP networks TTL is used to prevent packets to travel indefinitely in the network

MPLS may use same mechanism as IP, but not on all encapsulations
TTL is present in the label header for PPP and LAN headers (shim headers) ATM cell header does not have TTL
Presentation_ID
10
Loops and TTL

LSR-1
LSR-2 IP packet TTL = 10 Label = 25 IP packet TTL = 6 Label = 39 IP packet TTL = 6 LSR-6 LSR3
LSR-6 --> 25 Hops=4

IGP domain with a label distribution protocol LSR-4
Label = 21 IP packet TTL = 6 LSR-5
IP packet TTL = 6
Egress
TTL is decremented prior to enter the non-TTL capable LSP
If TTL is 0 the packet is discarded at the ingress point

TTL is examined at the LSP exit
Presentation_ID
11
Label Assignment and Distribution
Labels have link-local significance:

Each LSR binds his own label mappings Each LSR assign labels to his FECs
Labels are assigned and exchanged

between adjacent neighboring LSR
Presentation_ID
12
Label Assignment and Distribution

Upstream and Downstream LSRs
171.68.40/24 Rtr-A Rtr-B Rtr-C 171.68.10/24
Rtr-C is the downstream neighbor of Rtr-B for destination 171.68.10/24 Rtr-B is the downstream neighbor of Rtr-A for destination 171.68.10/24 LSRs know their downstream neighbors through the IP routing protocol Next-hop address is the downstream neighbor
Presentation_ID
13
Unsolicited Downstream Distribution

Use label 30 for destination 171.68.10/24 171.68.40/24 Use label 40 for destination 171.68.10/24 171.68.10/24
Rtr-A
In I/F In Lab Address Prefix Out I/F Out Lab In I/F
Rtr-B
In Lab Address Prefix Out I/F Out Lab In I/F
Rtr-C 40 Next-Hop... ... ...

1
In Lab Address Prefix Out I/F Out Lab
171.68.10
...
...
30 Next-Hop... ... ...

1
30 171.68.10
...
...
40 171.68.10
...
IGP derived routes
...
Next-Hop... ...
...
LSRs distribute labels to the upstream neighbors

Presentation_ID
14
On-Demand Downstream Distribution
Use label 40 for destination 171.68.10/24
Use label 30 for destination 171.68.10/24
171.68.10/24 171.68.40/24 Rtr-A Rtr-B

Request label for destination 171.68.10/24
Rtr-C
Request label for destination 171.68.10/24
Upstream LSRs request labels to downstream neighbors Downstream LSRs distribute labels upon request
Presentation_ID
15
Label Retention Modes

Liberal retention mode
LSR retains labels from all neighbors
Improve convergence time, when next-hop is again available after IP convergence Require more memory and label space
Conservative retention mode

LSR retains labels only from next-hops neighbors
LSR discards all labels for FECs without next-hop Free memory and label space
Presentation_ID
16
Label Distribution Modes

Independent LSP control
LSR binds a Label to a FEC independently, whether or not the LSR has received a Label the next-hop for the FEC The LSR then advertises the Label to its neighbor
Ordered LSP control

LSR only binds and advertise a label for a particular FEC if: it is the egress LSR for that FEC or
it has already received a label binding from its next-hop
Presentation_ID
17
Router Example: Forwarding Packets

Address Prefix I/F 1 1 Address Prefix I/F 0 1

Address Prefix
I/F 0
128.89
171.69
128.89
171.69
128.89
0 1 0
128.89
128.89.25.4 Data
0 128.89.25.4 Data 1
128.89.25.4 Data
128.89.25.4 Data
171.69
Packets Forwarded Based on IP Address

Presentation_ID
18
MPLS Example: Routing Information

Out In Address Out Iface Label Label Prefix Out In Address Out Iface Label Label Prefix Out In Address Out Iface Label Label Prefix
128.89 171.69
1 1
128.89 171.69
0 1
128.89
0 1 0
128.89
You Can Reach 128.89 Thru Me You Can Reach 128.89 and 171.69 Thru Me
1
Routing Updates (OSPF, EIGRP, )

Presentation_ID
You Can Reach 171.69 Thru Me
171.69
19
MPLS Example: Assigning Labels

Out In Address Out Label Iface Label Prefix Out In Address Out Label Iface Label Prefix Out In Address Out Label Iface Label Prefix
128.89 171.69
1 1
4 5
4 5
128.89 171.69
0 1
9 7
128.89
0 1 0
128.89
Use Label 9 for 128.89 Use Label 4 for 128.89 and Use Label 5 for 171.69
1
Label Distribution Protocol (LDP)

(downstream allocation)
Presentation_ID
171.69
Use Label 7 for 171.69
20
MPLS Example: Forwarding Packets

Out In Address Out Label Iface Label Prefix Out In Address Out Label Iface Label Prefix Out In Address Out Label Iface Label Prefix
128.89
171.69
1 1
4 5
4
5
128.89 171.69
0 1
9 7
128.89
0 1 0
128.89 Data
128.89.25.4
9
1
128.89.25.4
Data
128.89.25.4 Data
128.89.25.4
Data
Label Switch Forwards Based on Label

Presentation_ID
21
Agenda
LDP
MPLS VPN
Monitoring MPLS
Presentation_ID
22
MPLS Unicast IP Routing

MPLS introduces a new field that is used for forwarding decisions. Although labels are locally significant, they have to be advertised to directly reachable peers.
One option would be to include this parameter into existing IP routing protocols. The other option is to create a new protocol to exchange labels.
The second option has been used because there are too many existing IP routing protocols that would have to be modified to carry labels.
Presentation_ID
23
Label Distribution Protocol

Defined in RFC 3036 and 3037
Used to distribute labels in a MPLS network

Forwarding equivalence class
How packets are mapped to LSPs (Label Switched Paths)
Advertise labels per FEC

Reach destination a.b.c.d with label x
Neighbor discovery
Basic and extended discovery
Presentation_ID
24
MPLS Unicast IP Routing Architecture

LSR
Exchange of routing information
Control plane
Routing protocol IP routing table
Exchange of labels
Label distribution protocol
Incoming IP packets
Incoming labeled packets
Data plane
IP forwarding table Label forwarding table
Outgoing IP packets
Outgoing labeled packets
Presentation_ID
25
MPLS Unicast IP Routing: Example

LSR Control plane
OSPF: 10.0.0.0/8 1.2.3.4 10.0.0.0/8 1.2.3.4 OSPF: 10.0.0.0/8
RT:
LIB:
Data plane
10.1.1.1 L=5 10.1.1.1 FIB: LFIB: 10.0.0.0/8 1.2.3.4 10.1.1.1
Presentation_ID
26
MPLS Unicast IP Routing: Example

LSR Control plane
OSPF: 10.0.0.0/8 1.2.3.4 OSPF: 10.0.0.0/8
RT:
10.0.0.0/8 1.2.3.4
LDP: 10.0.0.0/8, L=5
LIB:
10.0.0.0/8 Next-hop L=3, Local L=5
LDP: 10.0.0.0/8, L=3
Data plane
10.1.1.1 L=5 10.1.1.1 FIB: LFIB: 10.0.0.0/8 1.2.3.4 , L=3 L=5 L=3 L=3 10.1.1.1 L=3 10.1.1.1
Presentation_ID
27
Label Allocation in Packet-Mode MPLS Environment

Label allocation and distribution in packet-mode MPLS environment follows these steps:
1. IP routing protocols build the IP routing table. 2. Each LSR assigns a label to every destination in the IP routing table independently. 3. LSRs announce their assigned labels to all other LSRs.
4. Every LSR builds its LIB, LFIB data structures based on received labels.
Presentation_ID
28
Building the IP Routing Table

Routing table of A Network Next-hop X B Routing table of B Network Next-hop X C Routing table of C Network Next-hop X D
FIB on A Network Next hop Label X B
Routing table of E Network Next-hop X C
Netw ork X
IP routing protocols are used to build IP routing tables on all LSRs. Forwarding tables (FIB) are built based on IP routing tables with no labeling information.
Presentation_ID
29
Allocating Labels
Routing table of B Network Next-hop X C
Router B assigns label 25 to destination X.
Netw ork X E
Every LSR allocates a label for every destination in the IP routing table. Labels have local significance. Label allocations are asynchronous.
Presentation_ID
30
LIB and LFIB Set-up

Router B assigns label 25 to destination X.
Label 25
LFIB on B Action Next hop E pop C
Outgoing action is POP as B has received no labelork X for X Netw from C.

Local label is stored in LIB.
LIB on B Network LSR label X local 25
LIB and LFIB structures have to be initialized on the LSR allocating the label.
Presentation_ID
31
Label Distribution
LIB on B Network LSR label X local 25
X = 25
A B
X = 25
C D
Netw ork X E
The allocated label is advertised to all neighbor LSRs, regardless of whether the neighbors are upstream or downstream LSRs for the destination.
Presentation_ID
32
Receiving Label Advertisement

LIB on A Network LSR label X B 25 LIB on C Network LSR label X B 25
X = 25
A B
X = 25
C D
FIB on A Network Next hop Label X B 25
Netw ork X E
LIB on E Network LSR label X B 25
Every LSR stores the received label in its LIB. Edge LSRs that receive the label from their next-hop also store the label information in the FIB.
Presentation_ID
33
Interim Packet Propagation

Label lookup is performed in LFIB, label is removed.
Label 25
LFIB on B Action Next hop pop C

B
IP: X
Lab: 25
IP: X
IP lookup is performed in FIB, packet is labeled.
Forwarded IP packets are labeled only on the path segments where the labels have already been assigned.
Presentation_ID
34
Further Label Allocation

LIB on C Network LSR label X B 25 local 47
X = 47
A B C D
Router C assigns label Netw 47 to destination ork X X.

Label 47 LFIB on C Action Next hop pop D
Every LSR will eventually assign a label for every destination.

Presentation_ID
35
Receiving Label Advertisement

FIB on B Network Next hop X C Label 47
LIB on B Network LSR label X local 25 C 47
X = 47
A B C D
Netw ork X E
FIB on E Network Next hop X C
Label 47
LIB on E Network LSR label X B 25 C 47
Every LSR stores received information in its LIB. LSRs that receive their label from their next-hop LSR will also populate the IP forwarding table (FIB).
Presentation_ID
36
Populating LFIB
FIB on B Network Next hop X C Label 47
LIB on B Network LSR label X local 25 C 47
X = 47
A B C D
Label 25
LFIB on B Action Next hop 47 C
Netw ork X E
Router B has already assigned label to X and created an entry in LFIB. Outgoing label is inserted in LFIB after the label is received from the next-hop LSR.
Presentation_ID
37
Packet Propagation Across MPLS Network

Label lookup is performed in LFIB, label is switched. Egress LSR IP: X
Ingress LSR IP: X
Label 25
LFIB on B Action Next hop 47 C

B
Lab: 25
Lab: 47
Label 47 E
LFIB on C Action Next hop pop D
IP lookup is performed in FIB, packet is labeled. Label lookup is performed in LFIB, label is removed.
Presentation_ID
38
Convergence in Packet-mode MPLS Steady State Description
FIB on B Network Next hop X C
Label 47
LIB on B Network LSR label X local 25 C 47 E 75

Label 25 LFIB on B Action Next hop 47 C
Netw ork X E
After the LSRs have exchanged the labels, LIB, LFIB and FIB data structures are completely populated.
Presentation_ID
39
Link Failure Actions

FIB on B Network Next hop X C
Label 47

Netw ork X
Routing protocol neighbors and LDP neighbors are lost after a link failure. Entries are removed from various data structures.
40
Presentation_ID
Routing Protocol Convergence

Routing table of B Network Next-hop X E
FIB on B Network Next hop X E
Label

Netw ork X
Routing protocols rebuild the IP routing table and the IP forwarding table.
Presentation_ID
41
MPLS Convergence
Label 75

Label 25 LFIB on B Action Next hop 75 E
Netw ork X
LFIB and labeling information in FIB are rebuilt immediately after the routing protocol convergence, based on labels stored in LIB.
Presentation_ID
42
MPLS Convergence After a Link Failure
MPLS convergence in packet-mode MPLS does not impact the overall convergence time. MPLS convergence occurs immediately after the routing protocol convergence, based on labels already stored in LIB.
Presentation_ID
43
Link Recovery Actions

Label 75

Label 25 LFIB on B Action Next hop 75 E
Netw ork X E
Routing protocol neighbors are discovered after link recovery.
Presentation_ID
44
IP Routing Convergence After Link Recovery

Routing table of B Network Next-hop C X E
FIB on B Network Next hop X E C
Label 75

Label 25 LFIB on B Action Next hop 75 E pop C
Netw ork X E
IP routing protocols rebuild the IP routing table. FIB and LFIB are also rebuilt, but the label information might be lacking.
45
Presentation_ID
MPLS Convergence After a Link Recovery

Routing protocol convergence optimizes the forwarding path after a link recovery. LIB might not contain the label from the new next-hop by the time the IP convergence is complete. End-to-end MPLS connectivity might be intermittently broken after link recovery.
Use MPLS Traffic Engineering for make-before-break recovery.
Presentation_ID
46
LDP Session Establishment

LDP and TDP use a similar process to establish a session:
Hello messages are periodically sent on all interfaces enabled for MPLS. If there is another router on that interface it will respond by trying to establish a session with the source of the hello messages.
UDP is used for hello messages. It is targeted at all routers on this subnet multicast address (224.0.0.2). TCP is used to establish the session. Both TCP and UDP use well-known LDP port number 646 (711 for TDP).
Presentation_ID
47
LDP Neighbor Discovery

UDP: Hello UDP: Hello UDP: Hello (1.0.0.2:1064 224.0.0.2:646) (1.0.0.2:1065 224.0.0.2:646) (1.0.0.2:1066 224.0.0.2:646) MPLS_B
1.0.0.2
MPLS_A
UDP: Hello UDP: Hello UDP: Hello (1.0.0.1:1050 224.0.0.2:646) (1.0.0.1:1051 224.0.0.2:646) (1.0.0.1:1052 224.0.0.2:646)
NO_MPLS_C
1.0.0.1
1.0.0.3
UDP: Hello UDP: Hello UDP: Hello (1.0.0.4:1033 224.0.0.2:646) (1.0.0.4:1034 224.0.0.2:646) (1.0.0.4:1035 224.0.0.2:646)
MPLS_D
LDP Session is established from the router with higher IP address.

Presentation_ID
1.0.0.4
48
LDP Session Negotiation

MPLS_A MPLS_B
1.0.0.1
Establish TCP session

Initialization message Initialization message Keepalive Keepalive
1.0.0.2
Peers first exchange initialization messages. The session is ready to exchange label mappings after receiving the first keepalive.
Presentation_ID
49
Double Lookup Scenario

MPLS Domain
10.0.0.0/8 L=17 17 FIB 10/8 NH, 17 LFIB 35 17 10.1.1.1 FIB 10/8 NH, 18 LFIB 17 18 18 10.0.0.0/8 L=18 10.1.1.1 FIB 10/8 NH, 19 LFIB 18 19 19 10.0.0.0/8 L=19 10.1.1.1 FIB 10/8 NH LFIB 19 untagged 10.0.0.0/8
10.1.1.1
Double lookup is not an optimal way of forwarding labeled packets.
Double lookup is needed: 1. LFIB: remove the label. 2. FIB: forward the IP packet based on IP nexthop address.
A label can be removed one hop earlier.

Presentation_ID
50
Penultimate Hop Popping

MPLS Domain
10.0.0.0/8 L=17 17 FIB 10/8 NH, 17 LFIB 35 17 10.1.1.1 FIB 10/8 NH, 18 LFIB 17 18 18 10.0.0.0/8 L=18 10.1.1.1 FIB 10/8 NH, 19 LFIB 18 pop Pop or implicit null label is adveritsed. 10.0.0.0/8 L=pop 10.1.1.1 FIB 10/8 NH LFIB 10.0.0.0/8
10.1.1.1
One single lookup.
A label is removed on the router before the last hop within an MPLS domain.
Presentation_ID
51
Penultimate Hop Popping
Penultimate hop popping optimizes MPLS performace (one less LFIB lookup). PHP does not work on ATM (VPI/VCI cannot be removed).
Pop or implicit null label uses value 3 when being advertised to a neighbor.
Presentation_ID
52
LDP Messages
Discovery messages
Used to discover and maintain the presence of new peers Hello packets (UDP) sent to all-routers multicast address Once neighbor is discovered, the LDP session is established over TCP
Presentation_ID
53
LDP Messages
Session messages
Establish, maintain and terminate LDP sessions
Advertisement messages
Create, modify, delete label mappings
Notification messages
Error signalling
Presentation_ID
54
Agenda
LDP
MPLS VPN
Monitoring MPLS
Presentation_ID
55
What Is a VPN?
VPN is a set of sites which are allowed to communicate with each other. VPN is defined by a set of administrative policies
Policies determine both connectivity and QoS among sites. Policies established by VPN customers. Policies could be implemented completely by VPN service providers.
Using BGP/MPLS VPN mechanisms
Presentation_ID
56
What Is a VPN? (Cont.)

Flexible inter-site connectivity
Ranging from complete to partial mesh
Sites may be either within the same or in different organizations

VPN can be either intranet or extranet
Site may be in more than one VPN

VPNs may overlap
Not all sites have to be connected to the same service provider

VPN can span multiple providers
Presentation_ID
57
IP VPN Taxonomy
IP VPNs DIAL
ClientInitiated NASInitiated
Security Appliance
DEDICATED
IP Tunnel
Router FR
Virtual Circuit
ATM
NetworkBased VPNs
RFC 2547 Virtual Router
Presentation_ID
58
MPLS-VPN Terminology
Provider Network (P-Network)
The backbone under control of a Service Provider
Customer Network (C-Network)

Network under customer control
CE router
Customer Edge router. Part of the C-network and interfaces to a PE router
Presentation_ID
59
Site
Set of (sub)networks part of the C-network and colocated A site is connected to the VPN backbone through one or more PE/CE links
PE router
Provider Edge router. Part of the P-Network and interfaces to CE routers
P router
Provider (core) router, without knowledge of VPN
Presentation_ID
60
Route-Target
64 bits identifying routers that should receive the route
Route Distinguisher
Attributes of each route used to uniquely identify prefixes among VPNs (64 bits) VRF based (not VPN based)
VPN-IPv4 addresses
Address including the 64 bits Route Distinguisher and the 32 bits IP address
Presentation_ID
61
VRF
VPN Routing and Forwarding Instance Routing table and FIB table
Populated by routing protocol contexts
VPN-Aware network
A provider backbone where MPLS-VPN is deployed
Presentation_ID
62
MPLS VPN Connection Model

A VPN is a collection of sites sharing a common routing information (routing table) A site can be part of different VPNs A VPN has to be seen as a community of interest (or Closed User Group) Multiple Routing/Forwarding instances (VRF) on PE routers
Presentation_ID
63

Site-4 Site-1
VPN-C
VPN-A
Site-2 Site-3
VPN-B
A site belonging to different VPNs may or MAY NOT be used as a transit point between VPNs
If two or more VPNs have a common site, address space must be unique among these VPNs
Presentation_ID
64

The VPN backbone is composed by MPLS LSRs PE routers (edge LSRs) P routers (core LSRs) PE routers are faced to CE routers and distribute VPN information through MP-BGP to other PE routers
VPN-IPv4 addresses, Extended Community, Label

P routers do not run BGP and do not have any VPN knowledge
Presentation_ID
65

VPN_A
10.2.0.0
CE
VPN_B
iBGP sessions
CE P P PE CE
VPN_A
11.5.0.0
VPN_A
10.2.0.0 CE
VPN_A
PE
10.1.0.0
11.6.0.0
VPN_B
CE PE
P
PE CE
VPN_B
10.3.0.0
10.1.0.0 CE
P routers (LSRs) are in the core of the MPLS cloud PE routers use MPLS with the core and plain IP with CE routers P and PE routers share a common IGP PE router are MP-iBGP fully meshed
Presentation_ID
66

C E Site-1
EBGP,OSPF, RIPv2,Static
PE
CE
Site-2
PE and CE routers exchange routing information through: EBGP, OSPF , RIPv2, Static routing
CE router run standard routing software
Presentation_ID
67

C E
CE
Site-1
PE
VPN Backbone IGP (OSPF, ISIS)
Site-2
PE routers maintain separate routing tables

The global routing table With all PE and P routes Populated by the VPN backbone IGP (ISIS or OSPF) VRF (VPN Routing and Forwarding)
Routing and Forwarding table associated with one or more directly connected sites (CEs)
VRF are associated to (sub/virtual/tunnel)interfaces Interfaces may share the same VRF if the connected sites may share the same routing information
Presentation_ID
68

C E Site-1
PE
VPN Backbone IGP
CE
Site-2
The routes the PE receives from CE routers are installed in the appropriate VRF The routes the PE receives through the backbone IGP are installed in the global routing table By using separate VRFs, addresses need NOT to be unique among VPNs
Presentation_ID
69

The Global Routing Table is populated by IGP protocols. In PE routers it may contain the BGP Internet routes (standard BGP-4 routes)
BGP-4 (IPv4) routes go into global routing table

MP-BGP (VPN-IPv4) routes go into VRFs
Presentation_ID
70

P PE
VPN Backbone IGP
P PE
iBGP session
PE and P routers share a common IGP (ISIS or OSPF) PEs establish MP-iBGP sessions between them
PEs use MP-BGP to exchange routing information related to the connected sites and VPNs
VPN-IPv4 addresses, Extended Community, Label
Presentation_ID
71

P PE-1
VPN Backbone IGP
BGP,RIPv2 update for Net1,NextHop=CE-1
P PE-2
VPN-IPv4 update is translated into IPv4 address (Net1) put into VRF green since RT=Green and advertised to CE-2
CE-2
Site-2
Site-1
CE-1
VPN-IPv4 update: RD:Net1, Next-hop=PE1 SOO=Site1, RT=Green, Label=(intCE1)
PE routers receive IPv4 updates (EBGP, RIPv2, Static) PE routers translate into VPN-IPv4 Assign a SOO and RT based on configuration Re-write Next-Hop attribute Assign a label based on VRF and/or interface Send MP-iBGP update to all PE neighbors
Presentation_ID
72

P PE-1
BGP,OSPF, RIPv2 update for Net1 Next-Hop=CE-1
P PE-2
VPN-IPv4 update is translated into IPv4 address (Net1) put into VRF green since RT=Green and advertised to CE-2
VPN Backbone IGP
CE-2
Site-2
Site-1
CE-1
VPN-IPv4 update: RD:Net1, Next-hop=PE1 SOO=Site1, RT=Green, Label=(intCE1)
Receiving PEs translate to IPv4 Insert the route into the VRF identified by the RT attribute (based on PE configuration) The label associated to the VPN-IPv4 address will be set on packet forwarded towards the destination
Presentation_ID
73

Route distribution to sites is driven by the Site of Origin (SOO) and Route-target attributes
BGP Extended Community attribute

A route is installed in the site VRF corresponding to the Route-target attribute
Driven by PE configuration
A PE which connects sites belonging to multiple VPNs will install the route into the site VRF if the Route-target attribute contains one or more VPNs to which the site is associated
Presentation_ID
74
MPLS VPN Connection Model MP-BGP Update

VPN-IPV4 address
Route Distinguisher
64 bits Makes the IPv4 route globally unique RD is configured in the PE for each VRF RD may or may not be related to a site or a VPN IPv4 address (32bits) Extended Community attribute (64 bits) Site of Origin (SOO): identifies the originating site Route-target (RT): identifies the set of sites the route has to be advertised to
Presentation_ID
75

Any other standard BGP attribute
Local Preference MED Next-hop AS_PATH Standard Community ...

A Label identifying: The outgoing interface
The VRF where a lookup has to be done

The BGP label will be the second label in the label stack of packets travelling in the core
Presentation_ID
76
MPLS VPN Connection Model MP-BGP Update - Extended community
BGP extended community attribute

Structured, to support multiple applications
64 bits for increased range
General form
<16bits type>:<ASN>:<32 bit number> Registered AS number <16bits type>:<IP address>:<16 bit number> Registered IP address
Presentation_ID
77
MPLS VPN Connection Model MP-BGP Update - Extended community
The Extended Community is used to:

Identify one or more routers where the route has been originated (site)
Site of Origin (SOO)
Selects sites which should receive the route

Route-Target
Presentation_ID
78

The Label can be assigned only by the router which address is the Next-Hop attribute
PE routers re-write the Next-Hop with their own address (loopback interface address)
Next-Hop-Self BGP command towards iBGP neighbors Loopback addresses are advertised into the backbone IGP PE addresses used as BGP Next-Hop must be uniquely known in the backbone IGP No summarisation of loopback addresses in the core
Presentation_ID
79
MPLS Forwarding Packet forwarding PE and P routers have BGP next-hop reachability through the backbone IGP
Labels are distributed through LDP (hop-by-hop) corresponding to BGP Next-Hops

Label Stack is used for packet forwarding
Top label indicates BGP Next-Hop (interior label)

Second level label indicates outgoing interface or VRF (exterior label)
Presentation_ID
80
MPLS Forwarding Penultimate Hop Popping

CE1
P routers switch the packets based on the IGP label (label on top of the stack) Penultimate Hop Popping P2 is the penultimate hop for the BGP nexthop P2 remove the top label This has been requested through LDP by PE2 PE2 receives the packets with the label corresponding to the outgoing interface (VRF) One single lookup Label is popped and packet sent to IP neighbor
IP packet
PE1
CE2
IGP Label(PE2) VPN Label IP
IP packet
VPN Label
packet
PE1 receives IP packet Lookup is done on site VRF BGP route with Next-Hop and Label is found BGP next-hop (PE2) is reachable through IGP route with associated label
P1
IGP Label(PE2) VPN Label IP
P2
IP packet
PE2
packet
CE3
Presentation_ID
81
Packet Forwarding Example 1

VPN_A VPN_A
10.2.0.0 CE
VPN_B
CE PE2 P P PE1 P P PE
T8T2Data
11.5.0.0
VPN_A
10.2.0.0 CE
VPN_A
CE
Data
10.1.0.0
11.6.0.0
VPN_B
CE
CE
VPN_B
10.3.0.0
10.1.0.0 CE
<RD_B,10.1> iBGP NH= PE2 T2 <RD_B,10.2> ,,iBGPnext hop PE1,T1 T7 T8
<RD_B,10.2> , iBGP next hop PE2T2 <RD_B,10.3> , iBGP next hop PE3T3 <RD_A,11.6> , iBGP next hop PE1T4 <RD_A,10.1> , iBGP next hop PE4T5 <RD_A,10.4> , iBGP next hop PE4T6 T7 <RD_A,10.2> , iBGP next hop PE2
Ingress PE receives normal IP Packets from CE router
PE router does IP Longest Match from VPN_B FIB , find iBGP next hop PE2 and impose a stack of labels: exterior Label T2 + Interior Label T8
Presentation_ID
T8 T9 T7 TB TB T8
82
Packet Forwarding Example 1 (cont.)

VPN_A
10.2.0.0 CE Data
VPN_B T2 Data
TB T2 Data
VPN_A
CE
P P P
TAT2 Data
11.5.0.0
VPN_A
10.2.0.0 CE
VPN_A
PE2
PE
T8 Data T2
CE
10.1.0.0
11.6.0.0
VPN_B
CE PE1
CE
VPN_B
10.3.0.0
10.1.0.0 CE
in / out
T8, TA T8 Tw
T7 Tu T9 Tx Ta Ty Tb Tz
All Subsequent P routers do switch the packet Solely on Interior Label Egress PE router, removes Interior Label Egress PE uses Exterior Label to select which VPN/CE to forward the packet to.
Presentation_ID
Exterior Label is removed and packet routed to CE router

83
Packet Forwarding Example 2
A 12
130.130.10.1
B 12
130.130.11.3
In VPN 12, host 130.130.10.1 sends a packet with destination 130.130.11.3 Customer sites are attached to Provider Edge (PE) routers A & B.
Presentation_ID
84
1. Packet arrives on VPN 12 link on PE router A.

A 12
2. PE router A selects the correct VPN forwarding table based on the links VPN ID (12).
VPN-ID 12 12
VPN Site Address 130.130.10.0/24 130.130.11.0/24
VPN Site Label 26 989
Provider Edge Router Address 172.68.1.11/32 172.68.1.2/32
PE Label 42 101
...
Presentation_ID
...
...
...
...
85

VPN-ID A 12 12 12 VPN Site Address 130.130.10.0/24 130.130.11.0/24 ... VPN Site Label 26 989 ... Provider Edge Router Address 172.68.1.11/32 172.68.1.2/32 ... PE Label 42 101 ...
3. PE router A matches the incoming packets destination address with VPN 12s forwarding table. 4. PE router A adds two labels to the packet: one identifying the destination PE, and one identifying the destination VPN site.
Presentation_ID
...
101
989
130.130.11.3
Rest of IP packet
86
5. Packet is label-switched from PE router A to PE B based on the top label, using normal MPLS. The network core knows nothing about VPNs and sites: it only knows how to get packets from A to B using MPLS.
Presentation_ID
87
12
130.130.11.3 6. PE router B identifies the correct site in VPN 12 from the inner label. 7. PE router B removes the labels and forwards the IP packet to the correct VPN 12 site.
Presentation_ID
88
MPLS VPN mechanisms
VRF and Multiple Routing Instances
VRF: VPN Routing and Forwarding Instance

VRF Routing Protocol Context VRF Routing Tables
VRF CEF Forwarding Tables
Presentation_ID
89
MPLS VPN mechanisms
VRF Routing table contains routes which should be available to a particular set of sites Analogous to standard IOS routing table, supports the same set of mechanisms Interfaces (sites) are assigned to VRFs
One VRF per interface (sub-interface, tunnel or virtualtemplate)
Possible many interfaces per VRF
Presentation_ID
90
MPLS VPN mechanisms
Routing processe s
BGP
RIP
Static
Routing processes run within specific routing contexts
Routing contexts
VRF Routing tables
Populate specific VPN routing table and FIBs (VRF)

Interfaces are assigned to VRFs
VRF Forwarding tables
Presentation_ID
91
MPLS VPN mechanisms

Site-4
Logical view
Site-1
VPN-C
VPN-A
Site-2 Site-3
Multihop MP-iBGP
P P PE
VRF for site-2 Site-1 routes Site-2 routes Site-3 routes
VPN-B
PE
VRF for site-1 Site-1 routes Site-2 routes
Routing view
VRF for site-3 Site-2 routes Site-3 routes Site-4 routes
VRF for site-4 Site-3 routes Site-4 routes
Site-1
Site-2
Site-3
Site-4
Presentation_ID
92
MPLS VPN Topologies

VPN_A
iBGP sessions
CE CE P P PE P P PE PE CE
VPN_A
10.2.0.0
VPN_B
11.5.0.0
VPN_A
10.2.0.0 CE
VPN_A
PE
10.1.0.0
11.6.0.0
VPN_B
CE
CE
VPN_B
10.3.0.0
10.1.0.0 CE
VPN-IPv4 address are propagated together with the associated label in BGP Multiprotocol extension Extended Community attribute (route-target) is associated to each VPN-IPv4 address, to populate the site VRF
Presentation_ID
93
MPLS VPN Topologies
VPN sites with optimal intra-VPN routing
Each site has full routing knowledge of all other sites (of same VPN) Each CE announces his own address space MP-BGP VPN-IPv4 updates are propagated between PEs Routing is optimal in the backbone Each route has the BGP Next-Hop closest to the destination No site is used as central point for connectivity
Presentation_ID
94
MPLS VPN Topologies

Site-3
N3 EBGP/RIP/Static N3 NH=CE3
VPN sites with optimal intra-VPN routing

Routing Table on CE3 N1, PE3 N2, PE3 N3, Local
IntCE3
PE3
VRF for site-3 N1,NH=PE 1 N2,NH=PE 2 N3,NH=CE 3
VRF for site-1 N1,NH=CE 1 N2,NH=PE 2 N3,NH=PE 3

Routing Table on CE1 N1, Local N2, PE1 N3, PE1
PE1
VPN-IPv4 updates exchanged between PEs RD:N1, NH=PE1,Label=IntCE1, RT=Blue RD:N2, NH=PE2,Label=IntCE2, RT=Blue RD:N3, NH=PE3,Label=IntCE3, RT=Blue
EBGP/RIP/Static N2,NH=CE2
IntCE 1
PE2
EBGP/RIP/Static
IntCE2 VRF for site-2 N1,NH=PE 1 N2,NH=CE 2 N3,NH=PE 3
Site-2
N2 Routing Table on CE2 N1,NH=PE2 N2,Local N3,NH=PE2
N1 NH=CE1
Site-1
N1
Presentation_ID
95
MPLS VPN Topologies
VPN sites with Hub & Spoke routing
One central site has full routing knowledge of all other sites (of same VPN) Hub-Site Other sites will send traffic to Hub-Site for any destination Spoke-Sites Hub-Site is the central transit point between Spoke-Sites Use of central services at Hub-Site
Presentation_ID
96
MPLS VPN Topologies

VPN-IPv4 update advertised by PE1 RD:N1, NH=PE1,Label=IntCE1, RT=Hub Site-1
N1 IntCE1 VRF (Import RT=Spoke) (Export RT=Hub) N1,NH=CE1 (exported) N2,NH=PE3 (imported) N3,NH=PE3 (imported IntCE2 VRF (Import RT=Spoke) (Export RT=Hub) N1,NH=PE3 (imported) N2,NH=CE2 (exported) N3,NH=PE3 (imported)
BGP/RIPv2
CE1
PE1
Site-2
N2
PE3 PE2
CE2
VPN-IPv4 update advertised by PE2 RD:N2, NH=PE2,Label=IntCE2, RT=Hub
IntCE3-Hub VRF (Import RT=Hub) Site-3 CE3-Hub N1,NH=PE1 N2,NH=PE2 IntCE3-Spoke VRF N3 (Export CE3-Spoke RT=Spoke) N1,NH=CE3Spoke BGP/RIPv2 N2,NH=CE3Spoke N3,NH=CE3VPN-IPv4 updates advertised by PE3 Spoke
RD:N1, NH=PE3,Label=IntCE3-Spoke, RT=Spoke RD:N2, NH=PE3,Label=IntCE3-Spoke, RT=Spoke RD:N3, NH=PE3,Label=IntCE3-Spoke, RT=Spoke
Routes are imported/exported into VRFs based on RT value of the VPN-IPv4 updates
PE3 uses 2 (sub)interfaces with two different VRFs

Presentation_ID
97
MPLS VPN Topologies

IntCE1 VRF (Import RT=Spoke) (Export RT=Hub) N1,NH=CE1 (exported) N2,NH=PE3 (imported) N3,NH=PE3 (imported
Site-1
N1
CE1
PE1
IntCE3-Hub VRF (Import RT=Hub) N1,NH=PE1 N2,NH=PE2
BGP/RIPv2 CE3-Hub Site-3
Site-2
N2
PE3
CE2
N3 IntCE3-Spoke VRF (Export RT=Spoke) N1,NH=CE3Spoke N2,NH=CE3Spoke N3,NH=CE3Spoke
CE3-Spoke BGP/RIPv2
PE2
IntCE2 VRF (Import RT=Spoke) (Export RT=Hub) N1,NH=PE3 (imported) N2,NH=CE2 (exported) N3,NH=PE3 (imported)
Traffic from one spoke to another will travel across the hub site Hub site may host central services Security, NAT, centralised Internet access
Presentation_ID
98
MPLS VPN Internet Routing

In a VPN, sites may need to have Internet connectivity
Connectivity to the Internet means:
Being able to reach Internet destinations Being able to be reachable from any Internet source
The Internet routing table is treated separately In the VPN backbone the Internet routes are in the Global routing table of PE routers Labels are not assigned to external (BGP) routes
Presentation_ID
99
MPLS VPN Internet routing VRF specific default route
A default route is installed into the site VRF and pointing to a Internet Gateway
The default route is NOT part of any VPN

A single label is used for packets forwarded according to the default route
The label is the IGP label corresponding to the IP address of the Internet gateway
Known in the IGP
Presentation_ID
100

PE router originates CE routes for the Internet Customer (site) routes are known in the site VRF Not in the global table The PE/CE interface is NOT known in the global table. However: A static route for customer routes and pointing to the PE/CE interface is installed in the global table This static route is redistributed into BGP-4 global table and advertised to the Internet Gateway The Internet gateway knows customer routes and with the PE address as next-hop
Presentation_ID
101
The Internet Gateway specified in the default route (into the VRF) need NOT to be directly connected
Different Internet gateways can be used for different VRFs

Using default route for Internet routing does NOT allow any other default route for intra-VPN routing
As in any other routing scheme
Presentation_ID
102

192.168.1.1 BGP-4
Internet PE-IG
MP-BGP 192.168.1.2
PE
Serial0
PE
Site-1 Network 171.68.0.0/16 Site-2
ip vrf VPN-A rd 100:1 route-target both 100:1 ! Interface Serial0 ip address 192.168.10.1 255.255.255.0 ip vrf forwarding VPN-A ! Router bgp 100 no bgp default ipv4-unicast network 171.68.0.0 mask 255.255.0.0 neighbor 192.168.1.1 remote 100 neighbor 192.168.1.1 activate neighbor 192.168.1.1 next-hop-self neighbor 192.168.1.1 update-source loopback0 ! address-family ipv4 vrf VPN-A neighbor 192.168.10.2 remote-as 65502 neighbor 192.168.10.2 activate exit-address-family ! address-family vpnv4 neighbor 192.168.1.2 activate exit-address-family ! ip route 171.68.0.0 255.255.0.0 Serial0 ip route vrf VPN-A 0.0.0.0 0.0.0.0 192.168.1.1 glob
Presentation_ID
103

IP packet D=cisco.co m
192.168.1.1
Internet
PE-IG
Label = 3 IP packet D=cisco.co m
192.168.1.2
PE
Serial0
Global Table and LFIB 192.168.1.1/32 Label=3 192.168.1.2/32 Label=5 ... Site-2 VRF 0.0.0.0/0 192.168.1.1 (global) Site-1 routes Site-2 routes
PE
Site-1 Network 171.68.0.0/16 Site-2
Presentation_ID
104
PE routers need not to hold the Internet table PE routers will use BGP-4 sessions to originate customer routes Packet forwarding is done with a single label identifying the Internet Gateway IP address
More labels if Traffic Engineering is used
Presentation_ID
105
MPLS VPN Internet Routing Separated (sub)interfaces

If CE wishes to receive and announce routes from/to the Internet
A dedicated BGP session is used over a separate (sub) interface The PE imports CE routes into the global routing table and advertise them to the Internet The interface is not part of any VPN and does not use any VRF Default route or Internet routes are exported to the CE PE needs to have Internet routing table
Presentation_ID
106
The PE uses separate (sub)interfaces with the CE

One (sub)interface for VPN routing
associated to a VRF Can be a tunnel interface
One (sub)interface for Internet routing

Associated to the global routing table
Presentation_ID
107

192.168.1.1 BGP-4
Internet PE-IG
MP-BGP 192.168.1.2
PE
PE
Serial0.1
Serial0.2
BGP-4 Site-1 Network 171.68.0.0/16 Site-2
ip vrf VPN-A rd 100:1 route-target both 100:1 ! Interface Serial0 no ip address ! Interface Serial0.1 ip address 192.168.10.1 255.255.255.0 ip vrf forwarding VPN-A ! Interface Serial0.2 ip address 171.68.10.1 255.255.255.0 ! Router bgp 100 no bgp default ipv4-unicast neighbor 192.168.1.1 remote 100 neighbor 192.168.1.1 activate neighbor 192.168.1.1 next-hop-self neighbor 192.168.1.1 update-source loopback0 neighbor 171.68.10.2 remote 502 ! address-family ipv4 vrf VPN-A neighbor 192.168.10.2 remote-as 502 neighbor 192.168.10.2 activate exit-address-family ! address-family vpnv4 neighbor 192.168.1.2 activate exit-address-family
108
Presentation_ID

192.168.1.1
Internet
PE-IG
Label = 3 IP packet D=cisco.co m
192.168.1.2
PE
Serial0.1
PE Global Table Internet routes ---> 192.168.1.1 192.168.1.1, Label=3
PE
Serial0.2
Serial0.1 Site-1
CE routing table Site-2 routes ----> Serial0.1 Network 171.68.0.0/16 Internet routes ---> Serial0.2 Site-2
Serial0.2
Presentation_ID
109
Scaling
Existing BGP techniques can be used to scale the route distribution: route reflectors
Each edge router needs only the information for the VPNs it supports
Directly connected VPNs
RRs are used to distribute VPN routing information
Presentation_ID
110
MPLS-VPN Scaling BGP

VPN_A
Route Reflectors
RR CE P PE2 P CE PE1 P PE RR P PE
10.2.0.0
VPN_B VPN_A
CE 11.5.0.0 CE 10.1.0.0
VPN_A
VPN_A
10.2.0.0 CE
11.6.0.0
VPN_B
CE VPN_B 10.3.0.0
10.1.0.0 CE
Route Reflectors may be partitioned Each RR store routes for a set of VPNs Thus, no BGP router needs to store ALL VPNs information PEs will peer to RRs according to the VPNs they directly connect
Presentation_ID
111
MPLS-VPN Scaling BGP updates filtering

iBGP full mesh between PEs results in flooding all VPNs routes to all PEs Scaling problems when large amount of routes. In addition PEs need only routes for attached VRFs Therefore each PE will discard any VPN-IPv4 route that hasnt a route-target configured to be imported in any of the attached VRFs This reduces significantly the amount of information each PE has to store Volume of BGP table is equivalent of volume of attached VRFs (nothing more)
Presentation_ID
112
MPLS-VPN Scaling BGP updates filtering

Import RT=yellow
VRFs for VPNs yellow green Import RT=green
VPN-IPv4 update: RD:Net1, Next-hop=PEX SOO=Site1, RT=Green, Label=XYZ
PE
MP-iBGP sessions
VPN-IPv4 update: RD:Net1, Next-hop=PEX SOO=Site1, RT=Red, Label=XYZ
Each VRF has an import and export policy configured Policies use route-target attribute (extended community) PE receives MP-iBGP updates for VPN-IPv4 routes If route-target is equal to any of the import values configured in the PE, the update is accepted Otherwise it is silently discarded
Presentation_ID
113
MPLS-VPN Scaling Route Refresh

Import RT=yellow
PE
2. PE issue a RouteRefresh to all neighbors in order to ask for retransmission
VPN-IPv4 update: RD:Net1, Next-hop=PEX SOO=Site1, RT=Green, Label=XYZ

VPN-IPv4 update: RD:Net1, Next-hop=PEX SOO=Site1, RT=Red, Label=XYZ 3. Neighbors re-send updates and red route-target is now accepted
Import RT=green Import RT=red

1. PE doesnt have red routes (previously filtered out)
Policy may change in the PE if VRF modifications are done New VRFs, removal of VRFs However, the PE may not have stored routing information which become useful after a change
PE request a re-transmission of updates to neighbors

Route-Refresh
Presentation_ID
114
MPLS-VPN Scaling Outbound Route Filters - ORF

Import RT=yellow
2. PE issue a ORF message to all neighbors in order not to receive red routes VPN-IPv4 update: RD:Net1, Next-hop=PEX SOO=Site1, RT=Green, Label=XYZ VPN-IPv4 update: RD:Net1, Next-hop=PEX SOO=Site1, RT=Red, Label=XYZ 3. Neighbors dynamically configure the outbound filter and send updates accordingly
PE
Import RT=green
1. PE doesnt need red routes
PE router will discard update with unused route-target Optimization requires these updates NOT to be sent Outbound Route Filter (ORF) allows a router to tell its neighbors which filter to use prior to propagate BGP updates
Presentation_ID
115
MPLS VPN - Configuration

VPN knowledge is on PE routers
PE router have to be configured for VRF and Route Distinguisher VRF import/export policies (based on Route-target) Routing protocol used with CEs MP-BGP between PE routers BGP for Internet routers
With other PE routers

With CE routers
Presentation_ID
116

VRF and Route Distinguisher
RD is configured on PE routers (for each VRF) VRFs are associated to RDs in each PE Common (good) practice is to use the same RD for the same VPN in all PEs But not mandatory VRF configuration command
ip vrf <vrf-symbolic-name> rd <route-distinguisher-value> route-target import <community> route-target export <community>
Presentation_ID
117
CLI - VRF configuration

ip vrf site1 rd 100:1 route-target export 100:1 route-target import 100:1 ip vrf site2 rd 100:2 route-target export 100:2 route-target import 100:2 route-target import 100:1 route-target export 100:1
Site-4 Site-1
VPN-C
Site-3
VPN-A
Site-2
VPN-B
Multihop MP-iBGP P PE1 P PE2
ip vrf site3 rd 100:3 route-target export 100:2 route-target import 100:2 route-target import 100:3 route-target export 100:3 ip vrf site-4 rd 100:4 route-target export 100:3 route-target import 100:3
VRF for site-1 (100:1) Site-1 routes Site-2 routes
VRF for site-2 (100:2) Site-1 routes Site-2 routes Site-3 routes
Site-1
Presentation_ID
Site-2
Site-3
Site-4
118

PE/CE routing protocols
PE/CE may use BGP, RIPv2 or Static routes
A routing context is used for each VRF

Routing contexts are defined within the routing protocol instance
Address-family router sub-command

Router rip version 2 address-family ipv4 vrf <vrf-symbolicname> any common router sub-command
Presentation_ID
119

BGP uses same address-family command

Router BGP <asn> ... address-family ipv4 vrf <vrf-symbolicname> any common router BGP sub-command
Static routes are configured per VRF

ip route vrf <vrf-symbolic-name>
Presentation_ID
120

PE router commands
All show commands are VRF based
Show ip route vrf <vrf-symbolic-name> ...

Show ip protocol vrf <vrf-symbolic-name> Show ip cef <vrf-symbolic-name> PING and Telnet commands are VRF based
telnet /vrf <vrf-symbolic-name>

ping vrf <vrf-symbolic-name>
Presentation_ID
121

ip vrf site1 rd 100:1 route-target export 100:12 route-target import 100:12 ip vrf site2 rd 100:2 route-target export 100:12 route-target import 100:12 route-target import 100:23 route-target export 100:23 ! interface Serial3/6 ip vrf forwarding site1 ip address 192.168.61.6 255.255.255.0 encapsulation ppp ! interface Serial3/7 ip vrf forwarding site2 ip address 192.168.62.6 255.255.255.0 encapsulation ppp
Site-4 Site-1
VPN-C
Site-3
VPN-A
Site-2
VPN-B
Multihop MP-iBGP
P P PE2
PE1
ip vrf site3 rd 100:3 route-target export 100:23 route-target import 100:23 route-target import 100:34 route-target export 100:34 ip vrf site-4 rd 100:4 route-target export 100:34 route-target import 100:34 ! interface Serial4/6 ip vrf forwarding site3 ip address 192.168.73.7 255.255.255.0 encapsulation ppp ! interface Serial4/7 ip vrf forwarding site4 ip address 192.168.74.7 255.255.255.0 encapsulation ppp
Site-1
Presentation_ID
Site-2
Site-3
Site-4
122

router bgp 100 no bgp default ipv4-unicast neighbor 7.7.7.7 remote-as 100 neighbor 7.7.7.7 update-source Loop0 ! address-family ipv4 vrf site2 neighbor 192.168.62.2 remote-as 65502 neighbor 192.168.62.2 activate exit-address-family ! address-family ipv4 vrf site1 neighbor 192.168.61.1 remote-as 65501 neighbor 192.168.61.1 activate exit-address-family ! address-family vpnv4 neighbor 7.7.7.7 activate neighbor 7.7.7.7 next-hop-self exit-address-family
Site-4 Site-1
VPN-C
Site-3
VPN-A
Site-2
VPN-B
Multihop MP-iBGP P PE1 PE2

router bgp 100 no bgp default ipv4-unicast neighbor 6.6.6.6 remote-as 100 neighbor 6.6.6.6 update-source Loop0 ! address-family ipv4 vrf site4 neighbor 192.168.74.4 remote-as 65504 neighbor 192.168.74.4 activate exit-address-family ! address-family ipv4 vrf site3 neighbor 192.168.73.3 remote-as 65503 neighbor 192.168.73.3 activate exit-address-family ! address-family vpnv4 neighbor 6.6.6.6 activate neighbor 6.6.6.6 next-hop-self exit-address-family
Site-1
Presentation_ID
Site-2
Site-3
Site-4
123
Summary
Supports large scale VPN services

Increases value add by the VPN Service Provider Decreases Service Providers cost of providing VPN services Mechanisms are general enough to enable VPN Service Provider to support a wide range of VPN customers See RFC2547
Presentation_ID
124
Point-to-point connections vs BGP/MPLS VPNs: routing peering

CE
Site
Routing peering
PE All other sites
Mesh of point-to-point connections requires each (virtual) router to maintain O(n) peering (where n is the number of sites) does not scale to VPNs with large number of sites (due to the properties of existing routing protocols)
Presentation_ID
Amount of routing peering maintained by CE is O(1) - CE peers only with directly attached PE
independent of the total number of sites within a VPN

scales to VPNs with large number of sites (100s - 1000s sites per VPN)
125
Point-to-point connections vs BGP/MPLS VPNs: provisioning

New Site
CE PE All other sites Config change
New Site
Config change
Mesh of point-to-point connections requires O(n) configuration changes (where n is the number of sites) when adding a new site
Amount of configuration changes needed to add a new site (new CE) is O(1): need to configure only the directly attached PE
independent of the total number of sites within a VPN

Presentation_ID 126
Agenda
LDP
MPLS VPN
Monitoring MPLS
Presentation_ID
127
Basic MPLS Monitoring Commands

router(config)#
show tag-switching tdp parameters
Displays TDP parameters on the local router.

router(config)#
show tag-switching interface show mpls interface
12.1(3)T
Displays MPLS status on individual interfaces.

router(config)#
show tag-switching tdp discovery
Displays all discovered TDP neighbors.

Presentation_ID
128
show tag-switching tdp parameters
Router#show tag-switching tdp parameters Protocol version: 1 No tag pool for downstream tag distribution Session hold time: 180 sec; keep alive interval: 60 sec Discovery hello: holdtime: 15 sec; interval: 5 sec Discovery directed hello: holdtime: 180 sec; interval: 5 sec
Presentation_ID
129
show tag-switching interface
Router#show tag-switching interface detail Interface Serial1/0.1: IP tagging enabled TSP Tunnel tagging not enabled Tagging operational MTU = 1500 Interface Serial1/0.2: IP tagging enabled TSP Tunnel tagging not enabled Tagging operational MTU = 1500
Presentation_ID
130
show tag-switching tdp discovery
Router#show tag-switching tdp discovery Local TDP Identifier: 192.168.3.102:0 TDP Discovery Sources: Interfaces: Serial1/0.1: xmit/recv TDP Id: 192.168.3.101:0 Serial1/0.2: xmit/recv TDP Id: 192.168.3.100:0
Presentation_ID
131
More TDP Monitoring Commands

router(config)#
show tag-switching tdp neighbor
Displays individual TDP neighbors.
router(config)#
show tag-switching tdp neighbor detail
Displays more details about TDP neighbors.
router(config)#
show tag-switching tdp bindings
Displays Tag Information Base (TIB).

Presentation_ID
132
show tag tdp neighbor
Router#show tag-switching tdp neighbors Peer TDP Ident: 192.168.3.100:0; Local TDP Ident 192.168.3.102:0 TCP connection: 192.168.3.100.711 - 192.168.3.102.11000 State: Oper; PIEs sent/rcvd: 55/53; ; Downstream Up time: 00:43:26 TDP discovery sources: Serial1/0.2 Addresses bound to peer TDP Ident: 192.168.3.10 192.168.3.14 192.168.3.100
Presentation_ID
133
show tag tdp neighbor detail
Router#show tag-switching tdp neighbors detail Peer TDP Ident: 192.168.3.100:0; Local TDP Ident 192.168.3.102:0 TCP connection: 192.168.3.100.711 - 192.168.3.102.11000 State: Oper; PIEs sent/rcvd: 55/54; ; Downstream; Last TIB rev sent 26 UID: 1; Up time: 00:44:01 TDP discovery sources: Serial1/0.2; holdtime: 15000 ms, hello interval: 5000 ms Addresses bound to peer TDP Ident: 192.168.3.10 192.168.3.14 192.168.3.100 Peer holdtime: 180000 ms; KA interval: 60000 ms; Peer state: estab
Presentation_ID
134
show tag tdp bindings
Router#show tag tdp bindings tib entry: 192.168.3.1/32, rev 9 local binding: tag: 28 remote binding: tsr: 19.16.3.3:0, tib entry: 192.168.3.2/32, rev 8 local binding: tag: 27 remote binding: tsr: 19.16.3.3:0, tib entry: 192.168.3.3/32, rev 7 local binding: tag: 26 remote binding: tsr: 19.16.3.3:0, tib entry: 192.168.3.10/32, rev 6 local binding: tag: imp-null(1) remote binding: tsr: 19.16.3.3:0,
tag: 28
tag: 27
tag: imp-null(1)
tag: 26
Presentation_ID
135
Monitoring Label Switching

router(config)#
show tag-switching forwarding-table show mpls forwarding-table
Displays contents of Label Forwarding Information Base.

router(config)#
show ip cef detail
Displays label(s) attached to a packet during label imposition on edge LSR.
Presentation_ID
136
Monitoring Label Switching Monitoring LFIB
Router#show tag-switching forwarding-table ? A.B.C.D Destination prefix detail Detailed information interface Match outgoing interface next-hop Match next hop neighbor tags Match tag values tsp-tunnel TSP Tunnel id | Output modifiers <cr>
Presentation_ID
137
show tag-switching forwarding-table
Router#show tag-switching forwarding-table detail Local Outgoing Prefix Bytes tag Outgoing tag tag or VC or Tunnel Id switched interface 26 Untagged 192.168.3.3/32 0 Se1/0.3 MAC/Encaps=0/0, MTU=1504, Tag Stack{} 27 Pop tag 192.168.3.4/32 0 Se0/0.4 MAC/Encaps=4/4, MTU=1504, Tag Stack{} 20618847 28 29 192.168.3.4/32 0 Se1/0.3 MAC/Encaps=4/8, MTU=1500, Tag Stack{29} 18718847 0001D000
Next Hop
point2point point2point
point2point
Presentation_ID
138
show ip cef detail
Router#show ip cef 192.168.20.0 detail 192.168.20.0/24, version 23, cached adjacency to Serial1/0.2 0 packets, 0 bytes tag information set local tag: 33 fast tag rewrite with Se1/0.2, point2point, tags imposed: {32} via 192.168.3.10, Serial1/0.2, 0 dependencies next hop 192.168.3.10, Serial1/0.2 valid cached adjacency tag rewrite with Se1/0.2, point2point, tags imposed: {32}
Presentation_ID
139
Debugging Label Switching and TDP

router(config)#
debug tag-switching tdp ...
Debugs TDP adjacencies, session establishment, and label bindings exchange.

router(config)#
debug tag-switching tfib ... debug mpls lfib
12.1(3)T
Debugs Tag Forwarding Information Base events: label creations, removals, rewrites.
router(config)#
debug tag-switching packets [ interface ] debug mpls packets [ interface ]
12.1(3)T
Debugs labeled packets switched by the router. Disables fast or distributed tag switching.
Presentation_ID
140
Common Frame-Mode MPLS Symptoms

TDP/LDP session does not start.
Labels are not allocated or distributed.

Packets are not labeled although the labels have been distributed. MPLS intermittently breaks after an interface failure. Large packets are not propagated across the network.
Presentation_ID
141
TDP Session Startup Issues: 1/4

Symptom
TDP neighbors are not discovered.
show tag tdp discovery does not display expected TDP neighbors.
Diagnosis
MPLS is not enabled on adjacent router.
Verification
Verify with show tag interface on the adjacent router.
Presentation_ID
142

Symptom
Diagnosis
Label distribution protocol mismatch - TDP on one end, LDP on the other end.
Verification
Verify with show tag interface detail on both routers.
Presentation_ID
143

Symptom
Diagnosis
Packet filter drops TDP/LDP neighbor discovery packets.
Verification
Verify access-list presence with show ip interface. Verify access-list contents with show access-list.
Presentation_ID
144

Symptom
TDP neighbors discovered, TDP session is not established.
show tdp neighbor does not display a neighbor in Oper state.
Diagnosis
Connectivity between loopback interfaces is broken - TDP session is usually established between loopback interfaces of adjacent LSRs.
Verification
Verify connectivity with extended ping command.
Presentation_ID
145
Label Allocation Issues

Symptom
Labels are not allocated for local routes.
show tag-switching forwarding-table does not display any labels
Diagnosis
CEF is not enabled.
Verification
Verify with show ip cef.
Presentation_ID
146
Label Distribution Issues

Symptom
Labels are allocated, but not distributed.
show tag-switching tdp bindings on adjacent LSR does not display labels from this LSR
Diagnosis
Problems with conditional label distribution.
Verification
Debug label distribution with debug tag tdp advertisement.
Examine the neighbor TDP router IDP with show tag tdp discovery. Verify that the neighbor TDP router ID is matched by the access list specified in tag advertise command.
Presentation_ID
147
Packet Labeling
Symptom
Labels are distributed, packets are not labeled.
show interface statistic does not labeled packets being sent
Diagnosis
CEF is not enabled on input interface (potentially due to conflicting feature being configured).
Verification
Verify with show cef interface.
Presentation_ID
148
show cef interface

Router#show cef interface Serial1/0.1 is up (if_number 15) Internet address is 192.168.3.5/30 ICMP redirects are always sent Per packet loadbalancing is disabled IP unicast RPF check is disabled Inbound access list is not set Outbound access list is not set IP policy routing is disabled Interface is marked as point to point interface Hardware idb is Serial1/0 Fast switching type 5, interface type 64 IP CEF switching enabled IP CEF VPN Fast switching turbo vector Input fast flags 0x1000, Output fast flags 0x0 ifindex 3(3) Slot 1 Slot unit 0 VC -1 Transmit limit accumulator 0x0 (0x0) IP MTU 1500
Presentation_ID
149
Intermittent MPLS Failures after Interface Failure
Symptom
Overall MPLS connectivity in a router intermittently breaks after an interface failure.
Diagnosis
IP address of a physical interface is used for TDP/LDP identifier. Configure a loopback interface on the router.
Verification
Verify local TDP identifier with show tag-switching tdp neighbors.
Presentation_ID
150
Packet Propagation
Symptom
Large packets are not propagated across the network.
Extended ping with varying packet sizes fails for packet sizes close to 1500
In some cases, MPLS might work, but MPLS/VPN will fail.
Diagnosis
Tag MTU issues or switches with no support for jumbo frames in the forwarding path.
Verification
Trace the forwarding path; identify all LAN segments in the path. Verify Tag MTU setting on routers attached to LAN segments. Check for low-end switches in the transit path.
Presentation_ID
151
Summary
After completing this lesson, you will be able to perform the following tasks:
Describe procedures for monitoring MPLS on IOS platforms.
List the debugging commands associated with label switching, LDP and TDP.
Identify common configuration or design errors.
Use the available debugging commands in real-life troubleshooting scenarios.

Presentation_ID
152
Customer Reference
153
Ciscos MPLS Is Proven 150+ Deployments Today

Americas EMEA APT/Japan
Presentation_ID
154
Thank you.
155

MPLS Introduction

Uploaded by

Document Informationclick to expand document information

Document Informationclick to expand document information

Copyright:

Available Formats

MPLS Introduction

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

MPLS Introduction

Uploaded by

Copyright:

Available Formats

MPLS Introduction

Session Number Presentation_ID

2001, Cisco Systems, Inc. All rights reserved.

2001, Cisco Systems, Inc. All rights reserved.

Edge Label Switch Router

(ATM Switch or Router)

Label Switch Router (LSR)

Label Distribution Protocol (LDP)

2001, Cisco Systems, Inc. All rights reserved.

2001, Cisco Systems, Inc. All rights reserved.

2001, Cisco Systems, Inc. All rights reserved.

3. LSR switches packets using label swapping(SWAP) .

Label Switch Path (LSP)

IGP domain with a label distribution protocol

IGP domain with a label distribution protocol

LSP follows IGP shortest path

LSP diverges from IGP shortest path

LSPs are derived from IGP routing information

PPP Header (Packet over SONET/SDH)

LAN MAC Label Header

2001, Cisco Systems, Inc. All rights reserved.

Label = 20 bits S = Bottom of Stack, 1 bit

EXP = Class of Service, 3 bits TTL = Time to Live, 8 bits

2001, Cisco Systems, Inc. All rights reserved.

Loops and TTL

In IP networks TTL is used to prevent packets to travel indefinitely in the network

2001, Cisco Systems, Inc. All rights reserved.

Loops and TTL

LSR-6 --> 25 Hops=4

Label = 21 IP packet TTL = 6 LSR-5

TTL is decremented prior to enter the non-TTL capable LSP

If TTL is 0 the packet is discarded at the ingress point

Label Assignment and Distribution

Labels have link-local significance:

Labels are assigned and exchanged

2001, Cisco Systems, Inc. All rights reserved.

Label Assignment and Distribution

Unsolicited Downstream Distribution

Rtr-C 40 Next-Hop... ... ...

30 Next-Hop... ... ...

LSRs distribute labels to the upstream neighbors

On-Demand Downstream Distribution

Use label 40 for destination 171.68.10/24

Use label 30 for destination 171.68.10/24

171.68.10/24 171.68.40/24 Rtr-A Rtr-B

2001, Cisco Systems, Inc. All rights reserved.

Label Retention Modes

Conservative retention mode

2001, Cisco Systems, Inc. All rights reserved.

Label Distribution Modes

Ordered LSP control

it has already received a label binding from its next-hop

2001, Cisco Systems, Inc. All rights reserved.

Router Example: Forwarding Packets

Packets Forwarded Based on IP Address

MPLS Example: Routing Information

Routing Updates (OSPF, EIGRP, )

You Can Reach 171.69 Thru Me