Introduction to MPLS

and MPLS Layer3 VPN

1 v1.2
Overview
• What is MPLS
• MPLS Technology Basics
• Label Distribution Protocol and Lab Demo
• MPLS Layer3 VPN Principle and Lab Demo
• Quiz

2 v1.2
What is MPLS
 Definition of MPLS
• Multi Protocol Label Switching
– Multiprotocol, it supports ANY network layer protocol, i.e. IPv4,
IPv6, IPX, CLNP, etc.
– A short label of fixed length is used to encapsulate packets
– Packets are forwarded by label switching instead of by IP
4

switching

4 v1.2
Initial Motivation of MPLS
• In mid 1990s, IP address lookup was considered more
complex and taking longer time.
-- Logical AND “&&” -- Longest matching
IP Forwarding Table IP Forwarding Table IP Forwarding Table
Address Address Address
Prefix I/F Prefix I/F Prefix I/F

10.1/16 1 10.1/16 0 10.1/16 0

172.16/16 0 172.16/16 1 172.16/16 1

… … …

10.1/16

1 0 0

10.1.25.4 Data 10.1.25.4 Data 10.1.25.4 Data 10.1.25.4 Data

A label-swapping protocol was the need for speed.

5 v1.2
 Decoupling Routing and Forwarding
• But hardware of routers became better and looking up
longest best match was no longer an issue.

10.1/16

1 0 0
6

10.1.25.4 Data 20 10.1.25.4 Data 30 10.1.25.4 Data 10.1.25.4 Data

• More importantly, MPLS de-couples forwarding from routing,

and support multiple service models. 1

MPLS can allow core routers to switch packets based on

some simplified header.
6 v1.2
 MPLS VPN
VPNA
VPN B Site 1
PE
Site 1 PE CE
CE P
P

7
PE P VPN B
Site 2
CE
PE
VPNA
Site 2
CE
MPLS Core

VPN B
Site 3
CE

• MPLS Layer 3/ Layer 2 VPN

7 v1.2
Optimal Traffic Engineering
b /s
0 M
30
:
BW
Tunnel 1 R3 GE
GE

R1 8
R2 R6

FE
FE
Tunnel 2 BW
:5
0 FE
M R4 R5
b/
s

IP TE MPLS TE
Shortest path Determines the path at the source based on additional
parameters (available resources and constraints, etc.)
Equal cost load balancing Load sharing across unequal paths can be achieved.

8 v1.2
MPLS QoS
• MPLS does NOT define a new QoS architecture.
– Similar parts with IP DiffServ: functional components and where they are
used.(such as marking and traffic policing at network edge, etc)
– Difference: packets are differentiated by MPLS Traffic Class bits
MPLS Header IP Packet

IP Packet

Traffic Class

DSCP

VPN Site
IP Domain CE PE P P
MPLS Domain
- Packet
QoS in MPLS VPN Architecture

9 v1.2
MPLS Application Scenario

MPLS CORE
TE Main Path for PE1-PE3
L 3V
PN N
L2VP
Enterprise
L3 Enterprise
PE1 P P PE3 VP
N

Enterprise

N L2
L2VP VP
N
TE Backup Path for PE1-PE3
PE2 P P PE4

Enterprise
QoS Operations : QoS Operations:
QoS Operations:
Traffic marking, Congestion
Traffic marking,
police, shaping management,
police, shaping
congestion avoidance

10 v1.2
MPLS Technology Basics

11 v1.2
 MPLS Architecture
Routing Information Label Binding and
Exchange with other Exchange with other
routers routers

Control Plane
IP Routing
Protocols

12
Routing Label Label
Information Distribution Information
Base (RIB) Protocols Base (LIB)

Data Plane
Incoming Incoming
IP Packet Forwarding Label Forwarding Labeled Packet
Information Information
Base (FIB) Base (LFIB)

12 v1.2
MPLS Topology

MPLS Domain

IP Packet Label IP Packet Label IP Packet Label IP Packet IP Packet

IP Domain Edge IP Domain

Edge LSR LSR
LSR LSR

• LSR (Label Switch Router) is a router that supports MPLS.

• LER (Label Edge Router), also called edge LSR, is an LSR that operates at the edge of an MPLS
network.
• LSP (Label Switched Path) is the path through the MPLS network or a part of it that packets take.
13 v1.2
 MPLS Shim Header (MPLS Label)

MPLS Label Encapsulation

Datalink Layer Header MPLS Label Layer 2/ Layer 3 Packet

14

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Label
Stack
Label - 20bits TC S TTL-8bits
Entry

TC = Traffic Class: 3 Bits; S = Bottom of Stack: 1 Bit; TTL = Time to Live

14 v1.2
MPLS Label Stacking
• Multiple labels can be used for MPLS packet encapsulation.
network. This is done by packing the labels into a stack.
• Some MPLS applications (VPN, etc.) actually need more than
one labels in the label stack to forward the labeled packets.

LAN MAC Label Header

MAC Header Label S Label S Layer 3 Packet

S=0 S=1
Bottom of Stack Bit Set

MPLS Label Stack

15 v1.2
Example Packets with MPLS Label
• Question: Please check the packets, which example has the
packet with 2 layer of labels?

• (1) https://www.cloudshark.org/captures/ad8459ae256a

• (2) https://www.cloudshark.org/captures/3bf1a02e2800

16 v1.2
LSP Setup Overview
• Before forwarding packets, labels must be allocated to
establish an LSP.
• Protocols for label distribution: LDP, RSVP-TE, MP-BGP.
Upstream Downstream
To 10.1.1.1/32 To 10.1.1.1/32 To 10.1.1.1/32
Label=100 Label=200 Label=300

10.1.1.1/32

LSP
R1 R2 R3 R4

Establishing an LSP
Labels are allocated from downstream LSRs to upstream LSRs.

17 v1.2
 Basic Concepts of MPLS Forwarding
• FEC
– Forwarding Equivalence Class, is a group or flow of packets that are forwarded along
the same path and are treated the same with regard to the forwarding treatment.
– Most commonly, a packet is assigned to a FEC based (completely or partially) on its
network layer destination address.
• Push
– A new label is added to the packet between the Layer 2 header and the IP header or
18

to the top of the label stack.

• Swap
– The top label is removed and replaced with a new label.
• Pop
– The top label is removed. The packet is forwarded with the remaining label stack or
as an unlabeled packet.

18 v1.2
MPLS Forwarding Operations
Local label: incoming label
Prefix: 10.1.1.1/32 Prefix: 10.1.1.1/32 Prefix: 10.1.1.1/32 Prefix: 10.1.1.1/32
Local Label Null Local Label 100 Local Label 200 Local Label 300
Out Interface E1 Out Interface E1 Out Interface E1 Out Interface --
Out Label 100 Out Label 200 Out Label 300 Out Label --
Operation Push Operation Swap Operation Swap Operation POP

100 IP:10.1.1.1 200 IP:10.1.1.1 300 IP:10.1.1.1

Push Swap Swap Pop

IP
:1
1 0.
.1. 1.
1.
1 0.1 1
: E1 E0 E1 E0 E1 E0
IP E0

R1 R2 R3 R4 10.1.1.1/32
Loopback0

19 v1.2
MPLS Forwarding Operations with PHP
PHP: Penultimate Hop Popping
Prefix: 10.1.1.1/32 Prefix: 10.1.1.1/32 Prefix: 10.1.1.1/32 Prefix: 10.1.1.1/32
Local Label Null Local Label 100 Local Label 200 Local Label imp-null
Out Interface E1 Out Interface E1 Out Interface E1 Out Interface --
Out Label 100 Out Label 200 Out Label imp-null Out Label --
Operation Push Operation Swap Operation Pop Operation --

100 IP:10.1.1.1 200 IP:10.1.1.1 IP:10.1.1.1

Push Swap Pop

IP
:1
1 0.
.1. 1.
1.
1 0.1 1
: E1 E0 E1 E0 E1 E0
IP E0

R1 R2 R3 R4 10.1.1.1/32
Loopback0
The implicit NULL label is the label that has a value of 3, the label 3
will never be seen as a label in the label stack of an MPLS packet.

20 v1.2
Why PHP?

Prefix: 10.1.1.1/32 Prefix: 10.1.1.1/32 Prefix: 10.1.1.1/32 Prefix: 10.1.1.1/32

Review what R4 has done:
Local Label Null Local Label 100 Local Label 200 Local Label 300
1. First, lookup the label in the LFIB;
Out Interface E1 Out Interface E1 Out Interface E1 Out Interface --
Remove the label
Out Label 100 Out Label 200 Out Label --
2. Then, IP lookup and forwardOut
IPLabel
packet.300
Operation Push Operation Swap Operation Swap Operation POP

Is the first lookup

100 IP:10.1.1.1 200 IP:10.1.1.1 300 IP:10.1.1.1
necessary?
Push Can we simplify
Swap it? Swap Pop
IP
:1
1 0.
.1. 1.
1.
1 0.1 1
: E1 E0 E1 E0 E1 E0
IP E0

R1 R2 R3 R4 10.1.1.1/32
Loopback0

21 v1.2
 MPLS LSP Ping
R1#ping mpls ipv4 10.0.0.4/32
Sending 5, 100-byte MPLS Echos to 10.0.0.4/32,
timeout is 2 seconds, send interval is 0 msec:
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'l' - Label switched with FEC change, 'd' - see DDMAP for return code,
'X' - unknown return code, 'x' - return code 0

22
Type escape sequence to abort.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/14/16 ms
Total Time Elapsed 128 ms Cisco IOS

MPLS Echo MPLS Domain

Request
10.0.0.4/32

R1 R2 R3 MPLS Echo R4
Reply

22 v1.2
 MPLS LSP Trace
R1#traceroute mpls ipv4 10.0.0.4/32
Tracing MPLS Label Switched Path to 10.0.0.4/32, timeout is 2 seconds
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'l' - Label switched with FEC change, 'd' - see DDMAP for return code,
'X' - unknown return code, 'x' - return code 0

Type escape sequence to abort.

23
0 10.1.0.1 MRU 1500 [Labels: 202 Exp: 0]
L 1 10.1.0.2 MRU 1500 [Labels: 302 Exp: 0] 16 ms
L 2 10.1.0.14 MRU 1500 [Labels: implicit-null Exp: 0] 12 ms
! 3 10.1.0.22 2 ms Cisco IOS

MPLS Domain
10.0.0.4/32

R1 R2 R3 R4

23 v1.2
 Technology Comparison
IP MPLS

•Destination address based •Label based

•Forwarding table learned •Forwarding table learned from
Forwarding
from control plane control plane
•TTL support •TTL support
24

Routing protocols
Control Plane Routing protocols
Label distribution protocols

Packet
IP header MPLS Header
Encapsulation

QoS 8 bit TOS in IP header 3 bit TC in label

OAM IP Ping, traceroute MPLS Ping, traceroute

24 v1.2
Label Distribution Protocol

25 v1.2
 MPLS Builders
Which protocols can set up
Label Switched Path?
Pure Signaling Routing Protocols
MPLS Protocols with Extensions
26

Most classic
and
widespread

LDP BGP

RSVP-TE IGP

26 v1.2
 Advantages of LDP
• Reliability
– LDP uses reliable TCP as the transport protocol for all but the discovery
messages.

• Auto provision
– Abilities to set up LSPs dynamically based on routing information
27

• Plug-and-play
– Simple deployment and configuration

• Support for a large number of LSPs

27 v1.2
 LDP Identifier
• An LDP Identifier is a six octet quantity used to identify an
LSR label space.
4 byte 2 byte

LSR ID Label Space ID

Label Space ID = 0
28
10.10.1.1 0 Label space is per platform
Label Space ID ≠ 0
20.20.20.2 6 Label space is per interface

R2#show mpls ldp discovery

Local LDP Identifier:
2.2.2.2:0
Discovery Sources:
Interfaces:
FastEthernet0/0 (ldp): xmit/recv
LDP Id: 3.3.3.3:0
Ethernet1/0 (ldp): xmit/recv
LDP Id: 1.1.1.1:0
Cisco IOS

28 v1.2
 Label Space – Per Platform
• In per-platform label space, one single label is assigned to a
destination network and announced to all neighbors. The label
must be locally unique and valid on all incoming interfaces.
Prefix Out Label
100.1.1.0/24 100
29
200.1.1.0/24 200 LDP
3.3 ID:
.3.
R1 LD
3:0
P

E1/1 100.1.1.0/24
E1/2 200.1.1.0/24
R3
DP
R2 L
: In Label Prefix
ID 3:0
P .
LD 3.3
Prefix Out Label 3. 100 100.1.1.0/24
100.1.1.0/24 100 200 200.1.1.0/24
200.1.1.0/24 200

29 v1.2
 Label Space – Per Interface
• In per-interface label space, local labels are assigned to IP
destination prefixes on a per-interface basis. These labels must
be unique on a per-interface basis.
Prefix Out Label
100.1.1.0/24 1/300
200.1.1.0/24 1/200 LDP
30
3.3 ID:
.3.
3:5
R1 LD
P

ATM4/1 100.1.1.0/24
ATM4/2 200.1.1.0/24
R3
DP
R2 L
:
ID 3:9 In Label In Interface Prefix
P .
LD 3.3
Prefix Out Label 3. 1/300 ATM 4/1 100.1.1.0/24
100.1.1.0/24 1/400 1/200 ATM 4/1 200.1.1.0/24
200.1.1.0/24 1/500 1/400 ATM 4/2 100.1.1.0/24
1/500 ATM 4/2 200.1.1.0/24

30 v1.2
 LDP Operations

Step 1

Neighbor Discovery

31
Step 2

Session Establishment

Step 3

Label Distribution

31 v1.2
 LDP Messages
Category Function Message Name

Discovery Announce and maintain the presence of Hello

an LSR in a network
Session Establish, maintain, and terminate Initialization
sessions between LDP peers
Keepalive
Label Distribution Create, change, and delete label Label Release
32 mappings for FECs
Label Request

Label Abort Request

Label Mapping

Label Withdrawal

Notification Provide advisory information and to Notification

signal error information
(Not list all the messages)

32 v1.2
 LDP Neighbor Discovery (1)
• Basic Discovery – Directly connected peer
– LDP Hello messages are UDP messages that are sent on the links to
the “all routers on this subnet” multicast IP address - 224.0.0.2. The
UDP port used for LDP is 646.
UDP: Hello
33
(2.2.2.2:1064 → 224.0.0.2:646)

LDP
R2: 2.2.2.2
UDP: Hello
(1.1.1.1:1050 → 224.0.0.2:646)
NO_MPLS
LDP
R1: 1.1.1.1 R3: 3.3.3.3
UDP: Hello
(4.4.4.4:1027 → 224.0.0.2:646)

LDP
R4: 4.4.4.4

33 v1.2
 LDP Neighbor Discovery (2)
• Extended Discovery – Non-directly connected peer
– LDP sessions between non-directly connected LSRs are supported by
LDP Extended Discovery.

Targeted LDP Session

34

R1:1.1.1.1 R2: 2.2.2.2 R3: 3.3.3.3 R4: 4.4.4.4

UDP: Targeted Hello

(1.1.1.1:1080 → 4.4.4.4:646)

UDP: Targeted Hello

(4.4.4.4:1012 → 1.1.1.1:646)

34 v1.2
 LDP Session Establishment and Maintenance
After neighbor discovery,
2 neighbors start to
My LSR-ID is My LSR-ID is
establish session
smaller, I am in larger, I am in
Passive role. Active role.

R1: 1.1.1.1 R2: 2.2.2.2

35

Establish TCP Connection (Initiated by R2)

Initialization Message

Initialization Message

Keepalive Message

Keepalive Message

Session UP Session UP

35 v1.2
 Label Distribution and Management
After LDP sessions are established, labels will be distributed between LDP peers.
The label distribution mode used depends on the interface and the implementation.

Label Distribution Ordered

36 Control Mode Independent

DoD
Label Advertisement (Downstream on Demand)
Mode DU
(Downstream Unsolicited)

Liberal
Label Retention Mode
Conservative

36 v1.2
 Label Distribution Control Mode - Ordered
• In Ordered control mode, an LSR would only assign a local label for the
IGP prefixes that are marked as directly connected in its routing table or
also for the IGP prefixes for which it has already received a label from the
nexthop router.
37

Upstream Downstream

LDP LDP LDP Loopback 2:

100.1.1.1/32

R1 R2 2
R3 1
R4
3 Label Mapping Label Mapping
Label Mapping
To 100.1.1.1/32 To 100.1.1.1/32 To 100.1.1.1/32
Label=100 Label=200 Label=300

37 v1.2
 Label Distribution Control Mode - Independent
• In the independent mode, each LSR creates a local binding for a
particular FEC as soon as it recognizes the FEC. Usually, this
means that the prefix for the FEC is in its routing table.

38
Upstream Downstream

LDP LDP LDP

100.1.1.1/32

R1 R2 R3 2
R4
1 Label Mapping
Label Mapping
To 100.1.1.1/32 To 100.1.1.1/32
Label=100 Label=300

38 v1.2
Label Advertisement Mode - Downstream on Demand

• In the DoD mode, an LSR distributes labels to a specified FEC

only after receiving Label Request messages from its upstream
LSR.

Upstream Downstream
Label Request Label Request Label Request
for 100.1.1.1/32 for 100.1.1.1/32 for 100.1.1.1/32

LDP LDP LDP

100.1.1.1/32

R1 R2 R3 R4
Label Mapping Label Mapping Label Mapping
To 100.1.1.1/32 To 100.1.1.1/32 To 100.1.1.1/32
Label=100 Label=200 Label=300

39 v1.2
Label Advertisement Mode - Downstream Unsolicited

• In the DU mode, each LSR distributes a label to its upstream

LSRs, without those LSRs requesting a label.

Upstream Downstream

LDP LDP LDP

100.1.1.1/32

R1 R2 R3 R4
Label Mapping Label Mapping Label Mapping
To 100.1.1.1/32 To 100.1.1.1/32 To 100.1.1.1/32
Label=100 Label=200 Label=300

40 v1.2
 Label Retention Mode - Liberal
• In the liberal mode, an LSR keeps all received remote labels in
the LIB, but not all are used to forward packets.
Upstream Downstream

Prefix Out Label To 100.1.1.1/32,

NH= R3
41 100.1.1.1/32 200
100.1.1.1/32 500(Liberal)
Label Mapping
To 100.1.1.1/32
Label=200

LDP LDP LDP

GE
100.1.1.1/32
GE

R1 R2 R3 R4

P
LD

LD
P
L a 1 0 0 500

FE
F
To bel=

E
be .1
La

l M .1.
ap 1/3

LDP
pi 2
ng

FE

R5 R6

41 v1.2
 Label Retention Mode - Conservative
• An LSR that is running this mode does not store all remote labels
in the LIB, but it stores only the remote label that is associated
with the next-hop LSR for a particular FEC.
Upstream To 100.1.1.1/32, Downstream
NH= R3
42
Prefix Out Label
100.1.1.1/32 200 Label Mapping
To 100.1.1.1/32
Label=200

LDP LDP LDP

ATM
100.1.1.1/32
ATM

R1 R2 R3 R4

P
LD

LD
M
AT

P
L a 1 0 0 500

AT
To bel=
be .1

M
La

l M .1.
ap 1/3

LDP
pi 2
ng

ATM

R5 R6

42 v1.2
 Label Distribution Scheme Summary
• Cisco IOS can support:
Control Distribution Retention Label Space

Frame Mode Independent DU Liberal Per Platform

Cell Mode (LC ATM) Ordered DoD Conservation Per Interface

• Junos can support:

43

Control Distribution Retention

Ordered DU Liberal

DoD

• Huawei VRP can support:

Control Distribution Retention
Ordered DU Liberal By default

Ordered DoD Conservation Also support

43 v1.2
MPLS LDP Lab Demo
• We will spend 15min to try the MPLS LDP lab on APNIC
Academy:

• https://academy.apnic.net/en/virtual-labs/

44 v1.2
45

MPLS L3VPN Principle

45 v1.2
MPLS VPN Models

46 3 v1.2
 Advantages of MPLS Layer-3 VPN
• Scalability
• Security
• Easy to Create
• Flexible Addressing
47

• Integrated Quality of Service (QoS) Support

• Straightforward Migration

47 v1.2
 MPLS L3VPN Topology
• PE: Provider Edge Router
• P : Provider Router
• CE: Customer Edge Router

CE P P
CE
VPNA PE VPNB

MPLS Network
VPNB
P P
48
PE VPNA
CE
CE

48 v1.2
 Virtual Routing and Forwarding Instance
• Virtual routing and forwarding table
– On PE router
– Separate instance of routing (RIB) and forwarding table

• A VRF defines the VPN membership of a customer site attached to a PE device.

• VRF associated with one or more customer interfaces
49

CE
VPNA
VRF A
PE

CE MPLS Backbone

VPNB VRF B

49 v1.2
 Routes Transfer between CE and PE
• PE installs the internal routes (IGP) in global routing table
• PE installs the VPN customer routes in VRF routing tables
– VPN routes are learned from CE routers or remote PE routers
50
– VRF-aware routing protocol (static, OSPF, IS-IS, BGP) on each PE

Static, OSPF, IS-IS, BGP

CE
VPNA
VRF A
PE

CE MPLS Backbone

VPNB VRF B

50 v1.2
 Control Plane: Multi-Protocol BGP
• PE routers distribute VPN routes to each other via MP-BGP.

• MP-BGP customizes the VPN Customer Routing Information

as per the Locally Configured VRF Information at the PE
using:
51

– Route Distinguisher (RD)

– Route Target (RT)
– VPN Label

51 v1.2
 What is RD
• Route distinguisher is an 8-octet field prefixed to the
customer's IPv4 address. RD makes the customer’s IPv4
address unique inside the SP MPLS network.

52
• RD is configured in the VRF at PE
Route Distinguisher (8
bytes)
Example: Type 0 100:1 2-byte ASN + 4-byte value

Type 1 192.168.19.1:1 4-byte IP + 2-byte value

Type 2 65538:10 4-byte ASN + 2-byte value

52 v1.2
 What is RD
• Route distinguisher is an 8-octet field prefixed to the
customer's IPv4 address. RD makes the customer’s IPv4
address unique inside the SP MPLS network.

53
• RD is configured in the VRF at PE
Route Distinguisher (8 IPv4 Address
VPNv4 Address:
bytes) (4 bytes)
Example: Type 0 100:1 10.1.1.1

Type 1 192.168.19.1:1 10.1.1.1

Type 2 65538:10 10.1.1.1

53 v1.2
 Route Advertisement: RD
• VPN customer IPv4 prefix is converted into a VPNv4 prefix by
appending the RD to the IPv4 address
• PE devices use MP-BGP to advertise the VPNv4 address
54
VPNv4 Prefixes on PE:
VRF A 100:1:10.1.1.0
VPNA
VRF B 200:1:10.1.1.0
10.1.1.0/24 CE
VRF A
RD: 100:1

PE

MPLS Backbone

VPNB
CE VRF B
10.1.1.0/24 RD: 200:1

54 v1.2
 What is RT
• Route Target is a BGP extended community attribute, is used to
control VPN routes advertisement.

Route Target (8 bytes)

55

Type 0 100:1
Example:
Type 1 192.168.1.1:1

Type 2 65538:10

• Two types of RT:

– Export RT
– Import RT

55 v1.2
 Route Advertisement: RT
VRF A:

MP-iBGP update:
200:1:10.1.1.0/24
Ex RT: 100:100, 100:200 VRF B:
CE
CE
VPNA VPNB

56
MPLS Network
VPNB
10.1.1.0/24 PE1 PE2 VPNA
CE
CE

Import RT Export RT Import RT Export RT

VRF A 100:1 100:1 VRF A 100:1 100:1

100:2 100:2
VRF B 100:100 100:100 100:3
100:200 100:200 VRF B 100:100 100:100

56 v1.2
Using RT to Build VPN Topologies

In a hub-and-spoke VPN, the

In a full-mesh VPN, each site
spoke sites in the VPN can
in the VPN can communicate
communicate only with the hub
with every other site in that
sites; they cannot communicate
same VPN.
with other spoke sites.

57 v1.2
 VPN Label
• PE adds the label to the NLRI field.
VRF B:
200:1:10.1.1.0/24
200:1:10.1.1.0/24 RT: 100:100, 100:200
RT: 100:100, 100:200 Out Label: 100
Local Label: 100
CE
MP-iBGP CE
VPNA VPNB

MPLS Network
58

VPNB
10.1.1.0/24 PE1 PE2 VPNA
CE
CE

58 v1.2
 Control Plane Walkthrough(1/2)
1. PE1 receives an IPv4 update (eBGP/OSPF/IS-IS)
2. PE1 converts it into VPNv4 address and constructs the MP-iBGP UPDATE message
– Associates the RT values (export RT =100:100) per VRF configuration
– Rewrites next-hop attribute to itself
– Assigns a label (100); Installs it in the MPLS forwarding table.

3. PE1 sends MP-iBGP update to other PE routers

MP-iBGP Update:
RD:10.1.1.0
Next-Hop=PE-1
Site 1 3 RT=100:100, Label=100 Site 2

10.1.1.0/24 CE1
2 P P
CE2
10.1.1.0/24
Next-Hop=CE-1
P P
59
1 PE1 PE2

MPLS Backbone

59 v1.2
 Control Plane Walkthrough(2/2)
4. PE2 receives and checks whether the RT=200:1 is locally configured as
import RT within any VRF, if yes, then
– PE2 translates VPNv4 prefix back to IPv4 prefix
– Updates the VRF CEF table for 10.1.1.0/24 with label=100
60

5. PE2 advertises this IPv4 prefix to CE2

MP-iBGP Update:
RD:10.1.1.0
10.1.1.0/24
Next-Hop=PE-1
Site 1 3 RT=100:100, Label=100 Next-Hop=PE-2 Site 2

10.1.1.0/24 CE1 5
2 P P 4
CE2
10.1.1.0/24
Next-Hop=CE-1
P P
1 PE1 PE2

MPLS Backbone

60 v1.2
 Control Plane: Tunnel Label
• LDP runs on the MPLS backbone network to build the public LSP. The
tunnel label is also called transport label or public label.
• Local label mapping are sent to connected nodes. Receiving nodes
update forwarding table.
61

Local Out Out Local Out Out Local Out Out Local Out Out
Prefix Prefix Prefix Prefix
Label Interface Label Label Interface Label Label Interface Label Label Interface Label

Pop- Pop-
1.1.1.1/32 - - 50 1.1.1.1/32 Eth0/1 25 1.1.1.1/32 Eth0/0 50 - 1.1.1.1/32 Eth0/1 25
Label Label

Eth0 /1
/1 E Eth0
th0/
1 1
Eth0/
PE1 LDP Eth0/0 Eth0/0
LDP
L0:1.1.1.1/32 LDP
PE2
P1 P2
MPLS Backbone

61 v1.2
Data Plane
• PE2 imposes two labels for each IP packet going to site2
– Tunnel label is learned via LDP; corresponds to PE1 address
– VPN label is learned via BGP; corresponds to the VPN address

• P1 does the Penultimate Hop Popping (PHP)

• PE1 retrieves IP packet (from received MPLS packet) and forwards it to CE1.

Site 1 Site 2
CE1
10.1.1.0/24 CE2
P3 P4
PE1 PE2
10.1.1.1 10.1.1.1 IP Packet

100 10.1.1.1 P1 P2
IP Packet

50 100 10.1.1.1 25 100 10.1.1.1 MPLS Packet

62 v1.2
MPLS Layer3 VPN Lab Demo
• We will spend 30min to try the MPLS Layer3 VPN lab on
APNIC Academy:

• https://academy.apnic.net/en/virtual-labs/

63 v1.2
Please Complete Quiz!
• Please complete the quiz to get your certificate of this
webinar.

• https://academy.apnic.net/en/quizz/mpls-webinar/
 Last but not least
Wish you and your family stay safe and healthy!

65 v1.2
Thank You!
Thank You!
END OF SESSION
END OF SESSION

66 v1.2