Understanding MPLS: Basic MPLS Configuration

Basic Configuration of an MPLS network The configuration of a basic MPLS network is actually very simple and only requires a few basic steps. The requirements of such a network are the following: 1. Enable CEF: CEF is essentially what allows the imposition and disposition of labels in an MPLS network. You must make sure it is enabled globally, as well as on the specific interfaces participating in the MPLS network. How to enable CEF globally and on interfaces will be shown later. When possible enable CEF in distributed mode, which is largely platform dependent. Unfortunately it does not to pertain to the platforms used in this lab. 2. Configure IGP routing protocol: Interior Gateway Protocols are routing protocols such as RIP, IGRP, EIGRP, and OSPF. In this case OSPF was used on all the routers. The configuration of this relevant to the lab will be shown later. IGP routing protocols are needed to populate the routing tables, which CEF operation takes over and label binding ensues. 3. (Optional) Define Label Distribution Protocol: LDP by default is the label distribution protocol. The only other option is TDP, which in the real world is a overwhelming minority, if used at all. The command to manually do this is: router(config)#mpls label protocol {ldp|tdp} 4. (Optional) Assign LDP Router ID: LDP uses the highest IP address on a loopback interface. A loopback interface is a logical interface as opposed to an actual physical interface such as interface gigabit 0/1 of a router. Loopback interfaces are often used as management IPs for telnet sessions, monitoring, or other forms of maintenance or management. If there is no loopback interface defined, the highest IP address on the router becomes the LDP router ID. To force an interface to be an LDP router interface simply type the command: router(config)#mpls ldp router -id [interface type] [number] for example, router(config)#mpls ldp router-id gigabit 0/1 The LDP router ID is important in setting up sessions between MPLS routers to exchange label information. 5. Configure MPLS or Label Forwarding on the Interface: This part of the configuration tells the specific interfaces that they are participating in MPLS or Label Forwarding. The commands to configure this will be shown later. Configuration of the MPLS Devices Mirrored from the previous section, configuration of the actual lab devices will be shows in order of the steps aforementioned. The same exact procedure had to be completed on all routers except for both CEs. 1. Enable CEF Globally on the router: 8.11.PE1(config)#ip cef 1B. Enable CEF on the MPLS participating interfaces: 8.11.PE1(config-f)#ip route-cache cef

2. Configure an IGP protocol on the Router: 8.11.PE1(config)#router ospf 1 8.11.PE1(config-router)#network 10.1.4.0 255.255.255.0 area 0 * The network statements are the networks the loopback IPs are configured for. Directly connected networks are automatically known, loopback interface network addresses are not. 3. Define Label Distribution Protocol: 8.11.PE1(config)#mpls label protocol ldp 4. Assign LDP router ID: *Loopback IPs are used by default, this step was not completed.* 5. Configure MPLS Label Forwarding on the interface: 8.11.PE1(config)#interface GigabitEthernet 0/0 8.11.PE1(config-if)#mpls ip 8.11.PE1(config)#interface GigabitEthernet 0/1 8.11.PE1(config-if)#mpls ip This concludes all the necessary commands needed for basic MPLS operation.

Understanding MPLS: MPLS Architecture

To further understand exactly how MPLS works you must understand how the control plane and data plane compliment each other during the forwarding process in a Label Switch Router. This process is slightly different depending if you are on a PE or P device. Below is a graphic to help illustrate those slight differences.

As you can see from the graph the Label Switch Routers exchange routes with each other, usually by the routing protocols OSPF or EIGRP. This is a standard network layer function. The best routes for the respective networks based on the routing protocols in use are placed in the routing table, this is how standard routing works. Once the routing table is populated, CEF (Cisco Express Forwarding) uses that information to enable MPLS label switching. Simply put, CEF is required to be able to label switch in an MPLS network. CEF has two components, the Forwarding Information Base (FIB) and the adjacency table. The FIB (located in the data plane) is responsible for maintaining next hop IP addresses for all of the routes in the routing table. The adjacency table is responsible for maintaining the layer 2 information for each FIB entry. The adjacency table is responsible for the layer 2 rewrite, and it avoids the need for an ARP request for each IP address lookup. Basically CEF binds the next hop

address for a specific network to a physical interface mac address. It relies on recursive updates in and from the routing table to do this. This is essentially what allows layer 3 switching. When you enable MPLS on a router, the routing table is also copied in to a MPLS IP routing control table, which remains in the control plane. Adjacent to this is the Label Information Base (LIB, also referred to as Tag Information Base as shown in the picture) which is where the MPLS labels exist. The MPLS IP routing control table is what actually binds labels from the LIB to the IP routes in the IP routing table. The MPLS IP routing and control table is also where the label distribution protocol lives. Said protocol, like Label Distribution Protocol (LDP), shares the locally significant label to IP route bindings with other LSRs in the network. This makes the creation of virtual circuits via label stacks possible. Label stacks are used in MPLS applications such as Traffic Engineering and VPN implementation. MPLS IP routing and control information is also copied in to the FIB and the TFIB/LFIB (Tag or Label Forwarding Information Base). The difference between these two tables (FIB and TFIB/LFIB) is in their purpose in the forwarding of data. What is not shown is a logic block that exists in between the FIB and TFIB/LFIB. This block is where label lookup occurs and the decision to remove the label from the packet for forwarding, or replace the label with the locally significant label for forwarding occurs. This is applicable when a labeled packet is received. Since the packet is labeled it goes to the TFIB, there is usually an arrow pointing up to the FIB (denoting the logic process) but not in this particular diagram. If the label was removed it would be sent to the FIB for appropriate forwarding. The MPLS Edge router has the most intricate architecture because it must be able to forward data on to and off of the MPLS network, to and from the customer. An understanding of basic MPLS architecture is paramount to understanding the configuration of MPLS devices in your network.

Hacking a Cisco Router (Password Recovery)

Ever wonder what to do if you forget your password to your router? Ever wonder why physical security is so important for networking equipment? Do you wonder how people an break in to, or hack in to a router? This Cisco Password Recovery Document shows you how to do such on every device they make. Look below to find out how! Step-by-Step Procedure Follow these steps in order to recover your password: Attach a terminal or PC with terminal emulation to the console port of the router. Use these terminal settings: 9600 baud rate No parity 8 data bits 1 stop bit No flow control

If you can access the router, type show version at the prompt, and record the configuration register setting. See Example of Password Recovery Procedure in order to view the output of a show version command Note: The configuration register is usually set to 02102 or 0102. If you can no longer access the router (because of a lost login or TACACS password), you can safely assume that your configuration register is set to 02102. Use the power switch in order to turn off the router, and then turn the router back on. Press Break on the terminal keyboard within 60 seconds of power up in order to put the router into ROMMON. If the break sequence does not work, refer to Standard Break Key Sequence Combinations During Password Recovery for other key combinations. Type confreg 02142 at the rommon 1> prompt in order to boot from Flash. This step bypasses the startup configuration where the passwords are stored. Type reset at the rommon 2> prompt. The router reboots, but ignores the saved configuration. Type no after each setup question, or press Ctrl-C in order to skip the initial setup procedure. Type enable at the Router> prompt. You are in enable mode and should see the Router# prompt. Type configure memory or copy startup-config running-config in order to copy the nonvolatile RAM (NVRAM) into memory. Important: Do not type copy running-config startup-config or write. These commands erase your startup configuration. Type show running-config. **The show running-config command shows the configuration of the router. In this configuration, the shutdown command appears under all interfaces, which indicates all interfaces are currently shut down. In addition, the passwords (enable password, enable secret, vty, console passwords) are in either an encrypted or unencrypted format. You can reuse unencrypted passwords. You must change encrypted passwords to a new password.** Type configure terminal. The hostname(config)# prompt appears. Type enable secret in order to change the enable secret password. For example: hostname(config)#enable secret cisco Issue the no shutdown command on every interface that you use. If you issue a show ip interface brief command, every interface that you want to use should display up up. Type config-register . Where configuration_register_setting is either the value you recorded in step 2 or 02102 . For example: hostname(config)#config-register 02102 Press Ctrl-z or end in order to leave the configuration mode.

The hostname# prompt appears. Type write memory or copy running-config startup-config in order to commit the changes. **Example of Password Recovery Procedure** This section provides an example of the password recovery procedure. This example was created with a Cisco 2600 Series Router. Even if you do not use a Cisco 2600 Series Router, this output provides an example of what you should experience on your product. Router>enable Password: Password: Password: % Bad secrets Router>show version Cisco Internetwork Operating System Software IOS C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2) Copyright (c) 1986-1999 by cisco Systems, Inc. Compiled Tue 07-Dec-99 02:21 by phanguye Image text-base: 080008088, data-base: 080C524F8 ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1) Router uptime is 3 minutes System returned to ROM by abort at PC 0802D0B60 System image file is flash:c2600-is-mz.120-7.T cisco 2611 (MPC860) processor (revision 0202) with 26624K/6144K bytes of memory. Processor board ID JAB031202NK (3878188963) M860 processor: part number 0, mask 49 Bridging software. X.25 software, Version 3.0.0. Basic Rate ISDN software, Version 1.1. 2 Ethernet/IEEE 802.3 interface(s) 2 Serial(sync/async) network interface(s) 1 ISDN Basic Rate interface(s) 32K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash partition 1 (Read/Write) 8192K bytes of processor board System flash partition 2 (Read/Write) Configuration register is 02102 Router> ! The router was just powercycled, and during bootup a ! break sequence was sent to the router. ! *** System received an abort due to Break Key ***

signal= 03, code= 0500, context= 0813ac158 PC = 0802d0b60, Vector = 0500, SP = 080006030 rommon 1 > confreg 02142 You must reset or power cycle for new config to take effect rommon 2 > reset System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1) Copyright (c) 1999 by cisco Systems, Inc. TAC:Home:SW:IOS:Specials for info C2600 platform with 32768 Kbytes of main memory program load complete, entry point: 080008000, size: 06fdb4c Self decompressing the image : ############################### ############################################################## ############################################################## ############################################################## ############################### [OK] Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco Internetwork Operating System Software IOS C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2) Copyright (c) 1986-1999 by cisco Systems, Inc. Compiled Tue 07-Dec-99 02:21 by phanguye Image text-base: 080008088, data-base: 080C524F8 cisco 2611 (MPC860) processor (revision 0202) with 26624K/6144K bytes of memory. Processor board ID JAB031202NK (3878188963) M860 processor: part number 0, mask 49 Bridging software. X.25 software, Version 3.0.0. Basic Rate ISDN software, Version 1.1. 2 Ethernet/IEEE 802.3 interface(s) 2 Serial(sync/async) network interface(s) 1 ISDN Basic Rate interface(s) 32K bytes of non-volatile configuration memory.

8192K bytes of processor board System flash partition 1 (Read/Write) 8192K bytes of processor board System flash partition 2 (Read/Write) System Configuration Dialog Would you like to enter the initial configuration dialog? [yes/no]: n Press RETURN to get started! 00:00:19: %LINK-3-UPDOWN: Interface BRI0/0, changed state to up 00:00:19: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up 00:00:19: %LINK-3-UPDOWN: Interface Ethernet0/1, changed state to up 00:00:19: %LINK-3-UPDOWN: Interface Serial0/0, changed state to down 00:00:19: %LINK-3-UPDOWN: Interface Serial0/1, changed state to down 00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0, changed state to down 00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to up Router> 00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1, changed state to up 00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to down 00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to down 00:00:50: %SYS-5-RESTART: System restarted Cisco Internetwork Operating System Software IOS C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2) Copyright (c) 1986-1999 by cisco Systems, Inc. Compiled Tue 07-Dec-99 02:21 by phanguye 00:00:50: %LINK-5-CHANGED: Interface BRI0/0, changed state to administratively down 00:00:52: %LINK-5-CHANGED: Interface Ethernet0/0, changed state to administratively down 00:00:52: %LINK-5-CHANGED: Interface Serial0/0, changed state to administratively down 00:00:52: %LINK-5-CHANGED: Interface Ethernet0/1, changed state to administratively down 00:00:52: %LINK-5-CHANGED: Interface Serial0/1, changed state to administratively down 00:00:53: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to down 00:00:53: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1, changed state to down

Router> Router>enable Router#copy startup-config running-config Destination filename [running-config]? 1324 bytes copied in 2.35 secs (662 bytes/sec) Router# 00:01:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:1, changed state to down 00:01:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:2, changed state to down Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#enable secret < password> Router(config)#^Z (^Z is the cntrl+Z key together) 00:01:54: %SYS-5-CONFIG_I: Configured from console by console Router#show ip interface brief Interface IP-Address OK? Method Status Protocol Ethernet0/0 10.200.40.37 YES TFTP administratively down down Serial0/0 unassigned YES TFTP administratively down down BRI0/0 193.251.121.157 YES unset administratively down down BRI0/0:1 unassigned YES unset administratively down down BRI0/0:2 unassigned YES unset administratively down down Ethernet0/1 unassigned YES TFTP administratively down down Serial0/1 unassigned YES TFTP administratively down down Loopback0 193.251.121.157 YES TFTP up up Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#interface Ethernet0/0 Router(config-if)#no shutdown Router(config-if)# 00:02:14: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up 00:02:15: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to up Router(config-if)#interface BRI0/0 Router(config-if)#no shutdown Router(config-if)# 00:02:26: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to down 00:02:26: %LINK-3-UPDOWN: Interface BRI0/0:2, changed state to down 00:02:26: %LINK-3-UPDOWN: Interface BRI0/0, changed state to up 00:02:115964116991: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0/0,

TEI 68 changed to up Router(config-if)#^Z Router# 00:02:35: %SYS-5-CONFIG_I: Configured from console by console Router#copy running-config startup-config Destination filename [startup-config]? Building configuration [OK] Router#show version Cisco Internetwork Operating System Software IOS C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2) Copyright (c) 1986-1999 by cisco Systems, Inc. Compiled Tue 07-Dec-99 02:21 by phanguye Image text-base: 080008088, data-base: 080C524F8 ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1) Router uptime is 3 minutes System returned to ROM by abort at PC 0802D0B60 System image file is flash:c2600-is-mz.120-7.T cisco 2611 (MPC860) processor (revision 0202) with 26624K/6144K bytes of memory. Processor board ID JAB031202NK (3878188963) M860 processor: part number 0, mask 49 Bridging software. X.25 software, Version 3.0.0. Basic Rate ISDN software, Version 1.1. 2 Ethernet/IEEE 802.3 interface(s) 2 Serial(sync/async) network interface(s) 1 ISDN Basic Rate interface(s) 32K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash partition 1 (Read/Write) 8192K bytes of processor board System flash partition 2 (Read/Write) Configuration register is 02142 Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#config-register 02102 Router(config)#^Z 00:03:20: %SYS-5-CONFIG_I: Configured from console by console Router#show version Cisco Internetwork Operating System Software IOS C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)

Copyright (c) 1986-1999 by cisco Systems, Inc. Compiled Tue 07-Dec-99 02:21 by phanguye Image text-base: 080008088, data-base: 080C524F8 ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1) Router uptime is 3 minutes System returned to ROM by abort at PC 0802D0B60 System image file is flash:c2600-is-mz.120-7.T cisco 2611 (MPC860) processor (revision 0202) with 26624K/6144K bytes of memory. Processor board ID JAB031202NK (3878188963) M860 processor: part number 0, mask 49 Bridging software. X.25 software, Version 3.0.0. Basic Rate ISDN software, Version 1.1. 2 Ethernet/IEEE 802.3 interface(s) 2 Serial(sync/async) network interface(s) 1 ISDN Basic Rate interface(s) 32K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash partition 1 (Read/Write) 8192K bytes of processor board System flash partition 2 (Read/Write) Configuration register is 02142 (will be 02102 at next reload) Router#

Understanding MPLS: MPLS in Layered Communciations

What is its MPLS place in layered communication? It is a niche all its own with no other competitors, MPLS has a complete monopoly in layered communications. Often referred to as switching at layer 2.5, MPLS uses a shim header that contains information that helps move frames from hop to hop. A shim header is a 32 bit header placed between the layer 2 header, and layer 3 payload as shown in the picture below. In certain applications like MPLS VPN and MPLS TE, the shim header can contain enough information to define a path through an entire network, not just to the next hop. The standard shim header has 4 fields, of which the functions are defined below. The 4 fields are:

Label - 20 bits; This field stores the label value. This value can be between 0 and 2^20th - 1. The first 16 of these labels ( 0 - 15) are exempted from nthey are reserved for specific functions known as label operations. Experimental (EXP) - 3 bits; This field is used specifically for Quality of Service implementation. Bottom of Stack (S) - 1 bit; This identifies if the particular label in the stack is the bottom or top label. This bit is set to 0 unless it is the bottom label in a label stack, if so the bit is set to 1. A stack is a collection of labels on top of the packet. The number of labels you can have (that is, the number of 32 bit fields) on top of a packet is limitless, though you should seldom see a stack of 4 labels or more. Time to Live (TTL) - 8 bits; This field performs the same function as the TTL field found in an IP header. Its main function is to avoid a packet being stuck in a routing loop. If a routing loop occurs and no TTL is present the packet loops forever. If the TTL reaches 0, the packet is discarded.