Introduction to MPLS

Technologies

1
What Is MPLS?

• Multi Protocol Label Switching is a technology for

delivery of IP services
• MPLS technology switches IP packets instead of
routing packets to transport the data
• MPLS packets can run on other Layer 2 technologies
such as ATM, FR, PPP, POS, Ethernet
• Other Layer 2 technologies can be run over an
MPLS network
 MPLS as a Foundation for
Value-Added Services

Provider Traffic IP+ATM IP+Optical Any

Provisioned Engineering GMPLS Transport
VPNs over MPLS

MPLS

Network Infrastructure

3
Technology Basics

4
 MPLS Component Overview
• CE routers owned by customer
• PE routers owned by SP
• P routers owned by SP
• Customer “peers” to “PE” via IP
Customer Customer
• Exchanges routing with SP via routing protocol (or CE SP Demarcation
static route)* Site 1
• SP advertises CE routes to other CEs Provider CE
Site 3
• IGP: Core Routing Protocol
Site 2 PE PE
• Forwarding Equivalence Class P
CE
• MPLS Applications related protocols: MP-BGP, IP Routing Peer (BGP, Static, IGP)
RSVP…etc.
* Labels are not exchanged with the SP
MPLS Multi Protocol Label Switching (forwarding
method, based on labels) LSR Label Switching Router
(router that can forward based on labels)

• Label 20 bit label in a 32 bit header, added at layer

2.5
• LDP Label Distribution Protocol (like an IGP for
label advertisements)
• LFIB Label Forwarding Information Base (like CEF
for labels)
 MPLS Network Overview
MPLS Core and Edge, Remote Customer Sites
2. In the Core:
Label swapping or switching
1. At Ingress Edge:
Forward using labels (not IP
Label imposition addr). Label indicates service
Classify & Label PE P
class and destination
packets
PE
3. At Egress Edge:
P
Label disposition
Edge Label Switch
Remove labels and forward
Router OR
packets
Provider Edge- PE
Label Switch Router (LSR)
PE
or P (Provider) router
PE Router + label switch
Customer Customer controller
A B

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Label – 20bits COS S TTL-8bits

COS/EXP = Class of Service: 3 Bits; S = Bottom of Stack; TTL = Time to Live

 MPLS Components
Encapsulations
PPP Header PPP Header Label Layer 2/L3 Packet

(Packet over SONET/SDH)

One or More Labels Appended to the Packet

LAN MAC Label Header MAC Header Label Layer 2/L3 Packet
 MPLS Header
Label (20 bits) CoS S TTL

L2 Header MPLS Header IP Packet

32 bits

• MPLS (Layer 2.5) Header Fields:

• Label, 20 bits
• Experimental (CoS), 3 bits
• Stacking bit, 1 bit. This is the bottom- of- stack bit. 1=on=last label.
• Time to live, 8 bits
Where Does the Label Go?
• MPLS Header
• L2 protocol identifier (PID) indicates an MPLS label is present
• Unlabeled IP unicast PID = 0x 0800
• Labeled IP unicast PID = 0x 8847
Commonly asked questions regarding MPLS labels

• Where do the labels come from?

• As routes appear in the routing table, each router assigns a
locally significant label for each IP route.

• How are they advertised?

• Routers advertise their local label to neighbors, using Label
Distribution Protocol (LDP). It’s like IGP for labels.
MPLS Components
Forwarding Equivalence Class
FEC is Used by Label Switching Routers to Determine How
Packets Are Mapped to Label Switching Paths (LSP):

• IP prefix/host address
• Layer 2 circuits (ATM, FR, PPP, HDLC, Ethernet)
• Groups of addresses/sites—VPN x
• A bridge/switch instance—VSI
• Tunnel interface—traffic engineering

11
Label Distribution in
MPLS Networks
 MPLS Operation Overview
4. Edge LSR at
1a. Existing Routing Protocols (e.g. OSPF, IS-IS)
Egress Removes
Establish Reachability to Destination Networks
Label and Delivers
1b. Label Distribution Protocol (LDP) Packet
Establishes Label to Destination
Network Mappings

To Enable mpls:
ip cef
mpls label protocol ldp
!
2. Ingress Edge LSR Receives Packet, Interface ether0/0
mpls ip
Performs Layer 3 Value-Added
Services, and “Labels” Packets 3. LSR Switches Packets
Using Label Swapping
13
 Label Advertisement Modes
• Downstream unsolicited: Downstream
node just advertises labels for
prefixes/FEC reachable via that device
• Downstream on-demand: Upstream
node requests a label for a learnt prefix
via the downstream node
 Generating local labels
• IPv4 Network 4.4.4.4 /32 (connected to R4) will be the example
Discover the local bindings for 4.4.4.4
 Advertising our labels
• Each router advertises its local label (for net 4.4.4.4) to its LDP neighbors
Implicit Null Advertisement
R3 advertises its label of 302 to R2 and R4
• Each router advertises its local label (for net 4.4.4.4) to its LDP neighbors
 R2 advertises its label of 202 to R1 and R3
• Each router advertises its local label (for net 4.4.4.4) to its LDP neighbors
How R2 chooses between label 100 (from R1)
and 302 (from R3) for forwarding

• (in reference to network 4.4.4.4/32)

 Why R2 chooses to use the label from R3
• (regarding network 4.4.4.4/32)
 IP Routing

IGP vs. BGP

• Exchange of IP routes for Forwarding Table Forwarding Table Forwarding Table
Loopback Reachability In Address
Label Prefix
Out Out
I’face Label
In Address
Label Prefix
Out Out
I’face Label
In Address
Label Prefix
Out Out
I’face Label
• OSPF, IS-IS, EIGRP, etc. 10.2.1.1F0/0 10.2.1.1NA 10.2.1.1 F0/0
…… ……
… …
• iBGP neighbor peering over IGP … … ……

transport
F0/0 10.2.1.1

• Route towards BGP Next-Hop F0/0 PE2

F0/0

PE1 BGP Update:

P You Can Reach 10.2.1.1 Thru Me
You Can Reach 2.2.2.2 Through Me By routing towards 2.2.2.2

Routing Updates You Can Reach 2.2.2.2 Thru Me

(OSPF)
 IP Packet Forwarding Example
Address I/F
Prefix
Address I/F Address I/F
Prefix Prefix 128.89 0

128.89 1 128.89 0 171.69 1

171.69 1 171.69 1 …

… …

128.89

0
0 128.89.25.4 Data
1 128.89.25.4 Data
1
128.89.25.4 Data 128.89.25.4 Data

171.69
Packets Forwarded
Based on IP Address
 MPLS with Downstream Unsolicited Mode
Step I: Core Routing Convergence
Label Address
In Out Out Label Address
In Out Out Label Address
In Out Out
Prefix I’fac e l Prefix I’fac e l Prefix I’fac e l
Labe Labe Labe
128.89 1 128.89 0 128.89 0
171.69 1 171.69 1
… … … … … …

0 128.89
0
1

You Can Reach 128.89 Thru Me

You Can Reach 128.89 and 1
171.69 Thru Me

Routing Updates
You Can Reach 171.69 Thru Me
(OSPF, EIGRP, …) 171.69
 MPLS with Downstream Unsolicited Mode
Step II: Assigning Local Labels
Label Address
In Out Out Label Address
In Out Out Label Address
In Out Out
Prefix I’fac e l Prefix I’fac e l Prefix I’fac e l
Labe Labe Labe
- 128.89 1 4 128.89 0 9 128.89 0 -
- 171.69 1 5 171.69 1
… … … … … … … … … … … …

0 128.89
0
1

171.69
 MPLS with Downstream Unsolicited Mode
Step II: Assigning Remote Labels
Label Address
In Out Out Label Address
In Out Out Label Address
In Out Out
Prefix I’fac e l Prefix I’fac e l Prefix I’fac e l
Labe Labe Labe
- 128.89 1 4 4 128.89 0 9 9 128.89 0 -
- 171.69 1 5 5 171.69 1 7
… … … … … … … … … … … …

0 128.89
0
1

Use Label 9 for 128.89

Use Label 4 for 128.89 and 1
Use Label 5 for 171.69

Label Distribution
Use Label 7 for 171.69 171.69
Protocol (LDP)
(Downstream Allocation)
 MPLS with Downstream Unsolicited Mode
Step III: Forwarding Packets
Label Address
In Out Out Label Address
In Out Out Label Address
In Out Out
Prefix I’fac e l Prefix I’fac e l Prefix I’fac e l
Labe Labe Labe
- 128.89 1 4 4 128.89 0 9 9 128.89 0 -
- 171.69 1 5 5 171.69 1 7
… … … … … … … … … … … …

0 128.89
0
128.89.25.4 Data
1
9128.89.25.4 Data

128.89.25.4 Data 4128.89.25.4 Data 1

Label Switch Forwards

171.69
Based on Label
How LSRs Use Labels
• POP – remove a label

• PUSH – add a label

• SWAP – which is a pop/push combo

Label Imposition (Push) Label Swap Label Swap Label Disposition (PoP)

L1 L1 L2 L2 L3 L3

L2/L3 Packet

P P
CE PE PE CE

CE CE

PE P P PE
PHP
• PHP – Penultimate Hop Pop
• Next to last LSR, removes top label, so that egress LSR
(PE) doesn’t have to
Label Pushes, Pops and Swaps
 Who do we turn to for lookups?

• IP Routing protocols populate the Routing Information Base (RIB) –control plane
• RIB populates CEF and its Forwarding Information Base (FIB) – data plane
• IP only packets: Use CEF

• Label Distribution Protocol (LDP) populates the Label Information Base (LIB) –
control plane
• LDP and RIB populate the Label Forwarding Information Base (LFIB) – data
plane
• MPLS labeled packets: Use LFIB

• CEF also stores label information

LIB and LFIB
 MPLS Label Switched Path (LSP) Setup with LDP
Assignment of Remote Labels
• Local label mappings are sent to Forwarding Table Forwarding Table Forwarding Table
In Address Out Out In Address Out Out In Address Out Out
connected nodes Labe Prefix I’fac Labe Labe Prefix I’fac Labe Labe Prefix I’fac Labe
e e e
l l l l l l
• - 2.2.2.2
… F0/0
… 20 … 20
… 2.2.2.2
… F0/0
… 30 … 30 10.2.1.1 F0/0 -
Receiving nodes update forwarding -
… … … … … … … … … … … …
table
• Out label F0/0 10.2.1.1
F0/0 VRF
• LDP label advertisement happens in F0/0 PE2
parallel (downstream unsolicited) PE1
P

Use Label 20 for 2.2.2.2

Use Label 30 for 2.2.2.2

Label Distribution
BGP Update:
Protocol (LDP) You Can Reach 10.2.1.1 Thru Me
(Downstream By routing towards 2.2.2.2
Allocation)
 MPLS Traffic Forwarding with LDP

Hop-by-hop Traffic Forwarding Using Labels

• Ingress PE node adds label to Forwarding Table Forwarding Table Forwarding Table
In Address Out Out In Address Out Out In Address Out Out
packet (push) Labe Prefix I’fac Labe
e
Labe Prefix I’fac Labe Labe Prefix
e
I’fac Labe
e
l - 2.2.2.2 F0/0 l 20 l 20 2.2.2.2 F0/0 l 30 l 30 10.2.1.1 F0/0 l -
• Via MPLS forwarding table
- … … … - … … …
… … … … … … … … … … … …
• Downstream P node uses label
for forwarding decision (swap) F0/0 10.2.1.1
• Outgoing interface F0/0
PE2 VRF
F0/0
• Out label PE1
P
• Egress PE removes label and 10.2.1.1 Data 20 2.2.2.2 Data 30 2.2.2.2 Data 10.2.1.1 Data

forwards original packet (pop)

Forwarding based on Label towards BGP
Next-Hop (Loopback of far end router) BGP Update:
You Can Reach 10.2.1.1 Thru Me
By routing towards 2.2.2.2
 MPLS Control and Forwarding Planes
• Control plane used to distribute labels—BGP, LDP, RSVP
• Forwarding plane consists of label imposition, swapping and
disposition—no matter what the control plane
• Key: there is a separation of control plane and forwarding plane
 Basic MPLS: destination-based unicast
 Labels divorce forwarding from IP address
 Many additional options for assigning labels
 Labels define destination and service

Resource Multicast Explicit Virtual

Destination-Based IP Class
Reservation Routing and Static Private
Unicast Routing of Service
(e.g., RSVP) (PIM v2) Routes Networks

Label Information Base (LIB)

Per-Label Forwarding, Queuing, and Multicast Mechanisms

Control and Forward Plane Separation
Route
RIB Routing Updates/
Process Adjacency

Label Bind
LIB MPLS Updates/
Process Adjacency

MFI FIB

MPLS Traffic IP Traffic

37
 Control and Data Planes
• Control Plane (learned routes/labels) using routing protocols and LDP.

• Packets are forwarded on the Data Plane.

• IP and MPLS, based on CEF and LFIB (Label Forwarding Information Base) respectively.
Label Stacking
• There may be more than one label in an MPLS packet
• As we know labels correspond to forwarding equivalence classes
 Example—there can be one label for routing the packet to an egress point
and another that separates a customer A packet from customer B
 Inner labels can be used to designate services/FECs, etc.
– e.g. VPNs, fast reroute
Outer Label
• Outer label used to route/switch the MPLS TE Label
packets in the network LDP Label
• Last label in the stack is marked with EOS bit VPN Label
IP Header
• Allows building services such as Inner Label
 MPLS VPNs
 Traffic engineering and fast re-route
 VPNs over traffic engineered core
 Any transport over MPLS
 Encapsulation
0 1
Examples 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Label COS S TTL

DataLink Header Outer Label Inner Label Layer 3 Header

Ethernet II MultiProtocol Label Switching Header

Destination: xx:xx:xx:xx:xx:xx
Source: yy:yy:yy:yy:yy:yy
eType: MPLS Unicast (0x8847)
WAN
HDLC, Frame Relay, ATM AAL5, etc
(Outer) Internet Protocol
MPLS Label: 16 Version: 4
MPLS Experimental Bits: 0 Header length: 20 bytes
MPLS Bottom Of Label Stack: 0 [snip]
MPLS TTL: 255 Time to live: 255
MultiProtocol Label Switching Header Protocol: ICMP (0x01)
(Inner) Header checksum: 0xa3fd (correct)
MPLS Label: 100 Source: 10.1.1.2 (10.1.1.2)
MPLS Experimental Bits: 3 Destination: 172.16.255.2 (172.16.255.2)
MPLS Bottom Of Label Stack: 1
MPLS TTL: 2
Label Stack
[PE1]#show ip cef vrf blue 11.2.1.3
11.2.1.3/32, version 13, epoch 0, cached adjacency to Serial1/0
0 packets, 0 bytes
tag information set, all rewrites owned
local tag: VPN route head
fast tag rewrite with Se1/0, point2point, tags imposed {46 67}
via 172.16.255.2, 0 dependencies, recursive 46: IGP/LDP
Label
next hop 172.16.1.1, Serial1/0 via 172.16.255.2/32 (Default)
valid cached adjacency 67: VPN Label
tags imposed {46 67}
tag rewrite with Se1/0, point2point,
[PE1]#
 MPLS Basic Configuration
• (config)# ip cef
• (config)# mpls ip
• (config)# interface G 3/0

• (config-if)# mpls ip

• MTU is automatically adjusted

• Can change with mpls mtu command

• mpls mtu 1512
 MPLS LDP Configuration

(config)# mpls ldp router-id loopback0

(config)# interface fastethernet 0/0
(config-if)# mpls label protocol ldp

• Can use TDP, LDP or both on interface

• By default all prefixes have labels advertised for them, and all neighbors have labels
advertised to them
• LDP is the default protocol

• Configure per interface

 Conditional LDP Advertisements

(config)# no mpls ldp advertise-labels

(config)# mpls ldp advertise-labels
[for (ACL-of-networks)] [to (ACL-peers)]

(config-if)# mpls label range 200 120000

 The Order of Things
• IP IGP routing protocols build the IP tables

• LSRs assign a local label for each route

• LSRs share their labels with other LSRs using LDP

• LSRs build their forwarding tables

 Won’t You Be My Neighbor?

• Two step process

• Hello messages
• LDP link hello uses destination UDP port 646 and is sent to 224.0.0.2
• Hello may include the IP address desired for peering, different than the source IP in the
header.
• Indicates if the label space is system wide, or per interface.
• Setup LDP session with neighbor who says hello.
• Session is TCP based on destination port 646
• Router with highest LDP router ID will initiate this TCP session ( called the active LSR ).
Keepalives are sent every 60 seconds.
 Why LDP Won’t Neighbor Up
• LDP router ID is highest IP on loopback, but we can force it.
• (config)# mpls ldp router- id loopback0

• IGP Routing may disagree with LDP processes – RID must be reachable over connected
interface, unless we use:
• (config- if)# mpls ldp discovery transport- address interface
 Other LDP Features
• Security – Computes MD5 Signatures
• (config)# mpls ldp neighbor (ip#) password (pw)

• Label filters – inbound from neighbor

• (config)# mpls ldp neighbor (ip#) labels accept (#)
• (ip#) = IP address of LDP neighbor
• (#) = number of access- list of network prefixes
MPLS & IP Header TTL
 Hide the MPLS core from the client
• Traceroute uses TTL manipulation to trigger feedback.

• Disabling the TTL propagation will not copy the initial IP TTL to the MPLS TTL, and MPLS will
start at 255.
• Results: MPLS LSRs become the invisible network to the eyes of traceroute.
No mpls ip propagate- ttl (on All LSRs)
Monitoring MPLS
• show mpls ldp parameters
• show mpls interface
• show mpls ldp discovery
• show mpls ldp neighbor [detail]
• show mpls ldp bindings (the LIB)
• show mpls forwarding table (the LFIB)
• show ip route a.b.c.d (the RIB)
• show ip cef a.b.c.d [detail] (the FIB)
• show cef interface
• debug mpls ldp
• debug mpls lfib
• debug mpls packets
 Troubleshooting MPLS
• LDP neighborship failed
• MPLS not enabled, LDP ports filtered, no L3 route to LDP neighbor LSR router- id, highest loopback address.

• Labels not assigned

• CEF not enabled

• Labels not shared

• Compatible LDP between neighbors

• Slow convergence
• Get rid of RIP  IGP is biggest factor in convergence delay

• Large packets dropped

• MTU not supported by switches. Multiple labels may be present pushing the MTU to a size not supported by
the infrastructure.
Useful MPLS Troubleshooting Commands
• Verify routing protocol is running properly
• Show ip route 10.10.10.0

• Verify CEF Switching

• Show ip cef 10.10.10.0 detail

• Verify MPLS Operations

• Show mpls interface

• Verify Label Distribution

• Show mpls ldp discovery

• Verify Label Binding

• Show mpls ip binding

• Ping/Traceroute
MPLS VPNs

Layer 3 and Layer 2

What Is a Virtual Private Network?
• VPN is a set of sites or groups which are allowed to communicate
with each other
• VPN is defined by a set of administrative policies
 Policies established by VPN customers
 Policies could be implemented completely by VPN service providers

• Flexible inter-site connectivity

 Ranging from complete to partial mesh

• Sites may be either within the same or in different organizations

 VPN can be either intranet or extranet

• Site may be in more than one VPN

 VPNs may overlap

• Not all sites have to be connected to the same service provider

 VPN can span multiple providers
L2 vs. L3 VPNs
Layer 2 VPNs
• Customer endpoints (CPE) connected via Layer 2 such as Frame Relay DLCI,
ATM VC or point-to-point connection
• Provider network is not responsible for distributing site routers as routing
relationship is between the customer endpoints
• Good for point to point L2 connectivity, provider will need to manually fully mesh
end points if any-to-any connectivity is required

Layer 3 VPN
 Customer end points peer with providers’ routers @ L3
 Provider network responsible for distributing routing information to VPN sites
 Don’t have to manually fully mesh customer endpoints to support
any-to-any connectivity
Layer 3 VPNs
 IP L3 vs. MPLS L3 VPNs
VPN B VPN A
VPN C VPN C
Multicast

VPN B Intranet in
Host g
VoIP Extranet
VPN A

VPN A

VPN B
VPN C VPN C
VPN A VPN B
Overlay VPN MPLS-Based VPNs
• ACLs, ATM/FR, IP tunnels, IPSec, …etc. • Point to Cloud single point of connectivity
requiring n*(n-1) peering points • Transport independent
• Transport dependent • Easy grouping of users and services
• Groups endpoints, not groups • Enables content hosting inside the network
• Pushes content outside the network • “Flat” cost curve
• Costs scale exponentially • Supports private overlapping IP addresses
• NAT necessary for overlapping address space
• Scalable to over millions of VPNs
• Limited scaling
• Per VPN QoS
• QoS complexity
 How Does It Work?
MPLS L3 VPN Control Plane Basics
iBGP—VPNv4 CE4
Label Exchange
CE3

VRF P1 P2 VRF

VRF LDP LDP

LDP PE3 VRF
PE1
iBGP—VPNv4 iBGP—VPNv4
PE2

CE1 CE2

1. VPN service is enabled on PEs (VRFs are created and applied to VPN site interface)
2. VPN site’s CE1 connects to a VRF enabled interface on a PE1
3. VPN site routing by CE1 is distributed to MP-iBGP on PE1
4. PE1 allocates VPN label for each prefix, sets itself as a next hop and relays VPN site routes to PE3
9. PE3 distributes CE1’s routes to CE2
(Similar happens from CE2 side…)
 How Does It Work?
How Control Plane Information Is SeparatediBGP—VPNv4 Label Exchange
VPN-IPv4
Net=RD:16.1/16
16.1/16 NH=PE1
Route Target IGP/eBGP
No VPN Net=16.1/16
100:1 routes in
Label=42 P1 P2 CE2
CE1 the Core(P)
IGP/eBGP
Net=16.1/16
IPv4 Route PE1 PE2
Exchange ip vrf Yellow
RD 1:100
route-target export 1:100
route-target import 1:100

MPLS VPN Control Plane Components:

• Route Distinguisher: 8 byte field—unique value assigned by a provider to each VPN to make a route unique
so customers don’t see each other’s routes
• VPNv4 address: RD+VPN IP prefix;
• Route Target: RT-8bytes field, unique value assigned by a provider to define the import/export rules for the
routes from/to each VPN
• MP-BGP: facilitates the advertisement of VPNv4* prefixes + labels between MP-BGP peers
• Virtual Routing Forwarding Instance (VRF): contains VPN site routes
• Global Table: Contains core routes, Internet or routes to other services
 How Does It Work?
How Data Plane Is Separated

IPv4 IPv4 IPv4

CE1 CE2
P1 P2
IPv4 IPv4
CE1 PE1 CE2
Forwards PE2 Receives
IPv4 Packet ! IPv4 Packet
Interface S1/0
ip vrf forwarding Yellow
!

1. PE1 imposes pre allocated label for the prefix

2. Core facing interface allocates IGP label
3. Core swap IGP labels
4. PE2 strips off VPN label and forwards the packet to CE2 as an IP packet
 MPLS VPN Services (2):
Multicast VPNs
VPN B
Multicast Source
VPN A VPN A
Multicast in
Multicast Receiver
the core
VPNa

VPN A VPN A
MPLS VPN Network

VPN B
VPN B Receiver

Multicast VRF VPN B

Multicast Source
VPN B
VPN A

 Criticality of more than selling connectivity

 Run multicast within an MPLS VPN
 native multicast deployment in the core
 Simplified CE provisioning
 Highly Efficient – Multicast trees built dynamically in the core as needed
 Deployment Example I: Service Provider
Providing MPLS Services to Subscribers
CustomerA VPN A HQ VPN A
MPLS Service
VPN B
VM PE1 PPro
1 vider
P2 VM
FR/ATM PE2

Branch Office
MPLS to
Provider
Local or Networks
IPsec/PE Customer A
Direct
Dial ISP Internet
Remote Users/
Telecommuters PE3 VM

VM

VPN B
Business
Partner
Customer B
VPN C

Services Covering MAN and WAN areas:

Intranet and Extranet L3 VPNs, Multicast VPNs, Internet VPN, Encryption &
Firewall Services, Remote Access to MPLS Services….etc.
 Deployment Example II: MPLS VPN Subscriber with VPNs in
Campus That Spans Across SP’s MPLS VPN Network
C1-Hub Site

L2
MPLS Ingress
Egress PE PE CE
Service
Provider

Layer 3
Each SubInterface
Associated with different
VPN

Multi-VRF

L2
Notice, Multi-VRF VPNRed
not necessary at
VPNGreen
remote sites
802.1Q
Deployment Example III: Full MPLS VPN
in Enterprise Campus/LAN
CE (multi-VRF)
• L2 Access

L2
• Multi-VRF-CE at
Distribution
• BGP/MPLS VPNs in P

Layer 3
core only
• Multi-VRF between
PE w/VRF
core and distribution
MP-iBGP
VPN1

L2
VPN2
802.1Q
BGP/MPLS VPN
Layer 2 VPNs
Layer 2 VPNs
Similar to L3 VPN

• Designate a label for the circuit

• Exchange that label information with the egress PE
• Encapsulate the incoming traffic (Layer 2 frames)
• Apply label (learned through the exchange)
• Forward the MPLS packet (l2 encapsulated to
destination on an LSP)
• At the egress
 Look up the L2 label
 Forward the packet onto the L2 attachment circuit
 Any Transport over MPLS Architecture
Attachment Circuit
Ethernet VLAN, FR DLCI, ATM VC, PPP Session
VPN A 2. PE1 starts LDP
VPN A
session with PE2 if
one does not already
1. L2 transport route exist
CE1 entered on ingress PE CE2
5. PE2 receives VC
FEC TLV & VC label
TLV that matches

PE1 3. PE1 allocates VC 4. PE1 sends label PE2 local VCID

label for new interface mapping message
& binds to configured containing VC FEC
Note: PE2 repeats steps 1-5 so
VC ID TLV & VC label TLV
that bi-directional label/VCID
mappings are established

Draft Martini compliant (point-to-point):

draft-martini-l2circuit-trans-mpls
describes label distribution mechanisms for VC labels
draft-martini-l2circuit-encap-mpls
describes emulated VC encapsulation mechanisms
 AToM Deployment Example
Customer A
Datacenter1 Customer A
Datacenter2
Ethernet o MPLS Tunnel
Cells/frames with Ethernet o MPLS Tunnel
CE1
labelsc
CE1
CE2
MPLS
PE1 PE2 CE2
Backbone
PE PE
ATM o MPLS Tunnel
Virtual Leased Line ATM o MPLS Tunnel

ATM
ATM

Virtual Circuits

CPE Routers
CPE Routers
 Virtual Private LAN Services (VPLS)
Attachment VCs are 102 MAC 1 MAC 2 Data
Port Mode or VLAN
ID
Root Root
CE1 PE1 Bridge MPLS
PE2 Bridge CE2 MAC 2
Core
Forms
MAC 1 Tunnel
Full mesh of directed
LSPs
Common VC ID between PEs LDP sessions

Instance PE3 Bridge

MAC Address Adj MAC Address Adj
MAC 2 E0/1
MAC 2 201 CE3
MAC 1 102
MAC 1 E0/0 Data MAC 1 MAC 2 201 MAC x xxx
MAC x xxx

• VPLS defines an architecture that delivers Ethernet Multipoint Services (EMS) over an MPLS
network
• VPLS operation emulates an IEEE Ethernet bridge. Two VPLS drafts in existence
 Draft-ietf-l2vpn-vpls-ldp-01  Cisco’s implementation
 Draft-ietf-l2vpn-vpls-bgp-01
BGP Free Core
Component Overview

VPNv4 iBGP Relationship

Site 1 Site 2
10.1.1.0/24 10.2.1.0/24
CE1 CE2

P1 P2
PE1 PE2

P3 P4
OSPF Area 0
Redistribute Redistribute
IGP/Static Into BGP IGP/Static Into BGP

1. Always route towards BGP Next-Hop

2. Routes will be valid on PE Routers
3. Will label switch towards BGP Next-Hop of PE with MPLS enabled

End-to-End BGP and redistribution of routes into OSPF core not necessary!
Multiprotocol BGP (MP-BGP)
Bringing It All Together
Multiprotocol BGP (MP-BGP)
10.1.1.0/24 VPNv4 iBGP Relationship 10.2.1.0/24
Site 1 Next-Hop=CE1 Next-Hop=CE2 Site 2
10.1.1.0/24 10.2.1.0/24
CE1 CE2

10.2.1.0/24
VRF VRF
P1 P2 10.1.1.0/24
Next-Hop=PE1 PE1 Next-Hop=PE2
PE2

P3 P4
OSPF Area 0
Redistribute Redistribute
IGP/Static Into BGP IGP/Static Into BGP

1. PE receives an IPv4 update on a VRF interface (eBGP/OSPF/RIP/EIGRP)

2. PE translates it into VPNv4 address (96-bit address) (64-bit RD + 32 bit IPv4 address)
– Assigns an RT per VRF configuration
– Rewrites next-hop attribute to itself
– Assigns a label based on VRF and/or interface

3. PE sends MP-iBGP update to other PE routers

 Why an RD and VPNv4 Address?
Use Case VPNv4 iBGP Relationship

111:1:10.1.1.0/24
Cust A Site 1 10.1.1.0/24 10.2.1.0/24 Cust A Site 2
111:1:10.2.1.0/24
10.1.1.0/24 10.2.1.0/24
CE1 CE2

VRF A P1 P2 VRF A
PE1 PE2
Cust B Site 1 VRF B VRF B Cust B Site 2
10.1.1.0/24 P3 P4 10.2.1.0/24
CE1 OSPF Area 0 222:1:10.1.1.0/24 CE2
10.1.1.0/24 10.2.1.0/24
222:1:10.2.1.0/24

1. PE routers service multiple customers

2. Once PE redistributes customer routes into MP-BGP, they must be unique
3. RD is prepended to each prefix to make routes unique

VPNv4 prefixes are the combination of a 64-bit RD and a 32-bit IPv4 prefix. VPNv4 prefixes are 96-bits in length
 Why are Route Targets Important?
Use Case VPNv4 iBGP Relationship
VRF A
VRF B
Cust A Site 1 Import 222:1
Import 111:1
Cust A Site 2
Import 333:1
10.1.1.0/24 Export 222:1 10.1.2.0/24
CE1 Import 444:1 CE1
Export 111:1
VRF A P1 P2 VRF B
PE1 PE2
Cust A Site 3 VRF C VRF D Cust A Site 4
VRF C P3 P4
10.1.3.0/24 VRF D 10.1.4.0/24
CE1 Import 111:1 OSPF Area 0 Import 111:1
CE1
Export 333:1
Export 444:1

1. Route Targets dictate which VRF will receive what routes

2. Can be used to allow specific sites access to centralized services
3. Cust A Site 2, Site 3 and Site 4 will not be able to exchange routes with each other

Route Targets are a 64-bit value and are carried in BGP as an extended community
 MPLS VPN and MP-BGP
Command Line Interface (CLI) Review

Customer 1 CE
VRF VRF-1 P P VRF VRF-1
PE PE CE
EIGRP, OSPF, RIPv2, BGP, Static
VPN Backbone IGP
CE P CE
Customer 2 VRF VRF-2
P
VRF VRF-2
VRF Configuration (PE)
! PE Router – Multiple VRFs MP-iBGP – VPNv4
ip vrf VRF-1
MP-iBGP Configuration (PE) Label Exchange
! PE router
rd 65100:10
router bgp 65102
route-target import 65102:10
no bgp default ipv4-unicast
route-target export 65102:10
ip vrf VRF-2 neighbor 2.2.2.2 remote-as 65102

rd 65100:20 !
route-target import 65102:20 address-family vpnv4
route-target export 65102:20 neighbor 2.2.2.2 activate
! neighbor 2.2.2.2 send-community extended
Interface FastEthernet0/1.10 exit-address-family
ip vrf forwarding VRF-1 !
Interface FastEthernet0/1.20 address-family ipv4 vrf VRF-1
ip vrf forwarding VRF-2 redistribute rip
exit-address-family
 MPLS VPN Technology Summary
MPLS VPN Connection Model
Global Address Space
CE
VPN 2 VRF Green P P
PE
PE
EIGRP, OSPF, RIPv2, BGP, Static
VPN Backbone IGP
VPN 1 P P
VRF Blue
CE

MP-iBGP – VPNv4 Label Exchange

CE Routers
 VRF Associates to one or more
interfaces on PE
 Has its own routing table and
forwarding table (CEF)
 VRF has its own instance for the
routing protocol
(static, RIP, BGP, EIGRP, OSPF)
PE Routers P Routers
• P routers are in the core of
• MPLS Edge routers
the MPLS cloud
• MPLS forwarding to P routers
• P routers do not need to run BGP
• IGP/BGP – IP to CE routers
• Do not have knowledge of VPNs
• Distributes VPN information through MP-
BGP to other PE routers with VPNv4 • Switch packets based on labels
addresses, extended community, VPN (swap/pop) not IP
labels

• Push labels onto incoming IP packets

Closing Thoughts

• Break MPLS into smaller, more manageable chunks to accelerate learning

• Leverage current routing protocol knowledge learning PE-CE VRF routing
• MP-BGP and traditional IPv4 BGP configuration is very similar
• If routes are not present on CE routers check route-target import/export,
communities and redistribution between IPv4 VRF address-families under IGP
and BGP
• If routes are present but you are having problems with reachability, check MPLS
configuration
• Remember on PE devices you are living in a VRF world (Ping, Traceroute etc.)
• HAVE FUN !!!!! Remember, it’s a journey not a destination!
MPLS Management
MPLS Embedded Management
• MPLS management capabilities integrated into routers
• IETF standards based + vendor-specific value adds
• MPLS embedded management feature areas
– MPLS SNMP MIBs (Draft, RFC-based + vendor extensions)
– MPLS OAM (Draft, RFC-based + Vendor-specific automation)
– MPLS-aware Net Flow

• MPLS SNMP MIBs

– MPLS LSR, LDP, TE, FRR, and L3VPN MIB
– VRF-aware MIB support

• MPLS OAM
– LSP Ping, Trace, and Multipath (ECMP) Tree Trace
– IP SLA – LSP Health Monitor
LSP Ping

• Feature Functionality
– Enables detailed MPLS data path validation between PE
routers

• Benefits
– Finds MPLS-specific forwarding errors not detected
by regular IP ping operations
– Enables detailed MPLS forwarding trouble shooting not
available by other existing IP connectivity validations tools

• Key CLI Commands

– ping mpls { ipv4 destination-address destination-mask | pseudowire ipv4-address vc-
id vc-id | traffic-eng tunnel-interface tunnel-number }
LSP Trace
• Feature Functionality
– Enables hop-by-hop trouble shooting (fault isolation) along
PE-PE LSP path in MPLS network
• Benefits
– Finds MPLS-specific forwarding failures along PE-PE LSP
path, which can not be detected by regular IP traceroute
operations
• Key CLI Commands
– trace mpls {ipv4 destination-address destination-mask | traffic-
eng tunnel-interface tunnel-number}
LSP Multi-Path (ECMP) Trace
• Feature Functionality
– Enables discovery and hop-by-hop trouble shooting of all
available MPLS (LSP) paths between two PE routers
• Benefits
– Detailed discovery of all MPLS (LSP) paths between PE
routers which can not be detected by regular IP traceroute
operations
• Key CLI Commands
– trace mpls multipath ipv4 destination-address/destination-mask-length
IP SLA – LSP Health Monitor
• Feature Functionality
– Enables automation of LSP ping operation and generation/logging of SNMP
Traps after consecutive MPLS LSP connectivity failures have been detected

• Benefits
– Detailed control over LSP ping probe frequency (primary and secondary
frequency) and event control (e.g., Traps, logging) after MPLS LSP
connectivity failure has been detected
– Automated discovery of remote PE target routers via BGP VPN
next-hop discovery

• Key CLI Commands

– mpls discovery vpn next-hop
– auto ip sla mpls-lsp-monitor [operation-number]
– type echo | pathEcho
– show ip sla mpls-lsp-monitor configuration [operation-number]
– auto ip sla mpls-lsp-monitor schedule
Automated MPLS OAM

IP SLA

CE

IP SLA PE2

MPLS
Network
CE PE1

IP SLA
IP SLA
IP SLA agent
PE50
PE3
Automated LSP pings sent by PE1

Automated LSP pings sent by PE2

CE
Automated LSP pings sent by PE3