mpls cisco
TRANSCRIPT
-
5/22/2018 MPLS Cisco
1/155
1 2001, Cisco Systems, Inc. All rights reserved.
Session Number
Presentation_ID
MPLS Introduction
-
5/22/2018 MPLS Cisco
2/155
222 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 2
Agenda
Introduction to MPLS
LDP
MPLS VPN
Monitoring MPLS
-
5/22/2018 MPLS Cisco
3/155
333 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 3
MPLS Concept
In Core:
Forward using labels(as opposed to IPaddr)
Label indicates serviceclass and destination
Label SwitchRouter (LSR)
Router
ATM switch +Tag SwitchController
Label DistributionProtocol (LDP)
Edge LabelSwitchRouter(ATM Switch orRouter)
At Edge:
Classify packets
Label them
-
5/22/2018 MPLS Cisco
4/155444 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 4
MPLS concept
MPLS: Multi Protocol Label Switching
Packet forwarding is done based on Labels.
Labels are assigned when the packet enters intothe network.
Labels are on top of the packet.
MPLS nodes forward packets/cells based on thelabel value (not on the IP information).
-
5/22/2018 MPLS Cisco
5/155555 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 5
MPLS concept
MPLS allows:
Packet classification only where the packet
enters the network.
The packet classification is encoded as a label.
In the core, packets are forwarded without
having to re-classify them.
- No further packet analysis
- Label swapping
-
5/22/2018 MPLS Cisco
6/155666 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 6
MPLS Operation
1a. Existing routing protocols (e.g. OSPF, IS-IS)establish reachability to destination networks.
1b. Label Distribution Protocol (LDP)
establishes label to destination
network mappings.
2. Ingress Edge LSR receives packet,
performs Layer 3 value-added
services, and labels(PUSH) packets.
3. LSR switches packets using
label swapping(SWAP) .
4. Edge LSR at egressremoves(POP) label
and delivers packet.
-
5/22/2018 MPLS Cisco
7/155777 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 7
Label Switch Path (LSP)
LSPs are derived from IGP routing information
LSPs may diverge from IGP shortest path
LSPs are unidirectional
Return traffic takes another LSP
LSP follows IGP shortest path LSP diverges from IGP shortest path
IGP domain with a label
distribution protocol
IGP domain with a label
distribution protocol
-
5/22/2018 MPLS Cisco
8/155888 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 8
Encapsulations
Label HeaderPPP Header Layer 3 HeaderPPP Header
(Packet over SONET/SDH)
ATM Cell Header HEC
Label
DATACLPPTIVCIGFC VPI
Label HeaderMAC Header Layer 3 HeaderLAN MAC Label Header
-
5/22/2018 MPLS Cisco
9/155999 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 9
Label Header
Header= 4 bytes, Label = 20 bits. Can be used over Ethernet, 802.3, or PPP links Contains everything needed at forwarding time
Label = 20 bits EXP = Class of Service, 3 bits
S = Bottom of Stack, 1 bit TTL = Time to Live, 8 bits
0 1 2 30 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Label EXP S TTL
-
5/22/2018 MPLS Cisco
10/155101010 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 10
Loops and TTL
In IP networks TTL is used to prevent packetsto travel indefinitely in the network
MPLS mayuse same mechanism as IP, but noton all encapsulations
TTL is present in the label header for PPP and LAN
headers (shim headers)
ATM cell header does not have TTL
-
5/22/2018 MPLS Cisco
11/155111111 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 11
Loops and TTL
TTL is decremented prior to enter the non-TTL capableLSP
If TTL is 0 the packet is discarded at the ingress point
TTL is examined at the LSP exit
IGP domain with a label
distribution protocol
LSR-1
LSR-2
LSR-4 LSR-5
LSR-
3
LSR-6
Egress
IP packetTTL = 6
Label = 25
IP packetTTL = 6
IP packetTTL = 10
LSR-6 --> 25Hops=4
IP packet
TTL = 6
Label = 39
IP packetTTL = 6
Label = 21
-
5/22/2018 MPLS Cisco
12/155121212 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 12
Label Assignment and Distribution
Labels have link-local significance:
Each LSR binds his own label mappings
Each LSR assign labels to his FECs
Labels are assigned and exchanged
between adjacent neighboring LSR
-
5/22/2018 MPLS Cisco
13/155131313 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 13
Label Assignment and Distribution
Rtr-C is the downstream neighbor of Rtr-B for destination171.68.10/24
Rtr-B is the downstream neighbor of Rtr-A for destination
171.68.10/24
LSRs know their downstream neighbors through the IP routingprotocol
Next-hop address is the downstream neighbor
171.68.10/24
Rtr-BRtr-A Rtr-C
171.68.40/24
Upstream and Downstream LSRs
-
5/22/2018 MPLS Cisco
14/155141414 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 14
Unsolicited Downstream Distribution
LSRs distribute labels to the upstream neighbors
171.68.10/24
Rtr-BRtr-A Rtr-C
171.68.40/24
Next-Hop
InLab
-
...
AddressPrefix
171.68.10
...
OutI/F
1
...
OutLab
30
...
InI/F
0
... Next-Hop
InLab
30
...
AddressPrefix
171.68.10
...
OutI/F
1
...
OutLab
40
...
InI/F
0
...
Next-Hop
In
Lab
40
...
Address
Prefix
171.68.10
...
Out
I/F
1
...
Out
Lab
-
...
In
I/F
0
...
Use label 40for destination171.68.10/24
Use label 30for destination171.68.10/24
IGP derived routes
-
5/22/2018 MPLS Cisco
15/155151515 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 15
On-Demand Downstream Distribution
Upstream LSRs request labels to downstream neighbors
Downstream LSRs distribute labels upon request
171.68.10/24
Rtr-BRtr-A Rtr-C171.68.40/24
Use label 30for destination171.68.10/24
Use label 40for destination171.68.10/24
Request label fordestination 171.68.10/24
Request label fordestination 171.68.10/24
-
5/22/2018 MPLS Cisco
16/155161616 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 16
Liberal retention mode
LSR retains labels from all neighbors
Improve convergence time, when next-hop is again available
after IP convergence
Require more memory and label space
Conservative retention mode
LSR retains labels only from next-hops neighborsLSR discards all labels for FECs without next-hop
Free memory and label space
Label Retention Modes
-
5/22/2018 MPLS Cisco
17/155171717 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 17
Independent LSP control
LSR binds a Label to a FEC independently, whether or not the LSR hasreceived a Label the next-hop for the FEC
The LSR then advertises the Label to its neighbor
Ordered LSP control
LSR only binds and advertise a label for a particular FEC if:
it is the egress LSR for that FEC or
it has already received a label binding from its next-hop
Label Distribution Modes
-
5/22/2018 MPLS Cisco
18/155181818 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 18
Router Example: Forwarding Packets
0
171.69Packets Forwarded
Based on IP Address
Data
AddressPrefix
128.89
171.69
1
1
I/F
AddressPrefix
128.89
171.69
0
1
01
I/F
128.890
1
128.89.25.4 Data
AddressPrefix
128.89 0
I/F
Data Data128.89.25.4128.89.25.4
128.89.25.4
-
5/22/2018 MPLS Cisco
19/155191919 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 19
MPLS Example: Routing Information
128.89
1
01
0
Routing Updates
(OSPF, EIGRP, )
You Can Reach 128.89 and171.69 Thru Me
You Can Reach 171.69 ThruMe
You Can Reach 128.89 ThruMe
InLabel
AddressPrefix
128.89
171.69
1
1
OutIface
OutLabel
InLabel
AddressPrefix
128.89
171.69
0
1
OutIface
OutLabel
InLabel
AddressPrefix
128.89 0
OutIface
OutLabel
171.69
-
5/22/2018 MPLS Cisco
20/155202020 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 20
MPLS Example: Assigning Labels
128.89
1
01
0
Label Distribution
Protocol (LDP)
(downstream allocation)
Use Label 4 for 128.89 andUse Label 5 for 171.69
Use Label 7 for 171.69
Use Label 9 for 128.89
InLabel
AddressPrefix
128.89
171.69
1
1
OutIface
OutLabel
InLabel
AddressPrefix
128.89
171.69
0
1
OutIface
OutLabel
InLabel
AddressPrefix
128.89 0
OutIface
OutLabel
-9
9
7
4
5
4
5
-
-
171.69
-
5/22/2018 MPLS Cisco
21/155212121 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 21
InLabel
AddressPrefix
128.89
171.69
1
1
OutIface
OutLabel
4
5
-
-
MPLS Example: Forwarding Packets
Label Switch Forwards
Based on Label
InLabel
AddressPrefix
128.89
171.69
0
1
OutIface
OutLabel
9
7
4
5
InLabel
AddressPrefix
128.89 0
OutIface
OutLabel
-9
Data 128.89.25.4 Data
128.89.25.4 Data
128.89.25.4 Data
128.89
1
01
0
128.89.25.4 4
9
-
5/22/2018 MPLS Cisco
22/155
222222 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 22
Agenda
Introduction to MPLS
LDP
MPLS VPN
Monitoring MPLS
-
5/22/2018 MPLS Cisco
23/155
232323 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 23
MPLS Unicast IP Routing
MPLS introduces a new field that is used forforwarding decisions.
Although labels are locally significant, they have tobe advertised to directly reachable peers.
One option would be to include this parameter intoexisting IP routing protocols.
The other option is to create a new protocol to exchangelabels.
The second option has been used because there aretoo many existing IP routing protocols that wouldhave to be modified to carry labels.
-
5/22/2018 MPLS Cisco
24/155
242424 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 24
Label Distribution Protocol
Defined in RFC 3036 and 3037
Used to distribute labels in a MPLS network
Forwarding equivalence class
How packets are mapped to LSPs (LabelSwitched Paths)
Advertise labels per FEC
Reach destination a.b.c.d with label x
Neighbor discovery
Basic and extended discovery
-
5/22/2018 MPLS Cisco
25/155
252525 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 25
MPLS Unicast IP Routing Architecture
LSR
Control plane
Data plane
Routing protocol
Label distribution protocol
Label forwarding table
IP routing table
Exchange ofrouting information
Exchange oflabels
Incominglabeled packets
Outgoinglabeled packets
IP forwarding table
Incoming
IP packets
Outgoing
IP packets
-
5/22/2018 MPLS Cisco
26/155
262626 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 26
MPLS Unicast IP Routing: Example
LSR
Control plane
Data plane
OSPF:
RT:
LIB:
FIB:
LFIB:
OSPF: 10.0.0.0/810.0.0.0/8 1.2.3.4
10.0.0.0/8 1.2.3.4
10.0.0.0/8 1.2.3.4
L=5 10.1.1.1
10.1.1.1 10.1.1.1
-
5/22/2018 MPLS Cisco
27/155
272727 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 27
MPLS Unicast IP Routing: Example
LSR
Control plane
Data plane
OSPF:
RT:
LIB:
FIB:
LFIB:
OSPF: 10.0.0.0/810.0.0.0/8 1.2.3.4
10.0.0.0/8 1.2.3.4
10.0.0.0/8 1.2.3.410.1.1.1
LDP: 10.0.0.0/8, L=3
L=5 10.1.1.1
10.0.0.0/8 Next-hop L=3, Local L=5LDP: 10.0.0.0/8, L=5
L=3 10.1.1.1
L=3 10.1.1.1L=5 L=3
, L=3
-
5/22/2018 MPLS Cisco
28/155
282828 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 28
Label Allocation in Packet-Mode MPLSEnvironment
Label allocation and distribution in packet-mode MPLSenvironment follows these steps:
1. IP routing protocols build the IP routing table.2. Each LSR assigns a label to every destination in the IP
routing table independently.
3. LSRs announce their assigned labels to all other LSRs.
4. Every LSR builds its LIB, LFIB data structures based onreceived labels.
-
5/22/2018 MPLS Cisco
29/155
292929 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 29
Building the IP Routing Table
IP routing protocols are used to build IP routing tables on allLSRs.
Forwarding tables (FIB) are built based on IP routing tableswith no labeling information.
A B C D
E
Network X
Network Next-hop
X B
Routing table of A
Network Next-hop
X C
Routing table of B
Network Next-hop
X D
Routing table of C
Network Next-hop
X C
Routing table of ENetwork Next hop Label
X B
FIB on A
-
5/22/2018 MPLS Cisco
30/155
303030 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 30
Allocating Labels
Every LSR allocates a label for every destination in the IProuting table.
Labels have local significance.
Label allocations are asynchronous.
A B C D
E
Network X
Network Next-hop
X C
Routing table of BRouter B assigns label 25 todestination X.
-
5/22/2018 MPLS Cisco
31/155
313131 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 31
LIB and LFIB Set-up
LIB and LFIB structures have to be initialized on the LSRallocating the label.
A B C D
E
Network X
Network Next-hop
X C
Routing table of BRouter B assigns label 25 todestination X.
Label Action Next hop
25 pop C
LFIB on B
Outgoing action is POP as Bhas received no label for Xfrom C.
Network LSR label
X local 25
LIB on B Local label is stored in LIB.
-
5/22/2018 MPLS Cisco
32/155
323232 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 32
Label Distribution
The allocated label is advertised to all neighbor LSRs,regardless of whether the neighbors are upstream ordownstream LSRs for the destination.
A B C D
E
Network X
Network LSR label
X local 25
LIB on B
X = 25X = 25
-
5/22/2018 MPLS Cisco
33/155
333333 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 33
Receiving Label Advertisement
Every LSR stores the received label in its LIB.
Edge LSRs that receive the label from their next-hop also storethe label information in the FIB.
A B C D
E
Network X
X = 25X = 25
Network LSR label
X B 25
LIB on A
Network LSR label
X B 25
LIB on C
Network LSR label
X B 25
LIB on E
Network Next hop Label
X B 25
FIB on A
-
5/22/2018 MPLS Cisco
34/155
343434 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 34
Interim Packet Propagation
Forwarded IP packets are labeled only on the path segmentswhere the labels have already been assigned.
A B C
E
IP: X Lab: 25 IP: X
Network Next hop Label
X B 25
FIB on A
IP lookup is performed inFIB, packet is labeled.
Label Action Next hop
25 pop C
LFIB on B
Label lookup is performedin LFIB, label is removed.
-
5/22/2018 MPLS Cisco
35/155
353535 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 35
Further Label Allocation
Every LSR will eventually assign a label for every destination.
A B C D
E
Network X
Router C assigns label47 to destination X.
X = 47
Network LSR label
X B 25
local 47
LIB on C
Label Action Next hop47 pop D
LFIB on C
-
5/22/2018 MPLS Cisco
36/155
363636 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 36
Receiving Label Advertisement
Every LSR stores received information in its LIB. LSRs that receive their label from their next-hop LSR will also
populate the IP forwarding table (FIB).
A B C D
E
Network X
X = 47
Network LSR labelX B 25
C 47
LIB on E
Network LSR label
X local 25
C 47
LIB on BNetwork Next hop Label
X C 47
FIB on B
Network Next hop LabelX C 47
FIB on E
-
5/22/2018 MPLS Cisco
37/155
373737 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 37
Populating LFIB
Router B has already assigned label to X and created an entryin LFIB.
Outgoing label is inserted in LFIB after the label is receivedfrom the next-hop LSR.
A B C D
E
Network X
X = 47
Network LSR label
X local 25
C 47
LIB on BNetwork Next hop Label
X C 47
FIB on B
Label Action Next hop
25 47 C
LFIB on B
-
5/22/2018 MPLS Cisco
38/155
383838 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 38
Packet Propagation Across MPLS Network
A B C
E
IP: X Lab: 25 Lab: 47
Network Next hop Label
X B 25
FIB on A
IP lookup is performed inFIB, packet is labeled.
Label Action Next hop
25 47 C
LFIB on B
Label lookup is performedin LFIB, label is switched.
Label Action Next hop
47 pop D
LFIB on C
Label lookup is performedin LFIB, label is removed.
IP: X
Ingress LSR Egress LSR
-
5/22/2018 MPLS Cisco
39/155
393939 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 39
Steady State Description
After the LSRs have exchanged the labels, LIB, LFIB and FIBdata structures are completely populated.
A B C D
E
Network X
Network Next-hop
X C
Routing table of BNetwork Next hop Label
X C 47
FIB on B
Network LSR label
X local 25
C 47
E 75
LIB on B
Label Action Next hop
25 47 C
LFIB on B
Convergence in Packet-mode MPLS
-
5/22/2018 MPLS Cisco
40/155
404040 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 40
Link Failure Actions
Routing protocol neighbors andLDP neighbors are lost after alink failure.
Entries are removed fromvarious data structures.
A B C D
E
Network X
Network Next-hop
X C
Routing table of BNetwork Next hop Label
X C 47
FIB on B
Network LSR label
X local 25
C 47
E 75
LIB on B
Label Action Next hop
25 47 C
LFIB on B
-
5/22/2018 MPLS Cisco
41/155
414141 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 41
Routing Protocol Convergence
Routing protocols rebuild the IProuting table and the IPforwarding table.
A B C D
E
Network XNetwork LSR label
X local 25
C 47
E 75
LIB on B
Label Action Next hop
25 47 C
LFIB on B
Network Next hop Label
X E
FIB on B
Network Next-hop
X E
Routing table of B
-
5/22/2018 MPLS Cisco
42/155
424242 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 42
MPLS Convergence
LFIB and labeling information inFIB are rebuilt immediately afterthe routing protocol convergence,based on labels stored in LIB.
A B C D
E
Network XNetwork LSR label
X local 25
C 47
E 75
LIB on B
Network Next-hop
X E
Routing table of B
Label Action Next hop
25 75 E
LFIB on B
Network Next hop Label
X E 75
FIB on B
-
5/22/2018 MPLS Cisco
43/155
434343 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 43
MPLS Convergence After a Link Failure
MPLS convergence in packet-mode MPLSdoes not impact the overall convergencetime.
MPLS convergence occurs immediately afterthe routing protocol convergence, based on
labels already stored in LIB.
-
5/22/2018 MPLS Cisco
44/155
444444 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 44
Link Recovery Actions
Routing protocol neighbors arediscovered after link recovery.
A B C D
E
Network XNetwork LSR label
X local 25
C 47
E 75
LIB on B
Network Next-hop
X E
Routing table of B
Label Action Next hop
25 75 E
LFIB on B
Network Next hop Label
X E 75
FIB on B
IP Routing Convergence After Link
-
5/22/2018 MPLS Cisco
45/155
454545 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 45
IP Routing Convergence After LinkRecovery
IP routing protocols rebuild the IProuting table.
FIB and LFIB are also rebuilt, butthe label information might belacking.
A B C D
E
Network XNetwork LSR label
X local 25
C 47
E 75
LIB on B
Label Action Next hop
25 75 E
LFIB on B
Network Next hop Label
X E 75
FIB on B
Network Next-hop
X E
Routing table of B
C C
pop C
-
5/22/2018 MPLS Cisco
46/155
464646 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 46
MPLS Convergence After a Link Recovery
Routing protocol convergence optimizes the forwardingpath after a link recovery.
LIB might not contain the label from the new next-hop bythe time the IP convergence is complete.
End-to-end MPLS connectivity might be intermittentlybroken after link recovery.
Use MPLS Traffic Engineering for make-before-breakrecovery.
-
5/22/2018 MPLS Cisco
47/155
474747 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 47
LDP Session Establishment
LDP and TDP use a similar process to establish a session:
Hello messages are periodically sent on all interfaces enabled forMPLS.
If there is another router on that interface it will respond by tryingto establish a session with the source of the hello messages.
UDP is used for hello messages. It is targeted at all routers onthis subnetmulticast address (224.0.0.2).
TCP is used to establish the session.
Both TCP and UDP use well-known LDP port number 646 (711for TDP).
-
5/22/2018 MPLS Cisco
48/155
484848 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 48
LDP Neighbor Discovery
1.0.0.1 1.0.0.3
MPLS_A NO_MPLS_C
1.0.0.4
MPLS_D
1.0.0.2
MPLS_B
UDP: Hello(1.0.0.1:1050 224.0.0.2:646)
UDP: Hello(1.0.0.4:1033 224.0.0.2:646)
UDP: Hello(1.0.0.2:1064 224.0.0.2:646)
UDP: Hello(1.0.0.1:1051 224.0.0.2:646)
UDP: Hello(1.0.0.4:1034 224.0.0.2:646)
UDP: Hello(1.0.0.2:1065 224.0.0.2:646)
UDP: Hello(1.0.0.1:1052 224.0.0.2:646)
UDP: Hello(1.0.0.4:1035 224.0.0.2:646)
UDP: Hello(1.0.0.2:1066 224.0.0.2:646)
LDP Session is established from the router with higher IPaddress.
-
5/22/2018 MPLS Cisco
49/155
494949 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 49
LDP Session Negotiation
Peers first exchange initialization messages.
The session is ready to exchange label mappingsafter receiving the first keepalive.
1.0.0.1
MPLS_A
1.0.0.2
MPLS_B
Initialization message
Establish TCP session
Initialization message
Keepalive
Keepalive
-
5/22/2018 MPLS Cisco
50/155
505050 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 50
MPLS Domain
Double Lookup Scenario
Double lookup is not an optimal way offorwarding labeled packets.
A label can be removed one hop earlier.
10.0.0.0/8L=19
10.0.0.0/8L=18
10.0.0.0/8L=17
LFIB18 19
FIB10/8 NH, 19
LFIB17 18
FIB10/8 NH, 18
LFIB35 17
FIB10/8 NH, 17
LFIB19 untagged
FIB10/8 NH
10.1.1.117 10.1.1.118 10.1.1.119 10.1.1.1
Double lookup is needed:1. LFIB: remove the label.2. FIB: forward the IP
packet based on IP next-hop address.
10.0.0.0/8
-
5/22/2018 MPLS Cisco
51/155
515151 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 51
Penultimate Hop Popping
MPLS Domain
A label is removed on the router before thelast hop within an MPLS domain.
10.0.0.0/8L=pop
10.0.0.0/8L=18
10.0.0.0/8L=17
LFIB18 pop
FIB10/8 NH, 19
LFIB17 18
FIB10/8 NH, 18
LFIB35 17
FIB10/8 NH, 17
LFIB
FIB10/8 NH
10.1.1.117 10.1.1.118 10.1.1.1 10.1.1.1
One single lookup.
10.0.0.0/8
Popor implicit nulllabel is adveritsed.
-
5/22/2018 MPLS Cisco
52/155
525252 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 52
Penultimate Hop Popping
Penultimate hop popping optimizes MPLSperformace (one less LFIB lookup).
PHP does not work on ATM (VPI/VCI cannotbe removed).
Pop or implicit null label uses value 3 whenbeing advertised to a neighbor.
-
5/22/2018 MPLS Cisco
53/155
535353 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 53
LDP Messages
Discovery messages
Used to discover and maintain the presence of
new peers
Hello packets (UDP) sent to all-routers multicastaddress
Once neighbor is discovered, the LDP session is
established over TCP
-
5/22/2018 MPLS Cisco
54/155
545454 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 54
LDP Messages
Session messages
Establish, maintain and terminate LDP sessions
Advertisement messages
Create, modify, delete label mappings
Notification messages
Error signalling
-
5/22/2018 MPLS Cisco
55/155
555555 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 55
Agenda
Introduction to MPLS
LDP
MPLS VPN
Monitoring MPLS
-
5/22/2018 MPLS Cisco
56/155
565656 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 56
What Is a VPN?
VPN is a set of sites which are allowed tocommunicate with each other.
VPN is defined by a set of administrative policies
Policies determine both connectivity and QoSamong sites.
Policies established by VPN customers.
Policies could be implemented completely by VPN service
providers.
Using BGP/MPLS VPN mechanisms
-
5/22/2018 MPLS Cisco
57/155
575757 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 57
What Is a VPN? (Cont.)
Flexible inter-site connectivity
Ranging from complete to partial mesh
Sites may be either within the same or in different
organizationsVPN can be either intranet or extranet
Site may be in more than one VPN
VPNs may overlap
Not all sites have to be connected to the same serviceprovider
VPN can span multiple providers
-
5/22/2018 MPLS Cisco
58/155
585858 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 58
IP VPN Taxonomy
Client-Initiated
NAS-Initiated
IPTunnel
VirtualCircuit
Network-Based VPNs
SecurityAppliance
Router FR ATM
IP VPNs
DIAL DEDICATED
RFC 2547 VirtualRouter
-
5/22/2018 MPLS Cisco
59/155
595959 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 59
MPLS-VPN Terminology
Provider Network (P-Network)
The backbone under control of a Service Provider
Customer Network (C-Network)Network under customer control
CE router
Customer Edge router. Part of the C-network andinterfaces to a PE router
-
5/22/2018 MPLS Cisco
60/155
606060 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 60
MPLS-VPN Terminology
SiteSet of (sub)networks part of the C-network and co-
located
A site is connected to the VPN backbone through oneor more PE/CE links
PE router
Provider Edge router. Part of the P-Network andinterfaces to CE routers
P routerProvider (core) router, without knowledge of VPN
-
5/22/2018 MPLS Cisco
61/155
616161 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 61
MPLS-VPN Terminology
Route-Target
64 bits identifying routers that should receive theroute
Route DistinguisherAttributes of each route used to uniquely identify
prefixes among VPNs (64 bits)
VRF based (not VPN based)
VPN-IPv4 addresses
Address including the 64 bits Route Distinguisherand the 32 bits IP address
-
5/22/2018 MPLS Cisco
62/155
626262 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 62
MPLS-VPN Terminology
VRF
VPN Routing and Forwarding Instance
Routing table and FIB tablePopulated by routing protocol contexts
VPN-Aware network
A provider backbone where MPLS-VPN isdeployed
-
5/22/2018 MPLS Cisco
63/155
636363 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 63
MPLS VPN Connection Model
A VPN is a collection of sites sharing acommon routing information (routing table)
A site can be part of different VPNs A VPN has to be seen as a community of
interest (or Closed User Group)
Multiple Routing/Forwarding instances(VRF) on PE routers
-
5/22/2018 MPLS Cisco
64/155
646464 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 64
MPLS VPN Connection Model
A site belonging to different VPNs may orMAY NOT be used as a transit point betweenVPNs
If two or more VPNs have a common site,address space must be unique among theseVPNs
Site-1
Site-3
Site-4
Site-2
VPN-A
VPN-C
VPN-B
-
5/22/2018 MPLS Cisco
65/155
656565 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 65
MPLS VPN Connection Model
The VPN backbone is composed by MPLS LSRs
PE routers (edge LSRs)
P routers (core LSRs)
PE routers are faced to CE routers and distributeVPN information throughMP-BGP to other PE routers
VPN-IPv4 addresses, Extended Community,
Label
P routers do not run BGP and do not have any VPNknowledge
-
5/22/2018 MPLS Cisco
66/155
666666 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 66
MPLS VPN Connection Model
VPN_A
VPN_A
VPN_B10.3.0.0
10.1.0.0
11.5.0.0
P P
PP PE
PE CE
CE
CE
VPN_A
VPN_B
VPN_B
10.1.0.0
10.2.0.0
11.6.0.0
CE
PE
PECE
CE
VPN_A10.2.0.0
CE
iBGP sessions
P routers (LSRs) are in the core of the MPLS cloud
PE routers use MPLS with the core and plain IP withCE routers
P and PE routers share a common IGP
PE router are MP-iBGP fully meshed
-
5/22/2018 MPLS Cisco
67/155
676767 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 67
MPLS VPN Connection Model
PE and CE routers exchange routinginformation through:
EBGP, OSPF , RIPv2, Static routing
CE router run standard routing software
PE
CE
CE
Site-2
Site-1
EBGP,OSPF, RIPv2,Static
-
5/22/2018 MPLS Cisco
68/155
686868 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 68
MPLS VPN Connection Model
PE routers maintain separate routing tables
The global routing table
With all PE and P routesPopulated by the VPN backbone IGP (ISIS or OSPF)
VRF (VPN Routing and Forwarding)
Routing and Forwarding table associated with one or more directlyconnected sites (CEs)
VRF are associated to (sub/virtual/tunnel)interfaces
Interfaces may share the same VRF if the connected sites may sharethe same routing information
PE
CE
C
E
Site-2
Site-1
VPN Backbone IGP (OSPF, ISIS)EBGP,OSPF, RIPv2,Static
-
5/22/2018 MPLS Cisco
69/155
696969 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 69
MPLS VPN Connection Model
The routes the PE receives from CE routers areinstalled in the appropriate VRF
The routes the PE receives through the backbone IGPare installed in the global routing table
By using separate VRFs, addresses need NOT to beunique among VPNs
PE
CE
CE
Site-2
Site-1
VPN Backbone IGPEBGP,OSPF, RIPv2,Static
-
5/22/2018 MPLS Cisco
70/155
707070 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 70
MPLS VPN Connection Model
The Global Routing Table is populated byIGP protocols.
In PE routers it may contain the BGPInternet routes (standard BGP-4 routes)
BGP-4 (IPv4) routes go into global routingtable
MP-BGP (VPN-IPv4) routes go into VRFs
-
5/22/2018 MPLS Cisco
71/155
717171 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 71
MPLS VPN Connection Model
PE
VPN Backbone IGP
iBGP session
PE
P P
P P
PE and P routers share a common IGP (ISIS or OSPF)
PEs establish MP-iBGP sessions between them
PEs use MP-BGP to exchange routing informationrelated to the connected sites and VPNs
VPN-IPv4 addresses, Extended Community, Label
-
5/22/2018 MPLS Cisco
72/155
727272 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 72
MPLS VPN Connection Model
PE-1
VPN Backbone IGP
PE-2
P P
P P
PE routers receive IPv4 updates (EBGP, RIPv2, Static)
PE routers translate into VPN-IPv4
Assign a SOO and RT based on configuration
Re-write Next-Hop attribute
Assign a label based on VRF and/or interface
Send MP-iBGP update to all PE neighbors
BGP,RIPv2 updatefor Net1,Next-Hop=CE-1
VPN-IPv4 update:RD:Net1, Next-hop=PE-1SOO=Site1, RT=Green,Label=(intCE1)
CE-1
Site-2
VPN-IPv4 update is translatedinto IPv4 address (Net1) putinto VRF green since RT=Greenand advertised to CE-2
Site-1
CE-2
-
5/22/2018 MPLS Cisco
73/155
737373 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 73
MPLS VPN Connection Model
Receiving PEs translate to IPv4
Insert the route into the VRF identified by theRT attribute (based on PE configuration)
The label associated to the VPN-IPv4 address will beset on packet forwarded towards the destination
PE-1
VPN Backbone IGP
PE-2
P P
P PBGP,OSPF, RIPv2update for Net1Next-Hop=CE-1
VPN-IPv4 update:RD:Net1, Next-hop=PE-1SOO=Site1, RT=Green,Label=(intCE1)
CE-1
Site-2
VPN-IPv4 update is translatedinto IPv4 address (Net1) putinto VRF green since RT=Greenand advertised to CE-2
Site-1
CE-2
-
5/22/2018 MPLS Cisco
74/155
747474 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 74
MPLS VPN Connection Model
Route distribution to sites is driven by the Site ofOrigin (SOO) and Route-target attributes
BGP Extended Community attribute
A route is installed in the site VRF corresponding tothe Route-target attribute
Driven by PE configuration
A PE which connects sites belonging to multiple
VPNs will install the route into the site VRF if theRoute-target attribute contains one or more VPNs towhich the site is associated
MPLS VPN Connection Model
-
5/22/2018 MPLS Cisco
75/155
757575 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 75
MP-BGP Update
VPN-IPV4 address
Route Distinguisher
64 bits
Makes the IPv4 route globally unique
RD is configured in the PE for each VRF
RD may or may not be related to a site or a VPN
IPv4 address (32bits)
Extended Community attribute (64 bits)
Site of Origin (SOO): identifies the originating site
Route-target (RT): identifies the set of sites the route has tobe advertised to
MPLS VPN Connection Model
-
5/22/2018 MPLS Cisco
76/155
767676 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 76
MP-BGP Update
Any other standard BGP attributeLocal PreferenceMEDNext-hop
AS_PATH
Standard Community...
A Label identifying:
The outgoing interface
The VRF where a lookup has to be done
The BGP label will be the second label in thelabel stack of packets travelling in the core
MPLS VPN Connection Model
-
5/22/2018 MPLS Cisco
77/155
777777 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 77
MP-BGP Update - Extended community
BGP extended community attribute
Structured, to support multiple applications
64 bits for increased range
General form
::
Registered AS number::
Registered IP address
MPLS VPN Connection Model
-
5/22/2018 MPLS Cisco
78/155
787878 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 78
MPLS VPN Connection ModelMP-BGP Update - Extended community
The Extended Community is used to:
Identify one or more routers where the route hasbeen originated (site)
Site of Origin (SOO)
Selects sites which should receive the route
Route-Target
MPLS VPN Connection Model
-
5/22/2018 MPLS Cisco
79/155
797979 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 79
MP-BGP Update
The Label can be assigned only by the router whichaddress is the Next-Hop attribute
PE routers re-write the Next-Hop with their ownaddress (loopback interface address)
Next-Hop-Self BGP command towards iBGPneighborsLoopback addresses are advertised into thebackbone IGP
PE addresses used as BGP Next-Hop must beuniquely known in the backbone IGP
No summarisation of loopback addresses in the core
MPLS Forwarding
-
5/22/2018 MPLS Cisco
80/155
808080 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 80
gPacket forwarding
PE and P routers have BGP next-hopreachability through the backbone IGP
Labels are distributed through LDP (hop-by-hop)corresponding to BGP Next-Hops
Label Stack is used for packet forwarding
Top label indicates BGP Next-Hop (interiorlabel)
Second level label indicates outgoing interfaceor VRF (exterior label)
MPLS Forwarding
-
5/22/2018 MPLS Cisco
81/155
818181 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 81
Penultimate Hop Popping
PE2
PE1
CE1
CE2
P1 P2
IGPLabel(PE2)
VPN LabelIP
packet
PE1 receives IP packet
Lookup is done on site VRF
BGP route with Next-Hop andLabel is found
BGP next-hop (PE2) is reachablethrough IGP route withassociated label
IGP
Label(PE2)
VPN LabelIP
packet
P routers switch the
packets based on the IGPlabel (label on top of thestack)
VPN Label
IP
packet
Penultimate HopPopping
P2 is the penultimatehop for the BGP next-hop
P2 remove the top label
This has beenrequested through LDPby PE2
IP
packet
PE2 receives the packets
with the labelcorresponding to theoutgoing interface (VRF)
One single lookup
Label is popped and packetsent to IP neighbor
IP
packet
CE3
-
5/22/2018 MPLS Cisco
82/155
828282 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 82
T1 T7T2 T8T3 T9T4 T7
T5 TBT6 TBT7 T8
Packet Forwarding Example 1
VPN_A
VPN_A
VPN_B
10.3.0.0
10.1.0.0
11.5.0.0
P P
PP PE
CE
CE
CE
Data
, iBGP next hop PE1
, iBGP next hop PE2
, iBGP next hop PE3
, iBGP next hop PE1
, iBGP next hop PE4
, iBGP next hop PE4
, iBGP next hop PE2
, iBGP NH= PE2 , T2 T8 Ingress PE receives normal IPPackets from CE router
PE router does IP Longest Matchfrom VPN_B FIB, find iBGP nexthop PE2and impose a stack oflabels:exterior Label T2 + Interior Label
T8
DataT8T2
VPN_A
VPN_B
VPN_B
10.1.0.0
10.2.0.0
11.6.0.0
CE
PE1
PE2CE
CE
VPN_A10.2.0.0
CE
P k t F di E l 1 ( t )
-
5/22/2018 MPLS Cisco
83/155
838383 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 83
Packet Forwarding Example 1 (cont.)
VPN_A
VPN_A
VPN_B10.3.0.0
10.1.0.0
11.5.0.0
P P
PP PE
CE
CE
CE
T7T8T9TaTb
TuTwTxTyTz
T8,TA
T2 DataT8Data
T2 DataTB
outin /
All Subsequent P routers do switch the packetSolely on Interior Label
Egress PE router, removes Interior Label
Egress PE uses Exterior Label to select which VPN/CEto forward the packet to.
Exterior Label is removed and packet routed to CE router
VPN_A
VPN_B
VPN_B
10.1.0.0
10.2.0.0
11.6.0.0
CE
PE1
PE2CE
CE
VPN_A
10.2.0.0
CE T2 DataData
TAT2
P k t F di E l 2
-
5/22/2018 MPLS Cisco
84/155
848484 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 84
Packet Forwarding Example 2
In VPN 12, host 130.130.10.1 sends a packet withdestination 130.130.11.3
Customer sites are attached to ProviderEdge (PE) routers A & B.
130.130.10.1
130.130.11.3
12
12
A
B
P k t F di E l 2 ( t )
-
5/22/2018 MPLS Cisco
85/155
858585 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 85
VPN-ID
VPN Site
Address
Provider Edge
Router Address
VPN Site
Label
PE
Label
12 130.130.10.0/24 172.68.1.11/3226 42
12 130.130.11.0/24 172.68.1.2/32989 101
... ... ...... ...
2. PE router A selects the
correct VPN forwarding table
based on the links VPN ID (12).
Packet Forwarding Example 2 (cont.)
12
1. Packet arrives on VPN 12
link on PE router A.
A
P k t F di E l 2 ( t )
-
5/22/2018 MPLS Cisco
86/155
868686 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 86
Packet Forwarding Example 2 (cont.)
130.130.11.3 Rest of IP packet
VPN-ID
VPN Site
Address
Provider Edge
Router Address
VPN Site
Label
PE
Label
12 130.130.10.0/24 172.68.1.11/3226 42
12 130.130.11.0/24 172.68.1.2/32989 101
... ... ...... ...
12
A
3. PE router A matches
the incoming packets
destination address
with VPN 12s
forwarding table.
989101
4. PE router A adds twolabels to the packet: one
identifying the destination
PE, and one identifying the
destination VPN site.
P k F di E l 2 ( )
-
5/22/2018 MPLS Cisco
87/155
878787 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 87
Packet Forwarding Example 2 (cont.)
A
B
5. Packet is label-switched from PE router A to PE B based onthe top label, using normal MPLS.
The network core knows nothing about VPNs and sites: it
only knows how to get packets from A to B using MPLS.
P k t F di E l 2 ( t )
-
5/22/2018 MPLS Cisco
88/155
888888 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 88
Packet Forwarding Example 2 (cont.)
B 12
6. PE router B identifies the correctsite in VPN 12 from the inner label.
130.130.11.3
7. PE router B removes the labels
and forwards the IP packet to the
correct VPN 12 site.
MPLS VPN mechanisms
-
5/22/2018 MPLS Cisco
89/155
898989 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 89
VRF and Multiple Routing Instances
VRF: VPN Routing and Forwarding Instance
VRF Routing Protocol Context
VRF Routing Tables
VRF CEF Forwarding Tables
MPLS VPN mechanisms
-
5/22/2018 MPLS Cisco
90/155
909090 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 90
VRF and Multiple Routing Instances
VRF Routing table contains routes which should beavailable to a particular set of sites
Analogous to standard IOS routing table, supportsthe same set of mechanisms
Interfaces (sites) are assigned to VRFs
One VRF per interface (sub-interface, tunnel or virtual-template)
Possible many interfaces per VRF
MPLS VPN mechanismsd l l
-
5/22/2018 MPLS Cisco
91/155
919191 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 91
VRF and Multiple Routing Instances
StaticBGP RIPRoutingprocesse
s
Routing
contexts
VRF Routing tables
VRF Forwarding
tables
Routing processes runwithin specific routing
contexts Populate specific VPN
routing table and FIBs(VRF)
Interfaces are assigned toVRFs
MPLS VPN mechanismsd l l
-
5/22/2018 MPLS Cisco
92/155
929292 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 92
VRF and Multiple Routing Instances
Site-1 Site-2 Site-3 Site-4
Logical view
Routing view
VRFfor site-1
Site-1
routesSite-2routes
VRFfor site-4
Site-3 routesSite-4 routes
VRFfor site-2
Site-1routes
Site-2routesSite-3routes
VRFfor site-3
Site-2 routes
Site-3routesSite-4 routes
Site-1
Site-3
Site-4
Site-2
VPN-A
VPN-C
VPN-B
PE PE
PP
Multihop MP-iBGP
MPLS VPN Topologies
-
5/22/2018 MPLS Cisco
93/155
939393 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 93
MPLS VPN Topologies
VPN_A
VPN_A
VPN_B10.3.0.0
10.1.0.0
11.5.0.0
P P
PP PE
PE CE
CE
CE
VPN_A
VPN_B
VPN_B
10.1.0.0
10.2.0.0
11.6.0.0
CE
PE
PECE
CE
VPN_A
10.2.0.0
CE
VPN-IPv4 address are propagated together with the associatedlabel in BGP Multiprotocol extension
Extended Community attribute (route-target) is associated toeach VPN-IPv4 address, to populate the site VRF
iBGP sessions
MPLS VPN Topologies
-
5/22/2018 MPLS Cisco
94/155
949494 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 94
VPN sites with optimal intra-VPN routing
Each site has full routing knowledge of allother sites (of same VPN)
Each CE announces his own address space
MP-BGP VPN-IPv4 updates are propagatedbetween PEs
Routing is optimal in the backbone
Each route has the BGP Next-Hop closest tothe destination
No site is used as central point for connectivity
MPLS VPN Topologies
-
5/22/2018 MPLS Cisco
95/155
959595 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 95
VPN sites with optimal intra-VPN routing
Site-1
VRFfor site-1
N1,NH=CE1N2,NH=PE2N3,NH=PE
3
PE1
PE3
PE2
N1
Site-3
N3
N2
VPN-IPv4 updates exchanged betweenPEs
RD:N1, NH=PE1,Label=IntCE1, RT=BlueRD:N2, NH=PE2,Label=IntCE2, RT=BlueRD:N3, NH=PE3,Label=IntCE3, RT=Blue
IntCE1
IntCE3
N1NH=CE1
Routing Table onCE1
N1, LocalN2, PE1N3, PE1
EBGP/RIP/Static
VRFfor site-3
N1,NH=PE1N2,NH=PE2N3,NH=CE3
Routing Table onCE3
N1, PE3N2, PE3N3, Local
N3NH=CE3
EBGP/RIP/Static
Site-2
IntCE2
Routing Table on
CE2N1,NH=PE2N2,LocalN3,NH=PE2
N2,NH=CE2
EBGP/RIP/Static
VRFfor site-2
N1,NH=PE1
N2,NH=CE
2N3,NH=PE3
MPLS VPN Topologiesh b & S k
-
5/22/2018 MPLS Cisco
96/155
969696 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 96
VPN sites with Hub & Spoke routing
One central site has full routing knowledge ofall other sites (of same VPN)
Hub-Site
Other sites will send traffic to Hub-Site for anydestination
Spoke-Sites
Hub-Site is the central transit point betweenSpoke-Sites
Use of central services at Hub-Site
MPLS VPN TopologiesVPN i i h H b & S k i
-
5/22/2018 MPLS Cisco
97/155
979797 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 97
VPN sites with Hub & Spoke routing
PE2
PE1
PE3
Site-1
N1
N3
VPN-IPv4 updates advertised by PE3
RD:N1, NH=PE3,Label=IntCE3-Spoke,RT=SpokeRD:N2, NH=PE3,Label=IntCE3-Spoke,RT=Spoke
RD:N3, NH=PE3,Label=IntCE3-Spoke,RT=Spoke
Site-3
Site-2
N2
IntCE3-SpokeVRF(Export
RT=Spoke)N1,NH=CE3-SpokeN2,NH=CE3-SpokeN3,NH=CE3-Spoke
CE1
CE3-Spoke
CE2
CE3-Hub
IntCE3-Hub VRF(Import RT=Hub)
N1,NH=PE1N2,NH=PE2
VPN-IPv4 update advertised by PE1RD:N1, NH=PE1,Label=IntCE1,RT=Hub
VPN-IPv4 update advertised by PE2RD:N2, NH=PE2,Label=IntCE2,RT=Hub
IntCE2 VRF(Import RT=Spoke)(Export RT=Hub)
N1,NH=PE3 (imported)N2,NH=CE2 (exported)N3,NH=PE3 (imported)
IntCE1 VRF(Import RT=Spoke)(Export RT=Hub)
N1,NH=CE1 (exported)N2,NH=PE3 (imported)N3,NH=PE3 (imported
BGP/RIPv2
BGP/RIPv2
Routes are imported/exported into VRFs based on RT valueof the VPN-IPv4 updates
PE3 uses 2 (sub)interfaces with two different VRFs
MPLS VPN TopologiesVPN it ith H b & S k ti
-
5/22/2018 MPLS Cisco
98/155
989898 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 98
VPN sites with Hub & Spoke routing
PE2
PE1
PE3
Site-1
N1
N3
Site-3
Site-2
N2
IntCE3-Spoke
VRF(ExportRT=Spoke)
N1,NH=CE3-SpokeN2,NH=CE3-SpokeN3,NH=CE3-Spoke
CE1
CE3-Spoke
CE2
CE3-Hub
IntCE3-Hub VRF(Import RT=Hub)
N1,NH=PE1N2,NH=PE2
IntCE2 VRF(Import RT=Spoke)(Export RT=Hub)
N1,NH=PE3 (imported)N2,NH=CE2 (exported)N3,NH=PE3 (imported)
IntCE1 VRF(Import RT=Spoke)(Export RT=Hub)
N1,NH=CE1 (exported)N2,NH=PE3 (imported)N3,NH=PE3 (imported
BGP/RIPv2
BGP/RIPv2
Traffic from one spoke to another will travel across the hub site
Hub site may host central services
Security, NAT, centralised Internet access
MPLS VPN Internet Routing
-
5/22/2018 MPLS Cisco
99/155
999999 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 99
MPLS VPN Internet Routing
In a VPN, sites may need to have Internetconnectivity
Connectivity to the Internet means:
Being able to reach Internet destinationsBeing able to be reachable from any Internet source
The Internet routing table is treated separately
In the VPN backbone the Internet routes are inthe Global routing table of PE routers
Labels are not assigned to external (BGP) routes
MPLS VPN Internet routingVRF specific default route
-
5/22/2018 MPLS Cisco
100/155
100100100 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 100
VRF specific default route
A default route is installed into the siteVRF and pointing to a Internet Gateway
The default route is NOT part of any VPNA single label is used for packets forwarded
according to the default route
The label is the IGP label corresponding to the
IP address of the Internet gatewayKnown in the IGP
MPLS VPN Internet routingVRF specific default route
-
5/22/2018 MPLS Cisco
101/155
101101101 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 101
VRF specific default route
PE router originates CE routes for the Internet
Customer (site) routes are known in the site VRF
Not in the global table
The PE/CE interface is NOT known in the global table.
However:
A static route for customer routes and pointing to thePE/CE interface is installed in the global table
This static route is redistributed into BGP-4 global table
and advertised to the Internet Gateway
The Internet gateway knows customer routes and withthe PE address as next-hop
MPLS VPN Internet routingVRF specific default route
-
5/22/2018 MPLS Cisco
102/155
102102102 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 102
VRF specific default route
The Internet Gateway specified in thedefault route (into the VRF) need NOT tobe directly connected
Different Internet gateways can be usedfor different VRFs
Using default route for Internet routingdoes NOT allow any other default route for
intra-VPN routingAs in any other routing scheme
MPLS VPN Internet routingVRF specific default route
-
5/22/2018 MPLS Cisco
103/155
103103103 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 103
VRF specific default route
PE
PE
Internet
Site-1
PE-IG
Site-2
Network 171.68.0.0/16
Serial0
192.168.1.1
192.168.1.2
ip vrf VPN-A
rd 100:1route-target both 100:1
!
Interface Serial0
ip address 192.168.10.1 255.255.255.0
ip vrf forwarding VPN-A
!
Router bgp 100
no bgp default ipv4-unicast
network 171.68.0.0 mask 255.255.0.0
neighbor 192.168.1.1 remote 100
neighbor 192.168.1.1 activate
neighbor 192.168.1.1 next-hop-self
neighbor 192.168.1.1 update-source loopback0!address-family ipv4 vrf VPN-Aneighbor 192.168.10.2 remote-as 65502neighbor 192.168.10.2 activateexit-address-family
!
address-family vpnv4neighbor 192.168.1.2 activateexit-address-family
!
ip route 171.68.0.0 255.255.0.0 Serial0
ip route vrf VPN-A 0.0.0.0 0.0.0.0 192.168.1.1 glob
BGP-4
MP-BGP
MPLS VPN Internet routingVRF specific default route
-
5/22/2018 MPLS Cisco
104/155
104104104 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 104
VRF specific default route
PE
PE
Internet
Site-1
PE-IG
Site-2
Network 171.68.0.0/16
Serial0
192.168.1.1
192.168.1.2
Site-2 VRF
0.0.0.0/0 192.168.1.1(global)
Site-1 routesSite-2 routes
Global Table and LFIB
192.168.1.1/32 Label=3
192.168.1.2/32 Label=5
...
IP packetD=cisco.co
m
Label = 3
IP packetD=cisco.com
IP packetD=cisco.co
m
MPLS VPN Internet routingVRF specific default route
-
5/22/2018 MPLS Cisco
105/155
105105105 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 105
VRF specific default route
PE routers need not to hold the Internettable
PE routers will use BGP-4 sessions to
originate customer routes
Packet forwarding is done with a singlelabel identifying the Internet Gateway IP
addressMore labels if Traffic Engineering is used
MPLS VPN Internet RoutingSeparated (sub)interfaces
-
5/22/2018 MPLS Cisco
106/155
106106106 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 106
p ( )
If CE wishes to receive and announce routesfrom/to the Internet
A dedicated BGP session is used over a separate (sub)interface
The PE imports CE routes into the global routing tableand advertise them to the Internet
The interface is not part of any VPN and does not useany VRF
Default route or Internet routes are exported to the CEPE needs to have Internet routing table
MPLS VPN Internet RoutingSeparated (sub)interfaces
-
5/22/2018 MPLS Cisco
107/155
107107107 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 107
p ( )
The PE uses separate (sub)interfaces withthe CE
One (sub)interface for VPN routing
associated to a VRFCan be a tunnel interface
One (sub)interface for Internet routingAssociated to the global routing table
MPLS VPN Internet RoutingSeparated (sub)interfaces
-
5/22/2018 MPLS Cisco
108/155
108108108 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 108
p ( )
PE
PE
Internet
Site-1
PE-IG
Site-2
Network 171.68.0.0/16
Serial0.1
192.168.1.1
192.168.1.2
ip vrf VPN-A
rd 100:1
route-target both 100:1
!Interface Serial0
no ip address
!
Interface Serial0.1
ip address 192.168.10.1 255.255.255.0
ip vrf forwarding VPN-A
!
Interface Serial0.2
ip address 171.68.10.1 255.255.255.0!
Router bgp 100
no bgp default ipv4-unicast
neighbor 192.168.1.1 remote 100
neighbor 192.168.1.1 activate
neighbor 192.168.1.1 next-hop-self
neighbor 192.168.1.1 update-source loopback0
neighbor 171.68.10.2 remote 502
!address-family ipv4 vrf VPN-Aneighbor 192.168.10.2 remote-as 502neighbor 192.168.10.2 activateexit-address-family
!
address-family vpnv4neighbor 192.168.1.2 activateexit-address-family
BGP-4
MP-BGP
Serial0.2
BGP-4
MPLS VPN Internet RoutingSeparated (sub)interfaces
-
5/22/2018 MPLS Cisco
109/155
109109109 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 109
p ( )
PE
PE
Internet
Site-1
PE-IG
Site-2
Network 171.68.0.0/16
Serial0.1
192.168.1.1
192.168.1.2
Serial0.2
Serial0.1 Serial0.2 CE routing table
Site-2 routes ---->Serial0.1
Internet routes --->Serial0.2
IP packetD=cisco.com
PE Global Table
Internet routes --->
192.168.1.1192.168.1.1, Label=3
Label = 3
IP packetD=cisco.co
m
IP packetD=cisco.co
m
Scaling
-
5/22/2018 MPLS Cisco
110/155
110110110 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 110
Scaling
Existing BGP techniques can be used to scalethe route distribution: route reflectors
Each edge router needs only the informationfor the VPNs it supports
Directly connected VPNs
RRs are used to distribute VPN routinginformation
MPLS-VPNScaling BGP
-
5/22/2018 MPLS Cisco
111/155
111111111 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 111
Scaling BGP
VPN_A
VPN_A
VPN_B
10.3.0.0
10.1.0.0
11.5.0.0
P P
PP PE
PE CE
CE
CE
RR RR
Route Reflectors
VPN_A
VPN_B
VPN_B
10.1.0.0
10.2.0.0
11.6.0.0
CE PE1
PE2CE
CE
VPN_A10.2.0.0
CE
Route Reflectors may be partitioned
Each RR store routes for a set of VPNs
Thus, no BGP router needs to store ALL VPNsinformation
PEs will peer to RRs according to the VPNs theydirectly connect
MPLS-VPN ScalingBGP updates filtering
-
5/22/2018 MPLS Cisco
112/155
112112112 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 112
BGP updates filtering
iBGP full mesh between PEs results in flooding allVPNs routes to all PEs
Scaling problems when large amount of routes. Inaddition PEs need only routes for attached VRFs
Therefore each PE will discard any VPN-IPv4 routethat hasnt a route-target configured to be importedin any of the attached VRFs
This reduces significantly the amount of information
each PE has to storeVolume of BGP table is equivalent of volume of
attached VRFs (nothing more)
MPLS-VPN ScalingBGP updates filtering
-
5/22/2018 MPLS Cisco
113/155
113113113 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 113
G updates te g
Each VRF has an importand exportpolicy configured
Policies use route-targetattribute (extended community)
PE receives MP-iBGP updates for VPN-IPv4 routesIf route-target is equal to any of the import values
configured in the PE, the update is accepted
Otherwise it is silently discarded
PE
MP-iBGP sessions
VRFs for VPNsyellowgreen
VPN-IPv4 update:RD:Net1, Next-hop=PE-XSOO=Site1, RT=Green,Label=XYZ
VPN-IPv4 update:RD:Net1, Next-hop=PE-XSOO=Site1, RT=Red,Label=XYZ
Import RT=yellow
Import RT=green
MPLS-VPN ScalingRoute Refresh
-
5/22/2018 MPLS Cisco
114/155
114114114 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 114
Route Refresh
Policy may change in the PE if VRF modifications are done
New VRFs, removal of VRFs
However, the PE may not have stored routing informationwhich become useful after a change
PE request a re-transmission of updates to neighbors
Route-Refresh
PE
VPN-IPv4 update:RD:Net1, Next-hop=PE-XSOO=Site1, RT=Green,Label=XYZ
VPN-IPv4 update:RD:Net1, Next-hop=PE-XSOO=Site1, RT=Red,Label=XYZ
Import RT=yellow
Import RT=green
Import RT=red1. PE doesnt have redroutes (previously filteredout)
2. PE issue a Route-Refresh to all neighborsin order to ask for re-transmission
3. Neighbors re-sendupdates and redroute-target is nowaccepted
MPLS-VPN ScalingOutbound Route Filters - ORF
-
5/22/2018 MPLS Cisco
115/155
115115115 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 115
Outbound Route Filters ORF
PE router will discard update with unused route-target
Optimization requires these updates NOT to be sentOutbound Route Filter (ORF) allows a router to tell its
neighbors which filter to use prior to propagate BGPupdates
PE
VPN-IPv4 update:RD:Net1, Next-hop=PE-XSOO=Site1, RT=Green,Label=XYZ
VPN-IPv4 update:RD:Net1, Next-hop=PE-XSOO=Site1, RT=Red,Label=XYZ
Import RT=yellow
Import RT=green
1. PE doesnt need
red routes
2. PE issue a ORFmessage to all neighborsin order not to receive redroutes
3. Neighborsdynamically configurethe outbound filter andsend updatesaccordingly
MPLS VPN - Configuration
-
5/22/2018 MPLS Cisco
116/155
116116116 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 116
MPLS VPN Configuration
VPN knowledge is on PE routers
PE router have to be configured for
VRF and Route Distinguisher
VRF import/export policies (based on Route-target)
Routing protocol used with CEs
MP-BGP between PE routers
BGP for Internet routers
With other PE routers
With CE routers
MPLS VPN - ConfigurationVRF and Route Distinguisher
-
5/22/2018 MPLS Cisco
117/155
117117117 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 117
g
RD is configured on PE routers (for each VRF) VRFs are associated to RDs in each PE
Common (good) practice is to use the same RD forthe same VPN in all PEs
But not mandatory
VRF configuration command
ip vrf rd route-target import route-target export
CLI - VRF configuration
-
5/22/2018 MPLS Cisco
118/155
118118118 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 118
Site-1 Site-2 Site-3 Site-4
VRFfor site-1(100:1)
Site-1 routesSite-2 routes
VRFfor site-4(100:4)
Site-3 routesSite-4 routes
VRFfor site-2(100:2)
Site-1 routesSite-2 routesSite-3 routes
VRFfor site-3
(100:3)
Site-2 routesSite-3 routesSite-4 routes
PE1 PE2
PP
Multihop MP-iBGP
ip vrf site1
rd 100:1
route-target export
100:1
route-target import
100:1
ip vrf site2
rd 100:2
route-target export
100:2
route-target import
100:2route-target import
100:1
route-target export
100:1
ip vrf site3
rd 100:3
route-target export 100:2
route-target import 100:2
route-target import 100:3
route-target export 100:3
ip vrf site-4
rd 100:4
route-target export 100:3route-target import 100:3
Site-1
Site-3
Site-4
Site-2
VPN-A VPN-C
VPN-B
MPLS VPN - ConfigurationPE/CE routing protocols
-
5/22/2018 MPLS Cisco
119/155
119119119 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 119
/ g p
PE/CE may use BGP, RIPv2 or Static routes
A routing context is used for each VRF
Routing contexts are defined within the routing
protocol instanceAddress-family router sub-command
Router ripversion 2
address-family ipv4 vrf
any common router sub-command
MPLS VPN - ConfigurationPE/CE routing protocols
-
5/22/2018 MPLS Cisco
120/155
120120120 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 120
/ g p
BGP uses same address-family commandRouter BGP
...address-family ipv4 vrf any common router BGP sub-command
Static routes are configured per VRFip route vrf
MPLS VPN - ConfigurationPE router commands
-
5/22/2018 MPLS Cisco
121/155
121121121 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 121
All show commands are VRF basedShow ip route vrf ...
Show ip protocol vrf
Show ip cef
PING and Telnet commands are VRF based
telnet /vrf
ping vrf
MPLS VPN - ConfigurationPE/CE routing protocolsip vrf site1
-
5/22/2018 MPLS Cisco
122/155
122122122 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 122
Site-1 Site-2 Site-3 Site-4
PE1
PE2
PP
Multihop MP-iBGP
Site-1
Site-3
Site-4
Site-2
VPN-AVPN-C
VPN-B
VRFfor site-1(100:1)
Site-1routesSite-2routes
VRFfor site-4(100:4)
Site-3 routesSite-4 routes
VRF
for site-2(100:2)
Site-1 routesSite-2 routesSite-3 routes
VRFfor site-3(100:3)
Site-2routesSite-3routesSite-4routes
ip vrf site3
rd 100:3
route-target export 100:23
route-target import 100:23
route-target import 100:34
route-target export 100:34
ip vrf site-4
rd 100:4
route-target export 100:34
route-target import 100:34
!
interface Serial4/6ip vrf forwarding site3
ip address 192.168.73.7
255.255.255.0
encapsulation ppp
!
interface Serial4/7
ip vrf forwarding site4
ip address 192.168.74.7
255.255.255.0encapsulation ppp
rd 100:1
route-target export 100:12
route-target import 100:12
ip vrf site2
rd 100:2route-target export 100:12
route-target import 100:12
route-target import 100:23
route-target export 100:23
!
interface Serial3/6
ip vrf forwarding site1
ip address 192.168.61.6
255.255.255.0encapsulation ppp
!
interface Serial3/7
ip vrf forwarding site2
ip address 192.168.62.6
255.255.255.0
encapsulation ppp
MPLS VPN - ConfigurationPE/CE routing protocols router bgp 100
b d f l i 4 irouter bgp 100
-
5/22/2018 MPLS Cisco
123/155
123123123 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 123
Site-1 Site-2 Site-3 Site-4
PE1
PE2
PP
Multihop MP-iBGP
Site-1
Site-3
Site-4
Site-2
VPN-AVPN-C
VPN-B
VRF
for site-1(100:1)
Site-1routesSite-2routes
VRFfor site-4(100:3)
Site-3 routesSite-4 routes
VRF
for site-2(100:2)
Site-1 routesSite-2 routesSite-3 routes
VRFfor site-3(100:2)
Site-2routesSite-3routesSite-4routes
no bgp default ipv4-unicast
neighbor 6.6.6.6 remote-as 100
neighbor 6.6.6.6 update-source
Loop0
!address-family ipv4 vrf site4
neighbor 192.168.74.4 remote-as
65504
neighbor 192.168.74.4 activate
exit-address-family
!
address-family ipv4 vrf site3
neighbor 192.168.73.3 remote-as
65503neighbor 192.168.73.3 activate
exit-address-family
!
address-family vpnv4
neighbor 6.6.6.6 activate
neighbor 6.6.6.6 next-hop-self
exit-address-family
gp
no bgp default ipv4-unicast
neighbor 7.7.7.7 remote-as 100
neighbor 7.7.7.7 update-source
Loop0
!
address-family ipv4 vrf site2
neighbor 192.168.62.2 remote-as
65502
neighbor 192.168.62.2 activate
exit-address-family
!
address-family ipv4 vrf site1
neighbor 192.168.61.1 remote-as
65501
neighbor 192.168.61.1 activate
exit-address-family
!
address-family vpnv4
neighbor 7.7.7.7 activate
neighbor 7.7.7.7 next-hop-self
exit-address-family
Summary
-
5/22/2018 MPLS Cisco
124/155
124124124 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 124
Supports large scale VPN services
Increases value add by the VPN Service Provider
Decreases Service Providers cost of providing VPNservices
Mechanisms are general enough to enable VPNService Provider to support a wide range of VPN
customers See RFC2547
Point-to-point connections vsBGP/MPLS VPNs: routing peering
-
5/22/2018 MPLS Cisco
125/155
125125125 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 125
Amount of routing peering
maintained by CE is O(1)- CE peersonly with directly attached PE
independent of the total numberof sites within a VPN
scales to VPNs with large
number of sites (100s - 1000ssites per VPN)
/ g p g
Mesh of point-to-pointconnections requires each
(virtual) router to maintain O(n)
peering (where nis the number
of sites)
does not scale to VPNs with
large number of sites (due to
the properties of existing
routing protocols)
Site All other sites
CE PERouting peering
Point-to-point connections vs BGP/MPLSVPNs: provisioning
-
5/22/2018 MPLS Cisco
126/155
126126126 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 126
Amount of configuration changesneeded to add a new site (new CE)is O(1):
need to configure only thedirectly attached PE
independent of the total numberof sites within a VPN
p g
All other sites
CE PE
Config
change
Mesh of point-to-point
connections requires O(n)
configuration changes (where n
is the number of sites) when
adding a new site
New
Site
Config
change
New
Site
Agenda
-
5/22/2018 MPLS Cisco
127/155
127127127 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 127
Introduction to MPLS
LDP MPLS VPN
Monitoring MPLS
Basic MPLS Monitoring Commands
-
5/22/2018 MPLS Cisco
128/155
128128128 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 128
show tag-switching tdp parametersrouter(config)#
Displays TDP parameters on the local router.
show tag-switching interface
show mpls interface 12.1(3)T
router(config)#
Displays MPLS status on individual interfaces.
show tag-switching tdp discovery
router(config)#
Displays all discovered TDP neighbors.
show tag-switching tdp parameters
-
5/22/2018 MPLS Cisco
129/155
129129129 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 129
Router#show tag-switching tdp parametersProtocol version: 1
No tag pool for downstream tag distributionSession hold time: 180 sec; keep alive interval: 60
secDiscovery hello: holdtime: 15 sec; interval: 5 secDiscovery directed hello: holdtime: 180 sec;
interval: 5 sec
show tag-switching interface
-
5/22/2018 MPLS Cisco
130/155
130130130 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 130
Router#show tag-switching interface detailInterface Serial1/0.1:
IP tagging enabledTSP Tunnel tagging not enabled
Tagging operationalMTU = 1500Interface Serial1/0.2:
IP tagging enabledTSP Tunnel tagging not enabledTagging operational
MTU = 1500
show tag-switching tdp discovery
-
5/22/2018 MPLS Cisco
131/155
131131131 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 131
Router#show tag-switching tdp discoveryLocal TDP Identifier:
192.168.3.102:0TDP Discovery Sources:
Interfaces:Serial1/0.1: xmit/recvTDP Id: 192.168.3.101:0
Serial1/0.2: xmit/recvTDP Id: 192.168.3.100:0
More TDP Monitoring Commands
-
5/22/2018 MPLS Cisco
132/155
132132132 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 132
show tag-switching tdp neighborrouter(config)#
Displays individual TDP neighbors.
show tag-switching tdp neighbor detail
router(config)#
Displays more details about TDP neighbors.
show tag-switching tdp bindings
router(config)#
Displays Tag Information Base (TIB).
show tag tdp neighbor
-
5/22/2018 MPLS Cisco
133/155
133133133 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 133
Router#show tag-switching tdp neighborsPeer TDP Ident: 192.168.3.100:0; Local TDP Ident192.168.3.102:0
TCP connection: 192.168.3.100.711 - 192.168.3.102.11000State: Oper; PIEs sent/rcvd: 55/53; ; Downstream
Up time: 00:43:26TDP discovery sources:Serial1/0.2
Addresses bound to peer TDP Ident:192.168.3.10 192.168.3.14 192.168.3.100
show tag tdp neighbor detail
-
5/22/2018 MPLS Cisco
134/155
134134134 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 134
Router#show tag-switching tdp neighbors detailPeer TDP Ident: 192.168.3.100:0; Local TDP Ident 192.168.3.102:0
TCP connection: 192.168.3.100.711 - 192.168.3.102.11000State: Oper; PIEs sent/rcvd: 55/54; ; Downstream; Last TIB
rev sent 26
UID: 1; Up time: 00:44:01TDP discovery sources:Serial1/0.2; holdtime: 15000 ms, hello interval: 5000 ms
Addresses bound to peer TDP Ident:192.168.3.10 192.168.3.14 192.168.3.100
Peer holdtime: 180000 ms; KA interval: 60000 ms; Peer state:estab
show tag tdp bindings
-
5/22/2018 MPLS Cisco
135/155
135135135 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 135
Router#show tag tdp bindingstib entry: 192.168.3.1/32, rev 9
local binding: tag: 28remote binding: tsr: 19.16.3.3:0, tag: 28
tib entry: 192.168.3.2/32, rev 8local binding: tag: 27remote binding: tsr: 19.16.3.3:0, tag: 27
tib entry: 192.168.3.3/32, rev 7local binding: tag: 26remote binding: tsr: 19.16.3.3:0, tag: imp-null(1)
tib entry: 192.168.3.10/32, rev 6local binding: tag: imp-null(1)remote binding: tsr: 19.16.3.3:0, tag: 26
Monitoring Label Switching
-
5/22/2018 MPLS Cisco
136/155
136136136 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 136
show tag-switching forwarding-table
show mpls forwarding-table
router(config)#
Displays contents of Label Forwarding InformationBase.
show ip cef detail
router(config)#
Displays label(s) attached to a packet during label
imposition on edge LSR.
Monitoring Label SwitchingMonitoring LFIB
-
5/22/2018 MPLS Cisco
137/155
137137137 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 137
Router#show tag-switching forwarding-table ?A.B.C.D Destination prefixdetail Detailed informationinterface Match outgoing interface
next-hop Match next hop neighbortags Match tag valuestsp-tunnel TSP Tunnel id| Output modifiers
show tag-switching forwarding-table
-
5/22/2018 MPLS Cisco
138/155
138138138 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 138
Router#show tag-switching forwarding-table detailLocal Outgoing Prefix Bytes tag Outgoing Next Hoptag tag or VC or Tunnel Id switched interface26 Untagged 192.168.3.3/32 0 Se1/0.3 point2point
MAC/Encaps=0/0, MTU=1504, Tag Stack{}27 Pop tag 192.168.3.4/32 0 Se0/0.4 point2point
MAC/Encaps=4/4, MTU=1504, Tag Stack{}20618847
28 29 192.168.3.4/32 0 Se1/0.3 point2pointMAC/Encaps=4/8, MTU=1500, Tag Stack{29}18718847 0001D000
show ip cef detail
-
5/22/2018 MPLS Cisco
139/155
139139139 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 139
Router#show ip cef 192.168.20.0 detail192.168.20.0/24, version 23, cached adjacency to Serial1/0.20 packets, 0 bytestag information set
local tag: 33
fast tag rewrite with Se1/0.2, point2point, tags imposed: {32}via 192.168.3.10, Serial1/0.2, 0 dependencies
next hop 192.168.3.10, Serial1/0.2valid cached adjacencytag rewrite with Se1/0.2, point2point, tags imposed: {32}
Debugging Label Switching and TDP
-
5/22/2018 MPLS Cisco
140/155
140140140 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 140
debug tag-switching tdp ...
router(config)#
Debugs TDP adjacencies, session establishment,and label bindings exchange.
debug tag-switching tfib ...debug mpls lfib 12.1(3)T
router(config)#
Debugs Tag Forwarding Information Base events:
label creations, removals, rewrites.
debug tag-switching packets [ interface ]
debug mpls packets [ interface ] 12.1(3)T
router(config)#
Debugs labeled packets switched by the router.
Disables fast or distributed tag switching.
Common Frame-Mode MPLS Symptoms
-
5/22/2018 MPLS Cisco
141/155
141141141 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 141
TDP/LDP session does not start.
Labels are not allocated or distributed.
Packets are not labeled although the labels havebeen distributed.
MPLS intermittently breaks after an interface failure.
Large packets are not propagated across thenetwork.
TDP Session Startup Issues: 1/4
-
5/22/2018 MPLS Cisco
142/155
142142142 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 142
Symptom
TDP neighbors are not discovered.
show tag tdp discovery does not display expected TDP neighbors.
Diagnosis
MPLS is not enabled on adjacent router.Verification
Verify with show tag interface on the adjacent router.
TDP Session Startup Issues: 2/4
-
5/22/2018 MPLS Cisco
143/155
143143143 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 143
Symptom
TDP neighbors are not discovered.
DiagnosisLabel distribution protocol mismatch - TDP on one end,
LDP on the other end.Verification
Verify with show tag interface detail on both routers.
TDP Session Startup Issues: 3/4
-
5/22/2018 MPLS Cisco
144/155
144144144 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 144
Symptom
TDP neighbors are not discovered.
Diagnosis
Packet filter drops TDP/LDP neighbor discovery packets.
Verification
Verify access-list presence with show ip interface.
Verify access-list contents with show access-list.
TDP Session Startup Issues: 4/4
-
5/22/2018 MPLS Cisco
145/155
145145145 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 145
Symptom
TDP neighbors discovered, TDP session is not established.
show tdp neighbor does not display a neighbor in Operstate.
Diagnosis
Connectivity between loopback interfaces is broken - TDPsession is usually established between loopbackinterfaces of adjacent LSRs.
Verification
Verify connectivity with extended ping command.
Label Allocation Issues
-
5/22/2018 MPLS Cisco
146/155
146146146 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 146
Symptom
Labels are not allocated for local routes.
show tag-switching forwarding-table does not display any labels
Diagnosis
CEF is not enabled.Verification
Verify with show ip cef.
Label Distribution Issues
-
5/22/2018 MPLS Cisco
147/155
147147147 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 147
SymptomLabels are allocated, but not distributed.
show tag-switching tdp bindings on adjacent LSR does not display labelsfrom this LSR
DiagnosisProblems with conditional label distribution.
Verification
Debug label distribution with debug tag tdp advertisement.Examine the neighbor TDP router IDP with show tag tdp discovery.
Verify that the neighbor TDP router ID is matched by the access listspecified in tag advertise command.
Packet Labeling
-
5/22/2018 MPLS Cisco
148/155
148148148 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 148
Symptom
Labels are distributed, packets are not labeled.
show interface statistic does not labeled packets being sent
Diagnosis
CEF is not enabled on input interface (potentially due to conflictingfeature being configured).
Verification
Verify with show cef interface.
show cef interface
-
5/22/2018 MPLS Cisco
149/155
149149149 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 149
Router#show cef interfaceSerial1/0.1 is up (if_number 15)Internet address is 192.168.3.5/30ICMP redirects are always sentPer packet loadbalancing is disabledIP unicast RPF check is disabledInbound access list is not set
Outbound access list is not setIP policy routing is disabledInterface is marked as point to point interfaceHardware idb is Serial1/0Fast switching type 5, interface type 64IP CEF switching enabledIP CEF VPN Fast switching turbo vector
Input fast flags 0x1000, Output fast flags 0x0ifindex 3(3)Slot 1 Slot unit 0 VC -1Transmit limit accumulator 0x0 (0x0)IP MTU 1500
Intermittent MPLS Failures afterInterface Failure
-
5/22/2018 MPLS Cisco
150/155
150150150 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 150
Symptom
Overall MPLS connectivity in a router intermittently breaks after aninterface failure.
Diagnosis
IP address of a physical interface is used for TDP/LDP identifier.Configure a loopback interface on the router.
Verification
Verify local TDP identifier with show tag-switching tdp neighbors.
Packet Propagation
-
5/22/2018 MPLS Cisco
151/155
151151151 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 151
Symptom
Large packets are not propagated across the network.
Extended ping with varying packet sizes fails for packet sizes close to 1500
In some cases, MPLS might work, but MPLS/VPN will fail.
Diagnosis
Tag MTU issues or switches with no support for jumbo frames in theforwarding path.
Verification
Trace the forwarding path; identify all LAN segments in the path.Verify Tag MTU setting on routers attached to LAN segments.
Check for low-end switches in the transit path.
Summary
-
5/22/2018 MPLS Cisco
152/155
152152152 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 152
y
After completing this lesson, you will be able toperform the following tasks:
Describe procedures for monitoring MPLS on IOS
platforms.List the debugging commands associated with label
switching, LDP and TDP.
Identify common configuration or design errors.
Use the available debugging commands in real-lifetroubleshooting scenarios.
-
5/22/2018 MPLS Cisco
153/155
153 2001, Cisco Systems, Inc. All rights reserved.
Session Number
Presentation_ID
Customer Reference
Ciscos MPLS Is Proven150+ Deployments Today
-
5/22/2018 MPLS Cisco
154/155
154154154 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 154
Americas EMEA APT/Japan
-
5/22/2018 MPLS Cisco
155/155
Thank you.