CCNP2 v50 Mod4 MPLS

Ch.
4 Frame Mode MPLS Implementation

USFQ. Academia de redes Cisco
CCNP 2 v5.0: Implementing Secured Converged Wide-area Networks USFQ. Academia de Redes Cisco Rafael Tenor
Overview
Rafael Tenor
Objectives
Describe Multiprotocol Label Switching (MPLS) features and operation. Compare and contrast 3 Cisco IOS platform IP switching mechanisms. Identify the fields and format of an MPLS label. Describe the purpose of the control and data planes in the MPLS architecture. Describe the function and architecture of Label Switch Routers (LSRs) and Edge LSRs. Describe the steps in label allocation and distribution in a frame mode MPLS network. Describe packet propagation across an MPLS network. Describe Penultimate Hop Popping (PHP) on Edge LSRs. Compare and contrast MPLS networks with PHP and without PHP. Describe VPN implementation models. Compare and contrast VPN overlay VPN models. Describe the benefits and disadvantages of the overlay VPN implementation model. Describe the benefits and disadvantages of the peer-to-peer VPN implementation model. Describe the features of the MPLS VPN architecture. Describe routing in the MPLS VPN architecture. Describe the steps required to configure MPLS. Identify the distribution protocol options when configuring MPLS.
Rafael Tenor 3
What is MPLS?
MPLS: Multiprotocol Label Switching.

Multiprotocol Label Switching (MPLS) fuses the intelligence of routing with the performance of switching. MPLS combines the dynamic capabilities of IP and IP routing with performance of Layer 2 switching and Virtual Circuits.
New WAN technology originally defined in RFC 3031 by:

Cisco Systems Force 10 Networks Juniper networks
Started out as Tag Switching introduced by Ipsilon (now part of Nokia).

Rafael Tenor 4
What is Frame Mode MPLS?

Frame Mode MPLS denotes the use of MPLS with other than ATM
frame-based encapsulated interfaces.
ATM uses cell mode MPLS. ATM MPLS has a unique set of requirements due to its fixed cell length.
Rafael Tenor
Traditional WAN connections

Hub and Spoke

Most commonly used model. Cost effective minimizing number of circuits.
Partial Mesh
Allows for the cost effectiveness of hub and spoke, but also allows critical sites to have point-to-point connections.
Full Mesh
Need advantages of point-to-point links throughout topology. Circuits = n (n-1) / 2 n = number of sites. 435 circuits = 30 (30-1)/2
Rafael Tenor 6
Advantages of point-to-point circuits

Less latency More control Better performance
Rafael Tenor
What is the problem MPLS is trying to solve?

Layer 3 End-to-end circuits.
Advantages: IP routing -automatic path setup, best path and backup paths-. Provides QoS. Disadvantages: Latency in hop-by-hop Layer 3 lookup. Latency in routing switching packet forwarding process.
Layer 2 End-to-end circuits (ATM, Frame Relay).

Advantages: Circuits (SVC or PVC) are pre-established at switches. Less latency, switched only - no Layer 3 lookups. Disadvantages: Circuits difficult to manage - must use management software or human configuration. QoS and SLAs are individually managed.
Rafael Tenor 8
MPLS WAN Connectivity

MPLS extends Layer 3 natively between sites. The MPLS network although owned by a service provider is an
extension of the enterprise network.
MPLS network is like a single router with multiple interfaces. MPLS network:
Converges dynamically. Supports multiple routing protocols. Honors QoS traffic tags and policies.
MPLS requires only a single connection to providers MPLS network.

Rafael Tenor 9
MPLS Terminology
Ingress Edge LSR:
Handles packets entering MPLS domain Customer A Non-MPLS
Label Switch Path (LSP)
Egress Edge LSR:

Handles packets leaving MPLS domain Customer A Non-MPLS PE
Label Switch Router (LSR) or P (Provider) router Customer B Non-MPLS
MPLS domain A contiguous set of nodes performing MPLS routing and forwarding. These are typically in one routing or administrative domain. MPLS Node A node running MPLS. An MPLS node is aware of MPLS control protocols, operates one or more Layer 3 routing protocols, and is capable of forwarding packets based on labels. Label Switching Router (LSR) An MPLS node that is capable of forwarding labeled packets. Label A short, fixed-length, physically contiguous identifier used to identify a group of networks sharing a common destination, usually of local significance.
Rafael Tenor 10
MPLS Terminology
Ingress Edge LSR:
Handles packets entering MPLS domain Customer A Non-MPLS
Label Switch Path (LSP)
Egress Edge LSR:

Handles packets leaving MPLS domain Customer A Non-MPLS PE
Label Switch Router (LSR) or P (Provider) router Customer B Non-MPLS
MPLS Edge Node An MPLS node that connects to a neighboring node outside the MPLS network. MPLS Ingress Node An MPLS node that handles traffic entering an MPLS domain. MPLS Egress Node An MPLS node that handles traffic leaving an MPLS domain.
Rafael Tenor 11
MPLS Features
MPLS is a switching mechanism. An MPLS node is aware of MPLS control protocols, operates one or
more Layer 3 routing protocols, and is capable of forwarding packets based on labels. Optimally, an MPLS node can also forward native Layer 3 packets.
Rafael Tenor 12
MPLS Features
Traditional Routing.
Router receives packet. Makes a forwarding decision based on Layer 3 information. Destination address matches longest match prefix entry in the routing table. Layer 2 encapsulation is determined. Layer 2 address (eg ARP) is resolved. Performs a path switch. Dispatches the packet to the next-hop router. Process repeats itself Every router along the path examines the packet.
Rafael Tenor 13
MPLS Features
MPLS philosophy: Layer 3 header contains significantly more

information than is necessary to forward the packet.
MPLS underlying routing process:

Sort entire sets of possible packets in classes based on the destination address of each known as Forwarding Equivalence Classes (FEC). FEC Different packets that need to be forwarded to the same next-hop (or along the same MPLS path). Map each FEC to a next-hop address.
Rafael Tenor
14
MPLS Features
MPLS. Only one examination of the packet, only one assignment to the FEC. Done at the MPLS ingress node.
FEC. Encoded as a short, fixed-length value known as a label. Could be based on: Destination address. Egress LSR. CoS (Class of Service).
Label Switch Path (LSP). The path through one or more LSRs at one level of the hierarchy followed by a packet in a particular path.
Rafael Tenor
15
MPLS Features
Labels usually correspond to destination networks (~ Layer 3 routing). Labels can also correspond to:
Layer 3 VPN destination. Layer 2 virtual circuit. Egress interface. QoS. Source address.
MPLS designed to forward any type of Layer 3 packet, but IPv4 and IPv6
is at the forefront.
Rafael Tenor 16
Label Format
Field 20-bit label 3-bit experimental (EXP) field 1-bit bottom-of-stack indicator
Description The actual label. Values 0 to 15 are reserved. Undefined in the RFC. Used by Cisco to define a class of service (CoS) (IP precedence). MPLS allows multiple labels to be inserted. The bottom-ofstack bit determines if this label is the last label in the packet. If this bit is set (1), the setting indicates that this label is the last label.
8-bit Time to Live (TTL) field Has the same purpose as the TTL field in the IP header.
Rafael Tenor
17
Label Stack
Some times more than one label is used:

MPLS VPNs: Multiprotocol BGP (MP-BGP) is used to propagate a second label that identifies the VPN in addition to the label that is propagated by Label Distribution Protocol (LDP) to identify the path. MPLS Traffic Engineering (MPLS TE): Uses Resource Reservation Protocol (RSVP) to establish label switched path (LSP) tunnels. RSVP propagates labels that are used to identify the tunnel LSP. This label is in addition to the label that is propagated by LDP to identify the underlying LSP. MPLS VPNs combined with MPLS TE: Three or more labels are used to identify the VPN, tunnel LSP, and the underlying LSP.
Rafael Tenor 18
Label Stack
A label does not contain any information about the Layer 3 protocol that is being carried in a packet. For Layer-2 protocols that have TYPE or PID fields new values indicate the MPLS-enabled Layer-3 protocol. Unlabeled IP unicast: PID = 0x0800 identifies that the frame payload is a classic unicast IP packet. Labeled IP unicast: PID = 0x8847 identifies that the frame payload is a unicast IP packet with at least one label preceding the IP header. Labeled IP multicast: PID = 0x8848 identifies that the frame payload is a multicast IP packet with at least one label preceding the IP header.
Rafael Tenor 19
MPLS Features
Packets are labeled prior to be forwarded at Ingress edge LSR. After ingress node, there is no routing table lookup. At each non-edge LSR the label is removed and a new label added at
each hop.
Only edge LSRs perform routing table lookups. Non-edge LSRs perform forwarding process based only on the label, not
Layer 3 information.
Decreases latency faster packet forwarding. Final edge LSR (egress LSR):
Pops (removes) the label from the packet. Performs a new routing table lookup to forward the packet.
Rafael Tenor 20
MPLS Features
Rafael Tenor
21
LDP
MPLS does add overhead with additional communications between routers. Label distribution is performed by LDP (Label Distribution Protocol). Note: Other methodologies are being explored for label distribution. There were 2 ways to propagate labels: Extend functionality of existing routing protocols. Create a new protocol specifically for label exchange (IETF approach).
In MPLS the LSR assigns a particular label to a particular FEC. The downstream LSR informs the upstream LSR of its label for that FEC. LSRs know their neighbors through the IP routing protocol. Neighbors: R1 is downstream neighbor of R2. R2 is the downstream neighbor of R3. Labels are downstream assigned because routes entries come from the downstream side.
Rafael Tenor 22
LDP
LDP is similar to traditional routing. Exception: the packet is predestined to arrive at its appropriate end). Great efficiency, less latency. Assuming traffic flows in both directions, label will propagate in both
directions.
Split horizon applies to LDP

An LSR will never advertise a label to a neighbor from whom it was learned.
Two routers that are label distribution peers are said to have a label
distribution adjacency between them.
Rafael Tenor
23
An Example
Rafael Tenor
24
R1
The bottom non-MPLS (customer) router has networks 192.1.1.0 /24,
192.1.2.0 /24 somewhere out the FastEthernet 0/0 interface. Directly connected or learned from another router. The table to the right is the routing table, which tracks the routing prefix, the outgoing interface, next hop router, and perhaps other information. R1 advertises these networks to R2 and the rest of the domain via a dynamic routing protocols such as OSPF.
25
Rafael Tenor
R2
Using LDP, LSR R2 selects a free (unused) label 5, and advertises it to the upstream neighbor. (This is usually a reserved label.) The hyphen in the Out column is intended to note that all labels are to be popped (removed) in forwarding to the non-LSR below. Thus, a frame received on Serial 1 with label 5 is to be forwarded out Serial 0
Rafael Tenor
with no label.
26
R3
Rafael Tenor
LSR R3 has learned routes to the two prefixes we' tracking. re R3 advertises the routes upstream. When LDP information is received, R3 records use of label 5 on outgoing interface Serial 0 for the two prefixes we' tracking. re R3 then allocates label 17 on Serial 1 for this FEC, and uses LDP to communicate this to the upstream LSR. Thus, when label 17 is received on Serial 1, it is replaced with label 5 and the frame sent out Serial 0.
27
R4
Rafael Tenor
LSR R4 has learned routes to the two prefixes we' tracking. re R4 advertises the routes upstream. When LDP information is received, R4 records use of label 17 on outgoing interface Serial 0 for the two prefixes we' tracking. re R4 then allocates label 94 on Serial 1 for this FEC, and uses LDP to communicate this to the upstream LSR. Thus, when label 94 is received on Serial 1, it is replaced with label 17 and the frame sent out Serial 0.
28
R5
Rafael Tenor
LSR R5 has learned routes to the two prefixes we' tracking. re When LDP information is received, R5 records use of label 94 on outgoing interface Serial 0 for the two prefixes we' tracking. re Note that there will be no labels sent by the top Ingress Edge LSR. Thus, when receives an IP packet destined for one of these two prefixes, a label of 94 is added and the frame sent out Serial 0. The red arrows shows the Label Switch Path (LSP) that has now been established.
29
R6 Layer 3 Routed
R5 MPLS Switched
94
R4 MPLS Switched
94 17
R3 MPLS Switched
17 5
R1 Layer 3 Routed
Note: Label allocation, label imposing, label R2 MPLS Switched (popped)

5
swapping, and label popping usually happen in the service provider network, not the customer (enterprise) network. Customer routers never see a label.
Rafael Tenor
30
Switching Mechanisms
Rafael Tenor
31
Router Switching Mechanisms

Process switching.
Each packet processed individually. Full routing table lookup performed on each packet. Slowest and most resource-intensive method.
Fast switching.
First packet is process switched and an entry place in fast-switching cache. Packets with the same destination IP address bypass routing table using fast-switching cache. (Ages out after 60 seconds).
CEF, Cisco Express Forwarding.

Rafael Tenor 32
CEF
Routing Table
Makes use of FIB (Forwarding Information Base). When a change occurs to the routing table, the FIB is updated. Adjacency table for Layer 2 next-hop and encapsulation information. Adjacencies are linked to the FIB, no need for ARP requests. Enabling CEF on Internet facing interfaces can be resource intensive: Over 200,000 routes. Processing and memory intensive.
Rafael Tenor 33
Control and Data Planes

LSRs funtion at both the control and data planes. Control plane: Exchange of routing information/updates. Traditional routing functions associated with routing protocol operations. Data plane or Forwarding plane: Where the actual forwarding occurs. MPLS. This is done solely based on labels. LSR. Maintains converged routing table but usually not engaged for packet forwarding. Maintains routing table to ensure the FIB is up to date with the most current information so that labels can be properly assigned and packets can be dispatched.
Rafael Tenor 34
MPLS Architecture
FIB (Forwarding Information Base):
Copy of Routing Table, including labels for MPLS interfaces. Used to: Forward Layer 3 packets (non-MPLS). Will add the label for outgoing MPLS interface. Populate LFIB (MPLS packets). Labels learned via LDP are stored and bound to interfaces. Used to populate LFIB. Locally assigned and locally significant labels are stored in LIB. LSR announces its assigned labels to its adjacent peers. Peers use received label information to associate next-hop label information with network destinations. Label Routing table. Contains IP forwarding information from FIB. Contains label information from LIB.
LIB (Label Information Base):
LFIB (Label Forwarding Information Base):
Rafael Tenor
35
MPLS Architecture
Control plane
routing protocols database IP routing table (RIB) Label Information Base (LIB)
Label bindings learned via LDP from other routers Routing updates from other routers
Data plane
Incoming IP Packet
IP forwarding table (FIB) Label forwarding table (LFIB)

Outgoing MPLS/IP Packet
Incoming MPLS Packet
Population of RIB/FIB/LIB/LFIB in an MPLS router

Rafael Tenor 36
Control Plane Components Example

Information from control plane is sent to the data plane.

Rafael Tenor 37
Label Allocation
Label allocation and distribution in a frame mode MPLS network follows these steps: 1. IP routing protocols build the IP routing table. 2. Each LSR independently assigns a label to every destination in the IP routing table. 3. LSRs announce their assigned labels to all other LSRs. 4. Every LSR builds LIB, LFIB, and FIB data structures based on the received labels.
Note: Label allocation, label imposing, label swapping, and label popping usually happen in the service provider network, not the customer (enterprise) network. Customer routers never see a label.
Rafael Tenor
38
Label Switch Routers: Architecture of LSRs

LSRs, regardless of the type, perform these functions:
Exchange routing information Exchange labels Forward packets or cells First 2 functions: control plane. Last function: data plane.
Rafael Tenor
39
LSRs: Exchanging Routing updates

Out In Address Out Label Iface Label Prefix
128.89 171.69
1 1
128.89 171.69
0 1
128.89
0 1 0
128.89
You Can Reach 128.89 and 171.69 Thru Me
You Can Reach 128.89 Thru Me

1
Routing Updates (OSPF, EIGRP, )

Rafael Tenor
You Can Reach 171.69 Thru Me
171.69
40
LSRs: Exchanging and Assigning Labels

128.89 171.69
1 1
4 5
4 5
128.89 171.69
0 1
9 7
128.89
0 1 0
128.89
Use Label 9 for 128.89 Use Label 4 for 128.89 and Use Label 5 for 171.69
1
Label Distribution Protocol
Use Label 7 for 171.69
171.69
In Label is the local label generated by the LSR. Out Label is the remote label advertised by the adjacent LSR (the IGP next hop).
Rafael Tenor 41
LSRs: Forwarding Packets

128.89
171.69
1 1
4 5
4
5
128.89 171.69
0 1
9 7
128.89
0 1 0
128.89 Data
128.89.25.4
128.89.25.4
Data
128.89.25.4 Data
128.89.25.4
Data
Label imposition of 4
Rafael Tenor
Label swapping 4->9
Label Popping
42
FIB, LIB and LFIB Tables on Router B

An IGP populates the routing tables in all routers. The LDP propagates labels for these networks. The LDP adds labels into the FIB and LFIB tables. The LFIB table is also populated with an action: swap a label, remove the label (un-tag), add an outgoing label, or to pop the label.
Rafael Tenor 43
Packet Propagation Across an MPLS Network

Rafael Tenor
44
MPLS Labels: Penultimate Hop Popping

LSR prior to the destination edge router pops the label before sending the packet to the final edge LSR. The egress LSR requests the popping through the label distribution protocol (Egress LSR advertises implicit-null label). One lookup is saved in the egress LSR.
45
Rafael Tenor
Example : Penultimate Hop Popping

USFQ. Academia de redes Cisco Address Prefix and mask 171.68.10/24 171.68.44/24 ... 171.68/16 In I/F 0 ... In Lab ... Address Prefix 171.68/16 Out I/F 1 Out Lab 4 ... In I/F 0 ... In Lab 4 ... Address Prefix 171.68/16 Out I/F 1 Out Lab pop Next-Hop 171.68.9.1 171.68.12.1 ... Interface Serial1 Serial2 Null
Next-Hop ... ...
Next-Hop... ...
1 0
Egress LSR
0 1 2
Use label 4 for FEC 171.68/16
Use label implicit-null for FEC 171.68/16

171.68.44/24
Summary route is propagate through the IGP and label is assigned by each LSR
Egress LSR summarises more specific routes and advertises a label for the new FEC
171.68.10/24
Egress LSR needs to do an IP lookup for finding more specific route. Egress LSR does NOT need to receive a labelled packet.
label will have to be popped anyway.
Rafael Tenor 46
Example : Penultimate Hop Popping (contd.)

USFQ. Academia de redes Cisco In I/F 0 ... In Lab ... Address Prefix 171.68/16 Out I/F 1 Out Lab 4 ... Address Prefix and mask 171.68.10/24 171.68.44/24 171.68/16 In I/F 0 ... In Lab 4 ... Address Prefix 171.68/16 Out I/F 2 Out Lab pop ... Next-Hop 171.68.9.1 171.68.12.1 ... Interface Serial1 Serial2 Null
Next-Hop... ...
Next-Hop... ...
1 Label = 4
Egress LSR
1 0
IP packet D=171.68.10.15
IP packet D=171.68.10.15
IP packet D=171.68.10.15
IP packet D=171.68.10.1 5
171.68.44/24
171.68.10/24
IP packet enters the MPLS network Ingress LSR assign a label and forward the packet
Packet is MPLS forwarded, label is removed Packet arrives without the label at the egress LSR. Egress LSR only needs to do an IP lookup to match more specific routes
Rafael Tenor
47
Penultimate Hop Popping (PHP)

PHP optimizes MPLS performance by reducing the load on Edge LSRs. The Edge LSR advertises a pop or implicit null label (value of 3) to a neighbor. The pop tells the neighbor to use PHP.
Rafael Tenor 48
MPLS Without PHP

A double lookup is required.

Rafael Tenor 49
MPLS with PHP

A label is removed on the router that is located before the last hop within an MPLS domain (the penultimate router).
Rafael Tenor 50
MPLS VPN
Rafael Tenor
51
MPLS VPN Architecture

To understand MPLS-VPN it is important to understand the problem.

Rafael Tenor 52
VPN Architecture
MPLS VPNs are a Layer 3 WAN solution to an age-old Layer 2 WAN problem: To provide any-to-any connectivity among sites in a cost efficient manner.
With MPLS you can have a Layer 3 fully meshed network. VPNs allow the use of a shared infrastructure offered by a service provider to implement private networks (Most people think IPsec). Degree of security is subjective up to negotiation. Does not necessary mean confidentiality and/or integrity. Note: Best practice is to include IPsec over an MPLS VPN network, but this is not required to have an MPLS VPN network.
Rafael Tenor 53
VPN Taxonomy
Overlay VPNs. Peer-to-peer VPNs.

Rafael Tenor 54
Peer-to-Peer VPNs
Peer-to-peer VPN mean the connection to and sharing of routing
information with the SP facilities. Allows the WAN to be Layer 3 aware rather than just a Layer 3 transport. The next-hop addresses are those of the PE router. Once the routes are learned by the PE, they are redistributed into the providers BGP table.
55
Rafael Tenor
Peer-to-Peer VPNs
Although the local loop has not changed, the essence of the network has. The provider is now part of the customer routing infrastructure. The network is more flexible and resilient because it is an extension of the customers routing infrastructure. Each customers routing information is kept securely separate from every other customers routing information.
Rafael Tenor 56
VPN Drawbacks
Chief benefit is also greatest drawback provider is involved in
customer routing process. Customer must place additional trust in the SP to properly configure and maintain their routing infrastructure. True Redundancy: At critical sites with redundant routers care should be taken to ensure that both circuits do not end up on the same PE router. No routing loops: Also, necessary to ensure that routes advertised via one circuit are not redistributed out to the PE and then back in via the redundant circuit to the CE.
57
Rafael Tenor
MPLS VPN: Control Plane
Rafael Tenor
58
Propagation of Routing Information

Question:
How will PE routers exchange customer routing information?
Rafael Tenor
59

Question:
Answer #1: Run a dedicated Interior Gateway Protocol (IGP) for each customer across the P-network.
Rafael Tenor
60

Question:
Answer #1: Run a dedicated Interior Gateway Protocol (IGP) for each customer across the P-network. This is the wrong answer for the following reasons: The solution does not scale. P routers carry all customer routes.
Rafael Tenor 61

Question:
Rafael Tenor
62

Question:
Answer #2: Run a single routing protocol that will carry all customer routes inside the provider backbone.
Rafael Tenor
63

Question:
Answer #2: Run a single routing protocol that will carry all customer routes inside the provider backbone. Better answer, but still not good enough: P routers carry all customer routes.
Rafael Tenor 64

Question:
Rafael Tenor
65

Question:
Answer #3: Run a single routing protocol that will carry all customer routes
between PE routers.
Rafael Tenor
66

Question: How will PE routers exchange customer routing information? Answer #3: Run a single routing protocol that will carry all customer routes
between PE routers.
The best answer:

P routers do not carry customer routes; the solution is scalable.
Rafael Tenor 67
Propagation Routing Information

Question: Which protocol can be used to carry customer routes between PE routers?
Rafael Tenor
68

Question: Which protocol can be used to carry customer routes between PE routers? Answer: The number of customer routes can be very large. BGP is the only routing protocol that can scale to a very large number of routes.
69
Rafael Tenor

Question: Which protocol can be used to carry customer routes between PE routers? Answer: The number of customer routes can be very large. BGP is the only routing protocol that can scale to a very large number of routes.
Conclusion: BGP is used to exchange customer routes directly between PE routers.

Rafael Tenor 70

Question: How will information about the overlapping subnets of two customers be propagated via a single routing protocol?
Rafael Tenor
71

Question: How will information about the overlapping subnets of two customers be propagated via a single routing protocol? Answer: Extend the customer addresses to make them unique.
Rafael Tenor
72
Route Distinguishers
The 64-bit route distinguisher (RD) is prepended (front) to an IPv4

address to make it globally unique.
Allows for multiple customers (if not all) to use RFC 1918 addresses. The resulting address is a VPNv4 address. VPNv4 addresses are exchanged between PE routers via BGP.
BGP that supports address families other than IPv4 addresses is called Multiprotocol BGP (MP-BGP). Creates a 96 bit address.
Rafael Tenor 73
MPLS-VPN Technology: Control Plane

Lets Discuss: Route Distinguisher (RD); VPNv4 route. Route Target (RT). Label.
Rafael Tenor 74
MP-BGP Update Components: VPNv4 Address

To convert an IPv4 address into a VPNv4 address, RD is appended to the IPv4 address i.e. 1:1:10.1.1.0. Makes the customers IPv4 route globally unique. Each VRF must be configured with an RD at the PE. RD is what defines the VRF (lets see it later). Although not necessary, having the same RD throughout a VPN is better for operational efficiency.
Rafael Tenor 75
MP-BGP Update Components: Route-Target

Route-target (RT): Identifies the VRF for the received VPNv4 prefix. It is an 8-byte extended community (a BGP attribute). Each VRF is configured with RT(s) at the PE. RT helps to color the prefix.
Rafael Tenor
76
MPLS VPN Control Plane: All Together

USFQ. Academia de redes Cisco MP-iBGP Update: RD:10.1.1.0 Next-Hop=PE-1 RT=Green, Label=100
Site 1
10.1.1.0/24
10.1.1.0/24 Next-Hop=CE-1
3
CE1 PE1
Site 2 CE2 PE2
MPLS Backbone
1. PE1 receives an IPv4 update (eBGP,OSPF,EIGRP). 2. PE1 translates it into VPNv4 address. Assigns an RT per VRF configuration. Rewrites next-hop attribute to itself. Assigns a label based on VRF and/or interface. 3. PE1 sends MP-iBGP update to other PE routers.
Rafael Tenor 77
MPLS VPN Control Plane: All Together

USFQ. Academia de redes Cisco MP-iBGP Update: RD:10.1.1.0 Next-Hop=PE-1 RT=Green, Label=100 10.1.1.0/24 Next-Hop=PE-2
Site 1
10.1.1.0/24
10.1.1.0/24 Next-Hop=CE-1
3
CE1 PE1
Site 2
CE2 PE2
MPLS Backbone
4. PE2 receives and checks whether the RT=green is locally configured within any VRF, if yes, then 5. PE2 translates VPNv4 prefix back into IPv4 prefix, Installs the prefix into the VRF routing table. Updates the VRF CEF table with label=100 for 10.1.1.0/24. Advertise this IPv4 prefix to CE2 (EBGP, OSPF, EIGRP).
Rafael Tenor 78
MPLS VPN: Forwarding Plane
Rafael Tenor
79
VPN Packet Forwarding

Question:
How will the PE routers forward the VPN packets across the MPLS VPN backbone?
Answer #1: They will label the VPN packets with an LDP label for the egress PE router and forward the labeled packets across the MPLS backbone.
Rafael Tenor
80

How will the PE routers forward the VPN packets across the MPLS VPN backbone? Answer #1: They will label the VPN packets with an LDP label for the egress PE router and forward the labeled packets across the MPLS backbone. Results: P routers perform the label switching, and the packet reaches the egress PE router. However, the egress PE router does not know which VRF to use for packet switching, so the packet is dropped (customers may be using RFC 1918 addresses). How about using a label stack?
Rafael Tenor 81
Question:

Question:
How will the PE routers forward the VPN packets across the MPLS VPN backbone?
Answer #2: They will label the VPN packets with a label stack, using: 1. the LDP label for the egress PE router as the top label, and 2. the VPN label assigned by the egress PE router as the second label in the stack.
Rafael Tenor
82

Question:
How will the PE routers forward the VPN packets across the MPLS VPN backbone? Answer #2: They will label the VPN packets with a label stack, using: 1. the LDP label for the egress PE router as the top label, and 2. the VPN label assigned by the egress PE router as the second label in the stack. Result: The P routers perform label switching, and the packet reaches the egress PE router. The egress PE router performs a lookup on the VPN label and forwards the packet toward the CE router.
Rafael Tenor 83
VPN Penultimate Hop Popping

Penultimate hop popping on the LDP label can be performed on the last P router. The egress PE router performs label lookup only on the VPN label, resulting in faster and simpler label lookup. IP lookup is performed only oncein the ingress PE router.
Rafael Tenor 84
VPN Label in MP-iBGP update

8 Bytes 100:1 RD VPNv4
4 Bytes 10.1.1.0 IPv4
8 Bytes 100:5 Route-Target
3 Bytes 286 Label
MP-IBGP update with RD, RT, and Label
Rafael Tenor
85
MPLS-VPN Technology: Forwarding Plane

Site 1
10.1.1.0/24
Site 2 CE1 P
10.1.1.1
P PE2
CE2
10.1.1.1
PE1
100 10.1.1.1
P
10.1.1.1 25
P
100 10.1.1.1
50
100
PE2 imposes TWO labels for each packet going to the VPN destination 10.1.1.1. The top label is LDP learned and derived from an IGP route. Represents LSP to PE address (exit point of a VPN route). The second label (100) is learned via MP-BGP. Corresponds to the VPN address.
Rafael Tenor 86
Example
1. CE red1 advertises the 192.168.4.0/24 prefix to PE A. A CE can use static or dynamic routing (RIP, eBGP, or OSPF) to exchange routes with a PE. CE red1 runs eBGP. CE green2 uses RIPv2. 2. PE A imports the prefixes announced by the CE into the route table for this VPN. If other interfaces on the same PE belong to the same VPN, routes are announced to the local peers. Each VPN has its own routing table.
Rafael Tenor
87
Example
3. PE A uses iBGP to announce reachability for each of its attached customer sites.
PE A has one iBGP session with PE C for the red VPN and another with PE D for the green VPN. PE C imports the routes into the routing table used for the red VPN. PE D imports the routes for the green VPN. The PEs are in a full iBGP mesh and each can run many different VPNs.
Rafael Tenor 88
Example
4. PE C announces the 192.168.4.0 route to CE red2 using RIPv2. A show ip route command on CE red2 will show 192.168.4.0/24 with a next hop of 192.168.2.1, which is the address of PE C. Similarly, CE red1 has an entry for 192.168.3.0 with a next hop of 192.168.1.2. PE As routing table for the red VPN has an entry for 192.168.4.0 through 192.168.1.1 and another entry for 191.168.3.0 with a next hop that points to PE C. This is where the MPLS-VPN magic occurs. PE C announces itself as the next hop for the 192.168.3.0 route. Because this is a BGP route, PE A will use another lookup to find the route and, this time, the next hop will be 10.0.0.2, which is the LSR.
Rafael Tenor 89
Example
5. When traffic must go between sites, the CE forwards IP packets to the PE as it would to any other router. Packet going from CE green1 to CE green2, following this sequence: a. PE A identifies the next hop (PE D) for this packet as a BGP neighbor. b. PE A first imposes a label 22, that will identify the VPN routing table to PE D. This label was advertised by the neighbor, PE D, during the exchange of BGP prefixes.
Rafael Tenor 90
Example
c. The packet must now travel across the MPLS network, so PE A imposes another label 96, that identifies the next-hop LSR on the IGP path to PE D. This label was advertised by the downstream LSR (LSR B) from 10.0.0.2. d. Each LSR in the core swaps labels and forwards the packet as normal toward PE D. The penultimate hop pops the outer label. There is only one hop to the egress LSR, so LSR B removes the outer label.
Rafael Tenor
91
Example
e. PE D uses the remaining label 22, to:
Identify which VPN routing table to use for the packet. Pops the label from the packet.
f. PE D does an IP lookup in the VPN routing table to:
Find the outgoing interface. Forwards the IP packet to CE green2, which will route it to its destination.
Rafael Tenor 92
MPLS Summary
Rafael Tenor
93
MPLS VPN Terminology

Penultimate hop pop (PHP) The final P router in the P network pops
the label prior to the arrival at the egress PE router.
Route distinguisher (RD) A 64 bit identifier prepended to an IPv4

address to make it a globally unique VPNv4 address.
Route target (RT) An atribute appended to a VPNv4 BGP route to

indicate VPN membership.
Virtual routing and forwarding (VRF) table A customer specific

routing table instance.
Rafael Tenor 94
CE Router Architecture
CE router is a router that:

Runs an IGP (OSPF, EIGRP, IS-IS, etc.). Not MPLS aware. Does not participate in MPLS.
Rafael Tenor 95
PE Router
PE router
Similar to a typical PoP. Relatively high end router (Cisco 7200VXR). Each customer is assigned its own RD and VRF table dedicated to maintaining routing information. Routing across backbone is performed by another routing process using a global IP routing table. Single router but runs multiple instances of a routing protocol (IGP) one for each customer. Multiple instances of IGP are redistributed into global routing table.
96
Rafael Tenor
PE Router
Virtual routing and forwarding (VRF) table A customer specific

routing table instance. Provides isolation between customer routers. Information from VRF still exchanged between PE routers. A routing protocol is needed that will allow the transport of all customer routes across the P network while allowing the continued
Rafael Tenor
independence of each customers address space (MP-BGP).
97
PE Router
A single routing protocol is used between PE routers to exchange
customer routes without the involvement of the P routers. (MP-BGP and BGP) The PE routers that connect to a given customer network will be peered to each other and routes will be exchanged. This means the number of routing protocols between PE routers need not increase in proportion to the number of customers served. This also keeps the customer routes out of the P routers. They only need to know about routing within the provider network.
98
Rafael Tenor
P Router
P Router
Do not carry VPN routes. Provide transport for traffic between PEs. Run IGP. Carry only P network routing information in their routing tables. Interface with PE routers to facilitate the transport of BGP peering information to remote PE routers. Participate in LDP.
Rafael Tenor
99
MPLS VPN Connection Model

P PE
P PE
VPN Backbone IGP P P
MP-iBGP Session
PE Routers Edge routers. Use MPLS with P routers. Uses IP with CE routers. Connects to both CE and P routers. Distribute VPN information through MP-BGP to other PE router with VPN-IPv4 addresses, extended community, label.
Rafael Tenor
P Routers P routers are in the core of the MPLS cloud. P routers do not need to run BGP and do not need to have any VPN knowledge. Forward packets by looking at labels. P and PE routers share a common IGP.
100
Separate Routing Tables at PE

VPN 2
CE PE MPLS Backbone IGP (OSPF, ISIS)
EBGP, OSPF, RIPv2, Static CE VPN 1
VRF Routing Table Routing (RIB) and forwarding table (CEF) associated with one or more directly connected sites (CEs). The routes the PE receives from CE routers are installed in the appropriate VRF routing table(s) blue VRF routing table or green VRF routing table.
Rafael Tenor
The Global Routing Table Populated by the IGP within MPLS backbone.
101
MPLS Configuration
Rafael Tenor
102
The Procedure to Configure MPLS

Configure CEF. Configure MPLS on a frame mode interface. (Optional) Configure the MTU size in label switching.
Rafael Tenor
103
Step 1: Configure CEF

To enable MPLS, you must first configure CEF: Configure CEF: Enable CEF switching to create the FIB table. Enable CEF switching on all core interfaces.
Configure MPLS on a frame mode interface. (Optional) Configure the MTU size in label switching.
Rafael Tenor
104
Commands for Configuring CEF

Router(config)#
ip cef [distributed]
Starts CEF switching and creates the FIB table. The distributed keyword configures distributed CEF (running on VIP or line cards). All CEF-capable interfaces run CEF switching.
Router(config-if)#
ip route-cache cef
Enables CEF switching on an interface. Usually not needed.

105
Rafael Tenor
Using the ip cef [distributed] Parameter

The optional [distributed] parameter enables dCEF. The line cards

perform express forwarding.
Consider the following:

CEF is enabled by default only on these platforms: Cisco 7100 series router. Cisco 7200 series router. Cisco 7500 series Internet router. Distributed CEF is enabled on the Cisco 6500 series router. Distributed CEF is enabled on the Cisco 12000 series Internet router.
Rafael Tenor 106
Monitoring IP CEF
Router#
show ip cef detail
Displays a summary of the FIB

Router#show ip cef detail IP CEF with switching (Table Version 6), flags=0x0 6 routes, 0 reresolve, 0 unresolved (0 old, 0 new) 9 leaves, 11 nodes, 12556 bytes, 9 inserts, 0 invalidations 0 load sharing elements, 0 bytes, 0 references 2 CEF resets, 0 revisions of existing leaves refcounts: 543 leaf, 544 node Adjacency Table has 4 adjacencies 0.0.0.0/32, version 0, receive 192.168.3.1/32, version 3, cached adjacency to Serial0/0.10 0 packets, 0 bytes tag information set local tag: 28 fast tag rewrite with Se0/0.10, point2point, tags imposed: {28} via 192.168.3.10, Serial0/0.10, 0 dependencies next hop 192.168.3.10, Serial0/0.10 valid cached adjacency tag rewrite with Se0/0.10, point2point, tags imposed: {28}
Rafael Tenor 107
Using show ip cef Parameters

Parameter Unresolved Summary Network
Description (Optional) Displays unresolved FIB entries (Optional) Displays a summary of the FIB (Optional) Displays the FIB entry for the specified destination network
Mask
(Optional) Displays the FIB entry for the specified destination network and mask
Longer-prefixes
(Optional) Displays the FIB entries for all the specific destinations
Detail type number

Rafael Tenor
(Optional) Displays detailed FIB entry information (Optional) Lists the interface type and number for which to display FIB entries
108
Step 2: Configure MPLS on Frame Mode Interface

Configure CEF. Configure MPLS on a frame mode interface: Enable label switching on a frame mode interface. Start LDP or TDP label distribution protocol.
(Optional) Configure the MTU size in label switching.
Rafael Tenor
109
Configuring MPLS on a Frame Mode Interface

Router(config-if)#
mpls ip
Enables label switching on a frame mode interface. Starts LDP on the interface.
Router(config-if)#
mpls label protocol [tdp | ldp | both]
Starts selected label distribution protocol on the specified interface. LDP is the default on Cisco IOS 12.4(3) and later.
110
Rafael Tenor
Example 1
Rafael Tenor
111
Example 2
Rafael Tenor
112
Step 3: Configure the MTU Size

Configure CEF. Configure MPLS on a frame mode interface. Configure the MTU size in label switching: Increase MTU on LAN interfaces.
Rafael Tenor
113
Commands for Configuring MTU Size

Router(config-if)#
mpls mtu bytes
Label switching increases the MTU requirements on an interface because of additional label header. Interface MTU is automatically increased on WAN interfaces; IP MTU is automatically decreased on LAN interfaces.
Label-switching MTU can be increased on LAN interfaces (resulting in jumbo frames) to prevent IP fragmentation.
Rafael Tenor
114
Configuring Label Switching MTU

Rafael Tenor
115
Labs
4.1 Configuring Frame Mode MPLS. 4.2 Challenge Lab: Implementing MPLS VPNs (Optional).
Rafael Tenor
116
Ch.4 Frame Mode MPLS Implementation

CCNP 2 v5.0: Implementing Secured Converged Wide-area Networks USFQ. Academia de Redes Cisco Rafael Tenor

CCNP2 v50 Mod4 MPLS

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CCNP2 v50 Mod4 MPLS

Uploaded by

Copyright:

Available Formats

Ch.

4 Frame Mode MPLS Implementation

MPLS: Multiprotocol Label Switching.

New WAN technology originally defined in RFC 3031 by:

Started out as Tag Switching introduced by Ipsilon (now part of Nokia).

What is Frame Mode MPLS?

Traditional WAN connections

Hub and Spoke

Advantages of point-to-point circuits

Less latency More control Better performance

What is the problem MPLS is trying to solve?

Layer 2 End-to-end circuits (ATM, Frame Relay).

MPLS WAN Connectivity

MPLS requires only a single connection to providers MPLS network.

Label Switch Path (LSP)

Egress Edge LSR:

Label Switch Router (LSR) or P (Provider) router Customer B Non-MPLS

Label Switch Path (LSP)

Egress Edge LSR:

Label Switch Router (LSR) or P (Provider) router Customer B Non-MPLS

MPLS philosophy: Layer 3 header contains significantly more

MPLS underlying routing process:

Some times more than one label is used:

Split horizon applies to LDP

The bottom non-MPLS (customer) router has networks 192.1.1.0 /24,

USFQ. Academia de redes Cisco

Note: Label allocation, label imposing, label R2 MPLS Switched (popped)

USFQ. Academia de redes Cisco

Router Switching Mechanisms

CEF, Cisco Express Forwarding.

Control and Data Planes

LIB (Label Information Base):

LFIB (Label Forwarding Information Base):

IP forwarding table (FIB) Label forwarding table (LFIB)

Incoming MPLS Packet

Population of RIB/FIB/LIB/LFIB in an MPLS router

Control Plane Components Example

Information from control plane is sent to the data plane.

Label Switch Routers: Architecture of LSRs

LSRs: Exchanging Routing updates

Out In Address Out Label Iface Label Prefix

Out In Address Out Label Iface Label Prefix

Out In Address Out Label Iface Label Prefix

You Can Reach 128.89 and 171.69 Thru Me

You Can Reach 128.89 Thru Me

Routing Updates (OSPF, EIGRP, )

You Can Reach 171.69 Thru Me

LSRs: Exchanging and Assigning Labels

Out In Address Out Label Iface Label Prefix

Out In Address Out Label Iface Label Prefix

Out In Address Out Label Iface Label Prefix

Label Distribution Protocol

Use Label 7 for 171.69

LSRs: Forwarding Packets

Out In Address Out Label Iface Label Prefix

Out In Address Out Label Iface Label Prefix

Out In Address Out Label Iface Label Prefix

Label swapping 4->9

FIB, LIB and LFIB Tables on Router B

Packet Propagation Across an MPLS Network

MPLS Labels: Penultimate Hop Popping

Example : Penultimate Hop Popping