CCIE R&S Techtorial MPLS - cisco.com · MP-BGP, RSVP –Protocols for MPLS VPN and MPLS TE Main building stones of MPLS: ... 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6

© 2011 Cisco Systems, Inc. All rights reserved. 1

CCIE R&S TechtorialMPLS

Ing. Tomáš Kelemen

Partner Systems Engineer

CCIE #24395

Ing. Peter Mesjar

Systems Engineer

CCIE #17428


Agenda

Introduction to MPLS

What is MPLS?

Why it was developed?

How MPLS works

What are priciples of MPLS?

What are uses of MPLS?

MPLS in action

Basic MPLS L3 VPN config

MPLS L3 VPN verification

Q&A


Introduction to MPLS


What Is MPLS?

Multi Protocol Label Switching is a technology to deliver IP services - MPLS enables network services such as VPN and traffic engineering

Forwarding of data packets is via labels

– MPLS enabled routers do not look into IP header to forward packets

MPLS is known as OSI layer 2.5

– Label info is inserted between Data link and Network layer and this is sometimes called shim header

MPLS works over most Layer 2 technologies such as ATM, FR, PPP, POS, Ethernet

Ethernet MPLS IP Data



Network infrastructure convergence

– MPLS enabled network allows to carry different kind of traffic (IPv4, IPv6, Layer2 frames) across single network infrastructure

No need to have BGP enabled on all routers

– Very important for scaling lare networks – because MPLS forwarding is done via labels, we do not need to keep all destination IP addresses in routing tables

CE

CE

CE

CE

PE

PE

PE

PE

P P

P P

BGP session

BGP session

MPLS network



New approach to VPN technologies

– Allows use of overlapping IPv4 address space

– Allows optimal traffic flow

CE CE

CE

Traditional ATM/FR VPN

ATM/FR VC

CE CE

CE

MPLS VPN

routing peering

routing peering

routing peering

PE

PE PE



Traffic engineering

– Preffered path is least cost path determined by IGP

– Basic idea is to use links in network infrastructure efficiently

– MPLS needs to be able to provide mechanism to divert traffic to other links beside preffered path

MPLS network with TE enabled

Preffered, least cost path

Traffic engineered

path


How MPLS works


What are principles of MPLS?

Label – 32bit value inserted between Layer 2 and Layer 3

LSR – Label Switch Router (eg. PE, P)

LSP – Label Switched Path

IGP – Interior Gateway Protocol

LDP – Label Distribution Protocol

LIB, LFIB – Label Information Base, Label Forwarding Information Base

MP-BGP, RSVP – Protocols for MPLS VPN and MPLS TE

Main building stones of MPLS:

COS/EXP = Class of Service: 3 Bits; S = Bottom of Stack; TTL = Time to Live

0 1 2 3

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

Label – 20bits EXP S TTL-8bits


Life of a packet in MPLS network:

Egress LSR not always performs label disposition

- PHP (Penultimate Hop Popping) signaled via implicit null label (LDP advertising MPLS label of value three)


CE CE

PE PE

LSP

P P

P P

1. Ingress LSR– label imposition

2. Core LSR– label swapping

3. Egress LSR– label disposition



Each LSR needs to run IGP to learn IP prefixes (eg. neighbor loopbacks, BGP next hops)

Each LSR then forms LDP neighborship between its directly connected LSR

Once LDP neighborship is formed, each LSR uses LDP to assign labels to IP prefixes it knows about – each LSR does this independently and advertises its labels to its LDP neighbors

LDP is standards based – RFC 3035 and RFC 3036

LDP uses UDP for session discovery (port 646 and destination IP 224.0.0.2)

LDP uses TCP (port 646 and destination IP of its LDP peer) for rest of the messages (label advertisement, label withdrawal, session maintenance, session teardown)

Assigning and distributing MPLS labels



RIB stores IP prefixes, LIB stores MPLS labels

LFIB is created from both RIB and LIB and used to forward MPLS tagged packets

Example for LSR in bottom picture:

- RIB has 1.1.1.1/32 learned via IGP over e0/0 interface

- LIB has label “L” for prefix 1.1.1.1/32 learned from its LDP peer

- LFIB has: “to forward packet to 1.1.1.1/32, use label L and send packet using peer LDP nexthop over e0/0 interface”

Forwarding MPLS packets – which label to use?

LSR

1.1.1.1/32

e0/0



Labeling does not make forwarding of packets faster

Label stacking is the primary use of MPLS that enables use of MPLS L2 and L3 VPNs, traffic engineering and other services

Most used examples of label stacking:

- 2 labels for MPLS VPN – bottom label indicates which VPN this packet belongs to, outer is used by core LSRs for packet forwarding

- 3 labels for MPLS TE – the most upper label is used to indicate which TE tunnel to forward this packet

Label stacking

TE Label

LDP Label

VPN Label

Inner Label

Outer Label

IP Header



MPLS VPN is set of sites that communicate with each other – these sites can be connected to MPLS infrastructure at various PE routers

PE LSR acts as aggregation router in MPLS VPN – each site is identified by its own VRF (Virtual Routing and Forwarding) instance, which is logically separated and by default communication between VRF is not allowed

Use of MPLS to build Layer 3 VPN

VPN RED

VPN GREEN

VPN BLUE

MPLS network

PE

PE

PEPE

PE

Each PE router assigns distinct MPLS label for each VRF it communicates with other PE routers – this label is not assigned by LDP, but by MP-BGP, and is used to know which VRF site remote PE needs to send packet to



RD (Route Distinguisher) is attached to each IP prefix exchanged in VPN to make them unique – RD + prefix = VPN prefix

RD allows to use overlapping IP addresses among VPNs

RD length is 64 bits and is in formant X:Y, where X is usually Autonomous System Number or IP address – usually one RD is assigned per one customer

RT (Route Target) governs which VPN prefixes are allowed to be imported or exported out of particular VPN

Using RT you create intranet or extranet

- Intranet – different sites of “same” VPN can communicate

- Extranet – different sites of “different” VPNs can communicate

In order to bring L3 VPN into life, you need to exchange both RD and RT – this is done by MP-BGP

Use of MPLS to build Layer 3 VPN



MPLS Layer 3 VPN Intranet for customer in VPN RED

VPN RED

VPN GREEN

VPN BLUE

MPLS network

PE

PE

PEPE

PE

ip vrf RED

rd 100:1

route-target export 1:1

route-target import 1:1

ip vrf RED

rd 100:1



ip vrf RED

rd 100:1





MPLS Layer 3 VPN Intranet for customer in VPN GREEN

VPN RED

VPN GREEN

VPN BLUE

MPLS network

PE

PE

PEPE

PE

ip vrf GREEN

rd 100:2



ip vrf GREEN

rd 100:2



ip vrf GREEN

rd 100:2





MPLS Layer 3 VPN Intranet for customer in VPN BLUE

VPN RED

VPN GREEN

VPN BLUE

MPLS network

PE

PE

PEPE

PE

ip vrf BLUE

rd 100:3



ip vrf BLUE

rd 100:3



ip vrf BLUE

rd 100:3





MPLS Layer 3 VPN Extranet between customer VPN REDand VPN BLUE

VPN RED

VPN GREEN

VPN BLUE

MPLS network

PE

PE

PEPE

PE

ip vrf BLUE

rd 100:3




ip vrf RED

rd 100:1






Exchanging RD, RT and VPN label over MPLS network

MPLS network

PE

PE

Each PE router forms iBGP session with other PE router

Over this iBGP sessions, PE routers exchange VPN prefixes

Each VPN prefix is exchanged with its associated RT and VPN label – RT is for importing routes into VRF RIB, VPN label is for actual packet forwarding



Packet forwarding with MPLS Layer 3 VPN

PE2PE1 P1 P2Site 1 of VPN BLUE Site 2 of VPN BLUE

IP IP

IGP

VPN

IP

IGP

VPN

IP

VPN

IGP label is assigned by LDP

VPN label is assigned by MP-BGP

1.) PE1 receives IP packet on VRF interface assigned to site 1 of VPN BLUE.

2.) PE1 looks up VPN and IGP label, imposes this label stack to IP packet and forwards it to MPLS network. IGP label is known based on iBGP next hop, which is IP address of PE2.

3.) P1 router swaps IGP label based on its LFIB table.

4.) P2 removes IGP label due to PHP, but does not touch VPN label.

5.) PE2 router receives IP packet with VPN label, which it uses to select correct outgoing VPN site

6.) PE2 then strips off VPN label, makes lookup in its VRF RIB for particular VPN site to get the outgoing interface to send received packet to.

IP



Exchanging routing information between CE and PE routers

Static routing

RIP

EIGRP

OSPF

IS-IS

eBGP


MPLS in action


MPLS demo lab topology

PE2PE1 P1 P2Site 1 of

VPN BLUE

Site 2 of VPN

BLUE

Site 1 of VPN RED

Site 2 of VPN RED

s2/0

s3/0

e0/0

e0/0

e1/0

e1/0

e0/0

e0/0

s2/0

s3/0

s2/0 s2/0

s3/0 s3/0

- VPN Red site 1

s2/0: 10.1.1.2/30

lo0: 192.168.1.1/24

- VPN Blue site 1

s3/0: 10.3.1.2/30

lo0: 172.16.1.1/24

- VPN Red site 2

s2/0: 10.1.2.2/30

lo0: 192.168.2.1/24

- VPN Blue site 1

s3/0: 10.3.2.2/30

lo0: 172.16.2.1/24

- PE1

s2/0: 10.1.1.1/30

s3/0: 10.3.1.1/30

e0/0: 10.0.12.1/24

lo0: 10.0.0.1/32

- P1

e0/0: 10.0.12.2/24

e1/0: 10.0.23.2/24

lo0: 10.0.0.2/32

- P2

e0/0: 10.0.34.3/24

e1/0: 10.0.23.3/24

lo0: 10.0.0.3/32

- PE2

s2/0: 10.1.2.1/30

s3/0: 10.3.2.1/30

e0/0: 10.0.34.4/24

lo0: 10.0.0.4/32





1.) Configuring core LSR for MPLS switching

P1(config)#mpls ldp router-id loop0

P1(config)#int e0/0

P1(config-if)#mpls ip

P1(config-if)#int e1/0


P1(config-if)#router ospf 100

P1(config-router)#network 10.0.0.2 0.0.0.0 area 0



P2(config)#mpls ldp router-id loop0

P2(config)#int e0/0


P2(config-if)#int e1/0


P2(config-if)#router ospf 100




Loopback interface must be routable for LDP to form adjacencies



2.) Configuring edge LSR for MPLS switching

PE1(config)#mpls ldp router-id loop0

PE1(config)#int e0/0

PE1(config-if)#mpls ip

PE1(config-if)#router ospf 100

PE1(router)#network 10.0.0.1 0.0.0.0 area 0


PE2(config)#mpls ldp router-id loop0

PE2(config)#int e0/0

PE2(config-if)#mpls ip

PE2(config-if)#router ospf 100



Loopback interface must be routable for LDP to form adjacencies



3a.) Configuring edge LSR PE1 for MPLS L3 VPN

ip vrf blue

rd 100:3



!

ip vrf red

rd 100:1



!

interface Serial2/0

ip vrf forwarding red

!

interface Serial3/0

ip vrf forwarding blue



3b.) Configuring edge LSR PE1 for MPLS L3 VPN

router bgp 100

no bgp default ipv4-unicast

bgp log-neighbor-changes

neighbor 10.0.0.4 remote-as 100

neighbor 10.0.0.4 update-source Loopback0

!

address-family ipv4

no synchronization

no auto-summary

exit-address-family

!

address-family vpnv4

neighbor 10.0.0.4 activate

neighbor 10.0.0.4 send-community extended

exit-address-family

!

address-family ipv4 vrf blue

no synchronization

redistribute static

exit-address-family

!

address-family ipv4 vrf red

no synchronization

redistribute static

exit-address-family

!

ip route vrf red 192.168.1.0 255.255.255.0 Serial2/0

ip route vrf blue 172.16.1.0 255.255.255.0 Serial3/0

VPNv4 for exchange of VPNv4 prefixes that includes RD and RT

PE to CE connectivity



4a.) Configuring edge LSR PE2 for MPLS L3 VPN

ip vrf blue

rd 100:3



!

ip vrf red

rd 100:1



!

interface Serial2/0

ip vrf forwarding red

!

interface Serial3/0

ip vrf forwarding blue



4b.) Configuring edge LSR PE2 for MPLS L3 VPN

router bgp 100

no bgp default ipv4-unicast

bgp log-neighbor-changes

neighbor 10.0.0.1 remote-as 100

neighbor 10.0.0.1 update-source Loopback0

!

address-family ipv4

no synchronization

no auto-summary

exit-address-family

!

address-family vpnv4

neighbor 10.0.0.1 activate

neighbor 10.0.0.1 send-community extended

exit-address-family

!

address-family ipv4 vrf blue

no synchronization

redistribute static

exit-address-family

!

address-family ipv4 vrf red

no synchronization

redistribute static

exit-address-family

!

ip route vrf red 192.168.2.0 255.255.255.0 Serial2/0

ip route vrf blue 172.16.2.0 255.255.255.0 Serial3/0

VPNv4 for exchange of VPNv4 prefixes that includes RD and RT

PE to CE connectivity



5.) Configuring CE-PE connectivity on CE1 and CE2

site_1_vpn_blue(config)#ip route 172.16.2.0 255.255.255.0 Serial3/0

site_2_vpn_blue(config)#ip route 172.16.1.0 255.255.255.0 Serial3/0

site_1_vpn_red(config)#ip route 192.168.2.0 255.255.255.0 Serial2/0

site_2_vpn_red(config)#ip route 192.168.1.0 255.255.255.0 Serial2/0


MPLS verification



1.) IGP peerings formed in core

P1#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

10.0.0.3 1 FULL/BDR 00:00:37 10.0.23.3 Ethernet1/0

10.0.0.1 1 FULL/DR 00:00:32 10.0.12.1 Ethernet0/0

P2#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

10.0.0.2 1 FULL/DR 00:00:38 10.0.23.2 Ethernet1/0

10.0.0.4 1 FULL/DR 00:00:31 10.0.34.4 Ethernet0/0


2.) MPLS LDP peerings formed in core

P1#show mpls ldp discovery

Local LDP Identifier:

10.0.0.2:0

Discovery Sources:

Interfaces:

Ethernet0/0 (ldp): xmit/recv

LDP Id: 10.0.0.1:0


LDP Id: 10.0.0.3:0

P2#show mpls ldp discovery

Local LDP Identifier:

10.0.0.3:0

Discovery Sources:

Interfaces:


LDP Id: 10.0.0.4:0


LDP Id: 10.0.0.2:0




3.) VRF tables and interfaces defined on PE routers

PE1#show ip vrf

Name Default RD Interfaces

blue 100:3 Se3/0

red 100:1 Se2/0

PE1#show ip vrf interfaces

Interface IP-Address VRF Protocol

Se3/0 10.3.1.1 blue up

Se2/0 10.1.1.1 red up

PE2#show ip vrf

Name Default RD Interfaces

blue 100:3 Se3/0

red 100:1 Se2/0

PE2#show ip vrf interfaces

Interface IP-Address VRF Protocol

Se3/0 10.3.2.1 blue up

Se2/0 10.1.2.1 red up



4.) iBGP session formed between PE routers

PE1#show bgp vpnv4 unicast all summary

BGP router identifier 10.0.0.1, local AS number 100

BGP table version is 9, main routing table version 9

4 network entries using 564 bytes of memory

4 path entries using 272 bytes of memory

5/4 BGP path/bestpath attribute entries using 380 bytes of memory

2 BGP extended community entries using 48 bytes of memory

0 BGP route-map cache entries using 0 bytes of memory

0 BGP filter-list cache entries using 0 bytes of memory

BGP using 1264 total bytes of memory

BGP activity 4/0 prefixes, 4/0 paths, scan interval 15 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

10.0.0.4 4 100 36 36 9 0 0 00:27:58 2



5a.) IGP labels assigned by LDP – path from PE1 to PE2

PE1#traceroute 10.0.0.4

Type escape sequence to abort.

Tracing the route to 10.0.0.4

1 10.0.12.2 [MPLS: Label 19 Exp 0] 8 msec 0 msec 0 msec


3 10.0.34.4 4 msec * 4 msec

PE1#show mpls forwarding 10.0.0.4

Local Outgoing Prefix Bytes Label Outgoing Next Hop

Label Label or VC or Tunnel Id Switched interface

21 19 10.0.0.4/32 0 Et0/0 10.0.12.2

P1#sh mpls forwarding-table 10.0.0.4



19 16 10.0.0.4/32 542879 Et1/0 10.0.23.3

P2#show mpls forwarding-table 10.0.0.4



16 Pop Label 10.0.0.4/32 583785 Et0/0 10.0.34.4



5b.) IGP labels assigned by LDP – path from PE2 to PE1

PE2#traceroute 10.0.0.1





3 10.0.12.1 0 msec * 0 msec

PE2#show mpls forwarding-table 10.0.0.1



18 18 10.0.0.1/32 0 Et0/0 10.0.34.3




18 16 10.0.0.1/32 875801 Et1/0 10.0.23.2




16 Pop Label 10.0.0.1/32 940813 Et0/0 10.0.12.1



6.) VPN labels assigned by BGP

PE1#show bgp vpnv4 unicast vrf red labels

Network Next Hop In label/Out label

Route Distinguisher: 100:1 (red)

192.168.1.0 0.0.0.0 17/nolabel

192.168.2.0 10.0.0.4 nolabel/21

PE1#show bgp vpnv4 unicast vrf blue labels


Route Distinguisher: 100:3 (blue)

172.16.1.0/24 0.0.0.0 24/nolabel

172.16.2.0/24 10.0.0.4 nolabel/22

PE2#show bgp vpnv4 unicast vrf red labels


Route Distinguisher: 100:1 (red)

192.168.1.0 10.0.0.1 nolabel/17

192.168.2.0 0.0.0.0 21/nolabel

PE2#show bgp vpnv4 unicast vrf blue labels


Route Distinguisher: 100:3 (blue)

172.16.1.0/24 10.0.0.1 nolabel/24

172.16.2.0/24 0.0.0.0 22/nolabel



7a.) End-to-end connectivity between VPN RED sites

site_1_vpn_red#traceroute 192.168.2.1 source 192.168.1.1



1 10.1.1.1 20 msec 20 msec 20 msec

2 10.0.12.2 [MPLS: Labels 19/21 Exp 0] 40 msec 40 msec 40 msec


4 10.1.2.1 20 msec 20 msec 20 msec

5 10.1.2.2 40 msec * 40 msec

site_2_vpn_red#traceroute 192.168.1.1 source 192.168.2.1



1 10.1.2.1 20 msec 20 msec 20 msec



4 10.1.1.1 20 msec 20 msec 16 msec

5 10.1.1.2 36 msec * 40 msec



7b.) End-to-end connectivity between VPN BLUE sites

site_1_vpn_blue#traceroute 172.16.2.1 source 172.16.1.1



1 10.3.1.1 20 msec 12 msec 20 msec



4 10.3.2.1 20 msec 20 msec 20 msec

5 10.3.2.2 28 msec * 40 msec

site_2_vpn_blue#traceroute 172.16.1.1 source 172.16.2.1



1 10.3.2.1 24 msec 12 msec 20 msec



4 10.3.1.1 20 msec 20 msec 20 msec

5 10.3.1.2 20 msec * 28 msec


Q and AMPLS


Documents

CCIE R&S Techtorial MPLS - cisco.com · MP-BGP, RSVP –Protocols for MPLS VPN and MPLS TE Main building stones of MPLS: ... 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6