MPLS Introduction

Overview of MPLS Fundamentals, Basic Operation, and In-Depth

overview of Service Capabilities
Drawbacks of Traditional IP
Traditional IP Forwarding

Traditional IP forwarding is based on the following:

• Routing protocols are used to distribute Layer 3 routing information.
• Forwarding is based on the destination address only.
• Routing lookups are performed on
every hop.
 Traditional IP Forwarding
(cont.)

10.1.1.1 10.1.1.1

Routing
Routing lookup
lookup

Routing
lookup

• Destination-based routing lookup is needed on

every hop.
• Every router may need full Internet routing information
(more than 100,000 routes).
 IP over ATM

10.1.1.1 10.1.1.1 10.1.1.1 10.1.1.1

10.1.1.1

10.1.1.1
10.1.1.1

• Layer 2 topology may be different from Layer 3 topology, resulting in

suboptimal paths and link utilization.
• Layer 2 devices have no knowledge of Layer 3 routing information—virtual
circuits must be manually established.
• Even if the two topologies overlap, the hub and spoke topology is usually
used because of easier management.
Traffic Engineering with Traditional IP
Forwarding

Primary
OC192 link
Large Site A Large Site B

Backup
OC48 link
Small Site C

• Most traffic goes between large sites A and B and uses only the primary link.
• Destination-based routing does not provide any mechanism for load
balancing across unequal paths.
• Policy-based routing can be used to forward packets based on other
parameters, but this is not a scalable solution.
Basic MPLS Concepts
 Efficiency of Switching
Postal network forwards based on Zip Code
Carrier delivers based on name and address

Postal
Name Network Name
Address Address
City, State 01022 City, State 01022

MPLS switch adds label and forwards based on label value

Egress switch drops label and routes based on IP address

MPLS
IP Address
Port
Network IP Address
Port
Label 01022
 MPLS Components
Customer Edge Router—Connects to provider network (no MPLS)
Ingress LSR —Translates IP destination address to label, commonly
referred to as a provider edge (PE) router
Transit LSR —Switches packets based on labels, commonly referred to as
provider (P) router or core LSR
Egress LSR —Removes label and forwards packet to customer edge,
also commonly referred to as a PE router

Customer Edge Ingress LSR Transit LSR Egress LSR Customer Edge

Customer Customer
IP Network IP Network
MPLS Provider
Network
Route Switch Route
Basic MPLS Concepts

• MPLS is a new forwarding mechanism in which

packets are forwarded based on labels.
• Labels may correspond to IP destination networks
(equal to traditional IP forwarding).
• Labels can also correspond to other parameters, such
as quality of service (QoS) or source address.
• MPLS was designed to support forwarding of other
protocols as well.
 Traffic Engineering with MPLS

Primary
OC192 link
Large Site A
Large Site B

Secondary
OC48 link
Small Site C

• Traffic can be forwarded based on other parameters (QoS,

source, ...).
• Load sharing across unequal paths can be achieved.
MPLS Architecture

• MPLS has two major components:

• Control plane—exchanges Layer 3 routing information and labels
• Data plane—forwards packets based on labels
• Control plane contains complex mechanisms to exchange routing
information, such as Open Shortest Path First (OSPF), Enhanced Interior
Gateway Routing Protocol (EIGRP), Intermediate System-to-Intermediate
System (IS-IS), and BGP, and to exchange labels, such as Tag Distribution
Protocol (TDP), label distribution protocol (LDP), BGP, and Resource
Reservation Protocol (RSVP).
• Data plane has a simple forwarding engine.
• Control plane maintains contents of the label-switching table (label
forwarding information base, or LFIB).
 MPLS Architecture

Control Plane
OSPF
OSPF: 10.0.0.0/8 OSPF: 10.0.0.0/8

LDP: 10.0.0.0/8 LDP LDP: 10.0.0.0/8

Label 17 Label 4

Data Plane
Labeled packet LFIB Labeled packet
Label 17 4→17 Label 4

• Router functionality is divided into two major parts:

control plane and data plane
 Label Switch Router

MPLS Domain

10.1.1.1 L=3 L=5 10.1.1.1

20.1.1.1 L=31 L=43 20.1.1.1

Edge
LSR
LSR

• Label switch router (LSR) primarily forwards labeled packets

(label swapping)
• Edge LSR primarily labels IP packets and forwards them into
MPLS domain, or removes labels and forwards IP packets out of
the MPLS domain
Architecture of LSRs

LSRs, regardless of the type, perform the following

three functions:
• Exchange routing information
• Exchange labels
• Forward packets (LSRs and edge LSRs) or cells (ATM LSRs and ATM edge LSRs)
The first two functions are part of the control plane.
The last function is part of the data plane.
Architecture of LSRs

LSR

Exchange of Control Plane

routing information
Routing Protocol

IP Routing Table
Exchange of
labels
Label Distribution Protocol

Incoming Data Plane Outgoing

labeled packets labeled packets
Label Forwarding Table

LSRs primarily forward labeled packets or cells (ATM LSRs).

Architecture of Edge LSRs
• Note: AM edge LSRs can only forward cells.

Edge LSR

Exchange of Control Plane

routing information
Routing Protocol

IP Routing Table
Exchange of
labels
Label Distribution Protocol

Incoming
Data Plane Outgoing
IP packets IP packets
IP Forwarding Table
Incoming Outgoing
labeled packets labeled packets
Label Forwarding Table
MPLS Label Assignment &
Distribution
 MPLS Label Format

LABEL EXP S TTL

0 19 20 22 23 24 31

MPLS uses a 32-bit label field that contains the following information:
• 20-bit label (a number)
• 3-bit experimental field (usually used to carry IP precedence value)
• 1-bit bottom-of-stack indicator (indicates whether this is the last label before the
IP header)
• 8-bit TTL (equal to the TTL in IP header)
 MPLS Labels

• Labels are inserted between the Layer 2 (frame)

header and the Layer 3 (packet) header.
• There can be more than one label
(label stack).
• The bottom-of-stack bit indicates if the label is the last
label in the label stack.
• The TTL field is used to prevent indefinite looping of
packets.
• Experimental bits are usually used to carry the IP
precedence value.
MPLS Label Stack

Frame
Label 1 Label 2 Label 3 IP Header Payload
Header
PID=MPLS-IP
S=1
S=0 S=0

• Protocol identifier in a Layer 2 header specifies that

the payload starts with a label (labels) and is followed
by an IP header
• Bottom-of-stack bit indicates whether the next header
is another label or a Layer 3 header
• Receiving router uses the top label only
 MPLS Label Stack

•Usually only one label assigned to a packet.

•The following scenarios may produce more than one label:
• MPLS VPNs (two labels—the top label points to the egress
routers and the second label identifies
the VPN)
• MPLS TE (two or more labels—the top label points to the
endpoint of the traffic engineering tunnel and the second
label points to the destination)
• MPLS VPNs combined with MPLS TE (three or more labels)
 Label Distribution Protocol
– OSPF or IS-IS used to distribute IP routing
knowledge
– Label Distribution Protocol (LDP) used to
discover labels
• Each LSR establishes a session with neighbors
• Distributes label knowledge between neighbors
Customer
IP Network

Customer
IP Network
 Label Distribution Protocol (LDP)

• The fundamental concept in MPLS based networks is

the meaning of the label
• The Label Distribution Protocol (LDP) provides a set of
methods that allow an Label Switch Router (LSR) to
share a particular label and its association with other
LSRs
 LDP Overview
• IETF standard protocol
–distributes <label, prefix> bindings for MPLS
forwarding along normally routed paths
• Runs in parallel with routing protocols
• Neighbor discovery with UDP (646)
• Incremental updates over TCP (646)
• Other label distribution mechanisms can run in
parallel
• Descendent of Cisco proprietary Tag Distribution
Protocol (TDP)
• RFC 3036
 Terminology – Upstream and
Downstream

LSP direction
(Packet flow)
Source Destinatio
nX

Upstream Downstream
platform platform

Label binding {L1, X}

 Terminology
• Label Information Base (LIB)
–A data structure that holds locally assigned labels
and labels learned from LDP peers
• Label Forwarding Information Base (LFIB)
–A data structure and way of managing forwarding in
which destinations and incoming labels are
associated with outgoing interfaces and labels. The
LFIB can be updated by routing changes and label
advertisements from peers
• Forwarding Equivalence Class (FEC)
–Groups of packets that are forwarded over the
same Label Switch Path
 LIB and LFIB structures
Label Distribution

Label Information Base (LIB)

Destination In Label (Peer, Out Label),…

D LR1 (R2:0, LR2), (R3:0, LR3), (R4:0, LR4)

Label Forwarding Information Base (LFIB)

In Label Out Label Interface

tR1 tR2 i3
 LDP Identifier
a b c d n

LSR ID Label Space ID

• LSR ID
–The LSR ID is a four byte number that identifies a
specific LSR. These four bytes must be unique in the
network. Generally they are derived from an interface
on the LSR. In IOS (by default) this is the highest IP
address, or highest IP address of a loopback– if it’s
available.
• Label Space ID
–A two byte number that identifies a specific label
space on the LSR. The label space id 0x00 is
reserved for the platform label space
 LDP Identifier
a b c d n

LSR ID Label Space ID

• LDP Identifier
– The six byte concatenation of the LSR ID
and LABEL SPACE ID results in the LDP
Identifier. This uniquely identifies the label
space.
 LDP Session

• Each LDP identifier has a separate LDP

session.
– That is, each LSR label space has its own distinct
LDP session.
• Each session has its own TCP (646)
connection and discovery process.
 LDP Session Negotiation

MPLS_A
MPLS_B
1.0.0.1 1.0.0.2

• Peers first exchange initialization messages.

• The session is ready to exchange label mappings after
receiving the first keepalive.
 LDP Session Negotiation

MPLS_A
MPLS_B
Establish TCP session
1.0.0.1 1.0.0.2
Initialization message

• Peers first exchange initialization messages.

• The session is ready to exchange label mappings after
receiving the first keepalive.
 LDP Session Negotiation

MPLS_A
MPLS_B
Establish TCP session
1.0.0.1 1.0.0.2
Initialization message

Initialization message

Keepalive

• Peers first exchange initialization messages.

• The session is ready to exchange label mappings after
receiving the first keepalive.
 LDP Session Negotiation

MPLS_A
MPLS_B
Establish TCP session
1.0.0.1 1.0.0.2
Initialization message

Initialization message

Keepalive

Keepalive

Address message ….

• Peers first exchange initialization messages.

• The session is ready to exchange label mappings after
receiving the first keepalive.
 Label Distribution - Methods
Label Distribution can take place using one of two possible methods

Downstream Unsolicited Label Distribution Downstream-on-Demand Label Distribution

LSR1 LSR2 LSR1 LSR2

Label-FEC Binding Request for Binding

• LSR2 and LSR1 are said to have an “LDP
adjacency” (LSR2 being the downstream LSR) Label-FEC Binding

• LSR2 discovers a ‘next hop’ for a particular FEC • LSR1 recognizes LSR2 as its next-hop for an FEC

• LSR2 generates a label for the FEC and • A request is made to LSR2 for a binding between
communicates the binding to LSR1 the FEC and a label

• LSR1 inserts the binding into its forwarding tables • If LSR2 recognizes the FEC and has a next hop for
it, it creates a binding and replies to LSR1
• If LSR2 is the next hop for the FEC, LSR1 can use
that label knowing that its meaning is understood • Both LSRs then have a common understanding

Both methods are supported, even in the same network at the same time
For any single adjacency, LDP negotiation must agree on a common method
 Label Switched Path

– Path through MPLS network based on FEC

LSP
Label Switched Path
Customer
IP Network

Core
Functions

Edge
Customer
Functions
IP Network
 LSP Details

• MPLS provides two options to set up an LSP

– hop-by-hop routing
Each LSR independently selects the next hop for a
given FEC. LSRs support any available routing
protocols (OSPF, ATM …).
– explicit routing
Is similar to source routing. The ingress LSR
specifies the list of nodes through which the packet
traverses.
• The LSP setup for an FEC is unidirectional.
The return traffic must take another LSP!
MPLS Modes of Operation
 MPLS Modes of Operation

• MPLS technology is intended to be used anywhere

regardless of Layer 1 media and Layer 2 protocol.
• MPLS uses a 32-bit label field that is inserted between
Layer 2 and Layer 3 headers (frame-mode).
• MPLS over ATM uses the ATM header as the label
(cell-mode).
 Frame-Mode MPLS

Frame
IP Header Payload
Header
Layer 2 Layer 3

Routing
lookup and
label
assignment

Frame
Label IP Header Payload
Header
Layer 2 Layer 2½ Layer 3
 Cell_Mode MPLS

Frame
IP Header Payload
Header
Layer 2 Layer 3

Frame
Label IP Header Payload
Header
Layer 2 Layer 2½ Layer 3
VPI/VCI fields are
used for label
switching

ATM ATM Adaptation

Cell 1 Label IP Header Payload
Header Layer 5 (AAL5) Header
Layer 2 Layer 2½ Layer 3

ATM
Cell 2 Payload
Header
 MPLS Forwarding

An LSR can perform the following functions:

• Insert (impose) a label or a stack of labels on ingress.
• Swap a label with a next-hop label or a stack of labels in the core.
• Remove (pop) a label on egress.
ATM LSRs can only swap a label with one label (VPI/VCI fields change).
 MPLS Forwarding
(Frame-Mode)

MPLS Domain

10.1.1.1 3 10.1.1.1 5 10.1.1.1 10.1.1.1

IP Lookup IP Lookup IP Lookup

10.0.0.0/8 → label 3 10.0.0.0/8 → label 5 10.0.0.0/8 → next hop

LFIB LFIB LFIB

label 8 → label 3 label 3 → label 5 label 5 → pop

• On ingress a label is assigned and imposed by the IP routing process.

• LSRs in the core swap labels based on the contents of the label forwarding table.
• On egress the label is removed and a routing lookup is used to forward the packet.
 MPLS Forwarding
(Cell-Mode)

MPLS Domain

10.1.1.1 1/3 1/3 1/3 1/3 1/5 1/5 1/5 1/5 10.1.1.1

IP Lookup IP Lookup IP Lookup

10.0.0.0/8 → label 1/3 10.0.0.0/8 → label 1/5 10.0.0.0/8 → Next hop

LFIB LFIB LFIB

label 8 → label 1/3 label 1/3 → label 1/5 label 1/5 → pop

• Labels (VPI/VCI) are imposed during the IP lookup process on ingress ATM edge LSRs. Packets
are segmented into cells.
• ATM LSRs in the core swap labels based on the contents of the ATM switching table. ATM LSRs
cannot forward IP packets.
• On egress ATM edge LSRs the labels are removed (cells are reassembled into packets) and a
routing lookup is used to forward packets.
MPLS Applications
 MPLS Applications
MPLS is already used in many different applications:
• Unicast IP routing
• Multicast IP routing
• Traffic Engineering (MPLS TE)
• QoS
• Virtual private networks (MPLS VPN)
Regardless of the application, the functionality is always split
into the control plane and the data plane:
• The applications differ only in the control plane.
• They all use a common label-switching data plane.
• Edge LSR Layer 3 data planes may differ.
• In general, a label is assigned to a forwarding equivalence
class (FEC).
 Unicast IP Routing
• Two mechanisms are needed on the control plane:
• IP routing protocol (OSPF, IS-IS, EIGRP, ...)
• Label distribution protocol (LDP or TDP)
• A routing protocol carries the information about the
reachability of networks.
• The label distribution protocol binds labels to
networks learned via a routing protocol.
• The forwarding equivalence class (FEC) is equal to a
destination network, stored in the IP routing table.

FEC criteria are:

•ATM virtual circuit IDs
•FR virtual circuit IDs
•IP addresses or other layer 3 addresses such as IPX
•Class of Service
 Multicast IP Routing

• A dedicated protocol is not needed to support

multicast traffic across an MPLS domain.
• peripheral interface manager (PIM) version 2 with
extensions for MPLS is used to propagate routing
information as well as labels.
• FEC is equal to a destination multicast address, stored
in the multicast routing table.
 MPLS TE

• MPLS traffic engineering requires OSPF or ISIS with

extensions for MPLS TE as the IGP.
• OSPF and IS-IS with extensions hold the entire
topology in their databases.
• OSPF and IS-IS should also have some additional
information about network resources and constraints.
• RSVP or CR-LDP is used to establish traffic engineering
tunnels (TE tunnels) and propagate labels.
 Quality of Service

• Differentiated QoS is an extension to unicast IP routing

that provides differentiated services.
• Extensions to TDP or LDP are used to propagate different
labels for different classes.
• FEC is a combination of a destination network and a class
of service.
 Virtual Private Networks

• Networks are learned via an IGP (OSPF, EBGP, RIP version 2

[RIPv2] or static) from a customer or via BGP from other
internal routers.
• Labels are propagated via MP-BGP.
• Two labels are used:
• Top label points to the egress router
(assigned through LDP or TDP).
• Second label identifies the outgoing interface on the egress router
or a routing table where a routing lookup is performed.
• FEC is equal to a VPN site descriptor or VPN routing table.
 Interaction Between MPLS Applications

Control Plane
Unicast Multicast MPLS Traffic Quality of Service MPLS/VPN
IP Routing IP Routing Engineering

Any IGP OSPF or IS-IS Any IGP Any IGP

Unicast IP Multicast Unicast IP Unicast IP Unicast IP

routing table IP routing table routing table routing table routing tables

LDP or TDP PIM version 2 LDP RSVP LDP or TDP LDP BGP

Data Plane
Label forwarding table
MPLS Layer 3 VPNs
 Virtual Network Models

Virtual Networks

Virtual Private Networks Virtual Dialup Networks Virtual LANs

Overlay VPN Peer-to-Peer VPN

Layer-2 VPN Layer-3 VPN Access lists Split routing MPLS/VPN

(Shared router) (Dedicated router)

X.25 F/R ATM GRE IPSec

 Overlay Network

• Provider sells a circuit service

• Customers purchases circuits to Provider
connect sites, runs IP (FR, ATM, etc.)
• N sites, (N*(N-1))/2 circuits for full
mesh—expensive
• The big scalability issue
here is routing peers—
N sites, each site has N-1 peers
• Hub and spoke is popular, suffers from
the same N-1 number of routing peers
• Hub and spoke with static routes is
simpler, still buying N-1 circuits from
hub to spokes
• Spokes distant from hubs could mean
lots of long-haul circuits
 Peer Network

• Provider sells an MPLS-VPN service

• Customers purchases circuits to Provider
connect sites, runs IP (MPLS-VPN)
• N sites, N circuits into provider
• Access circuits can be any media
at any point (FE, POS, ATM, T1,
dial, etc.)
• Full mesh connectivity without full
mesh of L2 circuits
• Hub and spoke is also easy to build
• Spokes distant from hubs connect
to their local provider’s POP, lower
access charge because of
provider’s size
• The Internet is a large peer network
 MPLS L3 VPNs using BGP (RFC2547)

• End user perspective

• Virtual Private IP service
• Simple routing – just point default to provider
• Full site-site connectivity without the usual drawbacks
(routing complexity, scaling, configuration, cost)
• Major benefit for provider – scalability

VPN B VPN A
VPN C VPN C
VPN B VPN A
VPN A
VPN A VPN C
VPN B

VPN B VPN C
VPN C VPN B
 MPLS VPN Topology

VPN C/Site 2
CEA2 12.1/16
VPN B/Site 1
CE1B1 Static CEB2
11.1/16 RIP
11.2/16
RIP

P1 PE2
2
CE B1
VPN B/Site 2
BGP
RIP PE1
P2 CEA3

Static RIP

CEA1
16.2/16
P3 PE3
BGP
CEB3 VPN A/Site 2
16.1/16
12.2/16 VPN C/Site 1
VPN A/Site 1
 VPN Routing and Forwarding
Instance (VRF)

• PE routers maintain separate routing tables

• Global routing table
• Contains all PE and P routes (perhaps BGP)
• Populated by the VPN backbone IGP
• VRF (VPN routing and forwarding)
• Routing and forwarding table associated with one or more directly connected
sites (CE routers)
• VRF is associated with any type of interface, whether logical or physical (e.g.
sub/virtual/tunnel)
• Interfaces may share the same VRF if the connected sites share the same
routing information
• Not virtual routers, just virtual routing and forwarding
 PE Router – Global Routing Table
Output
PE2#sh ip route

Gateway of last resort is not set

C 192.168.1.0/24 is directly connected, Ethernet0/0

192.168.100.0/32 is subnetted, 3 subnets
O 192.168.100.1 [110/11] via 192.168.1.1, 00:04:27, Ethernet0/0
C 192.168.100.2 is directly connected, Loopback0
O 192.168.100.3 [110/11] via 192.168.1.3, 00:04:27, Ethernet0/0

Routes from PE1’s Global Routing Table

192.168.100.2 192.168.100.1
CE2 PE2 OSPF PE1
 PE Router – VRF Routing Table Output

PE2#sh ip route vrf RED

Routing Table: RED

Gateway of last resort is 192.168.100.1 to network 0.0.0.0

172.16.0.0/16 is variably subnetted, 8 subnets, 3 masks

C 172.16.25.0/30 is directly connected, Serial4/0
C 172.16.25.2/32 is directly connected, Serial4/0
B 172.16.20.0/24 [20/0] via 172.16.25.2, 00:07:04
10.0.0.0/24 is subnetted, 1 subnets
B 10.0.0.0 [200/307200] via 192.168.100.1, 00:06:28
B* 0.0.0.0/0 [200/0] via 192.168.100.1, 00:07:03

Routes from PE1

10.0.0.0/24
CE2 PE2 iBGP VPNv4 PE1
172.16.20.0/24 172.16.25.2
172.16.25.1
 Virtual Routing and
Forwarding Instances

VPN Routing
Table
• Define a unique VRF for 195.12.2.0/24
interface 0 VPN-A CE
• Define a unique VRF for VRF for VPN-A
interface 1
• Packets will never go VPN-A 0
between int. 0 and 1 PE
1
• Uses VPNv4 to exchange VRF
routing information between VRF for VPN-B
PE’s VPN-B
CE
• No MPLS yet… 146.12.7.0/24 Global Routing
Table
 VRF Route Population

Separate Physical Links

VPN1
Customer-2
CE MPLS Domain
CE
Customer-1
eBGP, EIGRP,OSPF, RIPv2,Static
PE
iBGP Domain

Separate router per Customer/VPN

• VRF is populated locally through PE and CE routing protocol exchange

RIP Version 2, OSPF, BGP-4, EIGRP, & Static routing
“connected” is also supported (i.e. Default-gateway is PE)
• Separate routing context for each VRF
routing protocol context (BGP-4 & RIP V2)
separate process (OSPF)
 Carrying VPN Routes in BGP

• VRFs by themselves aren’t all that useful

• Need some way to get the VRF routing information off the PE and to
other Pes
• This is done with BGP
 Additions to BGP to Carry MPLS-VPN Info

• RD: Route Distinguisher

• VPNv4 address family
• RT: Route Target
• Label
 Route Distinguisher

• To differentiate 10.0.0.0/8 in VPN-A from 10.0.0.0/8

!
in VPN-B ip vrf red
rd 1:1
route-target export 1:1

• 64-bit quantity route-target import 1:1

• Configured as ASN:YY or IPADDR:YY

• Almost everybody uses ASN
• Purely to make a route unique
• Unique route is now RD:Ipaddr (96 bits) plus a mask on
the IPAddr portion
• So customers don’t see each others routes
 Route Target !
ip vrf red
rd 1:1
route-target export 1:1
route-target import 1:1

• To control policy about who sees what routes

• 64-bit quantity (2 bytes type, 6 bytes value)
• Carried as an extended community
• Typically written as ASN:YY
• Each VRF ‘imports’ and ‘exports’ one or
more RTs
• Exported RTs are carried in VPNv4 BGP
• Imported RTs are local to the box
• A PE that imports an RT installs that route in its routing
table
 What Are Route Targets?

• Route targets (RTs) are additional attributes attached to VPNv4 BGP

routes to indicate VPN membership.
• Extended BGP communities are used to encode these attributes.
• Extended communities carry the meaning of the attribute together with its value.
• Any number of RTs can be attached to a single route.
 How Do Route Targets Work?

• Export RTs identifying VPN membership are appended to the customer

route when it is converted into a VPNv4 route.
• Each virtual routing table has a set of associated import RTs that select
routes to be inserted into the virtual routing table.
• Route targets usually identify VPN membership, but they can also be
used in more complex scenarios.
 VPNv4

• In BGP for IP, 32-bit address + mask makes a unique

announcement
• In BGP for MPLS-VPN, (64-bit RD + 32-bit address) + 32-bit
mask makes a unique announcement
• Since the route encoding is different, need a different
address family in BGP
• VPNv4 = VPN routes for IPv4
• As opposed to IPv4 or IPv6 or multicast-RPF, etc…
• VPNv4 announcement carries a label with the route
• “If you want to reach this unique address, get me packets with this label on them”
MPLS Layer-3 VPN
Operation Example
 VRF Population of MP-BGP

Paris
London
CE CE
VPN-v4 update:
RD:1:27:149.27.2.0/24,
PE-1 Next-hop=PE-1 PE-2
BGP, OSPF, RIPv2 update RT=VPN-A
149.27.2.0/24,NH=CE-1 Label=(28)

Service Provider Network

• PE routers translate into VPN-V4 route

• Assigns an RD, SOO (if configured) and RT based on configuration
• Re-writes Next-Hop attribute (to PE loopback)
• Assigns a label based on VRF and/or interface
• Sends MP-BGP update to all PE neighbors
 VRF Population of MP-BGP

VPN-v4 update is translated

into IPv4 address and put
Paris into VRF VPN-A as RT=VPN-
A and optionally advertised London
to any attached sites
CE CE

VPN-v4 update:
PE-1 RD:1:27:149.27.2.0/24, PE-2
BGP, OSPF, RIPv2 update Next-hop=PE-1
149.27.2.0/24,NH=CE-1 RT=VPN-A
Label=(28)

Service Provider Network

• Receiving PE routers translate to IPv4

• Insert the route into the VRF identified by the RT
• attribute (based on PE configuration)
• The label associated to the VPN-V4 address will be set on
packets forwarded towards the destination
MPLS/VPN Packet Forwarding

• Between PE and CE, regular IP packets (currently)

• Within the provider network—label stack
– Outer label: “get this packet to the egress PE”
– Inner label: “get this packet to the egress CE”
• MPLS nodes forward packets based on TOP label!!!
• any subsequent labels are ignored
• Penultimate Hop Popping procedures used one hop
prior to egress PE router (shown in example)
 MPLS/VPN Packet Forwarding
In Label FEC Out Label
- 197.26.15.1/32 41
VPN-A VRF
149.27.2.0/24,
NH=197.26.15.1
PE-1 Label=(28)
41 28 149.27.2.27
149.27.2.27

Paris London
149.27.2.0/24

• Ingress PE receives normal IP packets

• PE router performs IP Longest Match from VPN
FIB, finds iBGP next-hop and imposes a stack of
labels <IGP, VPN>
 MPLS/VPN Packet Forwarding
In Label FEC Out Label In Label FEC Out Label
28(V) 149.27.2.0/24 - 41 197.26.15.1/32 POP
VPN-A VRF
VPN-A VRF 149.27.2.0/24,
149.27.2.0/24, NH=197.26.15.1
NH=Paris PE-1 Label=(28)
28 149.27.2.27 41 28 149.27.2.27
149.27.2.27 149.27.2.27

Paris London
149.27.2.0/24

• Penultimate PE router removes the IGP label

• Penultimate Hop Popping procedures (implicit-null
label)
• Egress PE router uses the VPN label to select which
VPN/CE to forward the packet to
• VPN label is removed and the packet is routed toward
the VPN site
 Things to Note

• Core does not run VPNv4 BGP!

• Same principle can be used to run a BGP-free core
for an IP network
• CE does not know it’s in an MPLS-VPN
• Outer label is from LDP/RSVP
• Getting packet to egress PE is mutually independent to
MPLS-VPN
• Inner label is from BGP
• Inner label is there so the egress PE can have the same
network in multiple VRFs
 VRF Route Population

Separate Physical Links

VPN1
Customer-2
CE MPLS Domain
CE
Customer-1
eBGP, EIGRP,OSPF, RIPv2,Static
PE
iBGP Domain

Separate router per Customer/VPN

• VRF is populated locally through PE and CE routing protocol exchange

RIP Version 2, OSPF, BGP-4, EIGRP, & Static routing
“connected” is also supported (i.e. Default-gateway is PE)
• Separate routing context for each VRF
routing protocol context (BGP-4 & RIP V2)
separate process (OSPF)
Customers Connecting to a Layer-3 VPN
Service
• What routing protocol is supported by the carrier (CE-PE)?
• What address space do they allow for CE-PE subnet?
• What layer-2 transport is required/supported from CE-PE?
• Do they provide a QoS SLA?
• Concerning QoS, do they require DSCP or ToS settings from the CE to their
PE?
• Do they manipulate DSCP/ToS based on congestion in their network?
• What other services do they have on their roadmap of “Service Offerings”
(Example: IPv6, IP Multicast, Tighter QoS SLA offering, other??)
• Understand the resiliency in the core
• Do they offer LEC diversification or “bypass”?
 AToM
Any Transport Over MPLS

Layer 2 Transport for MPLS Networks

• HDLC/PPP
• Frame Relay
• Ethernet (802.1Q)
• ATM AAL5 & Cell Relay
 Motivation for AToM

• Protect existing investment while building packet core

• Frame Relay and ATM
• Non-IP protocols – SNA, IPX
• Trunk customer traffic
• Trunk customer’s IGP across the provider backbone
• Especially when the customer is connecting over disparate media
• Provider devices forward customer packets based on Layer 2 information
• Circuits (ATM/FR), MAC address
• CPE-based Tunnels (e.g. IPSEC) analogous to circuits
• Possibility of a new service (VPLS – emulated LAN)
• Good fit for customers that either
• Simply want connectivity
• Have non-IP protocols
 AToM –
Label Mapping Exchange

PE2 repeats steps 1-5 so that bi-

directional label/VCID mappings
CE1 are established CE
1. L2 transport route
entered on ingress PE 4. PE1 sends label
mapping message
containing VC FEC
TLV & VC label TLV 5. PE2 receives VC
FEC TLV & VC label
3. PE1 allocates VC PE1 PE2 TLV that matches
label for new interface 2. PE1 starts LDP local VCID
& binds to configured session with PE2 if
VCID one does not already
exist

Tunnel Label VC Label PDU

Bi-directional Label/VCID mapping exchange

 Layer 2 Integration – ATM/FR over MPLS
• Two different requirements for the QoS Options, Mapping: L2→IP→EXP
transport of ATM across an MPLS
backbone
Any Transport over
• - Transport of AAL5 encapsulated MPLS (AToM)
frames (RFC1483);
Tunnel
• - Transport of ATM cells (cell relay)
MPLS Cells/frames with
Backbone labels

PE PE
Virtual Leased Line

ATM/FR
ATM/FR

Virtual Circuits

• AToM FR will support DLCI to DLCI switching

CPE Router Both local and distributed connectivity;
PE will act as DCE or NNI Interface;
CPE Router

Different encapsulation may be used on both ends of

the PVC e.g Cisco encapsulation on one end and
IETF (RFC 1490) encapsulation on the other end
 Layer 2 Integration - Ethernet over
MPLS

Ethernet
Segment

ISP C

MPLS Network ISP A

Enterprise
LAN

PE PE ISP B
ISP 2
PE PE

ISP 1
PE PE
Ethernet Enterprise
ISP 3
Segment LAN

• Port-mode
Allows a frame coming into an interface to be packed into an MPLS packet
• VLAN-mode
Forwards frames from a SRC 802.1Q VLAN to a DST 802.1Q VLAN
 PPP/HDLC over MPLS

End to End PPP Session

DSL Remote Hosting
Cable & Backhaul
BBFW
Content Cache
DNS, AAA
Broadband Access

MPLS Network

Customer Edge
Customer Edge

PPP/HDLC over MPLS

End to End PPP/HDLC Session

Configuring MPLS
 MPLS Configuration Tasks

• Mandatory:
• Enable CEF switching.
• Configure label pool (mandatory in some IOS software releases).
• Configure Tag Distribution Protocol or Label Distribution Protocol on every label-
enabled interface.
• Optional:
• Configure MTU size for labeled packets.
• Configure IP TTL propagation.
• Configure conditional label advertising.
 Configuring IP CEF

router(config)#
ip cef [distributed]
• Starts CEF switching and creates the FIB table
• Distributed keyword configures distributed CEF
(running on VIP or line cards)
• All CEF-capable interfaces run CEF switching
router(config-if)#
no ip route-cache cef
• Disables CEF switching on an interface
• Usually not needed
Monitoring IP CEF

Router#show ip cef detail

IP CEF with switching (Table Version 6), flags=0x0
6 routes, 0 reresolve, 0 unresolved (0 old, 0 new)
9 leaves, 11 nodes, 12556 bytes, 9 inserts, 0 invalidations
0 load sharing elements, 0 bytes, 0 references
2 CEF resets, 0 revisions of existing leaves
refcounts: 543 leaf, 544 node

Adjacency Table has 4 adjacencies

0.0.0.0/32, version 0, receive
192.168.3.1/32, version 3, cached adjacency to Serial0/0.10
0 packets, 0 bytes
tag information set
local tag: 28
fast tag rewrite with Se0/0.10, point2point, tags imposed: {28}
via 192.168.3.10, Serial0/0.10, 0 dependencies
next hop 192.168.3.10, Serial0/0.10
valid cached adjacency
tag rewrite with Se0/0.10, point2point, tags imposed: {28}
 MPLS Configuration Commands

• Base MPLS functionality is configured using tag-

switching configuration commands until Cisco IOS
Release 12.1(3)T.
• Cisco IOS Release 12.1(3)T introduces MPLS
configuration commands that are usually equivalent
to tag-switching configuration commands.
• The tag-switching version of configuration commands
appears in saved configuration for backward
compatibility.
 Configuring Label Switching on a Frame-
Mode Interface

router(config-if)#
tag-switching ip

• Enables label switching on a frame-mode interface

• Starts TDP on the interface
router(config-if)#
mpls ip Cisco IOS Release 12.1(3)T

• Enables label switching on a frame-mode interface

• Starts TDP on the interface
router(config-if)#
mpls label-protocol [tdp | ldp | both] Cisco IOS Release 12.2T

• Starts selected label distribution protocol on the

specified interface
 MPLS Configuration Example

ip cef
Enable MPLS on all core
interfaces in your network. interface hssi 1/0
mpls ip
interface fastethernet 0/0
mpls ip

C1 A B C C2
Cat6000

Provider Network

ip cef

Never run MPLS with your interface serial 3/1

customers.
Use access lists to prevent
customers from running
TDP with your routers.
ip access-group NoTDP in
interface hssi 1/0
mpls ip
ip access-list NoTdp deny tcp any any eq 711
ip access-list NoTdp permit ip any any
Configuring Virtual Routing
and Forwarding Table
 Configuring VRF Tables

• VRF configuration tasks:

• Create a VRF table
• Assign RD to the VRF
• Specify export and import route targets
• Assign interfaces to VRFs
 Creating VRF Tables and Assigning
RDs
router(config)#
ip vrf name

• Creates a new VRF or enters configuration of an

existing VRF.
• VRF names are case-sensitive.
• VRF is not operational unless you configure RD.
• VRF names have only local significance.

router(config-vrf)#
rd route-distinguisher

• Assigns a route distinguisher to a VRF.

• You can use ASN:xx or A.B.C.D:xx format for RD.
• Each VRF in a PE router has to have a unique RD.
 Specify Export and
Import RTs
router(config-vrf)#
route-target export RT

• Specifies an RT to be attached to every route exported from

this VRF to MP-BGP
• Allows specification to many export RTs—all to be attached to
every exported route
router(config-vrf)#
route-target import RT

• Specifies an RT to be used as an import filter—only routes

matching the RT are imported into the VRF
• Allows specification of many import RTs—any route where at
least one RT attached to the route matches any import RT is
imported into the VRF
Due to implementation issues, at least one export route target must
also be an import route target of the same VRF in Cisco IOS Releases 12.0T
 Specify Export and
Import RTs
router(config-vrf)#
route-target both RT

• In cases where the export RT matches the import

RT, use this form of route-target command.

Sample router configuration for simple customer VPN:

ip vrf Customer_ABC
rd 12703:15
route-target export 12703:15
route-target import 12703:15
 Assigning an Interface to
VRF Table
router(config-if)#
ip vrf forwarding vrf-name

• Associates an interface with the specified VRF

• Existing IP address removed from the interface
when interface is put into VRF—IP address must be
reconfigured
• CEF switching must be enabled on interface
Sample router configuration:

ip cef
!
interface serial 0/0
ip vrf forwarding Customer_ABC
ip address 10.0.0.1 255.255.255.252
 Sample VPN Network

MPLS VPN Backbone

CE-RIP-A1 CE-RIP-A2

CE-BGP-A1 CE-BGP-A2
PE-Site-X PE-Site-Y

CE-RIP-B1 CE-RIP-B2

• The network supports two VPN customers.

• Customer A runs RIP and BGP with the service
provider; customer B uses only RIP.
• Both customers use network 10.0.0.0.
 Sample VPN Network
VRF Configuration

MPLS VPN Backbone

ip vrf Customer_A
CE-RIP-A1 rd 115:43 CE-RIP-A2
route-target both 115:43
!
ip vrf Customer_B
CE-BGP-A1 rd 115:47 CE-BGP-A2
PE-Site-X route-target both 115:47
PE-Site-Y
!
interface serial 1/0/1
CE-RIP-B1 CE-RIP-B2
ip forwarding vrf Customer_A
ip address 10.1.0.1 255.255.255.252
!
interface serial 1/0/2
ip vrf forwarding Customer_A
ip address 10.1.0.5 255.255.255.252
!
interface serial 1/1/3
ip vrf forwarding Customer_B
ip address 10.2.0.1 255.255.255.252
Configuring Multi-Protocol BGP
Session Between the PE routers
 BGP Address Families

•The BGP process in an MPLS VPN-enabled router performs three separate

tasks:
• Global BGP routes (Internet routing) are exchanged as in traditional BGP setup.
• VPNv4 prefixes are exchanged through MP-BGP.
• VPN routes are exchanged with CE routers through per-VRF EBGP sessions.
•Address families (routing contexts) are used to configure
these three tasks in the same BGP process.
 Selecting the BGP
Address Family
router(config)#
router bgp as-number

• Selects global BGP routing process

router(config-router)#
address-family vpnv4

• Selects configuration of VPNv4 prefix exchanges

under MP-BGP sessions
router(config-router)#
address-family ipv4 vrf vrf-name

• Selects configuration of per-VRF PE-CE EBGP

parameters
BGP Neighbors

•MP-BGP neighbors are configured under the BGP routing process.

• These neighbors need to be activated for each global address family they
support.
• Per-address-family parameters can be configured for these neighbors.
•VRF-specific EBGP neighbors are configured under corresponding
address families.
 Configuring MP-BGP

•MPLS VPN MP-BGP configuration steps:

• Configure MP-BGP neighbor under BGP routing process
• Configure BGP address family VPNv4
• Activate configured BGP neighbor for VPNv4 route exchange
• Specify additional parameters for VPNv4 route exchange (filters, next hops, and so
forth)
 Configuring MP-IBGP

router(config)#
router bgp AS-number
neighbor IP-address remote-as AS-number
neighbor IP-address update-source loopback-interface

• All MP-BGP neighbors have to be configured under global

BGP routing configuration.
• MP-IBGP sessions have to run between loopback interfaces.
router(config-router)#
address-family vpnv4

• Starts configuration of MP-BGP routing for VPNv4 route

exchange.
• Parameters that apply only to MP-BGP exchange of VPNv4
routes between already configured IBGP neighbors are
configured under this address family.
 Configuring MP-IBGP

router(config-router-af)#
neighbor IP-address activate

• The BGP neighbor defined under BGP router

configuration has to be activated for VPNv4 route
exchange.

router(config-router-af)#
neighbor IP-address next-hop-self

• The next-hop-self command must be configured on

the MP-IBGP session for proper MPLS VPN
configuration if EBGP is being run with a CE
neighbor.
 Configuring MP-EBGP
router(config)#
router bgp AS-number
neighbor IP-address remote-as another-AS-number
Cisco IOS Release 12.1(4)T
• Configure MP-EBGP under the global BGP routing
configuration.
• EBGP sessions should be run over directly connected
interfaces.
• MP-EBGP is supported from Cisco IOS Release 12.1(3)T
onward.
router(config-router)#
address-family vpnv4
neighbor IP-address activate

• This command activates the MP-EBGP neighbor for VPNv4

route exchange.
 Configuring EBGP Propagation
of all VPNv4 Routes

router(config-router)#
no bgp default route-target filter Cisco IOS Release 12.1(4)T

• By default, PE routers ignore VPNv4 routes that do

not match any configured import RT (this rule does
not apply to route reflectors).
• This command disables RT-based filters and
enables propagation of all VPNv4 routes between
Ass.
 Configuring MP-BGP
BGP Community Propagation
router(config-router-af)#
neighbor IP-address send-community [extended | both]

• This command configures propagation of standard

and extended BGP communities attached to VPNv4
prefixes.
• Default value: only extended communities are sent.

Usage guidelines:
• Extended BGP communities attached to VPNv4
prefixes have to be exchanged between MP-BGP
neighbors for proper MPLS VPN operation.
• To propagate standard BGP communities between
MP-BGP neighbors, use the both option.
 Sample VPN Network
MP-IBGP Configuration

MPLS VPN Backbone

CE-RIP-A1 CE-RIP-A2

CE-BGP-A1 CE-BGP-A2
PE-Site-X PE-Site-Y
interface loopback 0
CE-RIP-B1 ip address 172.16.1.1 255.255.255.255 CE-RIP-B2
!
router bgp 115
neighbor 172.16.1.2 remote-as 115
neighbor 172.16.1.2 update-source loopback 0
!
address-family vpnv4
neighbor 172.16.1.2 activate
neighbor 172.16.1.2 next-hop-self
neighbor 172.16.1.2 send-community both
Basic MPLS Monitoring Commands.
 Basic MPLS Monitoring Commands

router(config)#
show tag-switching tdp parameters
• Displays TDP parameters on the local router

router(config)#
show tag-switching interface
show mpls interface Cisco IOS Release 12.1(3)T

• Displays MPLS status on individual interfaces

router(config)#
show tag-switching tdp discovery
• Displays all discovered TDP neighbors
 show tag-switching interface

Router#show tag-switching interfaces [interface] [detail]

Interface Serial1/0.1:
IP tagging enabled
TSP Tunnel tagging not enabled
Tagging operational
MTU = 1500
Interface Serial1/0.2:
IP tagging enabled
TSP Tunnel tagging not enabled
Tagging operational
MTU = 1500
 show tag-switching tdp discovery

Router#show tag-switching tdp discovery

Local TDP Identifier:
192.168.3.102:0
TDP Discovery Sources:
Interfaces:
Serial1/0.1: xmit/recv
TDP Id: 192.168.3.101:0
Serial1/0.2: xmit/recv
TDP Id: 192.168.3.100:0
 More TDP Monitoring Commands

router(config)#
show tag-switching tdp neighbor
• Displays individual TDP neighbors

router(config)#
show tag-switching tdp neighbor detail
• Displays more details about TDP neighbors

router(config)#
show tag-switching tdp bindings
• Displays Tag Information Base (TIB)
 show tag tdp neighbor

Router#show tag-switching tdp neighbors

Peer TDP Ident: 192.168.3.100:0; Local TDP Ident
192.168.3.102:0
TCP connection: 192.168.3.100.711 - 192.168.3.102.11000
State: Oper; PIEs sent/rcvd: 55/53; ; Downstream
Up time: 00:43:26
TDP discovery sources:
Serial1/0.2
Addresses bound to peer TDP Ident:
192.168.3.10 192.168.3.14 192.168.3.100
 show tag tdp neighbor detail

Router#show tag-switching tdp neighbors detail

Peer TDP Ident: 192.168.3.100:0; Local TDP Ident 192.168.3.102:0
TCP connection: 192.168.3.100.711 - 192.168.3.102.11000
State: Oper; PIEs sent/rcvd: 55/54; ; Downstream; Last TIB
rev sent 26
UID: 1; Up time: 00:44:01
TDP discovery sources:
Serial1/0.2; holdtime: 15000 ms, hello interval: 5000 ms
Addresses bound to peer TDP Ident:
192.168.3.10 192.168.3.14 192.168.3.100
Peer holdtime: 180000 ms; KA interval: 60000 ms; Peer state:
estab
 Monitoring Label Switching

router(config)#
show tag-switching forwarding-table
show mpls forwarding-table
• Displays contents of LFIB

router(config)#
show ip cef detail
• Displays label(s) attached to a packet during label
imposition on edge LSR
 Monitoring Label Switching
Monitoring LFIB

Router#show tag-switching forwarding-table ?

A.B.C.D Destination prefix
detail Detailed information
interface Match outgoing interface
next-hop Match next hop neighbor
tags Match tag values
tsp-tunnel TSP Tunnel id
| Output modifiers
<cr>
 show tag-switching
forwarding-table

Router#show tag-switching forwarding-table detail

Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
26 Untagged 192.168.3.3/32 0 Se1/0.3 point2point
MAC/Encaps=0/0, MTU=1504, Tag Stack{}
27 Pop tag 192.168.3.4/32 0 Se0/0.4 point2point
MAC/Encaps=4/4, MTU=1504, Tag Stack{}
20618847
28 29 192.168.3.4/32 0 Se1/0.3 point2point
MAC/Encaps=4/8, MTU=1500, Tag Stack{29}
18718847 0001D000
Monitoring MPLS VPN
Operation
 Monitoring VRF

router#
show ip vrf

• Displays the list of all VRFs configured in the router

router#
show ip vrf detail

• Displays detailed VRF configuration

router#
show ip vrf interfaces

• Displays interfaces associated with VRFs

 show ip vrf

Router#show ip vrf
Name Default RD Interfaces
SiteA2 103:30 Serial1/0.20
SiteB 103:11 Serial1/0.100
SiteX 103:20 Ethernet0/0
Router#
 show ip vrf detail

Router#show ip vrf detail

VRF SiteA2; default RD 103:30
Interfaces:
Serial1/0.20
Connected addresses are not in global routing table
No Export VPN route-target communities
Import VPN route-target communities
RT:103:10
No import route-map
Export route-map: A2
VRF SiteB; default RD 103:11
Interfaces:
Serial1/0.100
Connected addresses are not in global routing table
Export VPN route-target communities
RT:103:11
Import VPN route-target communities
RT:103:11 RT:103:20
No import route-map
No export route-map
 show ip vrf interfaces

Router#show ip vrf interfaces

Interface IP-Address VRF Protocol
Serial1/0.20 150.1.31.37 SiteA2 up
Serial1/0.100 150.1.32.33 SiteB up
Ethernet0/0 192.168.22.3 SiteX up
 Monitoring VRF Routing

router#
show ip protocols vrf name

• Displays the routing protocols configured in a VRF

router#
show ip route vrf name …

• Displays the VRF routing table

router#
show ip bgp vpnv4 vrf name …

• Displays per-VRF BGP parameters

(PE-CE neighbors …)
 show ip protocol vrf

Router#show ip protocol vrf SiteX

Routing Protocol is "rip"
Sending updates every 30 seconds, next due in 10 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Outgoing update filter list for all interfaces is
Incoming update filter list for all interfaces is
Redistributing: rip, bgp 3
Default version control: send version 2, receive version 2
Interface Send Recv Triggered RIP Key-chain
Ethernet0/0 2 2
Routing for Networks:
192.168.22.0
Routing Information Sources:
Gateway Distance Last Update
Distance: (default is 120)
 show ip route vrf

Router#show ip route vrf SiteA2

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

O 203.1.20.0/24 [110/782] via 150.1.31.38, 02:52:13, Serial1/0.20

203.1.2.0/32 is subnetted, 1 subnets
O 203.1.2.1 [110/782] via 150.1.31.38, 02:52:13, Serial1/0.20
203.1.1.0/32 is subnetted, 1 subnets
B 203.1.1.1 [200/1] via 192.168.3.103, 01:14:32
B 203.1.135.0/24 [200/782] via 192.168.3.101, 02:05:38
B 203.1.134.0/24 [200/1] via 192.168.3.101, 02:05:38
B 203.1.10.0/24 [200/1] via 192.168.3.103, 01:14:32

… rest deleted …
 show ip bgp vpnv4 vrf neighbor

Router#show ip bgp vpnv4 vrf SiteB neighbors

BGP neighbor is 150.1.32.34, vrf SiteB, remote AS 65032, external link
BGP version 4, remote router ID 203.2.10.1
BGP state = Established, up for 02:01:41
Last read 00:00:56, hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received
Address family IPv4 Unicast: advertised and received
Received 549 messages, 0 notifications, 0 in queue
Sent 646 messages, 0 notifications, 0 in queue
Route refresh request: received 0, sent 0
Minimum time between advertisement runs is 30 seconds

For address family: VPNv4 Unicast

Translates address family IPv4 Unicast for VRF SiteB
BGP table version 416, neighbor version 416
Index 4, Offset 0, Mask 0x10
Community attribute sent to this neighbor
2 accepted prefixes consume 120 bytes
Prefix advertised 107, suppressed 0, withdrawn 63

… rest deleted …
 Monitoring MP-BGP Sessions

router#
show ip bgp neighbor

• Displays global BGP neighbors and the protocols

negotiated with these neighbors
 show ip bgp neighbor
Router#show ip bgp neighbor 192.168.3.101
BGP neighbor is 192.168.3.101, remote AS 3, internal link
BGP version 4, remote router ID 192.168.3.101
BGP state = Established, up for 02:15:33
Last read 00:00:33, hold time is 180, keepalive interval is 60
seconds
Neighbor capabilities:
Route refresh: advertised and received
Address family IPv4 Unicast: advertised and received
Address family VPNv4 Unicast: advertised and received
Received 1417 messages, 0 notifications, 0 in queue
Sent 1729 messages, 2 notifications, 0 in queue
Route refresh request: received 9, sent 29
Minimum time between advertisement runs is 5 seconds

For address family: IPv4 Unicast

BGP table version 188, neighbor version 188
Index 2, Offset 0, Mask 0x4
1 accepted prefixes consume 36 bytes
Prefix advertised 322, suppressed 0, withdrawn 230

... Continued
 show ip bgp neighbor

Router#show ip bgp neighbor 192.168.3.101

... Continued

For address family: VPNv4 Unicast

BGP table version 416, neighbor version 416
Index 2, Offset 0, Mask 0x4
NEXT_HOP is always this router
Community attribute sent to this neighbor
6 accepted prefixes consume 360 bytes
Prefix advertised 431, suppressed 0, withdrawn 113

Connections established 7; dropped 6

Last reset 02:18:33, due to Peer closed the session

... Rest deleted

 Monitoring an MP-BGP
VPNv4 Table
router#
show ip bgp vpnv4 all

• Displays whole VPNv4 table

router#
show ip bgp vpnv4 vrf name

• Displays only BGP parameters (routes or neighbors)

associated with specified VRF
• Any BGP show command can be used with these
parameters
router#
show ip bgp vpnv4 rd value

• Displays only BGP parameters (routes or neighbors)

associated with specified RD
 show ip bgp vpnv4 vrf …
Router#show ip bgp vpnv4 vrf SiteA2
BGP table version is 416, local router ID is 192.168.3.102
Status codes: s suppressed, d damped, h history, * valid, > best,
i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 103:30 (default for vrf SiteA2)
*> 150.1.31.36/30 0.0.0.0 0 32768 ?
*>i150.1.31.128/30 192.168.3.101 0 100 0 ?
*>i150.1.31.132/30 192.168.3.101 0 100 0 ?
*>i203.1.1.1/32 192.168.3.103 1 100 0 65031
i
*> 203.1.2.1/32 150.1.31.38 782 32768 ?
*>i203.1.10.0 192.168.3.103 1 100 0 65031
i
*> 203.1.20.0 150.1.31.38 782 32768 ?
*>i203.1.127.3/32 192.168.3.101 1 100 0 ?
*>i203.1.127.4/32 192.168.3.101 782 100 0 ?
*>i203.1.134.0 192.168.3.101 1 100 0 ?
*>i203.1.135.0 192.168.3.101 782 100 0 ?
 show ip bgp vpnv4 rd …

Router#show ip bgp vpnv4 rd 103:30 203.1.127.3

BGP routing table entry for 103:30:203.1.127.3/32, version 164
Paths: (1 available, best #1, table SiteA2)
Not advertised to any peer
Local, imported path from 103:10:203.1.127.3/32
192.168.3.101 (metric 10) from 192.168.3.101 (192.168.3.101)
Origin incomplete, metric 1, localpref 100, valid,
internal, best
Extended Community: RT:103:10
 Monitoring per-VRF CEF
and LFIB Structures
router#
show ip cef vrf name

• Displays per-VRF CEF table

router#
show ip cef vrf name prefix detail

• Displays details of an individual CEF entry,

including label stack
router#
show tag-switching forwarding vrf name

• Displays labels allocated by MPLS VPN for routes in

specified VRF
 show ip cef vrf

Router#show ip cef vrf SiteA2 203.1.1.1 255.255.255.255 detail

203.1.1.1/32, version 57, cached adjacency to Serial1/0.2
0 packets, 0 bytes
tag information set
local tag: VPN-route-head
fast tag rewrite with Se1/0.2, point2point, tags imposed: {26
39}
via 192.168.3.103, 0 dependencies, recursive
next hop 192.168.3.10, Serial1/0.2 via 192.168.3.103/32
valid cached adjacency
tag rewrite with Se1/0.2, point2point, tags imposed: {26 39}

•The show ip cef command can also display the label

stack associated with the MP-IBGP route.
 show tag-switching forwarding vrf

Router#show tag-switching forwarding vrf SiteA2

Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
26 Aggregate 150.1.31.36/30[V] 0
37 Untagged 203.1.2.1/32[V] 0 Se1/0.20 point2point
38 Untagged 203.1.20.0/24[V] 0 Se1/0.20 point2point

Router#show tag-switching forwarding vrf SiteA2 tags 37 detail

Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
37 Untagged 203.1.2.1/32[V] 0 Se1/0.20 point2point
MAC/Encaps=0/0, MTU=1504, Tag Stack{}
VPN route: SiteA2
Per-packet load-sharing
 Monitoring Labels Associated with VPNv4
Routes
router#
show ip bgp vpnv4 [ all | rd value | vrf name ] tags

• Displays labels associated with VPNv4 routes

Router#show ip bgp vpnv4 all tags

Network Next Hop In tag/Out tag

Route Distinguisher: 100:1 (vrf1)
2.0.0.0 10.20.0.60 34/notag
10.0.0.0 10.20.0.60 35/notag
12.0.0.0 10.20.0.60 26/notag
10.20.0.60 26/notag
13.0.0.0 10.15.0.15 notag/26
 Other MPLS VPN Monitoring Commands

router#
telnet host /vrf name

• Performs PE-CE Telnet through specified VRF

router#
ping vrf name …

• Performs ping based on VRF routing table

router#
trace vrf name …

• Performs VRF-based traceroute

 Summary

• MPLS is much more than label switching

• MPLS allows an IP infrastructure to be “Service Enabled”
• Allows the SP/Enterprise to offer multiple Services across a
single infrastructure
• AToM allows layer-2 transport across an MPLS
infrastructure
• MPLS Services will continue to evolve and allow the
integration of more Services across a single infrastructure
FAQs
 Routing Information Propagation Across
the P-Network

IGP for Customer A IGP for Customer A

Customer A IGP for Customer B IGP for Customer B Customer B

IGP for Customer C IGP for Customer C

Customer B Customer C
PE Router X P Router PE Router Y

P-Network
Customer C Customer A

Q: How will PE routers exchange customer routing information?

A1: Run a dedicated Interior Gateway Protocol (IGP) for each customer
across P-network.
Wrong answer:
• The solution does not scale.
• P routers carry all customer routers.
 Routing Information Propagation Across
the P-Network (cont.)

A dedicated routing protocol used

to carry customer routes
Customer A Customer B

Customer B Customer C
PE Router X P Router PE Router Y

P-Network
Customer C Customer A

Q: How will PE routers exchange customer routing information?

A2: Run a single routing protocol that will carry all customer routes
inside the provider backbone.
Better answer, but still not good enough:
• P routers carry all customer routers.
 Routing Information Propagation Across
the P-Network (cont.)

A dedicated routing protocol used

to carry customer routes between PE routers
Customer A Customer B

Customer B Customer C
PE Router X P Router PE Router Y

P-Network
Customer C Customer A

Q: How will PE routers exchange customer routing information?

A3: Run a single routing protocol that will carry all customer routes
between PE routers. Use MPLS labels to exchange packets between
PE routers.
The best answer:
• P routers do not carry customer routes; the solution is scalable.
 Routing Information Propagation Across
the P-Network (cont.)

A dedicated routing protocol used

to carry customer routes between PE routers
Customer A Customer B

Customer B Customer C
PE Router X P Router PE Router Y

P-Network
Customer C Customer A

Q: Which protocol can be used to carry customer routes between PE routers?

A: The number of customer routes can be very large. BGP is the only
routing protocol that can scale to a very large number of routes.

Conclusion:
BGP is used to exchange customer routes directly between PE routers.
 Routing Information Propagation Across
the P-Network (cont.)

A dedicated routing protocol used

to carry customer routes between PE routers
Customer A Customer B

Customer B Customer C
PE Router X P Router PE Router Y

P-Network
Customer C Customer A

Q: Customers can have overlapping address spaces. How will

information about the same subnet of two customers be propagated
via a single routing protocol?
A: Customer addresses are extended with a 64-bit prefix (route
distinguisher—RD) to make them unique. Unique 96-bit addresses are
exchanged between PE routers.
Thank You Very much !...

https://www.facebook.com/ClearConceptsNetworks

ClearConceptsNetworks