MPLS Introduction: 1 Session Number Presentation - ID

MPLS Introduction
Session Number
Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 1
Agenda
• Introduction to MPLS
• LDP
• MPLS VPN
• Monitoring MPLS

MPLS Concept
• At Edge: • In Core:
Classify packets Forward using labels
Label them (as opposed to IP
addr)
Edge Label Label indicates service
Switch class and destination
Router
(ATM Switch or
Router) Label Switch
Router (LSR)
Router
ATM switch +
Label Distribution Tag Switch
Protocol (LDP) Controller

MPLS concept
• MPLS: Multi Protocol Label Switching

• Packet forwarding is done based on Labels.
• Labels are assigned when the packet enters into
the network.
• Labels are on top of the packet.
• MPLS nodes forward packets/cells based on the
label value (not on the IP information).

MPLS concept
• MPLS allows:
Packet classification only where the packet
enters the network.
The packet classification is encoded as a label.
In the core, packets are forwarded without
having to re-classify them.
- No further packet analysis
- Label swapping

MPLS Operation
1a. Existing routing protocols (e.g. OSPF, IS-IS) 4. Edge LSR at egress
establish reachability to destination networks. removes(POP) label
and delivers packet.
1b. Label Distribution Protocol (LDP)
establishes label to destination
network mappings.
2. Ingress Edge LSR receives packet,

performs Layer 3 value-added 3. LSR switches packets using
services, and labels(PUSH) packets. label swapping(SWAP) .
Label Switch Path (LSP)
IGP domain with a label IGP domain with a label

distribution protocol distribution protocol
LSP follows IGP shortest path LSP diverges from IGP shortest path
• LSPs are derived from IGP routing information

• LSPs may diverge from IGP shortest path
• LSPs are unidirectional
Return traffic takes another LSP
Encapsulations
ATM Cell Header GFC VPI VCI PTI CLP HEC DATA
Label
PPP Header PPP Header Label Header Layer 3 Header

(Packet over SONET/SDH)
LAN MAC Label Header MAC Header Label Header Layer 3 Header

Label Header
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Label EXP S TTL
Label = 20 bits EXP = Class of Service, 3 bits

S = Bottom of Stack, 1 bit TTL = Time to Live, 8 bits
• Header= 4 bytes, Label = 20 bits.

• Can be used over Ethernet, 802.3, or PPP links
• Contains everything needed at forwarding time

Loops and TTL
• In IP networks TTL is used to prevent packets

to travel indefinitely in the network
• MPLS may use same mechanism as IP, but not
on all encapsulations
• TTL is present in the label header for PPP and LAN
headers (shim headers)
• ATM cell header does not have TTL

Loops and TTL
LSR-1
LSR-2 LSR-3
IP packet
TTL = 10 Label = 25
IP packet
TTL = 9
Label = 39
IP packet
TTL = 8
LSR-6
LSR-6 --> 25
Hops=4 Label = 21
IP packet IP packet
IGP domain with a label TTL = 7 TTL = 6 Egress
distribution protocol LSR-4 LSR-5
• TTL is decremented prior to enter the non-TTL capable

LSP
If TTL is 0 the packet is discarded at the ingress point
• TTL is examined at the LSP exit
Label Assignment and Distribution
• Labels have link-local significance:

Each LSR binds his own label mappings
• Each LSR assign labels to his FECs
• Labels are assigned and exchanged
between adjacent neighboring LSR

Label Assignment and Distribution
Upstream and Downstream LSRs
171.68.40/24 171.68.10/24
Rtr-A Rtr-B Rtr-C
• Rtr-C is the downstream neighbor of Rtr-B for destination

171.68.10/24
• Rtr-B is the downstream neighbor of Rtr-A for destination
171.68.10/24
• LSRs know their downstream neighbors through the IP routing
protocol
Next-hop address is the downstream neighbor
Unsolicited Downstream Distribution
Use label 30 for destination Use label 40 for destination

171.68.10/24 171.68.10/24
171.68.40/24 171.68.10/24
Rtr-A Rtr-B Rtr-C
In In Address Out Out In In Address Out Out
I/F Lab Prefix I/F Lab I/F Lab Prefix I/F Lab
0 - 171.68.10 1 30 0 30 171.68.10 1 40 In In Address Out Out
I/F Lab Prefix I/F Lab
... ... ...
Next-Hop... ... ... ... ...
Next-Hop... ... 0 40 171.68.10 1 -
... ... ...
Next-Hop... ...
IGP derived routes
• LSRs distribute labels to the upstream neighbors

On-Demand Downstream Distribution
Use label 40 for destination Use label 30 for destination

171.68.10/24 171.68.10/24
171.68.10/24
171.68.40/24 Rtr-A Rtr-B Rtr-C
Request label for Request label for

destination 171.68.10/24 destination 171.68.10/24
• Upstream LSRs request labels to downstream neighbors

• Downstream LSRs distribute labels upon request

Label Retention Modes
• Liberal retention mode

• LSR retains labels from all neighbors
Improve convergence time, when next-hop is again available
after IP convergence
Require more memory and label space
• Conservative retention mode

• LSR retains labels only from next-hops neighbors
LSR discards all labels for FECs without next-hop
Free memory and label space

Label Distribution Modes
• Independent LSP control

LSR binds a Label to a FEC independently, whether or not the LSR
has received a Label the next-hop for the FEC
The LSR then advertises the Label to its neighbor
• Ordered LSP control

LSR only binds and advertise a label for a particular FEC if:
it is the egress LSR for that FEC or
it has already received a label binding from its next-hop

Router Example: Forwarding Packets
Addres I/F Addres I/F Addres I/F

s s s
Prefix Prefix Prefix
128.89 1 128.89 0 128.89 0
171.69 1 171.69 1
… … … …
0 128.89
0
1
128.89.25.4 Data
0 128.89.25.4 Data
1
128.89.25.4 Data 128.89.25.4 Data
Packets Forwarded 171.69

Based on IP Address

MPLS Example: Routing Information
In Addres Out Out In Addres Out Out In Addres Out Out

Label s I’face Label Label s I’face Label Label s I’face Label
128.89 1 128.89 0 128.89 0
171.69 1 171.69 1
… … … … … …
0 128.89
0
1
You Can Reach 128.89 Thru
Me
You Can Reach 128.89 and 1
171.69 Thru Me
Routing Updates You Can Reach 171.69 Thru 171.69

(OSPF, EIGRP, …) Me

MPLS Example: Assigning Labels

- 128.89 1 4 4 128.89 0 9 9 128.89 0 -
- 171.69 1 5 5 171.69 1 7
… … … … … … … … … … … …
0 128.89
0
1
Use Label 9 for 128.89

Use Label 4 for 128.89 and 1
Use Label 5 for 171.69
Label Distribution 171.69

Protocol (LDP) Use Label 7 for 171.69
(downstream allocation)
MPLS Example: Forwarding Packets

- 128.89 1 4 4 128.89 0 9 9 128.89 0 -
- 171.69 1 5 5 171.69 1 7
… … … … … … … … … … … …
0 128.89
0
1
128.89.25.4 Data
9 128.89.25.4 Data
1
128.89.25.4 Data 4 128.89.25.4 Data
Label Switch Forwards

Based on Label

Agenda
• LDP
• MPLS VPN
• Monitoring MPLS

MPLS Unicast IP Routing
• MPLS introduces a new field that is used for

forwarding decisions.
• Although labels are locally significant, they have to
be advertised to directly reachable peers.
One option would be to include this parameter into
existing IP routing protocols.
The other option is to create a new protocol to exchange
labels.
• The second option has been used because there are
too many existing IP routing protocols that would
have to be modified to carry labels.

Label Distribution Protocol
• Defined in RFC 3036 and 3037

• Used to distribute labels in a MPLS network
• Forwarding equivalence class
How packets are mapped to LSPs (Label
Switched Paths)
• Advertise labels per FEC

Reach destination a.b.c.d with label x
• Neighbor discovery
Basic and extended discovery

MPLS Unicast IP Routing Architecture
LSR
Exchange of Control plane

routing information
Routing protocol
IP routing table
Exchange of
labels
Label distribution protocol
Incoming
Data plane Outgoing
IP packets IP packets
IP forwarding table
Incoming Outgoing
labeled packets labeled packets
Label forwarding table

MPLS Unicast IP Routing: Example
LSR
Control plane
OSPF: 10.0.0.0/8  1.2.3.4 OSPF: 10.0.0.0/8
10.0.0.0/8  1.2.3.4
RT:
LIB:
Data plane
10.1.1.1 10.0.0.0/8  1.2.3.4 10.1.1.1
FIB:
L=5 10.1.1.1 LFIB:

MPLS Unicast IP Routing: Example
LSR
Control plane
OSPF: 10.0.0.0/8  1.2.3.4 OSPF: 10.0.0.0/8
RT: 10.0.0.0/8  1.2.3.4
LDP: 10.0.0.0/8, L=5 LIB: 10.0.0.0/8  Next-hop L=3, Local L=5 LDP: 10.0.0.0/8, L=3
Data plane
10.1.1.1 FIB: 10.0.0.0/8  1.2.3.4 , L=3 L=3 10.1.1.1
L=5 10.1.1.1 LFIB: L=5  L=3 L=3 10.1.1.1

Label Allocation in Packet-Mode MPLS
Environment
Label allocation and distribution in packet-mode MPLS

environment follows these steps:
1. IP routing protocols build the IP routing table.
2. Each LSR assigns a label to every destination in the IP
routing table independently.
3. LSRs announce their assigned labels to all other LSRs.
4. Every LSR builds its LIB, LFIB data structures based on
received labels.

Building the IP Routing Table
Routing table of A Routing table of B Routing table of C

Network Next-hop Network Next-hop Network Next-hop
X B X C X D
A B C D
FIB on A
Network Next hop Label Routing table of E Network X
X B — E Network Next-hop
X C
• IP routing protocols are used to build IP routing tables on all

LSRs.
• Forwarding tables (FIB) are built based on IP routing tables
with no labeling information.
Allocating Labels
Routing table of B
Network Next-hop
Router B assigns label 25 to
X C
destination X.
A B C D
Network X
E
• Every LSR allocates a label for every destination in the IP

routing table.
• Labels have local significance.
• Label allocations are asynchronous.
LIB and LFIB Set-up
Routing table of B
Network Next-hop
Router B assigns label 25 to
X C
destination X.
A B C D
Outgoing action is POP as B
LFIB on B has received no label for X
Network X
Label Action Next hop from C.
E
25 pop C
LIB on B
Local label is stored in LIB.
Network LSR label
X local 25
LIB and LFIB structures have to be initialized on the LSR

allocating the label.
Label Distribution
LIB on B
Network LSR label
X local 25
X = 25 X = 25
A B C D
X
= Network X
25
E
The allocated label is advertised to all neighbor LSRs,

regardless of whether the neighbors are upstream or
downstream LSRs for the destination.
Receiving Label Advertisement
LIB on A LIB on C
Network LSR label Network LSR label
X B 25 X B 25
X = 25 X = 25
A B X C D
FIB on A =
25
Network Next hop Label Network X
X B 25 E
LIB on E
Network LSR label
X B 25
• Every LSR stores the received label in its LIB.

• Edge LSRs that receive the label from their next-hop also store
the label information in the FIB.
Interim Packet Propagation
Label lookup is performed

LFIB on B in LFIB, label is removed.
Label Action Next hop
25 pop C
IP: X Lab: 25 IP: X

A B C
FIB on A
Network Next hop Label
X B 25 E
IP lookup is performed in
FIB, packet is labeled.
Forwarded IP packets are labeled only on the path segments

where the labels have already been assigned.
Further Label Allocation
LIB on C
Network LSR label
X B 25
local 47
X = 47
A B C D
47
= Router C assigns label
X Network X
47 to destination X.
E
LFIB on C
47 pop D
Every LSR will eventually assign a label for every destination.

Receiving Label Advertisement
FIB on B LIB on B
Network Next hop Label Network LSR label
X C 47 X local 25
C 47
X = 47
A B C D
47
=
X Network X
E
FIB on E LIB on E
X C 47 X B 25
C 47
• Every LSR stores received information in its LIB.
• LSRs that receive their label from their next-hop LSR will also
populate the IP forwarding table (FIB).
Populating LFIB
FIB on B LIB on B
X C 47 X local 25
C 47
X = 47
A B C D
47
=
LFIB on B X Network X
E
25 47 C
• Router B has already assigned label to X and created an entry

in LFIB.
• Outgoing label is inserted in LFIB after the label is received
from the next-hop LSR.
Packet Propagation Across MPLS Network

LFIB on B in LFIB, label is switched.
Ingress LSR 25 47 C Egress LSR
IP: X Lab: 25 Lab: 47 IP: X

A B C
FIB on A LFIB on C
Network Next hop Label Label Action Next hop
X B 25 E 47 pop D
IP lookup is performed in
FIB, packet is labeled.

in LFIB, label is removed.

Convergence in Packet-mode MPLS
Steady State Description
Routing table of B FIB on B

Network Next-hop Network Next hop Label
X C X C 47
A B C D
LIB on B
Network LSR label Network X
X local 25 E
C 47
E 75
LFIB on B
25 47 C
• After the LSRs have exchanged the labels, LIB, LFIB and FIB
data structures are completely populated.
Link Failure Actions

X C X C 47
A B  C D
LIB on B
X local 25 E
C 47
E 75
LFIB on B • Routing protocol neighbors and LDP neighbors are lost after
Label Action Next hop a link failure.
• Entries are removed from various data structures.
25 47 C

Routing Protocol Convergence

X E X E —
A B  C D
LIB on B
X local 25 E
C 47
E 75
Routing protocols rebuild the IP routing
LFIB on B table and the IP forwarding table.
25 47 C

MPLS Convergence

X E X E 75
A B  C D
LIB on B
X local 25 E
C 47
E 75
LFIB and labeling information in FIB are rebuilt
immediately after the routing protocol convergence, based
LFIB on B on labels stored in LIB.
25 75 E

MPLS Convergence After a Link Failure
• MPLS convergence in packet-mode MPLS

does not impact the overall convergence
time.
• MPLS convergence occurs immediately after
the routing protocol convergence, based on
labels already stored in LIB.

Link Recovery Actions

X E X E 75
A B C D
LIB on B
X local 25 E
C 47
E 75 • Routing protocol neighbors are
discovered after link recovery.
LFIB on B
25 75 E

IP Routing Convergence After Link
Recovery

X E
C X C
E —
75
A B C D
LIB on B
X local 25 E
C 47
E 75
• IP routing protocols rebuild the IP routing table.
LFIB on B • FIB and LFIB are also rebuilt, but the label information might
Label Action Next hop be lacking.
25 pop
75 C
E

MPLS Convergence After a Link Recovery
• Routing protocol convergence optimizes the forwarding

path after a link recovery.
• LIB might not contain the label from the new next-hop by
the time the IP convergence is complete.
• End-to-end MPLS connectivity might be intermittently
broken after link recovery.
• Use MPLS Traffic Engineering for make-before-break
recovery.

LDP Session Establishment
• LDP and TDP use a similar process to establish a session:

Hello messages are periodically sent on all interfaces enabled for
MPLS.
If there is another router on that interface it will respond by trying
to establish a session with the source of the hello messages.
• UDP is used for hello messages. It is targeted at “all routers on
this subnet” multicast address (224.0.0.2).
• TCP is used to establish the session.
• Both TCP and UDP use well-known LDP port number 646 (711
for TDP).

LDP Neighbor Discovery
UDP: Hello
UDP: Hello
UDP: Hello
(1.0.0.2:1064
(1.0.0.2:1065224.0.0.2:646)
224.0.0.2:646) MPLS_B
(1.0.0.2:1066  224.0.0.2:646)
1.0.0.2
TCP (1.0.0.4:1066  1.0.0.2:646)

6 )
: 10 43  1.0.0.1:64
.2
TCP (1.0.0
UDP: Hello
UDP: Hello
UDP: Hello
(1.0.0.1:1050
MPLS_A (1.0.0.1:1051224.0.0.2:646)
224.0.0.2:646) NO_MPLS_C
(1.0.0.1:1052  224.0.0.2:646)
1.0.0.1 1.0.0.3
TCP (1.0
.0.4:106
5  1. 0
.0.1:646
)
UDP: Hello
UDP: Hello
UDP: Hello
(1.0.0.4:1033
(1.0.0.4:1034224.0.0.2:646)
224.0.0.2:646) MPLS_D
(1.0.0.4:1035  224.0.0.2:646)
1.0.0.4
• LDP Session is established from the router with higher IP address.

LDP Session Negotiation
MPLS_A MPLS_B
Establish TCP session
1.0.0.1 1.0.0.2
Initialization message
Initialization message
Keepalive
Keepalive
• Peers first exchange initialization messages.

• The session is ready to exchange label mappings
after receiving the first keepalive.
Double Lookup Scenario
MPLS Domain
10.0.0.0/8 10.0.0.0/8 10.0.0.0/8 10.0.0.0/8
L=17 L=18 L=19
17 10.1.1.1 18 10.1.1.1 19 10.1.1.1 10.1.1.1
FIB FIB FIB FIB

10/8  NH, 17 10/8  NH, 18 10/8  NH, 19 10/8  NH 
LFIB LFIB LFIB LFIB
35  17  17  18  18  19  19  untagged 
Double lookup is needed:
1. LFIB: remove the label.
• Double lookup is not an optimal way of 2. FIB: forward the IP
packet based on IP next-
forwarding labeled packets. hop address.
• A label can be removed one hop earlier.

Penultimate Hop Popping
Pop or implicit null

MPLS Domain label is adveritsed.
10.0.0.0/8 10.0.0.0/8 10.0.0.0/8 10.0.0.0/8

L=17 L=18 L=pop
17 10.1.1.1 18 10.1.1.1 10.1.1.1 10.1.1.1
FIB FIB FIB FIB

10/8  NH, 17 10/8  NH, 18 10/8  NH, 19 10/8  NH 
LFIB LFIB LFIB LFIB
35  17  17  18  18  pop 
One single lookup.
• A label is removed on the router before the

last hop within an MPLS domain.
• Penultimate hop popping optimizes MPLS

performace (one less LFIB lookup).
• PHP does not work on ATM (VPI/VCI cannot
be removed).
• Pop or implicit null label uses value 3 when
being advertised to a neighbor.

LDP Messages
• Discovery messages
• Used to discover and maintain the presence of
new peers
• Hello packets (UDP) sent to all-routers multicast
address
• Once neighbor is discovered, the LDP session is
established over TCP

LDP Messages
• Session messages
• Establish, maintain and terminate LDP sessions
• Advertisement messages
• Create, modify, delete label mappings
• Notification messages
• Error signalling

Agenda
• LDP
• MPLS VPN
• Monitoring MPLS

What Is a VPN?
• VPN is a set of sites which are allowed to communicate

with each other.
• VPN is defined by a set of administrative policies
Policies determine both connectivity and QoS
among sites.
Policies established by VPN customers.
Policies could be implemented completely by VPN service
providers.
Using BGP/MPLS VPN mechanisms

What Is a VPN? (Cont.)
• Flexible inter-site connectivity

Ranging from complete to partial mesh
• Sites may be either within the same or in different organizations
VPN can be either intranet or extranet
• Site may be in more than one VPN
VPNs may overlap
• Not all sites have to be connected to the same service provider
VPN can span multiple providers

IP VPN Taxonomy
IP VPNs
DIAL DEDICATED
Client- NAS- IP Virtual Network-

Initiated Initiated Tunnel Circuit Based VPNs
Security Router FR ATM RFC 2547 Virtual

Appliance Router

MPLS-VPN Terminology
• Provider Network (P-Network)

The backbone under control of a Service Provider
• Customer Network (C-Network)

Network under customer control
• CE router
Customer Edge router. Part of the C-network and
interfaces to a PE router

• Site
Set of (sub)networks part of the C-network and co-
located
A site is connected to the VPN backbone through one
or more PE/CE links
• PE router
Provider Edge router. Part of the P-Network and
interfaces to CE routers
• P router
Provider (core) router, without knowledge of VPN

• Route-Target
64 bits identifying routers that should receive the
route
• Route Distinguisher
Attributes of each route used to uniquely identify
prefixes among VPNs (64 bits)
VRF based (not VPN based)
• VPN-IPv4 addresses
Address including the 64 bits Route Distinguisher
and the 32 bits IP address

• VRF
VPN Routing and Forwarding Instance
Routing table and FIB table
Populated by routing protocol contexts
• VPN-Aware network
A provider backbone where MPLS-VPN is
deployed

MPLS VPN Connection Model
• A VPN is a collection of sites sharing a

common routing information (routing table)
• A site can be part of different VPNs
• A VPN has to be seen as a community of
interest (or Closed User Group)
• Multiple Routing/Forwarding instances
(VRF) on PE routers

Site-4
Site-1
VPN-C
VPN-A
Site-2 Site-3
VPN-B
• A site belonging to different VPNs may or MAY

NOT be used as a transit point between VPNs
• If two or more VPNs have a common site,
address space must be unique among these
VPNs

• The VPN backbone is composed by MPLS LSRs

PE routers (edge LSRs)
P routers (core LSRs)
• PE routers are faced to CE routers and distribute
VPN information through
MP-BGP to other PE routers
VPN-IPv4 addresses, Extended Community,
Label
• P routers do not run BGP and do not have any VPN
knowledge

VPN_A iBGP sessions VPN_A
10.2.0.0 11.5.0.0
CE
CE
VPN_B VPN_A
10.2.0.0 CE P P PE CE 10.1.0.0
PE
VPN_A
11.6.0.0 P P
CE VPN_B
PE CE 10.3.0.0
VPN_B PE
10.1.0.0 CE
• P routers (LSRs) are in the core of the MPLS cloud

• PE routers use MPLS with the core and plain IP with
CE routers
• P and PE routers share a common IGP
• PE router are MP-iBGP fully meshed
C
E Site-1
PE
EBGP,OSPF, RIPv2,Static
CE
Site-2
• PE and CE routers exchange routing

information through:
EBGP, OSPF , RIPv2, Static routing
• CE router run standard routing software

C
E Site-1
PE
EBGP,OSPF, RIPv2,Static
CE VPN Backbone IGP (OSPF, ISIS)
Site-2
• PE routers maintain separate routing tables

The global routing table
With all PE and P routes
Populated by the VPN backbone IGP (ISIS or OSPF)
VRF (VPN Routing and Forwarding)
Routing and Forwarding table associated with one or more directly
connected sites (CEs)
VRF are associated to (sub/virtual/tunnel)interfaces
Interfaces may share the same VRF if the connected sites may share
the same routing information

C
E Site-1
PE
EBGP,OSPF, RIPv2,Static VPN Backbone IGP
CE
Site-2
• The routes the PE receives from CE routers are

installed in the appropriate VRF
• The routes the PE receives through the backbone IGP
are installed in the global routing table
• By using separate VRFs, addresses need NOT to be
unique among VPNs

• The Global Routing Table is populated by

IGP protocols.
• In PE routers it may contain the BGP
Internet routes (standard BGP-4 routes)
• BGP-4 (IPv4) routes go into global routing
table
• MP-BGP (VPN-IPv4) routes go into VRFs

P P
PE PE
VPN Backbone IGP
P P
iBGP session
• PE and P routers share a common IGP (ISIS or OSPF)

• PEs establish MP-iBGP sessions between them
• PEs use MP-BGP to exchange routing information
related to the connected sites and VPNs
VPN-IPv4 addresses, Extended Community, Label

VPN-IPv4 update is translated

P P into IPv4 address (Net1) put
into VRF green since RT=Green
and advertised to CE-2
PE-1 PE-2
CE-2
VPN Backbone IGP
Site-2
BGP,RIPv2 update P P
for Net1,Next-
Hop=CE-1
CE-1 VPN-IPv4 update:

Site-1 RD:Net1, Next-hop=PE-
1
SOO=Site1, RT=Green,
Label=(intCE1)
PE routers receive IPv4 updates (EBGP, RIPv2, Static…)

PE routers translate into VPN-IPv4
Assign a SOO and RT based on configuration
Re-write Next-Hop attribute
Assign a label based on VRF and/or interface
Send MP-iBGP update to all PE neighbors
VPN-IPv4 update is translated

P P into IPv4 address (Net1) put
into VRF green since RT=Green
and advertised to CE-2
PE-1 PE-2
CE-2
BGP,OSPF, RIPv2 VPN Backbone IGP
Site-2
update for Net1 P P
Next-Hop=CE-1
CE-1 VPN-IPv4 update:

Site-1 RD:Net1, Next-hop=PE-
1
SOO=Site1, RT=Green,
Label=(intCE1)
Receiving PEs translate to IPv4

Insert the route into the VRF identified by the
RT attribute (based on PE configuration)
The label associated to the VPN-IPv4 address will be
set on packet forwarded towards the destination
• Route distribution to sites is driven by the Site of

Origin (SOO) and Route-target attributes
BGP Extended Community attribute
• A route is installed in the site VRF corresponding to
the Route-target attribute
Driven by PE configuration
• A PE which connects sites belonging to multiple
VPNs will install the route into the site VRF if the
Route-target attribute contains one or more VPNs to
which the site is associated

MP-BGP Update
• VPN-IPV4 address
Route Distinguisher
64 bits
Makes the IPv4 route globally unique
RD is configured in the PE for each VRF
RD may or may not be related to a site or a VPN
IPv4 address (32bits)
• Extended Community attribute (64 bits)
Site of Origin (SOO): identifies the originating site
Route-target (RT): identifies the set of sites the route has to
be advertised to

MP-BGP Update
Any other standard BGP attribute

Local Preference
MED
Next-hop
AS_PATH
Standard Community
...
A Label identifying:
The outgoing interface
The VRF where a lookup has to be done
The BGP label will be the second label in the label
stack of packets travelling in the core

MP-BGP Update - Extended community
• BGP extended community attribute

Structured, to support multiple applications
64 bits for increased range
• General form
<16bits type>:<ASN>:<32 bit number>
Registered AS number
<16bits type>:<IP address>:<16 bit number>
Registered IP address

MP-BGP Update - Extended community
• The Extended Community is used to:
Identify one or more routers where the route has

been originated (site)
Site of Origin (SOO)
Selects sites which should receive the route
Route-Target

MP-BGP Update
• The Label can be assigned only by the router which

address is the Next-Hop attribute
PE routers re-write the Next-Hop with their own
address (loopback interface address)
“Next-Hop-Self” BGP command towards iBGP
neighbors
Loopback addresses are advertised into the
backbone IGP
• PE addresses used as BGP Next-Hop must be
uniquely known in the backbone IGP
No summarisation of loopback addresses in the core

MPLS Forwarding
Packet forwarding
• PE and P routers have BGP next-hop reachability

through the backbone IGP
• Labels are distributed through LDP (hop-by-hop)
corresponding to BGP Next-Hops
• Label Stack is used for packet forwarding
Top label indicates BGP Next-Hop (interior label)
Second level label indicates outgoing interface or
VRF (exterior label)

MPLS Forwarding
P routers switch the PE2 receives the packets

packets based on the IGP Penultimate Hop with the label
label (label on top of the Popping corresponding to the
CE1 outgoing interface (VRF)
stack) P2 is the penultimate
hop for the BGP next- One single lookup
hop Label is popped and packet
IP PE1 P2 remove the top label sent to IP neighbor
packet This has been CE2
requested through LDP
by PE2
IGP
Label(PE2) IP
VPN
IP Label packet
packet
IGP VPN Label

PE1 receives IP packet P1 Label(PE2) P2 IP PE2
VPN
IP Label packet
Lookup is done on site VRF
packet
BGP route with Next-Hop and
Label is found
BGP next-hop (PE2) is reachable CE3
through IGP route with
associated label

Packet Forwarding Example 1
VPN_A VPN_A
10.2.0.0 11.5.0.0
CE CE
VPN_B VPN_A
10.2.0.0 CE PE2 P P PE CE 10.1.0.0
VPN_A
11.6.0.0 T8T2Data
CE P P Data
VPN_B
PE1 CE 10.3.0.0
VPN_B
10.1.0.0 CE
<RD_B,10.2>
<RD_B,10.1>, ,iBGP NH=hop
iBGP next PE2
PE1, T2
T1 T7T8
• Ingress PE receives normal IP <RD_B,10.2> , iBGP next hop PE2 T2 T8
Packets from CE router <RD_B,10.3> , iBGP next hop PE3 T3
T4
T9
T7
<RD_A,11.6> , iBGP next hop PE1
<RD_A,10.1> , iBGP next hop PE4 T5 TB
• PE router does “IP Longest Match” <RD_A,10.4> , iBGP next hop PE4
T6 TB
T7 T8
from VPN_B FIB , find iBGP next <RD_A,10.2> , iBGP next hop PE2
hop PE2 and impose a stack of

labels:
exterior Label T2 + Interior Label
T8
Packet Forwarding Example 1 (cont.)
VPN_A
VPN_A
10.2.0.0 11.5.0.0
CE CE
Data T2 Data
VPN_B TB T2 Data
VPN_A
10.2.0.0 CE PE2 P P PE CE 10.1.0.0
VPN_A
11.6.0.0 TAT2 Data T8T2 Data
CE P P
VPN_B
PE1 CE 10.3.0.0
VPN_B
10.1.0.0 CE in / out
T7 Tu
T8,
T8 TA
Tw
T9 Tx
Ta Ty
Tb Tz
• All Subsequent P routers do switch the packet
Solely on Interior Label
• Egress PE router, removes Interior Label
• Egress PE uses Exterior Label to select which VPN/CE
to forward the packet to.
• Exterior Label is removed and packet routed to CE router
Packet Forwarding Example 2
A
12
130.130.10.1
B 12
130.130.11.3
• In VPN 12, host 130.130.10.1 sends a packet with

destination 130.130.11.3
• Customer sites are attached to Provider
Edge (PE) routers A & B.
1. Packet arrives on VPN 12

link on PE router A.
A
12
2. PE router A selects the

correct VPN forwarding table
based on the links’ VPN ID (12).
VPN Site VPN Site Provider Edge PE

VPN-ID Address Label Router Address Label
12 130.130.10.0/24 26 172.68.1.11/32 42
12 130.130.11.0/24 989 172.68.1.2/32 101
... ... ... ... ...
VPN Site VPN Site Provider Edge PE

VPN-ID Address Label Router Address Label
A
12 130.130.10.0/24 26 172.68.1.11/32 42
12
12 130.130.11.0/24 989 172.68.1.2/32 101
... ... ... ... ...
3. PE router A matches
the incoming packet’s
destination address
with VPN 12’s
forwarding table.
101 989 130.130.11.3 Rest of IP packet
4. PE router A adds two
labels to the packet: one
identifying the destination
PE, and one identifying the
destination VPN site.

5. Packet is label-switched from PE router A to PE B based on

the top label, using normal MPLS.
The network core knows nothing about VPNs and sites: it

only knows how to get packets from A to B using MPLS.

B 12
130.130.11.3
6. PE router B identifies the correct

site in VPN 12 from the inner label.
7. PE router B removes the labels

and forwards the IP packet to the
correct VPN 12 site.
MPLS VPN mechanisms
VRF and Multiple Routing Instances
• VRF: VPN Routing and Forwarding Instance

VRF Routing Protocol Context
VRF Routing Tables
VRF CEF Forwarding Tables

MPLS VPN mechanisms
• VRF Routing table contains routes which should be available to

a particular set of sites
• Analogous to standard IOS routing table, supports the same
set of mechanisms
• Interfaces (sites) are assigned to VRFs
One VRF per interface (sub-interface, tunnel or virtual-template)
Possible many interfaces per VRF

MPLS VPN mechanisms
Routing
processe
BGP RIP Static • Routing processes run
s within specific routing
contexts
Routing
contexts
• Populate specific VPN
routing table and FIBs
(VRF)
VRF Routing tables
• Interfaces are assigned to
VRF Forwarding VRFs
tables

MPLS VPN mechanisms
Site-4
Logical view Site-1

VPN-C
VPN-A
Site-2 Site-3
Multihop MP-iBGP VPN-B
P P
PE PE Routing view
VRF VRF
for site-1 for site-2 VRF
VRF
Site-1 for site-3 for site-4
routes
Site-1 Site-2 routes
Site-2
routes Site-3 routes Site-3 routes
routes
Site-2 Site-4 routes Site-4 routes
Site-3
routes routes
Site-1 Site-2 Site-3 Site-4

MPLS VPN Topologies
VPN_A iBGP sessions VPN_A
10.2.0.0 11.5.0.0
CE
CE
VPN_B VPN_A
10.2.0.0 CE P P PE CE 10.1.0.0
PE
VPN_A
11.6.0.0 P P
CE VPN_B
PE CE 10.3.0.0
VPN_B PE
10.1.0.0 CE
• VPN-IPv4 address are propagated together with the associated

label in BGP Multiprotocol extension
• Extended Community attribute (route-target) is associated to
each VPN-IPv4 address, to populate the site VRF

MPLS VPN Topologies
VPN sites with optimal intra-VPN routing
• Each site has full routing knowledge of all

other sites (of same VPN)
• Each CE announces his own address space
• MP-BGP VPN-IPv4 updates are propagated
between PEs
• Routing is optimal in the backbone
Each route has the BGP Next-Hop closest to
the destination
• No site is used as central point for connectivity

MPLS VPN Topologies
VPN sites with optimal intra-VPN routing
Site-3
EBGP/RIP/Static
N3
Routing Table on N3
CE3 NH=CE3
N1, PE3
VRF
N2, PE3
for site-3
N3, Local
IntCE3 N1,NH=PE1
N2,NH=PE2
N3,NH=CE
3
PE3
VPN-IPv4 updates exchanged between
PEs
EBGP/RIP/Static
RD:N1, NH=PE1,Label=IntCE1, RT=Blue
RD:N2, NH=PE2,Label=IntCE2, RT=Blue
VRF RD:N3, NH=PE3,Label=IntCE3, RT=Blue N2,NH=CE2
for site-1 PE1 IntCE2
VRF
N1,NH=CE for site-2
1 Site-2
N2,NH=PE N1,NH=PE
2 IntCE PE2 1 N2
N3,NH=PE 1 N2,NH=CE Routing Table on
3 2 CE2
N3,NH=PE
3 N1,NH=PE2
Routing Table on EBGP/RIP/Static N2,Local
CE1 N3,NH=PE2
N1, Local
N2, PE1
N3, PE1 N1
NH=CE1
Site-1
N1
MPLS VPN Topologies
VPN sites with Hub & Spoke routing
• One central site has full routing knowledge of

all other sites (of same VPN)
Hub-Site
• Other sites will send traffic to Hub-Site for any
destination
Spoke-Sites
• Hub-Site is the central transit point between
Spoke-Sites
Use of central services at Hub-Site
MPLS VPN Topologies
VPN-IPv4 update advertised by PE1
RD:N1, NH=PE1,Label=IntCE1,
RT=Hub
Site-1 IntCE1 VRF BGP/RIPv2
(Import RT=Spoke)
(Export RT=Hub) IntCE3-Hub VRF
N1 CE1 (Import RT=Hub) Site-3
N1,NH=CE1 (exported) PE1 CE3-Hub
N2,NH=PE3 (imported) N1,NH=PE1
N3,NH=PE3 (imported N2,NH=PE2
IntCE3-Spoke
VRF N3
Site-2 IntCE2 VRF
PE3 (Export
(Import RT=Spoke) RT=Spoke) CE3-Spoke
(Export RT=Hub) N1,NH=CE3-
N2
CE2
PE2 Spoke
N1,NH=PE3 (imported) BGP/RIPv2
N2,NH=CE2 (exported) N2,NH=CE3-
N3,NH=PE3 (imported) Spoke
VPN-IPv4N3,NH=CE3-
updates advertised by PE3
Spoke
VPN-IPv4 update advertised by PE2 RD:N1, NH=PE3,Label=IntCE3-Spoke,
RD:N2, NH=PE2,Label=IntCE2, RT=Spoke
RT=Hub RD:N2, NH=PE3,Label=IntCE3-Spoke,
RT=Spoke
RD:N3, NH=PE3,Label=IntCE3-Spoke,
RT=Spoke
• Routes are imported/exported into VRFs based on RT value

of the VPN-IPv4 updates
• PE3 uses 2 (sub)interfaces with two different VRFs
MPLS VPN Topologies
IntCE1 VRF
(Import RT=Spoke)
(Export RT=Hub)
Site-1 N1,NH=CE1 (exported) IntCE3-Hub VRF BGP/RIPv2
N2,NH=PE3 (imported) (Import RT=Hub)
N3,NH=PE3 (imported
N1 CE1 N1,NH=PE1
Site-3
PE1 N2,NH=PE2 CE3-Hub
N3
Site-2 PE3 IntCE3-Spoke
VRF CE3-Spoke
(Export
N2
CE2
PE2 RT=Spoke)
N1,NH=CE3-
BGP/RIPv2
IntCE2 VRF Spoke
(Import RT=Spoke) N2,NH=CE3-
(Export RT=Hub) Spoke
N1,NH=PE3 (imported) N3,NH=CE3-
N2,NH=CE2 (exported) Spoke
N3,NH=PE3 (imported)
• Traffic from one spoke to another will travel across the hub site
• Hub site may host central services
Security, NAT, centralised Internet access
MPLS VPN Internet Routing
• In a VPN, sites may need to have Internet connectivity

• Connectivity to the Internet means:
Being able to reach Internet destinations
Being able to be reachable from any Internet source
• The Internet routing table is treated separately
• In the VPN backbone the Internet routes are in the
Global routing table of PE routers
• Labels are not assigned to external (BGP) routes

MPLS VPN Internet routing
VRF specific default route
• A default route is installed into the site

VRF and pointing to a Internet Gateway
• The default route is NOT part of any VPN
A single label is used for packets forwarded
according to the default route
The label is the IGP label corresponding to the
IP address of the Internet gateway
Known in the IGP

• PE router originates CE routes for the Internet

Customer (site) routes are known in the site VRF
Not in the global table
The PE/CE interface is NOT known in the global table.
However:
A static route for customer routes and pointing to the
PE/CE interface is installed in the global table
This static route is redistributed into BGP-4 global table
and advertised to the Internet Gateway
• The Internet gateway knows customer routes and with
the PE address as next-hop

• The Internet Gateway specified in the

default route (into the VRF) need NOT to
be directly connected
• Different Internet gateways can be used
for different VRFs
• Using default route for Internet routing
does NOT allow any other default route for
intra-VPN routing
As in any other routing scheme

192.168.1.1
ip vrf VPN-A
BGP-4
rd 100:1
Internet route-target both 100:1
PE-IG !
Interface Serial0
ip address 192.168.10.1 255.255.255.0
ip vrf forwarding VPN-A
!
Router bgp 100
no bgp default ipv4-unicast
MP-BGP network 171.68.0.0 mask 255.255.0.0
neighbor 192.168.1.1 remote 100
192.168.1.2 PE
neighbor 192.168.1.1 activate
neighbor 192.168.1.1 next-hop-self
PE Serial0 neighbor 192.168.1.1 update-source loopback0
!
address-family ipv4 vrf VPN-A
neighbor 192.168.10.2 remote-as 65502
exit-address-family
!
address-family vpnv4
Site-1 neighbor 192.168.1.2 activate
exit-address-family
Network 171.68.0.0/16 !
ip route 171.68.0.0 255.255.0.0 Serial0
Site-2 ip route vrf VPN-A 0.0.0.0 0.0.0.0 192.168.1.1 glob

IP packet 192.168.1.1
D=cisco.co
m
Internet
PE-IG
Label = 3
Global Table and LFIB
IP packet
D=cisco.co 192.168.1.1/32 Label=3
m 192.168.1.2/32 Label=5
192.168.1.2 ...
PE
Site-2 VRF
PE Serial0 0.0.0.0/0 192.168.1.1
(global)
IP packet Site-1 routes
D=cisco.co Site-2 routes
m
Site-1
Network 171.68.0.0/16
Site-2

• PE routers need not to hold the Internet

table
• PE routers will use BGP-4 sessions to
originate customer routes
• Packet forwarding is done with a single
label identifying the Internet Gateway IP
address
More labels if Traffic Engineering is used

Separated (sub)interfaces
• If CE wishes to receive and announce routes

from/to the Internet
A dedicated BGP session is used over a separate (sub)
interface
The PE imports CE routes into the global routing table
and advertise them to the Internet
The interface is not part of any VPN and does not use
any VRF
Default route or Internet routes are exported to the CE
PE needs to have Internet routing table

• The PE uses separate (sub)interfaces with

the CE
One (sub)interface for VPN routing
associated to a VRF
Can be a tunnel interface
One (sub)interface for Internet routing
Associated to the global routing table

ip vrf VPN-A
192.168.1.1 rd 100:1
route-target both 100:1
BGP-4
!
Internet Interface Serial0
PE-IG no ip address
!
Interface Serial0.1
ip address 192.168.10.1 255.255.255.0
ip vrf forwarding VPN-A
!
Interface Serial0.2
ip address 171.68.10.1 255.255.255.0
MP-BGP PE
!
192.168.1.2
Router bgp 100
PE Serial0.1 Serial0.2 neighbor 192.168.1.1 remote 100
neighbor 192.168.1.1 update-source loopback0
neighbor 171.68.10.2 remote 502
BGP-4 !
address-family ipv4 vrf VPN-A
Network 171.68.0.0/16 exit-address-family
!
address-family vpnv4
exit-address-family

IP packet 192.168.1.1
D=cisco.co
m
Internet
PE-IG
Label = 3
PE Global Table
IP packet
D=cisco.co
Internet routes --->
m 192.168.1.1
192.168.1.2 192.168.1.1, Label=3
PE
PE Serial0.1 Serial0.2
IP packet
D=cisco.co
Serial0.1 m
Serial0.2
CE routing table
Site-1 Site-2 routes ---->
Serial0.1
Network 171.68.0.0/16 Internet routes --->
Serial0.2
Site-2

Scaling
• Existing BGP techniques can be used to scale

the route distribution: route reflectors
• Each edge router needs only the information
for the VPNs it supports
Directly connected VPNs
• RRs are used to distribute VPN routing
information

MPLS-VPN
Scaling BGP
Route Reflectors
VPN_A VPN_A
RR RR
10.2.0.0 CE 11.5.0.0
CE
VPN_B VPN_A
P P PE CE 10.1.0.0
10.2.0.0 CE PE2
VPN_A
11.6.0.0 P P
CE PE CE VPN_B
PE1 10.3.0.0
VPN_B
10.1.0.0 CE
• Route Reflectors may be partitioned

Each RR store routes for a set of VPNs
• Thus, no BGP router needs to store ALL VPNs
information
• PEs will peer to RRs according to the VPNs they
directly connect
MPLS-VPN Scaling
BGP updates filtering
iBGP full mesh between PEs results in flooding all VPNs

routes to all PEs
Scaling problems when large amount of routes. In
addition PEs need only routes for attached VRFs
Therefore each PE will discard any VPN-IPv4 route that
hasn’t a route-target configured to be imported in any of
the attached VRFs
This reduces significantly the amount of information each
PE has to store
Volume of BGP table is equivalent of volume of attached
VRFs (nothing more)

MPLS-VPN Scaling
BGP updates filtering
Import RT=yellow VPN-IPv4 update:

RD:Net1, Next-hop=PE-
X
VRFs for VPNs PE SOO=Site1, RT=Green,
yellow Label=XYZ
green
MP-iBGP sessions VPN-IPv4 update:
X
Import RT=green SOO=Site1, RT=Red,
Label=XYZ
Each VRF has an import and export policy configured

Policies use route-target attribute (extended community)
PE receives MP-iBGP updates for VPN-IPv4 routes
If route-target is equal to any of the import values configured
in the PE, the update is accepted
Otherwise it is silently discarded
MPLS-VPN Scaling
Route Refresh
VPN-IPv4 update:
2. PE issue a Route- RD:Net1, Next-hop=PE-
Import RT=yellow Refresh to all neighbors X
PE in order to ask for re- SOO=Site1, RT=Green,
transmission Label=XYZ
VPN-IPv4 update:
Import RT=green X
SOO=Site1, RT=Red,
1. PE doesn’t have red Label=XYZ
Import RT=red routes (previously filtered
3. Neighbors re-send
out)
updates and “red”
route-target is now
accepted
Policy may change in the PE if VRF modifications are done

• New VRFs, removal of VRFs
However, the PE may not have stored routing information which
become useful after a change
PE request a re-transmission of updates to neighbors
• Route-Refresh
MPLS-VPN Scaling
Outbound Route Filters - ORF
VPN-IPv4 update:
2. PE issue a ORF RD:Net1, Next-hop=PE-
Import RT=yellow message to all neighbors X
PE in order not to receive red SOO=Site1, RT=Green,
routes Label=XYZ
VPN-IPv4 update:
Import RT=green X
SOO=Site1, RT=Red,
Label=XYZ
1. PE doesn’t need
red routes 3. Neighbors
dynamically configure
the outbound filter and
send updates
accordingly
PE router will discard update with unused route-target

Optimization requires these updates NOT to be sent
Outbound Route Filter (ORF) allows a router to tell its
neighbors which filter to use prior to propagate BGP
updates
MPLS VPN - Configuration
• VPN knowledge is on PE routers

• PE router have to be configured for
VRF and Route Distinguisher
VRF import/export policies (based on Route-target)
Routing protocol used with CEs
MP-BGP between PE routers
BGP for Internet routers
With other PE routers
With CE routers

VRF and Route Distinguisher
• RD is configured on PE routers (for each VRF)

• VRFs are associated to RDs in each PE
• Common (good) practice is to use the same RD for
the same VPN in all PEs
But not mandatory
• VRF configuration command
ip vrf <vrf-symbolic-name>
rd <route-distinguisher-value>
route-target import <community>
route-target export <community>

CLI - VRF configuration
ip vrf site1
rd 100:1
route-target export Site-4
100:1 Site-1 ip vrf site3
VPN-C
route-target import VPN-A rd 100:3
100:1 route-target export 100:2
Site-2 Site-3
ip vrf site2 VPN-B route-target import 100:2
rd 100:2 route-target import 100:3
route-target export route-target export 100:3
100:2 ip vrf site-4
Multihop MP-iBGP
route-target import rd 100:4
100:2 route-target export 100:3
P P
route-target import route-target import 100:3
100:1
route-target export PE1 PE2
100:1
VRF VRF VRF VRF

for site-1 for site-2 for site-3 for site-4
(100:1) (100:2) (100:3) (100:4)
Site-1 routes Site-1 routes Site-2 routes Site-3 routes
Site-2 routes Site-2 routes Site-3 routes Site-4 routes
Site-3 routes Site-4 routes

PE/CE routing protocols
• PE/CE may use BGP, RIPv2 or Static routes

• A routing context is used for each VRF
• Routing contexts are defined within the routing
protocol instance
Address-family router sub-command
Router rip
version 2
address-family ipv4 vrf <vrf-symbolic-
name> …
any common router sub-command …
• BGP uses same “address-family” command

Router BGP <asn>
...
address-family ipv4 vrf <vrf-symbolic-name>
…
any common router BGP sub-command
…
• Static routes are configured per VRF
ip route vrf <vrf-symbolic-name> …

PE router commands
• All show commands are VRF based

Show ip route vrf <vrf-symbolic-name> ...
Show ip protocol vrf <vrf-symbolic-name>
Show ip cef <vrf-symbolic-name> …
…
• PING and Telnet commands are VRF based
telnet /vrf <vrf-symbolic-name>
ping vrf <vrf-symbolic-name>

ip vrf site1
rd 100:1
route-target export 100:12
Site-4 ip vrf site3
route-target import 100:12
rd 100:3
ip vrf site2 Site-1
rd 100:2 VPN-C route-target export 100:23
VPN-A route-target import 100:23
route-target import 100:12 Site-2 Site-3 route-target export 100:34
route-target import 100:23 VPN-B ip vrf site-4
rd 100:4
!
interface Serial3/6
ip vrf forwarding site1
Multihop MP-iBGP !
ip address 192.168.61.6
interface Serial4/6
255.255.255.0
encapsulation ppp P P
ip address 192.168.73.7
! PE1 255.255.255.0
interface Serial3/7
encapsulation ppp
ip vrf forwarding site2 PE2
!
ip address 192.168.62.6
interface Serial4/7
255.255.255.0
encapsulation ppp
VRF VRF VRF ip address 192.168.74.7
for site-1 for site-2 for site-3 VRF
for site-4
255.255.255.0
(100:1) (100:2) (100:3)
(100:4) encapsulation ppp
Site-1 Site-1 routes Site-2 routes
routes Site-2 routes Site-3 routes Site-3 routes
Site-2 Site-3 routes Site-4 routes Site-4 routes
routes

router bgp 100
router bgp 100
neighbor 6.6.6.6 update-source
neighbor 7.7.7.7 update-source Site-4 Loop0
Loop0
! Site-1 !
VPN-C address-family ipv4 vrf site4
address-family ipv4 vrf site2 VPN-A neighbor 192.168.74.4 remote-as
neighbor 192.168.62.2 remote-as
Site-2 Site-3 65504
65502
VPN-B neighbor 192.168.74.4 activate
exit-address-family
exit-address-family
!
!
address-family ipv4 vrf site1 address-family ipv4 vrf site3
Multihop MP-iBGP neighbor 192.168.73.3 remote-as
neighbor 192.168.61.1 remote-as
65503
65501
neighbor 192.168.61.1 activate P P neighbor 192.168.73.3 activate
PE1 exit-address-family
exit-address-family
!
!
address-family vpnv4 PE2 address-family vpnv4
neighbor 7.7.7.7 activate neighbor 6.6.6.6 activate
exit-address-family
exit-address-family VRF VRF VRF
for site-1 for site-2 for site-3 VRF
(100:1) (100:2) (100:2) for site-4
Site-1 (100:3)
Site-1 routes Site-2 routes
routes Site-2 routes Site-3 routes Site-3 routes
Site-2 Site-3 routes Site-4 routes Site-4 routes
routes

Summary
• Supports large scale VPN services

• Increases value add by the VPN Service Provider
• Decreases Service Provider’s cost of providing VPN
services
• Mechanisms are general enough to enable VPN
Service Provider to support a wide range of VPN
customers
• See RFC2547

Point-to-point connections vs
BGP/MPLS VPNs: routing peering
CE PE
Routing peering
Site All other sites
Amount of routing peering

Mesh of point-to-point maintained by CE is O(1) - CE peers
connections requires each only with directly attached PE
(virtual) router to maintain O(n) independent of the total number
peering (where n is the number of sites within a VPN
of sites)
scales to VPNs with large
number of sites (100s - 1000s
does not scale to VPNs with sites per VPN)
large number of sites (due to
the properties of existing
routing protocols)
Point-to-point connections vs BGP/MPLS
VPNs: provisioning
New
Site CE PE
All other sites
New
Config Site
Config
change change
Mesh of point-to-point Amount of configuration changes

connections requires O(n) needed to add a new site (new CE)
configuration changes (where n is O(1):
is the number of sites) when need to configure only the
adding a new site directly attached PE
independent of the total number
of sites within a VPN

Agenda
• LDP
• MPLS VPN
• Monitoring MPLS

Basic MPLS Monitoring Commands
router(config)#
show tag-switching tdp parameters
• Displays TDP parameters on the local router.
router(config)#
show tag-switching interface
show mpls interface 12.1(3)T
• Displays MPLS status on individual interfaces.
router(config)#
show tag-switching tdp discovery
• Displays all discovered TDP neighbors.
show tag-switching tdp parameters
Router#show
Router#show tag-switching
tag-switching tdp
tdp parameters
parameters
Protocol
Protocol version:
version: 11
No
No tag
tag pool
pool for
for downstream
downstream tag
tag distribution
distribution
Session
Session hold
hold time:
time: 180
180 sec;
sec; keep
keep alive
alive interval:
interval: 60
60
sec
sec
Discovery
Discovery hello:
hello: holdtime:
holdtime: 1515 sec;
sec; interval:
interval: 55 sec
sec
Discovery
Discovery directed
directed hello:
hello: holdtime:
holdtime: 180
180 sec;
sec;
interval:
interval: 55 sec
sec

show tag-switching interface
Router#show
tag-switching interface
interface detail
detail
Interface
Interface Serial1/0.1:
Serial1/0.1:
IP
IP tagging
tagging enabled
enabled
TSP
TSP Tunnel
Tunnel tagging
tagging not
not enabled
enabled
Tagging
Tagging operational
operational
MTU
MTU == 1500
1500
Interface
Interface Serial1/0.2:
Serial1/0.2:
IP
IP tagging
tagging enabled
enabled
TSP
TSP Tunnel
Tunnel tagging
tagging not
not enabled
enabled
Tagging
Tagging operational
operational
MTU
MTU == 1500
1500

show tag-switching tdp discovery
Router#show
tag-switching tdp
tdp discovery
discovery
Local
Local TDP
TDP Identifier:
Identifier:
192.168.3.102:0
192.168.3.102:0
TDP
TDP Discovery
Discovery Sources:
Sources:
Interfaces:
Interfaces:
Serial1/0.1:
Serial1/0.1: xmit/recv
xmit/recv
TDP
TDP Id:
Id: 192.168.3.101:0
192.168.3.101:0
Serial1/0.2:
Serial1/0.2: xmit/recv
xmit/recv
TDP
TDP Id:
Id: 192.168.3.100:0
192.168.3.100:0

More TDP Monitoring Commands
router(config)#
show tag-switching tdp neighbor
• Displays individual TDP neighbors.
router(config)#
show tag-switching tdp neighbor detail
• Displays more details about TDP neighbors.
router(config)#
show tag-switching tdp bindings
• Displays Tag Information Base (TIB).
show tag tdp neighbor
Router#show
tag-switching tdp
tdp neighbors
neighbors
Peer
Peer TDP
TDP Ident:
Ident: 192.168.3.100:0;
192.168.3.100:0; Local
Local TDP
TDP Ident
Ident
192.168.3.102:0
192.168.3.102:0
TCP
TCP connection:
connection: 192.168.3.100.711
192.168.3.100.711 -- 192.168.3.102.11000
192.168.3.102.11000
State:
State: Oper;
Oper; PIEs
PIEs sent/rcvd:
sent/rcvd: 55/53;
55/53; ;; Downstream
Downstream
Up
Up time:
time: 00:43:26
00:43:26
TDP
TDP discovery
discovery sources:
sources:
Serial1/0.2
Serial1/0.2
Addresses
Addresses bound
bound to
to peer
peer TDP
TDP Ident:
Ident:
192.168.3.10
192.168.3.10 192.168.3.14
192.168.3.14 192.168.3.100
192.168.3.100

show tag tdp neighbor detail
Router#show
tag-switching tdp
tdp neighbors
neighbors detail
detail
Peer
Peer TDP
TDP Ident:
Ident: 192.168.3.100:0;
192.168.3.100:0; Local
Local TDP
TDP Ident
Ident 192.168.3.102:0
192.168.3.102:0
TCP
TCP connection:
connection: 192.168.3.100.711
192.168.3.100.711 -- 192.168.3.102.11000
192.168.3.102.11000
State:
State: Oper;
Oper; PIEs
PIEs sent/rcvd:
sent/rcvd: 55/54;
55/54; ;; Downstream;
Downstream; Last
Last TIB
TIB
rev
rev sent
sent 26
26
UID:
UID: 1;
1; Up
Up time:
time: 00:44:01
00:44:01
TDP
TDP discovery
discovery sources:
sources:
Serial1/0.2;
Serial1/0.2; holdtime:
holdtime: 15000
15000 ms,
ms, hello
hello interval:
interval: 5000
5000 ms
ms
Addresses
Addresses bound
bound to
to peer
peer TDP
TDP Ident:
Ident:
192.168.3.10
192.168.3.10 192.168.3.14
192.168.3.14 192.168.3.100
192.168.3.100
Peer
Peer holdtime:
holdtime: 180000
180000 ms;
ms; KA
KA interval:
interval: 60000
60000 ms;
ms; Peer
Peer state:
state:
estab
estab

show tag tdp bindings
Router#show
Router#show tag
tag tdp
tdp bindings
bindings
tib
tib entry:
entry: 192.168.3.1/32,
192.168.3.1/32, rev
rev 99
local
local binding:
binding: tag:
tag: 28
28
remote
remote binding:
binding: tsr:
tsr: 19.16.3.3:0,
19.16.3.3:0, tag:
tag: 28
28
tib
tib entry:
entry: 192.168.3.2/32,
192.168.3.2/32, rev
rev 88
local
local binding:
binding: tag:
tag: 27
27
remote
remote binding:
binding: tsr:
tsr: 19.16.3.3:0,
19.16.3.3:0, tag:
tag: 27
27
tib
tib entry:
entry: 192.168.3.3/32,
192.168.3.3/32, rev
rev 77
local
local binding:
binding: tag:
tag: 26
26
remote
remote binding:
binding: tsr:
tsr: 19.16.3.3:0,
19.16.3.3:0, tag:
tag: imp-
imp-
null(1)
null(1)
tib
tib entry:
entry: 192.168.3.10/32,
192.168.3.10/32, rev
rev 66
local
local binding:
binding: tag:
tag: imp-null(1)
imp-null(1)
remote
remote binding:
binding: tsr:
tsr: 19.16.3.3:0,
19.16.3.3:0, tag:
tag: 26
26

Monitoring Label Switching
router(config)#
show tag-switching forwarding-table
show mpls forwarding-table
• Displays contents of Label Forwarding Information
Base.
router(config)#
show ip cef detail
• Displays label(s) attached to a packet during label
imposition on edge LSR.

Monitoring Label Switching
Monitoring LFIB
Router#show
tag-switching forwarding-table
forwarding-table ??
A.B.C.D
A.B.C.D Destination
Destination prefix
prefix
detail
detail Detailed
Detailed information
information
interface
interface Match
Match outgoing
outgoing interface
interface
next-hop
next-hop Match
Match next
next hop
hop neighbor
neighbor
tags
tags Match
Match tag
tag values
values
tsp-tunnel
tsp-tunnel TSP
TSP Tunnel
Tunnel id
id
|| Output
Output modifiers
modifiers
<cr>
<cr>

show tag-switching forwarding-table
Router#show
tag-switching forwarding-table
forwarding-table detail
detail
Local Outgoing
Local Outgoing Prefix
Prefix Bytes
Bytes tag Outgoing
tag Outgoing Next
Next Hop
Hop
tag
tag tag
tag or
or VC
VC or
or Tunnel
Tunnel Id
Id switched
switched interface
interface
26
26 Untagged
Untagged 192.168.3.3/32
192.168.3.3/32 00 Se1/0.3
Se1/0.3 point2point
point2point
MAC/Encaps=0/0,
MAC/Encaps=0/0, MTU=1504,
MTU=1504, Tag
Tag Stack{}
Stack{}
27
27 Pop tag
Pop tag 192.168.3.4/32
192.168.3.4/32 00 Se0/0.4
Se0/0.4 point2point
point2point
MAC/Encaps=4/4,
MAC/Encaps=4/4, MTU=1504,
MTU=1504, Tag
Tag Stack{}
Stack{}
20618847
20618847
28
28 29
29 192.168.3.4/32
192.168.3.4/32 00 Se1/0.3
Se1/0.3 point2point
point2point
MAC/Encaps=4/8, MTU=1500, Tag Stack{29}
MAC/Encaps=4/8, MTU=1500, Tag Stack{29}
18718847
18718847 0001D000
0001D000

show ip cef detail
Router#show
Router#show ip
ip cef
cef 192.168.20.0
192.168.20.0 detail
detail
192.168.20.0/24,
192.168.20.0/24, version
version 23,
23, cached
cached adjacency
adjacency to
to Serial1/0.2
Serial1/0.2
00 packets,
packets, 00 bytes
bytes
tag
tag information
information set
set
local
local tag:
tag: 33
33
fast
fast tag
tag rewrite
rewrite with
with Se1/0.2,
Se1/0.2, point2point,
point2point, tags
tags imposed:
imposed: {32}
{32}
via
via 192.168.3.10,
192.168.3.10, Serial1/0.2,
Serial1/0.2, 00 dependencies
dependencies
next
next hop
hop 192.168.3.10,
192.168.3.10, Serial1/0.2
Serial1/0.2
valid
valid cached
cached adjacency
adjacency
tag
tag rewrite
rewrite with
with Se1/0.2,
Se1/0.2, point2point,
point2point, tags
tags imposed:
imposed: {32}
{32}

Debugging Label Switching and TDP
router(config)#
debug tag-switching tdp ...
• Debugs TDP adjacencies, session establishment,
and label bindings exchange.
router(config)#
debug tag-switching tfib ...
debug mpls lfib … 12.1(3)T
• Debugs Tag Forwarding Information Base events:
label creations, removals, rewrites.
router(config)#
debug tag-switching packets [ interface ]
debug mpls packets [ interface ] 12.1(3)T
• Debugs labeled packets switched by the router.
• Disables fast or distributed tag switching.
Common Frame-Mode MPLS Symptoms
• TDP/LDP session does not start.

• Labels are not allocated or distributed.
• Packets are not labeled although the labels have
been distributed.
• MPLS intermittently breaks after an interface failure.
• Large packets are not propagated across the
network.

TDP Session Startup Issues: 1/4
Symptom
TDP neighbors are not discovered.
show tag tdp discovery does not display expected TDP neighbors.
Diagnosis
MPLS is not enabled on adjacent router.
Verification
Verify with show tag interface on the adjacent router.

Symptom
Diagnosis
Label distribution protocol mismatch - TDP on one end,
LDP on the other end.
Verification
Verify with show tag interface detail on both routers.

Symptom
Diagnosis
Packet filter drops TDP/LDP neighbor discovery packets.
Verification
Verify access-list presence with show ip interface.
Verify access-list contents with show access-list.

Symptom
TDP neighbors discovered, TDP session is not established.
show tdp neighbor does not display a neighbor in Oper
state.
Diagnosis
Connectivity between loopback interfaces is broken - TDP
session is usually established between loopback
interfaces of adjacent LSRs.
Verification
Verify connectivity with extended ping command.

Label Allocation Issues
Symptom
Labels are not allocated for local routes.
show tag-switching forwarding-table does not display any labels
Diagnosis
CEF is not enabled.
Verification
Verify with show ip cef.

Label Distribution Issues
Symptom
Labels are allocated, but not distributed.
show tag-switching tdp bindings on adjacent LSR does not display labels
from this LSR
Diagnosis
Problems with conditional label distribution.
Verification
Debug label distribution with debug tag tdp advertisement.
Examine the neighbor TDP router IDP with show tag tdp discovery.
Verify that the neighbor TDP router ID is matched by the access list
specified in tag advertise command.
Packet Labeling
Symptom
Labels are distributed, packets are not labeled.
show interface statistic does not labeled packets being sent
Diagnosis
CEF is not enabled on input interface (potentially due to conflicting
feature being configured).
Verification
Verify with show cef interface.

show cef interface
Router#show
Router#show cefcef interface
interface
Serial1/0.1
Serial1/0.1 is is up
up (if_number
(if_number 15)15)
Internet
Internet address
address is is 192.168.3.5/30
192.168.3.5/30
ICMP
ICMP redirects
redirects areare always
always sent
sent
Per
Per packet
packet loadbalancing
loadbalancing is is disabled
disabled
IP
IP unicast
unicast RPF
RPF check
check isis disabled
disabled
Inbound
Inbound access
access list
list is
is not
not set
set
Outbound
Outbound access
access list
list isis not
not set
set
IP
IP policy
policy routing
routing isis disabled
disabled
Interface
Interface is marked as point
is marked as point to
to point
point interface
interface
Hardware
Hardware idb
idb isis Serial1/0
Serial1/0
Fast
Fast switching type 5,
switching type 5, interface
interface type
type 64
64
IP
IP CEF
CEF switching
switching enabled
enabled
IP
IP CEF VPN Fast switching turbo
CEF VPN Fast switching turbo vector
vector
Input
Input fast
fast flags
flags 0x1000,
0x1000, Output
Output fast
fast flags
flags 0x0
0x0
ifindex 3(3)
ifindex 3(3)
Slot
Slot 11 Slot
Slot unit
unit 00 VC
VC -1
-1
Transmit
Transmit limit accumulator 0x0
limit accumulator 0x0 (0x0)
(0x0)
IP
IP MTU
MTU 1500
1500

Intermittent MPLS Failures after
Interface Failure
Symptom
Overall MPLS connectivity in a router intermittently breaks after an
interface failure.
Diagnosis
IP address of a physical interface is used for TDP/LDP identifier.
Configure a loopback interface on the router.
Verification
Verify local TDP identifier with show tag-switching tdp neighbors.

Packet Propagation
Symptom
Large packets are not propagated across the network.
Extended ping with varying packet sizes fails for packet sizes close to 1500
In some cases, MPLS might work, but MPLS/VPN will fail.

Diagnosis
Tag MTU issues or switches with no support for jumbo frames in the
forwarding path.
Verification
Trace the forwarding path; identify all LAN segments in the path.
Verify Tag MTU setting on routers attached to LAN segments.
Check for low-end switches in the transit path.

Summary
After completing this lesson, you will be able to

perform the following tasks:
Describe procedures for monitoring MPLS on IOS
platforms.
List the debugging commands associated with label
switching, LDP and TDP.
Identify common configuration or design errors.
Use the available debugging commands in real-life
troubleshooting scenarios.

Customer Reference
Session Number
Cisco’s MPLS Is Proven
150+ Deployments Today
Americas EMEA APT/Japan

Thank you.
Session Number

MPLS Introduction: 1 Session Number Presentation - ID

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

MPLS Introduction: 1 Session Number Presentation - ID

Uploaded by

Copyright:

Available Formats

MPLS Introduction

Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 2

Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 3

• MPLS: Multi Protocol Label Switching

Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 4

Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 5

2. Ingress Edge LSR receives packet,

IGP domain with a label IGP domain with a label

• LSPs are derived from IGP routing information

PPP Header PPP Header Label Header Layer 3 Header

Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 8

Label EXP S TTL

Label = 20 bits EXP = Class of Service, 3 bits

• Header= 4 bytes, Label = 20 bits.

Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 9

• In IP networks TTL is used to prevent packets

Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 10

• TTL is decremented prior to enter the non-TTL capable

• Labels have link-local significance:

Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 12

Upstream and Downstream LSRs

• Rtr-C is the downstream neighbor of Rtr-B for destination

Use label 30 for destination Use label 40 for destination

IGP derived routes

• LSRs distribute labels to the upstream neighbors

Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 14

Use label 40 for destination Use label 30 for destination

Request label for Request label for

• Upstream LSRs request labels to downstream neighbors

Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 15

• Liberal retention mode

• Conservative retention mode

Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 16

• Independent LSP control

• Ordered LSP control

Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 17

Addres I/F Addres I/F Addres I/F

128.89.25.4 Data 128.89.25.4 Data

Packets Forwarded 171.69

Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 18

In Addres Out Out In Addres Out Out In Addres Out Out

Routing Updates You Can Reach 171.69 Thru 171.69

Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 19

In Addres Out Out In Addres Out Out In Addres Out Out

Use Label 9 for 128.89

Label Distribution 171.69

In Addres Out Out In Addres Out Out In Addres Out Out

128.89.25.4 Data 4 128.89.25.4 Data

Label Switch Forwards

Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 21

Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 22

• MPLS introduces a new field that is used for

Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 23

• Defined in RFC 3036 and 3037

• Advertise labels per FEC

Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 24

Exchange of Control plane

Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 25

L=5 10.1.1.1 LFIB:

Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 26

RT: 10.0.0.0/8  1.2.3.4

L=5 10.1.1.1 LFIB: L=5  L=3 L=3 10.1.1.1

Presentation_ID © 2001, Cisco Systems, Inc. All rights reserved. 27