Professional Documents
Culture Documents
CCNP-18. MPLS
CCNP-18. MPLS
Technologies
1
What Is MPLS?
MPLS
Network Infrastructure
3
Technology Basics
4
MPLS Component Overview
• CE routers owned by customer
• PE routers owned by SP
• P routers owned by SP
• Customer “peers” to “PE” via IP
Customer Customer
• Exchanges routing with SP via routing protocol (or CE SP Demarcation
static route)* Site 1
• SP advertises CE routes to other CEs Provider CE
Site 3
• IGP: Core Routing Protocol
Site 2 PE PE
• Forwarding Equivalence Class P
CE
• MPLS Applications related protocols: MP-BGP, IP Routing Peer (BGP, Static, IGP)
RSVP…etc.
* Labels are not exchanged with the SP
MPLS Multi Protocol Label Switching (forwarding
method, based on labels) LSR Label Switching Router
(router that can forward based on labels)
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Label – 20bits COS S TTL-8bits
LAN MAC Label Header MAC Header Label Layer 2/L3 Packet
MPLS Header
Label (20 bits) CoS S TTL
• IP prefix/host address
• Layer 2 circuits (ATM, FR, PPP, HDLC, Ethernet)
• Groups of addresses/sites—VPN x
• A bridge/switch instance—VSI
• Tunnel interface—traffic engineering
11
Label Distribution in
MPLS Networks
MPLS Operation Overview
4. Edge LSR at
1a. Existing Routing Protocols (e.g. OSPF, IS-IS)
Egress Removes
Establish Reachability to Destination Networks
Label and Delivers
1b. Label Distribution Protocol (LDP) Packet
Establishes Label to Destination
Network Mappings
To Enable mpls:
ip cef
mpls label protocol ldp
!
2. Ingress Edge LSR Receives Packet, Interface ether0/0
mpls ip
Performs Layer 3 Value-Added
Services, and “Labels” Packets 3. LSR Switches Packets
Using Label Swapping
13
Label Advertisement Modes
• Downstream unsolicited: Downstream
node just advertises labels for
prefixes/FEC reachable via that device
• Downstream on-demand: Upstream
node requests a label for a learnt prefix
via the downstream node
Generating local labels
• IPv4 Network 4.4.4.4 /32 (connected to R4) will be the example
Discover the local bindings for 4.4.4.4
Advertising our labels
• Each router advertises its local label (for net 4.4.4.4) to its LDP neighbors
Implicit Null Advertisement
R3 advertises its label of 302 to R2 and R4
• Each router advertises its local label (for net 4.4.4.4) to its LDP neighbors
R2 advertises its label of 202 to R1 and R3
• Each router advertises its local label (for net 4.4.4.4) to its LDP neighbors
How R2 chooses between label 100 (from R1)
and 302 (from R3) for forwarding
transport
F0/0 10.2.1.1
171.69 1 171.69 1 …
… …
128.89
0
0 128.89.25.4 Data
1 128.89.25.4 Data
1
128.89.25.4 Data 128.89.25.4 Data
171.69
Packets Forwarded
Based on IP Address
MPLS with Downstream Unsolicited Mode
Step I: Core Routing Convergence
Label Address
In Out Out Label Address
In Out Out Label Address
In Out Out
Prefix I’fac e l Prefix I’fac e l Prefix I’fac e l
Labe Labe Labe
128.89 1 128.89 0 128.89 0
171.69 1 171.69 1
… … … … … …
0 128.89
0
1
Routing Updates
You Can Reach 171.69 Thru Me
(OSPF, EIGRP, …) 171.69
MPLS with Downstream Unsolicited Mode
Step II: Assigning Local Labels
Label Address
In Out Out Label Address
In Out Out Label Address
In Out Out
Prefix I’fac e l Prefix I’fac e l Prefix I’fac e l
Labe Labe Labe
- 128.89 1 4 128.89 0 9 128.89 0 -
- 171.69 1 5 171.69 1
… … … … … … … … … … … …
0 128.89
0
1
171.69
MPLS with Downstream Unsolicited Mode
Step II: Assigning Remote Labels
Label Address
In Out Out Label Address
In Out Out Label Address
In Out Out
Prefix I’fac e l Prefix I’fac e l Prefix I’fac e l
Labe Labe Labe
- 128.89 1 4 4 128.89 0 9 9 128.89 0 -
- 171.69 1 5 5 171.69 1 7
… … … … … … … … … … … …
0 128.89
0
1
Label Distribution
Use Label 7 for 171.69 171.69
Protocol (LDP)
(Downstream Allocation)
MPLS with Downstream Unsolicited Mode
Step III: Forwarding Packets
Label Address
In Out Out Label Address
In Out Out Label Address
In Out Out
Prefix I’fac e l Prefix I’fac e l Prefix I’fac e l
Labe Labe Labe
- 128.89 1 4 4 128.89 0 9 9 128.89 0 -
- 171.69 1 5 5 171.69 1 7
… … … … … … … … … … … …
0 128.89
0
128.89.25.4 Data
1
9128.89.25.4 Data
L1 L1 L2 L2 L3 L3
L2/L3 Packet
P P
CE PE PE CE
CE CE
PE P P PE
PHP
• PHP – Penultimate Hop Pop
• Next to last LSR, removes top label, so that egress LSR
(PE) doesn’t have to
Label Pushes, Pops and Swaps
Who do we turn to for lookups?
• IP Routing protocols populate the Routing Information Base (RIB) –control plane
• RIB populates CEF and its Forwarding Information Base (FIB) – data plane
• IP only packets: Use CEF
• Label Distribution Protocol (LDP) populates the Label Information Base (LIB) –
control plane
• LDP and RIB populate the Label Forwarding Information Base (LFIB) – data
plane
• MPLS labeled packets: Use LFIB
Label Distribution
BGP Update:
Protocol (LDP) You Can Reach 10.2.1.1 Thru Me
(Downstream By routing towards 2.2.2.2
Allocation)
MPLS Traffic Forwarding with LDP
Label Bind
LIB MPLS Updates/
Process Adjacency
MFI FIB
37
Control and Data Planes
• Control Plane (learned routes/labels) using routing protocols and LDP.
• (config-if)# mpls ip
• By default all prefixes have labels advertised for them, and all neighbors have labels
advertised to them
• LDP is the default protocol
• IGP Routing may disagree with LDP processes – RID must be reachable over connected
interface, unless we use:
• (config- if)# mpls ldp discovery transport- address interface
Other LDP Features
• Security – Computes MD5 Signatures
• (config)# mpls ldp neighbor (ip#) password (pw)
• Disabling the TTL propagation will not copy the initial IP TTL to the MPLS TTL, and MPLS will
start at 255.
• Results: MPLS LSRs become the invisible network to the eyes of traceroute.
No mpls ip propagate- ttl (on All LSRs)
Monitoring MPLS
• show mpls ldp parameters
• show mpls interface
• show mpls ldp discovery
• show mpls ldp neighbor [detail]
• show mpls ldp bindings (the LIB)
• show mpls forwarding table (the LFIB)
• show ip route a.b.c.d (the RIB)
• show ip cef a.b.c.d [detail] (the FIB)
• show cef interface
• debug mpls ldp
• debug mpls lfib
• debug mpls packets
Troubleshooting MPLS
• LDP neighborship failed
• MPLS not enabled, LDP ports filtered, no L3 route to LDP neighbor LSR router- id, highest loopback address.
• Slow convergence
• Get rid of RIP IGP is biggest factor in convergence delay
• Ping/Traceroute
MPLS VPNs
Layer 3 VPN
Customer end points peer with providers’ routers @ L3
Provider network responsible for distributing routing information to VPN sites
Don’t have to manually fully mesh customer endpoints to support
any-to-any connectivity
Layer 3 VPNs
IP L3 vs. MPLS L3 VPNs
VPN B VPN A
VPN C VPN C
Multicast
VPN B Intranet in
Host g
VoIP Extranet
VPN A
VPN A
VPN B
VPN C VPN C
VPN A VPN B
Overlay VPN MPLS-Based VPNs
• ACLs, ATM/FR, IP tunnels, IPSec, …etc. • Point to Cloud single point of connectivity
requiring n*(n-1) peering points • Transport independent
• Transport dependent • Easy grouping of users and services
• Groups endpoints, not groups • Enables content hosting inside the network
• Pushes content outside the network • “Flat” cost curve
• Costs scale exponentially • Supports private overlapping IP addresses
• NAT necessary for overlapping address space
• Scalable to over millions of VPNs
• Limited scaling
• Per VPN QoS
• QoS complexity
How Does It Work?
MPLS L3 VPN Control Plane Basics
iBGP—VPNv4 CE4
Label Exchange
CE3
VRF P1 P2 VRF
CE1 CE2
1. VPN service is enabled on PEs (VRFs are created and applied to VPN site interface)
2. VPN site’s CE1 connects to a VRF enabled interface on a PE1
3. VPN site routing by CE1 is distributed to MP-iBGP on PE1
4. PE1 allocates VPN label for each prefix, sets itself as a next hop and relays VPN site routes to PE3
9. PE3 distributes CE1’s routes to CE2
(Similar happens from CE2 side…)
How Does It Work?
How Control Plane Information Is SeparatediBGP—VPNv4 Label Exchange
VPN-IPv4
Net=RD:16.1/16
16.1/16 NH=PE1
Route Target IGP/eBGP
No VPN Net=16.1/16
100:1 routes in
Label=42 P1 P2 CE2
CE1 the Core(P)
IGP/eBGP
Net=16.1/16
IPv4 Route PE1 PE2
Exchange ip vrf Yellow
RD 1:100
route-target export 1:100
route-target import 1:100
VPN A VPN A
MPLS VPN Network
VPN B
VPN B Receiver
Branch Office
MPLS to
Provider
Local or Networks
IPsec/PE Customer A
Direct
Dial ISP Internet
Remote Users/
Telecommuters PE3 VM
VM
VPN B
Business
Partner
Customer B
VPN C
L2
MPLS Ingress
Egress PE PE CE
Service
Provider
Layer 3
Each SubInterface
Associated with different
VPN
Multi-VRF
L2
Notice, Multi-VRF VPNRed
not necessary at
VPNGreen
remote sites
802.1Q
Deployment Example III: Full MPLS VPN
in Enterprise Campus/LAN
CE (multi-VRF)
• L2 Access
L2
• Multi-VRF-CE at
Distribution
• BGP/MPLS VPNs in P
Layer 3
core only
• Multi-VRF between
PE w/VRF
core and distribution
MP-iBGP
VPN1
L2
VPN2
802.1Q
BGP/MPLS VPN
Layer 2 VPNs
Layer 2 VPNs
Similar to L3 VPN
ATM
ATM
Virtual Circuits
CPE Routers
CPE Routers
Virtual Private LAN Services (VPLS)
Attachment VCs are 102 MAC 1 MAC 2 Data
Port Mode or VLAN
ID
Root Root
CE1 PE1 Bridge MPLS
PE2 Bridge CE2 MAC 2
Core
Forms
MAC 1 Tunnel
Full mesh of directed
LSPs
Common VC ID between PEs LDP sessions
• VPLS defines an architecture that delivers Ethernet Multipoint Services (EMS) over an MPLS
network
• VPLS operation emulates an IEEE Ethernet bridge. Two VPLS drafts in existence
Draft-ietf-l2vpn-vpls-ldp-01 Cisco’s implementation
Draft-ietf-l2vpn-vpls-bgp-01
BGP Free Core
Component Overview
P1 P2
PE1 PE2
P3 P4
OSPF Area 0
Redistribute Redistribute
IGP/Static Into BGP IGP/Static Into BGP
End-to-End BGP and redistribution of routes into OSPF core not necessary!
Multiprotocol BGP (MP-BGP)
Bringing It All Together
Multiprotocol BGP (MP-BGP)
10.1.1.0/24 VPNv4 iBGP Relationship 10.2.1.0/24
Site 1 Next-Hop=CE1 Next-Hop=CE2 Site 2
10.1.1.0/24 10.2.1.0/24
CE1 CE2
10.2.1.0/24
VRF VRF
P1 P2 10.1.1.0/24
Next-Hop=PE1 PE1 Next-Hop=PE2
PE2
P3 P4
OSPF Area 0
Redistribute Redistribute
IGP/Static Into BGP IGP/Static Into BGP
111:1:10.1.1.0/24
Cust A Site 1 10.1.1.0/24 10.2.1.0/24 Cust A Site 2
111:1:10.2.1.0/24
10.1.1.0/24 10.2.1.0/24
CE1 CE2
VRF A P1 P2 VRF A
PE1 PE2
Cust B Site 1 VRF B VRF B Cust B Site 2
10.1.1.0/24 P3 P4 10.2.1.0/24
CE1 OSPF Area 0 222:1:10.1.1.0/24 CE2
10.1.1.0/24 10.2.1.0/24
222:1:10.2.1.0/24
VPNv4 prefixes are the combination of a 64-bit RD and a 32-bit IPv4 prefix. VPNv4 prefixes are 96-bits in length
Why are Route Targets Important?
Use Case VPNv4 iBGP Relationship
VRF A
VRF B
Cust A Site 1 Import 222:1
Import 111:1
Cust A Site 2
Import 333:1
10.1.1.0/24 Export 222:1 10.1.2.0/24
CE1 Import 444:1 CE1
Export 111:1
VRF A P1 P2 VRF B
PE1 PE2
Cust A Site 3 VRF C VRF D Cust A Site 4
VRF C P3 P4
10.1.3.0/24 VRF D 10.1.4.0/24
CE1 Import 111:1 OSPF Area 0 Import 111:1
CE1
Export 333:1
Export 444:1
Route Targets are a 64-bit value and are carried in BGP as an extended community
MPLS VPN and MP-BGP
Command Line Interface (CLI) Review
Customer 1 CE
VRF VRF-1 P P VRF VRF-1
PE PE CE
EIGRP, OSPF, RIPv2, BGP, Static
VPN Backbone IGP
CE P CE
Customer 2 VRF VRF-2
P
VRF VRF-2
VRF Configuration (PE)
! PE Router – Multiple VRFs MP-iBGP – VPNv4
ip vrf VRF-1
MP-iBGP Configuration (PE) Label Exchange
! PE router
rd 65100:10
router bgp 65102
route-target import 65102:10
no bgp default ipv4-unicast
route-target export 65102:10
ip vrf VRF-2 neighbor 2.2.2.2 remote-as 65102
rd 65100:20 !
route-target import 65102:20 address-family vpnv4
route-target export 65102:20 neighbor 2.2.2.2 activate
! neighbor 2.2.2.2 send-community extended
Interface FastEthernet0/1.10 exit-address-family
ip vrf forwarding VRF-1 !
Interface FastEthernet0/1.20 address-family ipv4 vrf VRF-1
ip vrf forwarding VRF-2 redistribute rip
exit-address-family
MPLS VPN Technology Summary
MPLS VPN Connection Model
Global Address Space
CE
VPN 2 VRF Green P P
PE
PE
EIGRP, OSPF, RIPv2, BGP, Static
VPN Backbone IGP
VPN 1 P P
VRF Blue
CE
• MPLS OAM
– LSP Ping, Trace, and Multipath (ECMP) Tree Trace
– IP SLA – LSP Health Monitor
LSP Ping
• Feature Functionality
– Enables detailed MPLS data path validation between PE
routers
• Benefits
– Finds MPLS-specific forwarding errors not detected
by regular IP ping operations
– Enables detailed MPLS forwarding trouble shooting not
available by other existing IP connectivity validations tools
• Benefits
– Detailed control over LSP ping probe frequency (primary and secondary
frequency) and event control (e.g., Traps, logging) after MPLS LSP
connectivity failure has been detected
– Automated discovery of remote PE target routers via BGP VPN
next-hop discovery
IP SLA
CE
IP SLA PE2
MPLS
Network
CE PE1
IP SLA
IP SLA
IP SLA agent
PE50
PE3
Automated LSP pings sent by PE1