multi protocol label switching (mpls) cisco course
DESCRIPTION
MPLS , CISCOTRANSCRIPT
1© 2001, Cisco Systems, Inc. All rights reserved.
Session NumberPresentation_ID
MPLS Introduction
222© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 2
Agenda
• Introduction to MPLS
• LDP
• MPLS VPN
• Monitoring MPLS
333© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 3
MPLS Concept
• In Core:Forward using labels (as opposed to IP addr)
Label indicates service class and destination
Label Switch Router (LSR)Router
ATM switch + Tag Switch Controller
Label Distribution Protocol (LDP)
Edge Label Switch Router(ATM Switch or Router)
• At Edge:Classify packets
Label them
444© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 4
MPLS concept
• MPLS: Multi Protocol Label Switching
• Packet forwarding is done based on Labels.
• Labels are assigned when the packet enters into the network.
• Labels are on top of the packet.
• MPLS nodes forward packets/cells based on the label value (not on the IP information).
555© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 5
MPLS concept
• MPLS allows:
Packet classification only where the packet
enters the network.
The packet classification is encoded as a label.
In the core, packets are forwarded without
having to re-classify them.
- No further packet analysis
- Label swapping
666© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 6
MPLS Operation
1a. Existing routing protocols (e.g. OSPF, IS-IS) establish reachability to destination networks.
1b. Label Distribution Protocol (LDP) establishes label to destination network mappings.
2. Ingress Edge LSR receives packet, performs Layer 3 value-added services, and labels(PUSH) packets.
3. LSR switches packets using label swapping(SWAP) .
4. Edge LSR at egress removes(POP) label and delivers packet.
777© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 7
Label Switch Path (LSP)
• LSPs are derived from IGP routing information
• LSPs may diverge from IGP shortest path
• LSPs are unidirectional
Return traffic takes another LSP
LSP follows IGP shortest path LSP diverges from IGP shortest path
IGP domain with a label distribution protocol
IGP domain with a label distribution protocol
888© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 8
Encapsulations
Label HeaderLabel HeaderPPP HeaderPPP Header Layer 3 HeaderLayer 3 HeaderPPP Header
(Packet over SONET/SDH)
ATM Cell Header HECHEC
LabelLabel
DATADATACLPCLPPTIPTIVCIVCIGFCGFC VPIVPI
Label HeaderLabel HeaderMAC HeaderMAC Header Layer 3 HeaderLayer 3 HeaderLAN MAC Label Header
999© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 9
Label Header
• Header= 4 bytes, Label = 20 bits.• Can be used over Ethernet, 802.3, or PPP
links• Contains everything needed at forwarding
time
Label = 20 bits EXP = Class of Service, 3 bitsS = Bottom of Stack, 1 bit TTL = Time to Live, 8 bits
0 1 2 30 1 2 30 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 10 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Label EXP S TTL
101010© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 10
Loops and TTL
• In IP networks TTL is used to prevent packets to travel indefinitely in the network
• MPLS may use same mechanism as IP, but not on all encapsulations
• TTL is present in the label header for PPP and LAN headers (shim headers)
• ATM cell header does not have TTL
111111© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 11
Loops and TTL
• TTL is decremented prior to enter the non-TTL capable LSP
If TTL is 0 the packet is discarded at the ingress point
• TTL is examined at the LSP exit
IGP domain with a label distribution protocol
LSR-1
LSR-2
LSR-4 LSR-5
LSR-3
LSR-6
Egress
IP packetTTL = 6
Label = 25
IP packetTTL = 6
IP packetTTL = 10
LSR-6 --> 25Hops=4
IP packetTTL = 6
Label = 39
IP packetTTL = 6
Label = 21
121212© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 12
Label Assignment and Distribution
• Labels have link-local significance:
Each LSR binds his own label mappings
• Each LSR assign labels to his FECs
• Labels are assigned and exchanged
between adjacent neighboring LSR
131313© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 13
Label Assignment and Distribution
• Rtr-C is the downstream neighbor of Rtr-B for destination 171.68.10/24
• Rtr-B is the downstream neighbor of Rtr-A for destination 171.68.10/24
• LSRs know their downstream neighbors through the IP routing protocol
Next-hop address is the downstream neighbor
171.68.10/24
Rtr-BRtr-A Rtr-C
171.68.40/24
Upstream and Downstream LSRs
141414© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 14
Unsolicited Downstream Distribution
• LSRs distribute labels to the upstream neighbors
171.68.10/24
Rtr-BRtr-A Rtr-C
171.68.40/24
Next-HopNext-Hop
In In LabLab
--
......
Address Address PrefixPrefix
171.68.10171.68.10
......
OutOutI/FI/F
11
......
Out Out LabLab
3030......
In In I/FI/F
00
...... Next-HopNext-Hop
In In LabLab
3030
......
Address Address PrefixPrefix
171.68.10171.68.10
......
OutOutI/FI/F
11
......
Out Out LabLab
4040......
In In I/FI/F
00
......
Next-HopNext-Hop
In In LabLab
4040
......
Address Address PrefixPrefix
171.68.10171.68.10
......
OutOutI/FI/F
11
......
Out Out LabLab
--......
In In I/FI/F
00
......
Use label 40 for destination 171.68.10/24
Use label 30 for destination 171.68.10/24
IGP derived routes
151515© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 15
On-Demand Downstream Distribution
• Upstream LSRs request labels to downstream neighbors
• Downstream LSRs distribute labels upon request
171.68.10/24
Rtr-BRtr-A Rtr-C171.68.40/24
Use label 30 for destination 171.68.10/24
Use label 40 for destination 171.68.10/24
Request label for destination 171.68.10/24
Request label for destination 171.68.10/24
161616© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 16
• Liberal retention mode
• LSR retains labels from all neighborsImprove convergence time, when next-hop is again available after IP convergence
Require more memory and label space
• Conservative retention mode
• LSR retains labels only from next-hops neighborsLSR discards all labels for FECs without next-hop
Free memory and label space
Label Retention Modes
171717© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 17
• Independent LSP control
LSR binds a Label to a FEC independently, whether or not the LSR has received a Label the next-hop for the FEC
The LSR then advertises the Label to its neighbor
• Ordered LSP control
LSR only binds and advertise a label for a particular FEC if:
it is the egress LSR for that FEC or
it has already received a label binding from its next-hop
Label Distribution Modes
181818© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 18
Router Example: Forwarding Packets
0
171.69Packets Forwarded Based on IP Address
Data
Address
Prefix128.89128.89
171.69
1
1
I/F
…
Address
Prefix128.89128.89
171.69
0
1
…
01
I/F
128.890
1
128.89.25.4 Data
Address
Prefix128.89128.89 0
… …
I/F
Data Data128.89.25.4128.89.25.4128.89.25.4128.89.25.4
128.89.25.4128.89.25.4
191919© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 19
MPLS Example: Routing Information
128.89
1
01
0
Routing Updates (OSPF, EIGRP, …)
You Can Reach 128.89 and 171.69 Thru Me
You Can Reach 171.69 Thru Me
You Can Reach 171.69 Thru Me
You Can Reach 128.89 Thru Me
You Can Reach 128.89 Thru Me
In Label
Address
Prefix128.89
171.69
1
1
OutI’face
OutLabel
In Label
Address
Prefix128.89
171.69
0
1
OutI’face
OutLabel
In Label
Address
Prefix128.89 0
OutI’face
OutLabel
… … … … … …
171.69
202020© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 20
MPLS Example: Assigning Labels
128.89
1
01
0
Label Distribution Protocol (LDP)
(downstream allocation)
Use Label 4 for 128.89 and Use Label 5 for 171.69
Use Label 4 for 128.89 and Use Label 5 for 171.69
Use Label 7 for 171.69Use Label 7 for 171.69
Use Label 9 for 128.89Use Label 9 for 128.89
In Label
Address
Prefix128.89
171.69
1
1
OutI’face
OutLabel
In Label
Address
Prefix128.89
171.69
0
1
OutI’face
OutLabel
In Label
Address
Prefix128.89 0
OutI’face
OutLabel
-9
… … … … … …… …… … … …
9
7
4
5
4
5
-
-
171.69
212121© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 21
In Label
Address
Prefix128.89128.89
171.69
1
1
OutI’face
OutLabel
… …… …
4
5
-
-
MPLS Example: Forwarding Packets
Label Switch Forwards Based on Label
In Label
Address
Prefix128.89
171.69
0
1
OutI’face
OutLabel
… …… …
9
7
44
5
In Label
Address
Prefix128.89 0
OutI’face
OutLabel
-9
… …… …
Data 128.89.25.4 Data
128.89.25.4 Data
128.89.25.4 Data
128.89
1
01
0
128.89.25.4128.89.25.4 44
99
222222© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 22
Agenda
• Introduction to MPLS
• LDP
• MPLS VPN
• Monitoring MPLS
232323© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 23
MPLS Unicast IP Routing
• MPLS introduces a new field that is used for forwarding decisions.
• Although labels are locally significant, they have to be advertised to directly reachable peers.
One option would be to include this parameter into existing IP routing protocols.
The other option is to create a new protocol to exchange labels.
• The second option has been used because there are too many existing IP routing protocols that would have to be modified to carry labels.
242424© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 24
Label Distribution Protocol
• Defined in RFC 3036 and 3037
• Used to distribute labels in a MPLS network
• Forwarding equivalence classHow packets are mapped to LSPs (Label Switched Paths)
• Advertise labels per FEC Reach destination a.b.c.d with label x
• Neighbor discoveryBasic and extended discovery
252525© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 25
MPLS Unicast IP Routing Architecture
LSR
Control plane
Data plane
Routing protocol
Label distribution protocol
Label forwarding table
IP routing table
Exchange ofrouting information
Exchange oflabels
Incoming labeled packets
Outgoing labeled packets
IP forwarding table
Incoming IP packets
Outgoing IP packets
262626© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 26
MPLS Unicast IP Routing: Example
LSR
Control plane
Data plane
OSPF:
RT:
LIB:
FIB:
LFIB:
OSPF: 10.0.0.0/810.0.0.0/8 1.2.3.4
10.0.0.0/8 1.2.3.4
10.0.0.0/8 1.2.3.4
L=5 10.1.1.1
10.1.1.1 10.1.1.1
272727© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 27
MPLS Unicast IP Routing: Example
LSR
Control plane
Data plane
OSPF:
RT:
LIB:
FIB:
LFIB:
OSPF: 10.0.0.0/810.0.0.0/8 1.2.3.4
10.0.0.0/8 1.2.3.4
10.0.0.0/8 1.2.3.410.1.1.1
LDP: 10.0.0.0/8, L=3
L=5 10.1.1.1
10.0.0.0/8 Next-hop L=3, Local L=5LDP: 10.0.0.0/8, L=5
L=3 10.1.1.1
L=3 10.1.1.1L=5 L=3
, L=3
282828© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 28
Label Allocation in Packet-Mode MPLS Environment
Label allocation and distribution in packet-mode MPLS environment follows these steps:
1. IP routing protocols build the IP routing table.
2. Each LSR assigns a label to every destination in the IP routing table independently.
3. LSRs announce their assigned labels to all other LSRs.
4. Every LSR builds its LIB, LFIB data structures based on received labels.
292929© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 29
Building the IP Routing Table
• IP routing protocols are used to build IP routing tables on all LSRs.
• Forwarding tables (FIB) are built based on IP routing tables with no labeling information.
A B C D
E
Network X
Network Next-hopX B
Routing table of A
Network Next-hopX C
Routing table of B
Network Next-hopX D
Routing table of C
Network Next-hopX C
Routing table of ENetwork Next hop LabelX B —
FIB on A
303030© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 30
Allocating Labels
• Every LSR allocates a label for every destination in the IP routing table.
• Labels have local significance.• Label allocations are asynchronous.
A B C D
E
Network X
Network Next-hopX C
Routing table of BRouter B assigns label 25 to destination X.
313131© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 31
LIB and LFIB Set-up
LIB and LFIB structures have to be initialized on the LSR allocating the label.
A B C D
E
Network X
Network Next-hopX C
Routing table of BRouter B assigns label 25 to destination X.
Label Action Next hop25 pop C
LFIB on BOutgoing action is POP as B has received no label for X from C.
Network LSR labelX local 25
LIB on B Local label is stored in LIB.
323232© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 32
Label Distribution
The allocated label is advertised to all neighbor LSRs, regardless of whether the neighbors are upstream or downstream LSRs for the destination.
A B C D
E
Network X
Network LSR labelX local 25
LIB on B
X = 25X = 25
X = 25
333333© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 33
Receiving Label Advertisement
• Every LSR stores the received label in its LIB.• Edge LSRs that receive the label from their next-hop
also store the label information in the FIB.
A B C D
E
Network X
X = 25X = 25
X = 25
Network LSR labelX B 25
LIB on ANetwork LSR label
X B 25
LIB on C
Network LSR labelX B 25
LIB on E
Network Next hop LabelX B 25
FIB on A
343434© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 34
Interim Packet Propagation
Forwarded IP packets are labeled only on the path segments where the labels have already been assigned.
A B C
E
IP: X Lab: 25 IP: X
Network Next hop LabelX B 25
FIB on A
IP lookup is performed in FIB, packet is labeled.
Label Action Next hop25 pop C
LFIB on B
Label lookup is performed in LFIB, label is removed.
353535© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 35
Further Label Allocation
Every LSR will eventually assign a label for every destination.
A B C D
E
Network XRouter C assigns label 47 to destination X.
X = 47
X = 47
Network LSR labelX B 25
local 47
LIB on C
Label Action Next hop47 pop D
LFIB on C
363636© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 36
Receiving Label Advertisement
• Every LSR stores received information in its LIB.• LSRs that receive their label from their next-hop LSR
will also populate the IP forwarding table (FIB).
A B C D
E
Network XX =
47
X = 47
Network LSR labelX B 25
C 47
LIB on E
Network LSR labelX local 25
C 47
LIB on BNetwork Next hop Label
X C 47
FIB on B
Network Next hop LabelX C 47
FIB on E
373737© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 37
Populating LFIB
• Router B has already assigned label to X and created an entry in LFIB.
• Outgoing label is inserted in LFIB after the label is received from the next-hop LSR.
A B C D
E
Network XX =
47
X = 47
Network LSR labelX local 25
C 47
LIB on BNetwork Next hop Label
X C 47
FIB on B
Label Action Next hop25 47 C
LFIB on B
383838© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 38
Packet Propagation Across MPLS Network
A B C
E
IP: X Lab: 25 Lab: 47
Network Next hop LabelX B 25
FIB on A
IP lookup is performed in FIB, packet is labeled.
Label Action Next hop25 47 C
LFIB on B
Label lookup is performed in LFIB, label is switched.
Label Action Next hop47 pop D
LFIB on C
Label lookup is performed in LFIB, label is removed.
IP: X
Ingress LSR Egress LSR
393939© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 39
Steady State Description
• After the LSRs have exchanged the labels, LIB, LFIB and FIB data structures are completely populated.
A B C D
E
Network X
Network Next-hopX C
Routing table of BNetwork Next hop Label
X C 47
FIB on B
Network LSR labelX local 25
C 47E 75
LIB on B
Label Action Next hop25 47 C
LFIB on B
Convergence in Packet-mode MPLS
404040© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 40
Link Failure Actions
• Routing protocol neighbors and LDP neighbors are lost after a link failure.
• Entries are removed from various data structures.
A B C D
E
Network X
Network Next-hopX C
Routing table of BNetwork Next hop Label
X C 47
FIB on B
Network LSR labelX local 25
C 47E 75
LIB on B
Label Action Next hop25 47 C
LFIB on B
414141© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 41
Routing Protocol Convergence
Routing protocols rebuild the IP routing table and the IP forwarding table.
A B C D
E
Network XNetwork LSR labelX local 25
C 47E 75
LIB on B
Label Action Next hop25 47 C
LFIB on B
Network Next hop LabelX E —
FIB on BNetwork Next-hop
X E
Routing table of B
424242© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 42
MPLS Convergence
LFIB and labeling information in FIB are rebuilt immediately after the routing protocol convergence, based on labels stored in LIB.
A B C D
E
Network XNetwork LSR labelX local 25
C 47E 75
LIB on B
Network Next-hopX E
Routing table of B
Label Action Next hop25 75 E
LFIB on B
Network Next hop LabelX E 75
FIB on B
434343© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 43
MPLS Convergence After a Link Failure
• MPLS convergence in packet-mode MPLS does not impact the overall convergence time.
• MPLS convergence occurs immediately after the routing protocol convergence, based on labels already stored in LIB.
444444© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 44
Link Recovery Actions
• Routing protocol neighbors are discovered after link recovery.
A B C D
E
Network XNetwork LSR labelX local 25
C 47E 75
LIB on B
Network Next-hopX E
Routing table of B
Label Action Next hop25 75 E
LFIB on B
Network Next hop LabelX E 75
FIB on B
454545© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 45
IP Routing Convergence After Link Recovery
• IP routing protocols rebuild the IP routing table.• FIB and LFIB are also rebuilt, but the label
information might be lacking.
A B C D
E
Network XNetwork LSR labelX local 25
C 47E 75
LIB on B
Label Action Next hop25 75 E
LFIB on B
Network Next hop LabelX E 75
FIB on B
Network Next-hopX E
Routing table of B
C C —
pop C
464646© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 46
MPLS Convergence After a Link Recovery
• Routing protocol convergence optimizes the forwarding path after a link recovery.
• LIB might not contain the label from the new next-hop by the time the IP convergence is complete.
• End-to-end MPLS connectivity might be intermittently broken after link recovery.
• Use MPLS Traffic Engineering for make-before-break recovery.
474747© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 47
LDP Session Establishment
• LDP and TDP use a similar process to establish a session:
Hello messages are periodically sent on all interfaces enabled for MPLS.
If there is another router on that interface it will respond by trying to establish a session with the source of the hello messages.
• UDP is used for hello messages. It is targeted at “all routers on this subnet” multicast address (224.0.0.2).
• TCP is used to establish the session.
• Both TCP and UDP use well-known LDP port number 646 (711 for TDP).
484848© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 48
LDP Neighbor Discovery
1.0.0.1 1.0.0.3MPLS_A NO_MPLS_C
1.0.0.4
MPLS_D
1.0.0.2
MPLS_B
TCP (1.0.0.2:1043 1.0.0.1:646)
UDP: Hello (1.0.0.1:1050 224.0.0.2:646)
UDP: Hello (1.0.0.4:1033 224.0.0.2:646)
UDP: Hello (1.0.0.2:1064 224.0.0.2:646)
UDP: Hello (1.0.0.1:1051 224.0.0.2:646)
UDP: Hello (1.0.0.4:1034 224.0.0.2:646)
UDP: Hello (1.0.0.2:1065 224.0.0.2:646)
UDP: Hello (1.0.0.1:1052 224.0.0.2:646)
UDP: Hello (1.0.0.4:1035 224.0.0.2:646)
UDP: Hello (1.0.0.2:1066 224.0.0.2:646)
TCP (1.0.0.4:1065 1.0.0.1:646)
TC
P (1
.0.0
.4:1
06
6
1.0
.0.2
:64
6)
• LDP Session is established from the router with higher IP address.
494949© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 49
LDP Session Negotiation
• Peers first exchange initialization messages.
• The session is ready to exchange label mappings after receiving the first keepalive.
1.0.0.1
MPLS_A
1.0.0.2
MPLS_B
Initialization message
Establish TCP session
Initialization message
Keepalive
Keepalive
505050© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 50
MPLS Domain
Double Lookup Scenario
• Double lookup is not an optimal way of forwarding labeled packets.
• A label can be removed one hop earlier.
10.0.0.0/8L=19
10.0.0.0/8L=18
10.0.0.0/8L=17
LFIB18 19
FIB10/8 NH, 19
LFIB17 18
FIB10/8 NH, 18
LFIB35 17
FIB10/8 NH, 17
LFIB19 untagged
FIB10/8 NH
10.1.1.117
10.1.1.118
10.1.1.119
10.1.1.1
Double lookup is needed: 1. LFIB: remove the label. 2. FIB: forward the IP
packet based on IP next-hop address.
10.0.0.0/8
515151© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 51
Penultimate Hop Popping
MPLS Domain
• A label is removed on the router before the last hop within an MPLS domain.
10.0.0.0/8L=pop
10.0.0.0/8L=18
10.0.0.0/8L=17
LFIB18 pop
FIB10/8 NH, 19
LFIB17 18
FIB10/8 NH, 18
LFIB35 17
FIB10/8 NH, 17
LFIB
FIB10/8 NH
10.1.1.117
10.1.1.118
10.1.1.1
10.1.1.1
One single lookup.
10.0.0.0/8
Pop or implicit null label is adveritsed.
525252© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 52
Penultimate Hop Popping
• Penultimate hop popping optimizes MPLS performace (one less LFIB lookup).
• PHP does not work on ATM (VPI/VCI cannot be removed).
• Pop or implicit null label uses value 3 when being advertised to a neighbor.
535353© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 53
LDP Messages
• Discovery messages
• Used to discover and maintain the presence of new peers
• Hello packets (UDP) sent to all-routers multicast address
• Once neighbor is discovered, the LDP session is established over TCP
545454© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 54
LDP Messages
• Session messages
• Establish, maintain and terminate LDP sessions
• Advertisement messages
• Create, modify, delete label mappings
• Notification messages
• Error signalling
555555© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 55
Agenda
• Introduction to MPLS
• LDP
• MPLS VPN
• Monitoring MPLS
565656© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 56
What Is a VPN?
• VPN is a set of sites which are allowed to communicate with each other.
• VPN is defined by a set of administrative policiesPolicies determine both connectivity and QoS among sites.
Policies established by VPN customers.
Policies could be implemented completely by VPN service providers.
Using BGP/MPLS VPN mechanisms
575757© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 57
What Is a VPN? (Cont.)
• Flexible inter-site connectivityRanging from complete to partial mesh
• Sites may be either within the same or in different organizations
VPN can be either intranet or extranet
• Site may be in more than one VPNVPNs may overlap
• Not all sites have to be connected to the same service provider
VPN can span multiple providers
585858© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 58
IP VPN Taxonomy
Client-Initiated
NAS-Initiated
IP Tunnel
VirtualCircuit
Network-Based VPNs
Network-Based VPNs
SecurityAppliance
Router FR ATM
IP VPNs
DIAL DEDICATED
RFC 2547RFC 2547 Virtual Router
595959© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 59
MPLS-VPN Terminology
• Provider Network (P-Network)
The backbone under control of a Service Provider
• Customer Network (C-Network)
Network under customer control
• CE router
Customer Edge router. Part of the C-network and interfaces to a PE router
606060© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 60
MPLS-VPN Terminology
• SiteSet of (sub)networks part of the C-network and
co-located
A site is connected to the VPN backbone through one or more PE/CE links
• PE routerProvider Edge router. Part of the P-Network and
interfaces to CE routers
• P routerProvider (core) router, without knowledge of VPN
616161© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 61
MPLS-VPN Terminology
• Route-Target64 bits identifying routers that should receive
the route
• Route DistinguisherAttributes of each route used to uniquely
identify prefixes among VPNs (64 bits)
VRF based (not VPN based)
• VPN-IPv4 addressesAddress including the 64 bits Route
Distinguisher and the 32 bits IP address
626262© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 62
MPLS-VPN Terminology
• VRF
VPN Routing and Forwarding Instance
Routing table and FIB table
Populated by routing protocol contexts
• VPN-Aware network
A provider backbone where MPLS-VPN is deployed
636363© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 63
MPLS VPN Connection Model
• A VPN is a collection of sites sharing a common routing information (routing table)
• A site can be part of different VPNs
• A VPN has to be seen as a community of interest (or Closed User Group)
• Multiple Routing/Forwarding instances (VRF) on PE routers
646464© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 64
MPLS VPN Connection Model
• A site belonging to different VPNs may or MAY NOT be used as a transit point between VPNs
• If two or more VPNs have a common site, address space must be unique among these VPNs
Site-1
Site-3
Site-4
Site-2
VPN-A
VPN-C
VPN-B
656565© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 65
MPLS VPN Connection Model
• The VPN backbone is composed by MPLS LSRs
PE routers (edge LSRs)
P routers (core LSRs)
• PE routers are faced to CE routers and distribute VPN information through MP-BGP to other PE routers
VPN-IPv4 addresses, Extended Community, Label
• P routers do not run BGP and do not have any VPN knowledge
666666© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 66
MPLS VPN Connection Model
VPN_A
VPN_A
VPN_B10.3.0.0
10.1.0.0
11.5.0.0
P P
PP PE
PE CE
CE
CE
VPN_A
VPN_B
VPN_B
10.1.0.0
10.2.0.0
11.6.0.0
CEPE
PECE
CE
VPN_A
10.2.0.0
CE
iBGP sessions
• P routers (LSRs) are in the core of the MPLS cloud
• PE routers use MPLS with the core and plain IP with CE routers
• P and PE routers share a common IGP
• PE router are MP-iBGP fully meshed
676767© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 67
MPLS VPN Connection Model
• PE and CE routers exchange routing information through:
EBGP, OSPF , RIPv2, Static routing
• CE router run standard routing software
PE
CE
CE
Site-2
Site-1
EBGP,OSPF, RIPv2,Static
686868© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 68
MPLS VPN Connection Model
• PE routers maintain separate routing tables
The global routing table
With all PE and P routesPopulated by the VPN backbone IGP (ISIS or OSPF)
VRF (VPN Routing and Forwarding)
Routing and Forwarding table associated with one or more directly connected sites (CEs)
VRF are associated to (sub/virtual/tunnel)interfaces
Interfaces may share the same VRF if the connected sites may share the same routing information
PE
CE
CE
Site-2
Site-1
VPN Backbone IGP (OSPF, ISIS) EBGP,OSPF, RIPv2,Static
696969© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 69
MPLS VPN Connection Model
• The routes the PE receives from CE routers are installed in the appropriate VRF
• The routes the PE receives through the backbone IGP are installed in the global routing table
• By using separate VRFs, addresses need NOT to be unique among VPNs
PE
CE
CE
Site-2
Site-1
VPN Backbone IGP EBGP,OSPF, RIPv2,Static
707070© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 70
MPLS VPN Connection Model
• The Global Routing Table is populated by IGP protocols.
• In PE routers it may contain the BGP Internet routes (standard BGP-4 routes)
• BGP-4 (IPv4) routes go into global routing table
• MP-BGP (VPN-IPv4) routes go into VRFs
717171© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 71
MPLS VPN Connection Model
PE
VPN Backbone IGP
iBGP session
PE
P P
P P
• PE and P routers share a common IGP (ISIS or OSPF)
• PEs establish MP-iBGP sessions between them
• PEs use MP-BGP to exchange routing information related to the connected sites and VPNs
VPN-IPv4 addresses, Extended Community, Label
727272© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 72
MPLS VPN Connection Model
PE-1
VPN Backbone IGP
PE-2
P P
P P
PE routers receive IPv4 updates (EBGP, RIPv2, Static…)
PE routers translate into VPN-IPv4Assign a SOO and RT based on configurationRe-write Next-Hop attributeAssign a label based on VRF and/or interfaceSend MP-iBGP update to all PE neighbors
BGP,RIPv2 update for Net1,Next-Hop=CE-1
VPN-IPv4 update:RD:Net1, Next-hop=PE-1SOO=Site1, RT=Green, Label=(intCE1)
CE-1
Site-2
VPN-IPv4 update is translated into IPv4 address (Net1) put into VRF green since RT=Green and advertised to CE-2
Site-1
CE-2
737373© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 73
MPLS VPN Connection Model
Receiving PEs translate to IPv4
Insert the route into the VRF identified by the RT attribute (based on PE configuration)
The label associated to the VPN-IPv4 address will be set on packet forwarded towards the destination
PE-1
VPN Backbone IGP
PE-2
P P
P PBGP,OSPF, RIPv2 update for Net1Next-Hop=CE-1
VPN-IPv4 update:RD:Net1, Next-hop=PE-1SOO=Site1, RT=Green, Label=(intCE1)
CE-1
Site-2
VPN-IPv4 update is translated into IPv4 address (Net1) put into VRF green since RT=Green and advertised to CE-2
Site-1
CE-2
747474© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 74
MPLS VPN Connection Model
• Route distribution to sites is driven by the Site of Origin (SOO) and Route-target attributes
BGP Extended Community attribute
• A route is installed in the site VRF corresponding to the Route-target attribute
Driven by PE configuration
• A PE which connects sites belonging to multiple VPNs will install the route into the site VRF if the Route-target attribute contains one or more VPNs to which the site is associated
757575© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 75
MPLS VPN Connection ModelMP-BGP Update
• VPN-IPV4 address
Route Distinguisher
64 bits
Makes the IPv4 route globally unique
RD is configured in the PE for each VRF
RD may or may not be related to a site or a VPN
IPv4 address (32bits)
• Extended Community attribute (64 bits)
Site of Origin (SOO): identifies the originating site
Route-target (RT): identifies the set of sites the route has to be advertised to
767676© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 76
MPLS VPN Connection ModelMP-BGP Update
Any other standard BGP attribute
Local PreferenceMEDNext-hopAS_PATHStandard Community...
A Label identifying:
The outgoing interface
The VRF where a lookup has to be done
The BGP label will be the second label in the label stack of packets travelling in the core
777777© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 77
MPLS VPN Connection ModelMP-BGP Update - Extended community
• BGP extended community attribute Structured, to support multiple applications
64 bits for increased range
• General form <16bits type>:<ASN>:<32 bit number>
Registered AS number
<16bits type>:<IP address>:<16 bit number>
Registered IP address
787878© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 78
MPLS VPN Connection ModelMP-BGP Update - Extended community
• The Extended Community is used to:
Identify one or more routers where the route has been originated (site)
Site of Origin (SOO)
Selects sites which should receive the route
Route-Target
797979© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 79
MPLS VPN Connection ModelMP-BGP Update
• The Label can be assigned only by the router which address is the Next-Hop attribute
PE routers re-write the Next-Hop with their own address (loopback interface address)
“Next-Hop-Self” BGP command towards iBGP neighborsLoopback addresses are advertised into the backbone IGP
• PE addresses used as BGP Next-Hop must be uniquely known in the backbone IGP
No summarisation of loopback addresses in the core
808080© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 80
MPLS ForwardingPacket forwarding
• PE and P routers have BGP next-hop reachability through the backbone IGP
• Labels are distributed through LDP (hop-by-hop) corresponding to BGP Next-Hops
• Label Stack is used for packet forwarding
Top label indicates BGP Next-Hop (interior label)
Second level label indicates outgoing interface or VRF (exterior label)
818181© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 81
MPLS ForwardingPenultimate Hop Popping
PE2
PE1
CE1
CE2
P1 P2
IGP Label(PE2)VPN LabelIPpacket
PE1 receives IP packet
Lookup is done on site VRF
BGP route with Next-Hop and Label is found
BGP next-hop (PE2) is reachable through IGP route with associated label
IGP Label(PE2)VPN LabelIPpacket
P routers switch the packets based on the IGP label (label on top of the stack)
VPN Label
IPpacket
Penultimate Hop Popping
P2 is the penultimate hop for the BGP next-hop
P2 remove the top label
This has been requested through LDP by PE2
IPpacket
PE2 receives the packets with the label corresponding to the outgoing interface (VRF)
One single lookup
Label is popped and packet sent to IP neighborIP
packet
CE3
828282© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 82
T1 T7T2 T8T3 T9T4 T7T5 TBT6 TBT7 T8
Packet Forwarding Example 1
VPN_A
VPN_A
VPN_B
10.3.0.0
10.1.0.0
11.5.0.0
P P
PP PE
CE
CE
CE
Data
<RD_B,10.1> , iBGP next hop PE1<RD_B,10.2> , iBGP next hop PE2<RD_B,10.3> , iBGP next hop PE3<RD_A,11.6> , iBGP next hop PE1<RD_A,10.1> , iBGP next hop PE4<RD_A,10.4> , iBGP next hop PE4<RD_A,10.2> , iBGP next hop PE2
<RD_B,10.2> , iBGP NH= PE2 , T2 T8• Ingress PE receives normal IP Packets from CE router
• PE router does “IP Longest Match” from VPN_B FIBVPN_B FIB , find iBGP next hop PE2PE2 and impose a stack of labels: exterior Label T2T2 + Interior Label T8T8
DataT8T2
VPN_A
VPN_B
VPN_B
10.1.0.0
10.2.0.0
11.6.0.0
CEPE1
PE2CE
CE
VPN_A
10.2.0.0
CE
838383© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 83
Packet Forwarding Example 1 (cont.)
VPN_A
VPN_A
VPN_B
10.3.0.0
10.1.0.0
11.5.0.0
P P
PP PE
CE
CE
CE
T7T8T9TaTb
TuTwTxTyTz
T8, TA
T2 DataT8Data
T2 DataTB
outin /
• All Subsequent P routers do switch the packet Solely on Interior Label
• Egress PE router, removes Interior Label
• Egress PE uses Exterior Label to select which VPN/CEto forward the packet to.
• Exterior Label is removed and packet routed to CE router
VPN_A
VPN_B
VPN_B
10.1.0.0
10.2.0.0
11.6.0.0
CEPE1
PE2CE
CE
VPN_A
10.2.0.0
CE T2 DataData
TAT2
848484© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 84
Packet Forwarding Example 2
• In VPN 12, host 130.130.10.1 sends a packet with destination 130.130.11.3
• Customer sites are attached to ProviderEdge (PE) routers A & B.
130.130.10.1
130.130.11.3
12
12
A
B
858585© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 85
VPN-IDVPN SiteAddress
Provider EdgeRouter Address
VPN SiteLabel
PELabel
1212 130.130.10.0/24130.130.10.0/24 172.68.1.11/32172.68.1.11/322626 4242
1212 130.130.11.0/24130.130.11.0/24 172.68.1.2/32172.68.1.2/32989989 101101
... ... ...... ...
2. PE router A selects the correct VPN forwarding table based on the links’ VPN ID (12).
Packet Forwarding Example 2 (cont.)
12
1. Packet arrives on VPN 12link on PE router A.
A
868686© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 86
Packet Forwarding Example 2 (cont.)
130.130.11.3 Rest of IP packet
VPN-IDVPN SiteAddress
Provider EdgeRouter Address
VPN SiteLabel
PELabel
1212 130.130.10.0/24130.130.10.0/24 172.68.1.11/32172.68.1.11/322626 4242
1212 130.130.11.0/24130.130.11.0/24 172.68.1.2/32172.68.1.2/32989989 101101
... ... ...... ...
12A
3. PE router A matches the incoming packet’s destination address with VPN 12’s forwarding table.
9891014. PE router A adds two labels to the packet: one identifying the destination PE, and one identifying the destination VPN site.
878787© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 87
Packet Forwarding Example 2 (cont.)
A
B
5. Packet is label-switched from PE router A to PE B based on the top label, using normal MPLS.
The network core knows nothing about VPNs and sites: it only knows how to get packets from A to B using MPLS.
888888© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 88
Packet Forwarding Example 2 (cont.)
B 12
6. PE router B identifies the correct site in VPN 12 from the inner label.
130.130.11.3
7. PE router B removes the labels and forwards the IP packet to the correct VPN 12 site.
898989© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 89
MPLS VPN mechanismsVRF and Multiple Routing Instances
• VRF: VPN Routing and Forwarding Instance
VRF Routing Protocol Context
VRF Routing Tables
VRF CEF Forwarding Tables
909090© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 90
MPLS VPN mechanismsVRF and Multiple Routing Instances
• VRF Routing table contains routes which should be available to a particular set of sites
• Analogous to standard IOS routing table, supports the same set of mechanisms
• Interfaces (sites) are assigned to VRFsOne VRF per interface (sub-interface, tunnel or virtual-template)
Possible many interfaces per VRF
919191© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 91
MPLS VPN mechanismsVRF and Multiple Routing Instances
StaticBGP RIPRouting processes
Routing contexts
VRF Routing tables
VRF Forwarding tables
• Routing processes run within specific routing contexts
• Populate specific VPN routing table and FIBs (VRF)
• Interfaces are assigned to VRFs
929292© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 92
MPLS VPN mechanismsVRF and Multiple Routing Instances
Site-1 Site-2 Site-3 Site-4
Logical view
Routing viewVRF
for site-1
Site-1 routesSite-2 routes
VRFfor site-4
Site-3 routesSite-4 routes
VRFfor site-2
Site-1 routesSite-2 routesSite-3 routes
VRFfor site-3
Site-2 routesSite-3 routesSite-4 routes
Site-1
Site-3
Site-4
Site-2
VPN-A
VPN-C
VPN-B
PE PE
PP
Multihop MP-iBGP
939393© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 93
MPLS VPN Topologies
VPN_A
VPN_A
VPN_B10.3.0.0
10.1.0.0
11.5.0.0
P P
PP PE
PE CE
CE
CE
VPN_A
VPN_B
VPN_B
10.1.0.0
10.2.0.0
11.6.0.0
CEPE
PECE
CE
VPN_A
10.2.0.0
CE
• VPN-IPv4 address are propagated together with the associated label in BGP Multiprotocol extension
• Extended Community attribute (route-target) is associated to each VPN-IPv4 address, to populate the site VRF
iBGP sessions
949494© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 94
MPLS VPN TopologiesVPN sites with optimal intra-VPN routing
• Each site has full routing knowledge of all other sites (of same VPN)
• Each CE announces his own address space
• MP-BGP VPN-IPv4 updates are propagated between PEs
• Routing is optimal in the backbone
Each route has the BGP Next-Hop closest to the destination
• No site is used as central point for connectivity
959595© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 95
MPLS VPN TopologiesVPN sites with optimal intra-VPN routing
Site-1
VRFfor site-1
N1,NH=CE1N2,NH=PE2N3,NH=PE3
PE1
PE3
PE2
N1
Site-3
N3
N2
VPN-IPv4 updates exchanged between PEs
RD:N1, NH=PE1,Label=IntCE1, RT=BlueRD:N2, NH=PE2,Label=IntCE2, RT=BlueRD:N3, NH=PE3,Label=IntCE3, RT=Blue
IntCE1
IntCE3
N1NH=CE1
Routing Table on CE1
N1, LocalN2, PE1N3, PE1
EBGP/RIP/Static
VRFfor site-3
N1,NH=PE1N2,NH=PE2N3,NH=CE3
Routing Table on CE3
N1, PE3N2, PE3N3, Local
N3NH=CE3
EBGP/RIP/Static
Site-2
IntCE2
Routing Table on CE2
N1,NH=PE2N2,LocalN3,NH=PE2
N2,NH=CE2
EBGP/RIP/Static
VRFfor site-2
N1,NH=PE1
N2,NH=CE2
N3,NH=PE3
969696© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 96
MPLS VPN TopologiesVPN sites with Hub & Spoke routing
• One central site has full routing knowledge of all other sites (of same VPN)
Hub-Site
• Other sites will send traffic to Hub-Site for any destination
Spoke-Sites
• Hub-Site is the central transit point between Spoke-Sites
Use of central services at Hub-Site
979797© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 97
MPLS VPN TopologiesVPN sites with Hub & Spoke routing
PE2
PE1
PE3
Site-1
N1
N3
VPN-IPv4 updates advertised by PE3
RD:N1, NH=PE3,Label=IntCE3-Spoke, RT=SpokeRD:N2, NH=PE3,Label=IntCE3-Spoke, RT=SpokeRD:N3, NH=PE3,Label=IntCE3-Spoke, RT=Spoke
Site-3
Site-2
N2
IntCE3-Spoke VRF(Export RT=Spoke)
N1,NH=CE3-SpokeN2,NH=CE3-SpokeN3,NH=CE3-Spoke
CE1
CE3-Spoke
CE2
CE3-Hub
IntCE3-Hub VRF(Import RT=Hub)
N1,NH=PE1N2,NH=PE2
VPN-IPv4 update advertised by PE1RD:N1, NH=PE1,Label=IntCE1, RT=Hub
VPN-IPv4 update advertised by PE2RD:N2, NH=PE2,Label=IntCE2, RT=Hub
IntCE2 VRF(Import RT=Spoke)(Export RT=Hub)
N1,NH=PE3 (imported)N2,NH=CE2 (exported)N3,NH=PE3 (imported)
IntCE1 VRF(Import RT=Spoke)(Export RT=Hub)
N1,NH=CE1 (exported)N2,NH=PE3 (imported)N3,NH=PE3 (imported
BGP/RIPv2
BGP/RIPv2
• Routes are imported/exported into VRFs based on RT value of the VPN-IPv4 updates
• PE3 uses 2 (sub)interfaces with two different VRFs
989898© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 98
MPLS VPN TopologiesVPN sites with Hub & Spoke routing
PE2
PE1
PE3
Site-1
N1
N3
Site-3
Site-2
N2
IntCE3-Spoke VRF(Export RT=Spoke)
N1,NH=CE3-SpokeN2,NH=CE3-SpokeN3,NH=CE3-Spoke
CE1
CE3-Spoke
CE2
CE3-Hub
IntCE3-Hub VRF(Import RT=Hub)
N1,NH=PE1N2,NH=PE2
IntCE2 VRF(Import RT=Spoke)(Export RT=Hub)
N1,NH=PE3 (imported)N2,NH=CE2 (exported)N3,NH=PE3 (imported)
IntCE1 VRF(Import RT=Spoke)(Export RT=Hub)
N1,NH=CE1 (exported)N2,NH=PE3 (imported)N3,NH=PE3 (imported
BGP/RIPv2
BGP/RIPv2
• Traffic from one spoke to another will travel across the hub site
• Hub site may host central services
Security, NAT, centralised Internet access
999999© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 99
MPLS VPN Internet Routing
• In a VPN, sites may need to have Internet connectivity
• Connectivity to the Internet means:Being able to reach Internet destinations
Being able to be reachable from any Internet source
• The Internet routing table is treated separately
• In the VPN backbone the Internet routes are in the Global routing table of PE routers
• Labels are not assigned to external (BGP) routes
100100100© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 100
MPLS VPN Internet routing VRF specific default route
• A default route is installed into the site VRF and pointing to a Internet Gateway
• The default route is NOT part of any VPN
A single label is used for packets forwarded according to the default route
The label is the IGP label corresponding to the IP address of the Internet gateway
Known in the IGP
101101101© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 101
MPLS VPN Internet routing VRF specific default route
• PE router originates CE routes for the Internet
Customer (site) routes are known in the site VRF
Not in the global table
The PE/CE interface is NOT known in the global table. However:
A static route for customer routes and pointing to the PE/CE interface is installed in the global table
This static route is redistributed into BGP-4 global table and advertised to the Internet Gateway
• The Internet gateway knows customer routes and with the PE address as next-hop
102102102© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 102
MPLS VPN Internet routing VRF specific default route
• The Internet Gateway specified in the default route (into the VRF) need NOT to be directly connected
• Different Internet gateways can be used for different VRFs
• Using default route for Internet routing does NOT allow any other default route for intra-VPN routing As in any other routing scheme
103103103© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 103
MPLS VPN Internet routing VRF specific default route
PE
PE
Internet
Site-1
PE-IG
Site-2
Network 171.68.0.0/16
Serial0
192.168.1.1
192.168.1.2
ip vrf VPN-A
rd 100:1
route-target both 100:1
!
Interface Serial0
ip address 192.168.10.1 255.255.255.0
ip vrf forwarding VPN-A
!
Router bgp 100
no bgp default ipv4-unicast
network 171.68.0.0 mask 255.255.0.0
neighbor 192.168.1.1 remote 100
neighbor 192.168.1.1 activate
neighbor 192.168.1.1 next-hop-self
neighbor 192.168.1.1 update-source loopback0!address-family ipv4 vrf VPN-A neighbor 192.168.10.2 remote-as 65502 neighbor 192.168.10.2 activate exit-address-family
!
address-family vpnv4 neighbor 192.168.1.2 activateexit-address-family
!
ip route 171.68.0.0 255.255.0.0 Serial0
ip route vrf VPN-A 0.0.0.0 0.0.0.0 192.168.1.1 global
BGP-4
MP-BGP
104104104© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 104
MPLS VPN Internet routing VRF specific default route
PE
PE
Internet
Site-1
PE-IG
Site-2
Network 171.68.0.0/16
Serial0
192.168.1.1
192.168.1.2
Site-2 VRF
0.0.0.0/0 192.168.1.1 (global)
Site-1 routesSite-2 routes
Global Table and LFIB
192.168.1.1/32 Label=3
192.168.1.2/32 Label=5
...
IP packetD=cisco.com
Label = 3 IP packetD=cisco.com
IP packetD=cisco.com
105105105© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 105
MPLS VPN Internet routing VRF specific default route
• PE routers need not to hold the Internet table
• PE routers will use BGP-4 sessions to originate customer routes
• Packet forwarding is done with a single label identifying the Internet Gateway IP addressMore labels if Traffic Engineering is used
106106106© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 106
MPLS VPN Internet RoutingSeparated (sub)interfaces
• If CE wishes to receive and announce routes from/to the Internet
A dedicated BGP session is used over a separate (sub) interface
The PE imports CE routes into the global routing table and advertise them to the Internet
The interface is not part of any VPN and does not use any VRF
Default route or Internet routes are exported to the CE
PE needs to have Internet routing table
107107107© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 107
MPLS VPN Internet RoutingSeparated (sub)interfaces
• The PE uses separate (sub)interfaces with the CE
One (sub)interface for VPN routing
associated to a VRFCan be a tunnel interface
One (sub)interface for Internet routing
Associated to the global routing table
108108108© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 108
MPLS VPN Internet RoutingSeparated (sub)interfaces
PE
PE
Internet
Site-1
PE-IG
Site-2
Network 171.68.0.0/16
Serial0.1
192.168.1.1
192.168.1.2
ip vrf VPN-A
rd 100:1
route-target both 100:1
!
Interface Serial0
no ip address
!
Interface Serial0.1
ip address 192.168.10.1 255.255.255.0
ip vrf forwarding VPN-A
!
Interface Serial0.2
ip address 171.68.10.1 255.255.255.0
!
Router bgp 100
no bgp default ipv4-unicast
neighbor 192.168.1.1 remote 100
neighbor 192.168.1.1 activate
neighbor 192.168.1.1 next-hop-self
neighbor 192.168.1.1 update-source loopback0
neighbor 171.68.10.2 remote 502!address-family ipv4 vrf VPN-A neighbor 192.168.10.2 remote-as 502 neighbor 192.168.10.2 activate exit-address-family
!
address-family vpnv4 neighbor 192.168.1.2 activateexit-address-family
BGP-4
MP-BGP
Serial0.2
BGP-4
109109109© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 109
MPLS VPN Internet RoutingSeparated (sub)interfaces
PE
PE
Internet
Site-1
PE-IG
Site-2
Network 171.68.0.0/16
Serial0.1
192.168.1.1
192.168.1.2
Serial0.2
Serial0.1Serial0.2
CE routing table
Site-2 routes ----> Serial0.1
Internet routes ---> Serial0.2
IP packetD=cisco.com
PE Global Table
Internet routes ---> 192.168.1.1
192.168.1.1, Label=3
Label = 3 IP packetD=cisco.com
IP packetD=cisco.com
110110110© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 110
Scaling
• Existing BGP techniques can be used to scale the route distribution: route reflectors
• Each edge router needs only the information for the VPNs it supports
Directly connected VPNs
• RRs are used to distribute VPN routing information
111111111© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 111
MPLS-VPNScaling BGP
VPN_A
VPN_A
VPN_B10.3.0.0
10.1.0.0
11.5.0.0
P P
PP PE
PE CE
CE
CE
RR RRRoute Reflectors
VPN_A
VPN_B
VPN_B
10.1.0.0
10.2.0.0
11.6.0.0
CEPE1
PE2CE
CE
VPN_A10.2.0.0
CE
• Route Reflectors may be partitioned
Each RR store routes for a set of VPNs
• Thus, no BGP router needs to store ALL VPNs information
• PEs will peer to RRs according to the VPNs they directly connect
112112112© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 112
MPLS-VPN ScalingBGP updates filtering
iBGP full mesh between PEs results in flooding all VPNs routes to all PEs
Scaling problems when large amount of routes. In addition PEs need only routes for attached VRFs
Therefore each PE will discard any VPN-IPv4 route that hasn’t a route-target configured to be imported in any of the attached VRFs
This reduces significantly the amount of information each PE has to store
Volume of BGP table is equivalent of volume of attached VRFs (nothing more)
113113113© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 113
MPLS-VPN ScalingBGP updates filtering
Each VRF has an import and export policy configured
Policies use route-target attribute (extended community)
PE receives MP-iBGP updates for VPN-IPv4 routes
If route-target is equal to any of the import values configured in the PE, the update is accepted
Otherwise it is silently discarded
PE
MP-iBGP sessions
VRFs for VPNsyellowgreen
VPN-IPv4 update:RD:Net1, Next-hop=PE-XSOO=Site1, RT=Green, Label=XYZ
VPN-IPv4 update:RD:Net1, Next-hop=PE-XSOO=Site1, RT=Red, Label=XYZ
Import RT=yellow
Import RT=green
114114114© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 114
MPLS-VPN ScalingRoute Refresh
Policy may change in the PE if VRF modifications are done
• New VRFs, removal of VRFs
However, the PE may not have stored routing information which become useful after a change
PE request a re-transmission of updates to neighbors
• Route-Refresh
PE
VPN-IPv4 update:RD:Net1, Next-hop=PE-XSOO=Site1, RT=Green, Label=XYZ
VPN-IPv4 update:RD:Net1, Next-hop=PE-XSOO=Site1, RT=Red, Label=XYZ
Import RT=yellow
Import RT=green
Import RT=red1. PE doesn’t have red routes (previously filtered out)
2. PE issue a Route-Refresh to all neighbors in order to ask for re-transmission
3. Neighbors re-send updates and “red” route-target is now accepted
115115115© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 115
MPLS-VPN ScalingOutbound Route Filters - ORF
PE router will discard update with unused route-target
Optimization requires these updates NOT to be sent
Outbound Route Filter (ORF) allows a router to tell its neighbors which filter to use prior to propagate BGP updates
PE
VPN-IPv4 update:RD:Net1, Next-hop=PE-XSOO=Site1, RT=Green, Label=XYZ
VPN-IPv4 update:RD:Net1, Next-hop=PE-XSOO=Site1, RT=Red, Label=XYZ
Import RT=yellow
Import RT=green
1. PE doesn’t need red routes
2. PE issue a ORF message to all neighbors in order not to receive red routes
3. Neighbors dynamically configure the outbound filter and send updates accordingly
116116116© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 116
MPLS VPN - Configuration
• VPN knowledge is on PE routers
• PE router have to be configured for
VRF and Route Distinguisher
VRF import/export policies (based on Route-target)
Routing protocol used with CEs
MP-BGP between PE routers
BGP for Internet routers
With other PE routers
With CE routers
117117117© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 117
MPLS VPN - ConfigurationVRF and Route Distinguisher
• RD is configured on PE routers (for each VRF)
• VRFs are associated to RDs in each PE
• Common (good) practice is to use the same RD for the same VPN in all PEs
But not mandatory
• VRF configuration command
ip vrf <vrf-symbolic-name>rd <route-distinguisher-value>route-target import <community>route-target export <community>
118118118© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 118
CLI - VRF configuration
Site-1 Site-2 Site-3 Site-4
VRFfor site-1(100:1)
Site-1 routesSite-2 routes
VRFfor site-4(100:4)
Site-3 routesSite-4 routes
VRFfor site-2(100:2)
Site-1 routesSite-2 routesSite-3 routes
VRFfor site-3(100:3)
Site-2 routesSite-3 routesSite-4 routes
PE1 PE2
PP
Multihop MP-iBGP
ip vrf site1 rd 100:1 route-target export 100:1 route-target import 100:1ip vrf site2 rd 100:2 route-target export 100:2 route-target import 100:2 route-target import 100:1 route-target export 100:1
ip vrf site1 rd 100:1 route-target export 100:1 route-target import 100:1ip vrf site2 rd 100:2 route-target export 100:2 route-target import 100:2 route-target import 100:1 route-target export 100:1
ip vrf site3 rd 100:3 route-target export 100:2 route-target import 100:2 route-target import 100:3 route-target export 100:3ip vrf site-4 rd 100:4 route-target export 100:3 route-target import 100:3
ip vrf site3 rd 100:3 route-target export 100:2 route-target import 100:2 route-target import 100:3 route-target export 100:3ip vrf site-4 rd 100:4 route-target export 100:3 route-target import 100:3
Site-1
Site-3
Site-4
Site-2
VPN-AVPN-C
VPN-B
119119119© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 119
MPLS VPN - ConfigurationPE/CE routing protocols
• PE/CE may use BGP, RIPv2 or Static routes
• A routing context is used for each VRF
• Routing contexts are defined within the routing protocol instance
Address-family router sub-command
Router ripversion 2address-family ipv4 vrf <vrf-symbolic-name> …
any common router sub-command …
120120120© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 120
MPLS VPN - ConfigurationPE/CE routing protocols
• BGP uses same “address-family” command
Router BGP <asn>...address-family ipv4 vrf <vrf-symbolic-name>… any common router BGP sub-command…
• Static routes are configured per VRF
ip route vrf <vrf-symbolic-name> …
121121121© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 121
MPLS VPN - ConfigurationPE router commands
• All show commands are VRF based
Show ip route vrf <vrf-symbolic-name> ...
Show ip protocol vrf <vrf-symbolic-name>
Show ip cef <vrf-symbolic-name> …
…
• PING and Telnet commands are VRF based
telnet /vrf <vrf-symbolic-name>
ping vrf <vrf-symbolic-name>
122122122© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 122
MPLS VPN - ConfigurationPE/CE routing protocols
Site-1 Site-2 Site-3 Site-4
PE1
PE2
PP
Multihop MP-iBGP
Site-1
Site-3
Site-4
Site-2
VPN-AVPN-C
VPN-B
VRFfor site-1(100:1)
Site-1 routesSite-2 routes
VRFfor site-4(100:4)
Site-3 routesSite-4 routes
VRFfor site-2(100:2)
Site-1 routesSite-2 routesSite-3 routes
VRFfor site-3(100:3)
Site-2 routesSite-3 routesSite-4 routes
ip vrf site3 rd 100:3 route-target export 100:23 route-target import 100:23 route-target import 100:34 route-target export 100:34ip vrf site-4 rd 100:4 route-target export 100:34 route-target import 100:34!interface Serial4/6 ip vrf forwarding site3 ip address 192.168.73.7 255.255.255.0 encapsulation ppp!interface Serial4/7 ip vrf forwarding site4 ip address 192.168.74.7 255.255.255.0 encapsulation ppp
ip vrf site3 rd 100:3 route-target export 100:23 route-target import 100:23 route-target import 100:34 route-target export 100:34ip vrf site-4 rd 100:4 route-target export 100:34 route-target import 100:34!interface Serial4/6 ip vrf forwarding site3 ip address 192.168.73.7 255.255.255.0 encapsulation ppp!interface Serial4/7 ip vrf forwarding site4 ip address 192.168.74.7 255.255.255.0 encapsulation ppp
ip vrf site1 rd 100:1 route-target export 100:12 route-target import 100:12ip vrf site2 rd 100:2 route-target export 100:12 route-target import 100:12 route-target import 100:23 route-target export 100:23!interface Serial3/6 ip vrf forwarding site1 ip address 192.168.61.6 255.255.255.0 encapsulation ppp!interface Serial3/7 ip vrf forwarding site2 ip address 192.168.62.6 255.255.255.0 encapsulation ppp
ip vrf site1 rd 100:1 route-target export 100:12 route-target import 100:12ip vrf site2 rd 100:2 route-target export 100:12 route-target import 100:12 route-target import 100:23 route-target export 100:23!interface Serial3/6 ip vrf forwarding site1 ip address 192.168.61.6 255.255.255.0 encapsulation ppp!interface Serial3/7 ip vrf forwarding site2 ip address 192.168.62.6 255.255.255.0 encapsulation ppp
123123123© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 123
MPLS VPN - ConfigurationPE/CE routing protocols
Site-1 Site-2 Site-3 Site-4
PE1
PE2
PP
Multihop MP-iBGP
Site-1
Site-3
Site-4
Site-2
VPN-AVPN-C
VPN-B
VRFfor site-1(100:1)
Site-1 routesSite-2 routes
VRFfor site-4(100:3)
Site-3 routesSite-4 routes
VRFfor site-2(100:2)
Site-1 routesSite-2 routesSite-3 routes
VRFfor site-3(100:2)
Site-2 routesSite-3 routesSite-4 routes
router bgp 100no bgp default ipv4-unicast neighbor 6.6.6.6 remote-as 100 neighbor 6.6.6.6 update-source Loop0! address-family ipv4 vrf site4
neighbor 192.168.74.4 remote-as 65504
neighbor 192.168.74.4 activate exit-address-family ! address-family ipv4 vrf site3
neighbor 192.168.73.3 remote-as 65503
neighbor 192.168.73.3 activate exit-address-family ! address-family vpnv4 neighbor 6.6.6.6 activate neighbor 6.6.6.6 next-hop-selfexit-address-family
router bgp 100no bgp default ipv4-unicast neighbor 6.6.6.6 remote-as 100 neighbor 6.6.6.6 update-source Loop0! address-family ipv4 vrf site4
neighbor 192.168.74.4 remote-as 65504
neighbor 192.168.74.4 activate exit-address-family ! address-family ipv4 vrf site3
neighbor 192.168.73.3 remote-as 65503
neighbor 192.168.73.3 activate exit-address-family ! address-family vpnv4 neighbor 6.6.6.6 activate neighbor 6.6.6.6 next-hop-selfexit-address-family
router bgp 100no bgp default ipv4-unicast neighbor 7.7.7.7 remote-as 100 neighbor 7.7.7.7 update-source Loop0! address-family ipv4 vrf site2
neighbor 192.168.62.2 remote-as 65502
neighbor 192.168.62.2 activate exit-address-family ! address-family ipv4 vrf site1
neighbor 192.168.61.1 remote-as 65501
neighbor 192.168.61.1 activate exit-address-family ! address-family vpnv4 neighbor 7.7.7.7 activate neighbor 7.7.7.7 next-hop-selfexit-address-family
router bgp 100no bgp default ipv4-unicast neighbor 7.7.7.7 remote-as 100 neighbor 7.7.7.7 update-source Loop0! address-family ipv4 vrf site2
neighbor 192.168.62.2 remote-as 65502
neighbor 192.168.62.2 activate exit-address-family ! address-family ipv4 vrf site1
neighbor 192.168.61.1 remote-as 65501
neighbor 192.168.61.1 activate exit-address-family ! address-family vpnv4 neighbor 7.7.7.7 activate neighbor 7.7.7.7 next-hop-selfexit-address-family
124124124© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 124
Summary
• Supports large scale VPN services
• Increases value add by the VPN Service Provider
• Decreases Service Provider’s cost of providing VPN services
• Mechanisms are general enough to enable VPN Service Provider to support a wide range of VPN customers
• See RFC2547
125125125© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 125
Amount of routing peering maintained by CE is O(1) - CE peers only with directly attached PE
independent of the total number of sites within a VPN
scales to VPNs with large number of sites (100s - 1000s sites per VPN)
Point-to-point connections vs BGP/MPLS VPNs: routing peering
Mesh of point-to-point connections requires each (virtual) router to maintain O(n) peering (where n is the number of sites)
does not scale to VPNs with large number of sites (due to the properties of existing routing protocols)
Site All other sites
CE PERouting peering
126126126© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 126
Amount of configuration changes needed to add a new site (new CE) is O(1):
need to configure only the directly attached PE
independent of the total number of sites within a VPN
Point-to-point connections vs BGP/MPLS VPNs: provisioning
All other sites
CE PE
Config change
Mesh of point-to-point connections requires O(n) configuration changes (where n is the number of sites) when adding a new site
NewSite
Config change
NewSite
127127127© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 127
Agenda
• Introduction to MPLS
• LDP
• MPLS VPN
• Monitoring MPLS
128128128© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 128
show tag-switching tdp parameters
router(config)#
• Displays TDP parameters on the local router.
Basic MPLS Monitoring Commands
show tag-switching interface show mpls interface 12.1(3)T
router(config)#
• Displays MPLS status on individual interfaces.
show tag-switching tdp discovery
router(config)#
• Displays all discovered TDP neighbors.
129129129© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 129
show tag-switching tdp parameters
Router#show tag-switching tdp parameters Protocol version: 1 No tag pool for downstream tag distribution Session hold time: 180 sec; keep alive interval: 60
sec Discovery hello: holdtime: 15 sec; interval: 5 sec Discovery directed hello: holdtime: 180 sec;
interval: 5 sec
Router#show tag-switching tdp parameters Protocol version: 1 No tag pool for downstream tag distribution Session hold time: 180 sec; keep alive interval: 60
sec Discovery hello: holdtime: 15 sec; interval: 5 sec Discovery directed hello: holdtime: 180 sec;
interval: 5 sec
130130130© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 130
show tag-switching interface
Router#show tag-switching interface detailInterface Serial1/0.1: IP tagging enabled TSP Tunnel tagging not enabled Tagging operational MTU = 1500Interface Serial1/0.2: IP tagging enabled TSP Tunnel tagging not enabled Tagging operational MTU = 1500
Router#show tag-switching interface detailInterface Serial1/0.1: IP tagging enabled TSP Tunnel tagging not enabled Tagging operational MTU = 1500Interface Serial1/0.2: IP tagging enabled TSP Tunnel tagging not enabled Tagging operational MTU = 1500
131131131© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 131
show tag-switching tdp discovery
Router#show tag-switching tdp discoveryLocal TDP Identifier: 192.168.3.102:0TDP Discovery Sources: Interfaces: Serial1/0.1: xmit/recv TDP Id: 192.168.3.101:0 Serial1/0.2: xmit/recv TDP Id: 192.168.3.100:0
Router#show tag-switching tdp discoveryLocal TDP Identifier: 192.168.3.102:0TDP Discovery Sources: Interfaces: Serial1/0.1: xmit/recv TDP Id: 192.168.3.101:0 Serial1/0.2: xmit/recv TDP Id: 192.168.3.100:0
132132132© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 132
show tag-switching tdp neighbor
router(config)#
• Displays individual TDP neighbors.
More TDP Monitoring Commands
show tag-switching tdp neighbor detail
router(config)#
• Displays more details about TDP neighbors.
show tag-switching tdp bindings
router(config)#
• Displays Tag Information Base (TIB).
133133133© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 133
show tag tdp neighbor
Router#show tag-switching tdp neighborsPeer TDP Ident: 192.168.3.100:0; Local TDP Ident 192.168.3.102:0 TCP connection: 192.168.3.100.711 - 192.168.3.102.11000 State: Oper; PIEs sent/rcvd: 55/53; ; Downstream Up time: 00:43:26 TDP discovery sources: Serial1/0.2 Addresses bound to peer TDP Ident: 192.168.3.10 192.168.3.14 192.168.3.100
Router#show tag-switching tdp neighborsPeer TDP Ident: 192.168.3.100:0; Local TDP Ident 192.168.3.102:0 TCP connection: 192.168.3.100.711 - 192.168.3.102.11000 State: Oper; PIEs sent/rcvd: 55/53; ; Downstream Up time: 00:43:26 TDP discovery sources: Serial1/0.2 Addresses bound to peer TDP Ident: 192.168.3.10 192.168.3.14 192.168.3.100
134134134© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 134
show tag tdp neighbor detail
Router#show tag-switching tdp neighbors detailPeer TDP Ident: 192.168.3.100:0; Local TDP Ident 192.168.3.102:0 TCP connection: 192.168.3.100.711 - 192.168.3.102.11000 State: Oper; PIEs sent/rcvd: 55/54; ; Downstream; Last TIB rev sent 26 UID: 1; Up time: 00:44:01 TDP discovery sources: Serial1/0.2; holdtime: 15000 ms, hello interval: 5000 ms Addresses bound to peer TDP Ident: 192.168.3.10 192.168.3.14 192.168.3.100 Peer holdtime: 180000 ms; KA interval: 60000 ms; Peer state: estab
Router#show tag-switching tdp neighbors detailPeer TDP Ident: 192.168.3.100:0; Local TDP Ident 192.168.3.102:0 TCP connection: 192.168.3.100.711 - 192.168.3.102.11000 State: Oper; PIEs sent/rcvd: 55/54; ; Downstream; Last TIB rev sent 26 UID: 1; Up time: 00:44:01 TDP discovery sources: Serial1/0.2; holdtime: 15000 ms, hello interval: 5000 ms Addresses bound to peer TDP Ident: 192.168.3.10 192.168.3.14 192.168.3.100 Peer holdtime: 180000 ms; KA interval: 60000 ms; Peer state: estab
135135135© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 135
show tag tdp bindings
Router#show tag tdp bindings tib entry: 192.168.3.1/32, rev 9
local binding: tag: 28remote binding: tsr: 19.16.3.3:0, tag: 28
tib entry: 192.168.3.2/32, rev 8local binding: tag: 27remote binding: tsr: 19.16.3.3:0, tag: 27
tib entry: 192.168.3.3/32, rev 7local binding: tag: 26remote binding: tsr: 19.16.3.3:0, tag: imp-
null(1) tib entry: 192.168.3.10/32, rev 6
local binding: tag: imp-null(1)remote binding: tsr: 19.16.3.3:0, tag: 26
Router#show tag tdp bindings tib entry: 192.168.3.1/32, rev 9
local binding: tag: 28remote binding: tsr: 19.16.3.3:0, tag: 28
tib entry: 192.168.3.2/32, rev 8local binding: tag: 27remote binding: tsr: 19.16.3.3:0, tag: 27
tib entry: 192.168.3.3/32, rev 7local binding: tag: 26remote binding: tsr: 19.16.3.3:0, tag: imp-
null(1) tib entry: 192.168.3.10/32, rev 6
local binding: tag: imp-null(1)remote binding: tsr: 19.16.3.3:0, tag: 26
136136136© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 136
show tag-switching forwarding-tableshow mpls forwarding-table
router(config)#
• Displays contents of Label Forwarding Information Base.
Monitoring Label Switching
show ip cef detail
router(config)#
• Displays label(s) attached to a packet during label imposition on edge LSR.
137137137© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 137
Monitoring Label SwitchingMonitoring LFIB
Router#show tag-switching forwarding-table ? A.B.C.D Destination prefix detail Detailed information interface Match outgoing interface next-hop Match next hop neighbor tags Match tag values tsp-tunnel TSP Tunnel id | Output modifiers <cr>
Router#show tag-switching forwarding-table ? A.B.C.D Destination prefix detail Detailed information interface Match outgoing interface next-hop Match next hop neighbor tags Match tag values tsp-tunnel TSP Tunnel id | Output modifiers <cr>
138138138© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 138
show tag-switching forwarding-table
Router#show tag-switching forwarding-table detailLocal Outgoing Prefix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel Id switched interface 26 Untagged 192.168.3.3/32 0 Se1/0.3 point2point
MAC/Encaps=0/0, MTU=1504, Tag Stack{}27 Pop tag 192.168.3.4/32 0 Se0/0.4 point2point
MAC/Encaps=4/4, MTU=1504, Tag Stack{}20618847
28 29 192.168.3.4/32 0 Se1/0.3 point2point MAC/Encaps=4/8, MTU=1500, Tag Stack{29}18718847 0001D000
Router#show tag-switching forwarding-table detailLocal Outgoing Prefix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel Id switched interface 26 Untagged 192.168.3.3/32 0 Se1/0.3 point2point
MAC/Encaps=0/0, MTU=1504, Tag Stack{}27 Pop tag 192.168.3.4/32 0 Se0/0.4 point2point
MAC/Encaps=4/4, MTU=1504, Tag Stack{}20618847
28 29 192.168.3.4/32 0 Se1/0.3 point2point MAC/Encaps=4/8, MTU=1500, Tag Stack{29}18718847 0001D000
139139139© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 139
show ip cef detail
Router#show ip cef 192.168.20.0 detail192.168.20.0/24, version 23, cached adjacency to Serial1/0.20 packets, 0 bytes tag information set local tag: 33 fast tag rewrite with Se1/0.2, point2point, tags imposed: {32} via 192.168.3.10, Serial1/0.2, 0 dependencies next hop 192.168.3.10, Serial1/0.2 valid cached adjacency tag rewrite with Se1/0.2, point2point, tags imposed: {32}
Router#show ip cef 192.168.20.0 detail192.168.20.0/24, version 23, cached adjacency to Serial1/0.20 packets, 0 bytes tag information set local tag: 33 fast tag rewrite with Se1/0.2, point2point, tags imposed: {32} via 192.168.3.10, Serial1/0.2, 0 dependencies next hop 192.168.3.10, Serial1/0.2 valid cached adjacency tag rewrite with Se1/0.2, point2point, tags imposed: {32}
140140140© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 140
debug tag-switching tdp ...
router(config)#
• Debugs TDP adjacencies, session establishment, and label bindings exchange.
Debugging Label Switching and TDP
debug tag-switching tfib ...debug mpls lfib … 12.1(3)T
router(config)#
• Debugs Tag Forwarding Information Base events: label creations, removals, rewrites.
debug tag-switching packets [ interface ]debug mpls packets [ interface ] 12.1(3)T
router(config)#
• Debugs labeled packets switched by the router.• Disables fast or distributed tag switching.
141141141© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 141
Common Frame-Mode MPLS Symptoms
• TDP/LDP session does not start.
• Labels are not allocated or distributed.
• Packets are not labeled although the labels have been distributed.
• MPLS intermittently breaks after an interface failure.
• Large packets are not propagated across the network.
142142142© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 142
TDP Session Startup Issues: 1/4
Symptom
TDP neighbors are not discovered.show tag tdp discovery does not display expected TDP neighbors.
Diagnosis
MPLS is not enabled on adjacent router.
Verification
Verify with show tag interface on the adjacent router.
143143143© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 143
TDP Session Startup Issues: 2/4
Symptom
TDP neighbors are not discovered.
Diagnosis
Label distribution protocol mismatch - TDP on one end, LDP on the other end.
Verification
Verify with show tag interface detail on both routers.
144144144© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 144
TDP Session Startup Issues: 3/4
Symptom
TDP neighbors are not discovered.
Diagnosis
Packet filter drops TDP/LDP neighbor discovery packets.
Verification
Verify access-list presence with show ip interface.
Verify access-list contents with show access-list.
145145145© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 145
TDP Session Startup Issues: 4/4
Symptom
TDP neighbors discovered, TDP session is not established.
show tdp neighbor does not display a neighbor in Oper state.
Diagnosis
Connectivity between loopback interfaces is broken - TDP session is usually established between loopback interfaces of adjacent LSRs.
Verification
Verify connectivity with extended ping command.
146146146© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 146
Label Allocation Issues
Symptom
Labels are not allocated for local routes.
show tag-switching forwarding-table does not display any labels
Diagnosis
CEF is not enabled.
Verification
Verify with show ip cef.
147147147© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 147
Label Distribution Issues
SymptomLabels are allocated, but not distributed.
show tag-switching tdp bindings on adjacent LSR does not display labels from this LSR
DiagnosisProblems with conditional label distribution.
VerificationDebug label distribution with debug tag tdp advertisement.
Examine the neighbor TDP router IDP with show tag tdp discovery.
Verify that the neighbor TDP router ID is matched by the access list specified in tag advertise command.
148148148© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 148
Packet Labeling
Symptom
Labels are distributed, packets are not labeled.
show interface statistic does not labeled packets being sent
Diagnosis
CEF is not enabled on input interface (potentially due to conflicting feature being configured).
Verification
Verify with show cef interface.
149149149© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 149
show cef interface
Router#show cef interfaceSerial1/0.1 is up (if_number 15) Internet address is 192.168.3.5/30 ICMP redirects are always sent Per packet loadbalancing is disabled IP unicast RPF check is disabled Inbound access list is not set Outbound access list is not set IP policy routing is disabled Interface is marked as point to point interface Hardware idb is Serial1/0 Fast switching type 5, interface type 64 IP CEF switching enabled IP CEF VPN Fast switching turbo vector Input fast flags 0x1000, Output fast flags 0x0 ifindex 3(3) Slot 1 Slot unit 0 VC -1 Transmit limit accumulator 0x0 (0x0) IP MTU 1500
Router#show cef interfaceSerial1/0.1 is up (if_number 15) Internet address is 192.168.3.5/30 ICMP redirects are always sent Per packet loadbalancing is disabled IP unicast RPF check is disabled Inbound access list is not set Outbound access list is not set IP policy routing is disabled Interface is marked as point to point interface Hardware idb is Serial1/0 Fast switching type 5, interface type 64 IP CEF switching enabled IP CEF VPN Fast switching turbo vector Input fast flags 0x1000, Output fast flags 0x0 ifindex 3(3) Slot 1 Slot unit 0 VC -1 Transmit limit accumulator 0x0 (0x0) IP MTU 1500
150150150© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 150
Intermittent MPLS Failures after Interface Failure
Symptom
Overall MPLS connectivity in a router intermittently breaks after an interface failure.
Diagnosis
IP address of a physical interface is used for TDP/LDP identifier. Configure a loopback interface on the router.
Verification
Verify local TDP identifier with show tag-switching tdp neighbors.
151151151© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 151
Packet Propagation
Symptom
Large packets are not propagated across the network.
Extended ping with varying packet sizes fails for packet sizes close to 1500
In some cases, MPLS might work, but MPLS/VPN will fail.
Diagnosis
Tag MTU issues or switches with no support for jumbo frames in the forwarding path.
Verification
Trace the forwarding path; identify all LAN segments in the path.
Verify Tag MTU setting on routers attached to LAN segments.
Check for low-end switches in the transit path.
152152152© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 152
Summary
After completing this lesson, you will be able to perform the following tasks:
Describe procedures for monitoring MPLS on IOS platforms.
List the debugging commands associated with label switching, LDP and TDP.
Identify common configuration or design errors.
Use the available debugging commands in real-life troubleshooting scenarios.
153© 2001, Cisco Systems, Inc. All rights reserved.
Session NumberPresentation_ID
Customer Reference
154154154© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID 154
Cisco’s MPLS Is Proven150+ Deployments Today
Americas EMEA APT/Japan
155© 2001, Cisco Systems, Inc. All rights reserved.
Session NumberPresentation_ID
Thank you.