CCIE: 04/01/2012 - 05/01/2012

Thursday, April 19, 2012

MPLS VPN BGP Role

BGP well suited to carry the traffic of hundreds of thousands of routes.
It is flexible & extended policies to be implemented.
So it is used well in MPLS VPN.
In MP BGP 4 address families will be supported.

IPv4
IPv6
VPNv4
VPNv6

Remaining are unicast, multicast & VRF
BGP Extended Community: RT

It tells to the PE routers if the route imported into a VRF add at least one RT to that IPv4 route

Order

IP IGP routing protocols build the ip tables.
LSR assign a local label for each route learned(but not bgp learned routes)
LSRs share their labels with other LSRs using LDP
LSRs build their own LIB(Label Information Base), LFIB(Label Forward Information Base) & FIB(Forward Information Base) based on what they have learned from their LDP neighbor.

LDP Neighbor:

Hellow Messages

LDP link hello uses destination UDP port 646 & is sent to 224.0.0.2 every 5 sec.

Session is TCP based on destination port 646.
Router with highest LDP router ID(Active LSR) will initiate TCP session.
Keepalives are sent for every 60 sec.

MPLS VPN Routes Updating

IGP or eBGP are advertises the CE routes in PE routing table
At PE router IPv4 routes learned from the CE router is inserted into VRF routing table
PE routers are fully meshed with MP-BGP.
To this updated VRF routes RD is added & make them VPNv4 route & then RTs are added.
Then these VPNv4 routes are redistribute into MP-BGP.
The iBGP between PEs advertises the VPNv4 route with MPLS label & RTs
RTs tells that which vrf can import which route.
After that RD is removed from VPNv4 route.
Then IPv4 route is inserted into VRF routing table.
PE advertises these routes towards the customer routers.

The communication between sites is controlled by RTs
An RT is a BGP extended community that indicates which route should be imported from MP-BGP into the VRF.

An RT is a BGP extended community.

that indicates which routes should be imported from MP-BGP into the VRF.

Exporting an RT means,

that the exported vpnv4 route receives an additional BGP extended community, this is the RT, when the route is redistributed from the vrf routing table into MP-bgp.

Importing an RT means,

received vpnv4 route from mp-bgp is checked for a matching extended community, this is the rt,.

If the result is a match, the prefix is put into the vrf routing table.

Wednesday, April 18, 2012

Each vrf on the PE router must have on RD.
RD format:

ASN:NN

If customer(VPN) connected to different PE routers then 2 separate RDs must be used.

VPN prefixes are propagate across the MPLS VPN network my MP-BGP.
RDs used to these VPN prefixes make unique.
A prefix derived from the combination of the IPv4 prefix & the RD is calld VPNv4 prefix.
MP-BGP will carry the these VPNv4 prefixes between the PE routers

In cisco ios, cef is the only switching method supported for forwarding ip packets from the VRF interface.
So CEF must be enabled globally on all PE routers & all VRF interfaces

Routing should be separate & private for each customer(VPN) on a PE router.
so each vpn has its own routing table.
Thi private routing table is called VRF routing table.

VRF is combination of

VPN routing table
VRF CEF table
ip routing protocols

For every VPN attached to the PE, there is one VRF

Tuesday, April 17, 2012

MPLS VPN components:

VRF:

Allows multiple tables on the same routers.
Each vrf have separate:

RIB
FIB
LFIB

VRF is locally significant to router.
The traffic entered into the VRF enabled interfaces is belong to that vrf.
Only one vrf can be assigned to each VRF but one VRF contain any number of interfaces.

Route Distinguishers:

VPN routes are propagated across a MPLS VPN network by MP-iGMP
To make these routes unique RDs are used.
RD is locally significant & globally relevance.

Routing Timers:

Export RTs

Attached to a route when it is converted into VPNv4 route

Import RTs

RTs are used to select VPNv4 routes to insert into matching VRF tables.

The matched route is only added to vrf table only when RT is attached to the matched route on PE router.

Routing Protocols:

IGP 1:

Between CEs & PEs
used to advertise routes in the VRF routing table
IGP will be any of the IGP protocol/static route/ebgp

IGP 2:

This is core MPLS IGP
Support the LDP

LDP:

Between MPLS enabled routers

MP-BGP:

Only between PE routers

2 Types of labels in label stack:

Outer/Top/LDP label:

Used for switching the label in the mpls core network

Inner/Bottom/VPN label:

Used for switching towards the egress pe router & identify the outgoing interface.

MPLS VPN Label Operations:

Every PE router assign a VPN label to every local VRF route.
This vrf routes with VPN labels are advertised to remaining PE routers in MP-iBGP updates.
After converging on PE routers,

For every non-local VRF route will be labeled with VPN/inner label along with inner/LDP label for every BGP next-hop.

Monday, April 16, 2012

MPLS TABLES

Control plane:

Collecting & propagating the information that is used to forward traffic.
Build RIB

From routing protocols

From routing protocols
Build LIB

Using label exchange protocol

Using label exchange protocol
From these 2 give the information to the forwarding plane

Forwarding Plane:

Decides how a packet will be forwarded
Build 2 tables FIB & LFIB
Responsible for forwarding the packet based ip add or label

RIB:

Nothing but IP routing table
Sh ip route
Table columns Protocol, prefix, next hop

LEP:

A LEP

Bind locally significant labels to routes in the RIB
Then exchange these label bindings with neighbor LSRs
Stores the local & received label binding in LIB table

LEPs are:

LDP/TDP: in this labels are assigned to only non-bgp routes in Routing Tables
MP-BGP: distribute label bindings for bgp routes in routing table

LIB:

Contains the Local Label binding & label bindings learned from neighbors.
LIB table will seen using “sh mpls ldp binding” or “sh mpls ip bindings"
Table columns are prefix, lsr/local, label

FIB:

Made by CEF
Stores all labels information
Contain each prefix, next-hop & outgoing interfaces
See by using “sh ip cef detail"
Column’s are prefix, Next-hop, label.

LFIB:

It contains labels used to forward packets but not all labels bindings in RIB
See by using “sh mpls forwarding table"
Table column’s are inlabeL, outlabel, next-hop

Sunday, April 15, 2012

MPLS VPN services

connection less service:

VPN connection less network don't need the tunnels & encryption for network privacy.

Centralized services:

VPNs in layer 3 allows the targeted services to a group of users which are represented by VPN.

Scalability:
Security:

MPLS VPN offer same level security as connection-oriented VPNs.

Easy to create:

MPLS VPNs are connection less, no need of specific point-to-point connection maps or topologies are required.
So it is easy for customers to create new VPNs & user community.

Flexible Addressing:

Most of customers use private address spaces.
MPLS VPNs allow customers to continue to use their present address space without NAT.
A NAT is required only if 2 vpns with overlapping address spaces want to communicate.
this enable customer use their own private address in freely in public ip network.

Integrated Class of service (COS) support:

cos provides performance & policy implementation

VRF contain :

ip routing table
CEF table
set of interfaces that use the cef forwarding table
set of rules & routing protocol parameters to control the information in the routing tables

Saturday, April 14, 2012

config b/n PE to CE

create vrf & apply to interfaces
create ip vrf by command

ip vrf A in global mode

Route Distinguishers

goal is to make the prefix unique in entire mpls network

formate of RD changed based on service provider

AS followed by locally significant number
router-id followed by locally significant number

rd config

rd 200:1 /** config under ip vrf A
rd 200:2

apply vrfs to interfaces

int e0/0
ip vrf forwarding A
ip address 1.1.1.1 255.255.255.0 /** reenter ip add because enabling of vrf on interface remove the ip add of the interface
sh ip route /*** global routing table shows the separate tables for the each customer

sh route | in interface | in ip address
under the igp process enable seperate address family

router eigrp /**under given igp route process
address-family ipv4 vrf A
sh ip vrf detail

sh ip route vrf * /** sh all vrf routing tables
address-family ip v4 vrf / vpv4

MPLS configuration

MPLS also called Dynamic Label Switching
Before configuring first enable the CEF

command used is ip cef in global mode
Verify by show command show ip cef
It increases the packet switching speed.
main

Enable MPLS forwarding of ipv4 packets along the routed paths( also called Dynamic Label Switching

must be enable on interface & device
command: mpls ip

unique router-id important in MPLS

As a router-id loopback address is more advantage than interface address

command used to router-id as loopback is
mpls ldp router-id loopback0 force

In sometimes loopback ip address used as router-id cannot be reachable

at that time an interface is used as router-id, to this use the following command under interface

mpls ldp discovery transport-address interface

enable mpls on routing protocol enabled interfaces

mpls ldp autoconfig under routing process.

enable mpls authentication globally.

mpls ldp password required in global mode
mpls ldp neighbour 150.1.5.55 password CISCO

to show mpls neighbours

show mpls ldp neighbors

to show mpls enabled interfaces

show mpls interfaces

to show mpls authentication

show mpls ldp neighbor password

to show LFIB table

show mpls forwarding-table

to check the packets are forwarding by MPLS

traceroute 150.1.5.5

normally LDP will generate & adverties labels for every prefix found in the local routing table

to avoid this & enable only on some prefixes uses the access control list
exampls:

access-list 10 permit 150.1.0.0 0.0.255.255

no mpls ldp advertise-labels

mpls ldp advertise-labels for 10

PE configuration

in mpls network full mesh of PEs was created using ibgp peerings
for example

router bgp 100

neighbor 155.1.5.5 remote-as 1oopback0

neighbor 155.1.5.5 update-source loopback0

address-family vpv4 unicast /** activating vpv4 address family

neighbor 150.1.5.5 activate

neighbor 150.1.5.5 send-community extended

neighbor 150.1.5.5 route-reflector-client

to define VRF use command

ip vrf vrf-name

Friday, April 13, 2012

MP-BGP VPNv4

VRF lite is the USING VRF without MPLS.
VRF lite main problem is scalability issue.
this scalability problem will be overcomed by "dynamic tunneling"
For dynamic tunneling MPLS technology is used.
there are remote customers.
they were connected via cloud.
Remote customers are connected to cloud via Provider edge routers.
Provider edger routers are connected with full mesh of label switching routers.
These Label switching packets are used for tunneling VPN packets.
When packet switching via tunnel between & to reach the customer uses the 2 types of Labels

one for switch between 2 provider edge routers(outer label)
2nd one for selecting the correct vrf on outgoing provider edge(inner label)

This label is also known as VPN label

MPLS label switching routers are unidirectional.
MPLS LSR are not used normal IGP protocols.

send from source udp port number 646 to destination tcp add 224.0.0.2

Thursday, April 12, 2012

MPLS VPN Data Plane

To support the forwarding of packets,

ingress PEs need appropriate FIB entries,
Ps & PEs needing appropriate LFIB entries

The outer label identifies the segments of the LSP between between the ingress PE & the egress PE,

but it doesn't identify how the egress PE should forward the packet.

The inner label identifies the egress PE's forwarding details, in particular the outgoing interface for the unlabeled packet.
Building the Inner (VPN) label:

The inner label called VPN label
VPN label must be allocated for each route added to each customer VRF.
More specifically, a CE will advertise routes to the PE,

PE stores these routes in the corresponding customer's VRF

In order to prepare to forward packets to those customer subnets,

the PE needs to allocate a new local label
That local label contain the prefix & the route's next-hop ip address & outgoing interface & stores this information in LFIB.

Steps in LSRs fill the FIB & LFIB when using MPLS VPNs

An unlabeled packet arrives on an interface assigned to VRF,

which will cause ingress PE to use VRF's FB to make a forwarding decision.

At ingress PEs VRF, FIB shows the outgoing interface for destination ip &

Add a label stack with 2 labes

an inner label(having original destination IP address)
an outer label

Then ingress PE forwards the packet to next Ps

P uses the LFIB entry for incoming label (outer label), swap this label.

MPLS VPN Configuration

Main steps in configuring MPLS VPN configuration:

Creating each VRF, RD, & RT, plus associating the customer-facing PE interfaces with the correct VRF
Configuring the IGP between PE & CE
Configuring mutual redistribution between the IGP & BGP
Configuring MP-BGP between PEs

VPNs are configured only on PE routers only.

The customer routers no need to know about VPNs
P routers no need to know about the MPLS VPN features

VRFs allow PEs to store routes learned from various CEs, even if the prefixes overlap.
RD allows PEs to store routes as unique prefixes.
RT tells the PEs which routes should be added to each VRF

which provides greater control & ability to allow sites to be reachable from multiple VPNs.

VRF configuration on PE use the following commands:

Configure the VRF using command:

ip vrf <vrf-name>

Configure the RD under VRF sub-command using

rd <rd-value>

Configure the RT under VRF sub-command using

rt {import|export} <rt-value>

Associating an interface with the VRF under interface sub-command using

ip vrf forwarding <vrf-name>

Each VRF has:

One RD
At least one import & export routing tag.

If we give unique RD to every VRF, overlapping of prefixes will be overcomes.
Configuring the IGP between PE & CE:

Configure a routing protocol between PE & CE.
This allows the PE router to learn the customer routes & CE to learn the other customer routes learned by PE from other PE in the MPLS cloud.
Any IGP or even BGP can be used as the routing protocol.
Show Commands:

sh ip route vrf cust-A

shows connected route on PE router & router learned from CE.

Configuring Redistribution between PE-CE IGP & MP-BGP

PE have no ability to advertise these routes across the MPLS VPN cloud.
Then redistribute the IGP learned routes from CE into BGP table contain other CE routes learned from remaining PEs & vice-versa.
2 methods to add new routes to BGP table are

Using network command
Redistribution

The BGP network command works well when adding small number of predictable prefixes.
The Redistribution process works best when

the prefixes are not predictable
there may be many no.of prefixes,... etc.

So MPLS VPN BGP configurations uses the Redistribution process for adding new routes.
MPLS VPN mutual redistribution configuration requires specific VRF told by both IGP & BGP.
Redistribution command under the IGP & BGP process is

address-family ipv4 vrf <vrf-name>

Configuring MP-BGP between PFs

To configure each peer, commands used are in normal BGP in non-MPLS configurations & others occur inside a new VPNv4 address family.
Compare MPLS VPN BGP & traditional BGP configuration.

The PE neighbors are defined under the main BGP process, not for particular address family.
In MPLS VPN designs loopback is used as update source on the PE routers.

In that case, the neighbor update-source command is also under the mail BGP process.

The PE neighbors are then activated, using the neighbor activate command, under the VPNv4 address family process (address-family vpnv4).
BGP must be told to send the community PA (neighbor send-community) command, under the address-family vpnv4 command.
The VPNv4 address family does not refer to any particular VRF.
Thre is no need of iBGP neighbor per VRF on each remote VRF.

Loop Back Address in MPLS

Enable Loopback interfaces on all P & PE routers.
These loopback addresses must be in the core IGP.
Establish MP-BGP sessions with these loopback addresses on all PE routers.
These loopback interfaces will be used & referred as BGP next-hop address which carries MPLS VPN traffic.
A BGP next-hop address must be an IGP route.

Wednesday, April 11, 2012

MPLS Route Targets

MPLS uses Route Targets to determine in which VRFs, a PE places IBGP-learned routes.
It is 64-bit extended BGP community.
It is attached to a VPNv4 BGP route to indicate its VPN membership
Any number of RTs attached to a single route up to the BGP update packet size of 4096 bits.
Export RTs

Attached to a route when it is converted into a VPN4 route.
Identify the VPN membership by associating routes to a VRF

Import RTs

Used to select VPNv4 routes for insertion into matching VRF tables.
On the receiving PE router, a route is imported into a vrf only if at least one RT attached to the route matches at least one import RT configured in that VRF(route map condition must be met if configured).

An import or export map allows route control on a per-route basis.

MP-BGP & Routing Distinguishers

Routes learned from the CE router are advertised to other PE routers uses the IBGP from all the routes, from all the different VRFs.
If use normal BGP is used, may overlapping of prefixes will be occurred.
MPLS deals this problem by

Add another number in front of the original BGP NLRI.
Each different number can represent a different customer.
To do this MPLS uses the MultiProtocol BGP.

MP BGP allows re-define the NLRI filed in BGP updates.
This re-defination allows for an additional variable-length umber, called Address family

This address family added at, in front of the prefix.

MPLS RFC 4363, "BGP/MPLS IP Virtual Private Networks(VPNs)," defines a specific new address family to support IPv4 MPLS VPNs--named as an MP-BGP address family called Route Distinguishers (RDs)
RDs allow BGp to advertise & distinguish between duplicate IPv4 prefixes.
The concept is simple:

Advertise each NLRI as the traditional IPv4 prefix, but add another number (the RD)

RD uniquely identifies the route.

In the new NLRI format, called VPN-V4, has 2 parts:

64-bit RD
32-bit IPv4 prefix

example: 1:111:10.2.2.0/24

Every VRF must be configured with an RD.

PE Role in MPLS

PE router:

An LSR that shares a link with at least one Customer Edge router,
edge of MPLS VPN, IBGP & VRF tables

PE & P routers can together label switch packets from the ingress PE to the egress PE router.
PE .have several other duties:

Learn customer routes
& keep track of which routes belong to which customer.
Exchange routes with connected CE routers from various customers.
To keep the track of the possibly overlapping prefixes.

PE routers do not put the routers in normal IP routing table

instead , PEs store routes in separate per-customer routing tables, called VRFs

To exchange these customer routes with other PEs use IBGP.

never advertise these routes to P routers.

PEs advertise Route Targets in BGP updates as BGP Extended Community Path Attributes (PAs)

Feeding the FIB & LFIB

LIB: Label Information Base

Each LSR store all labels & their related information in Label Information Base.

Each LSR must choose the best label & outgoing interface & then populate that information into the FIB & LFIB
As a result, the FIB & LFIB having the best currently used LSP.
Best route in IP routing table become the best LSP in LIB.
LSR makes the following decision:

for each route in the routing table
find the corresponding label information in LIB
based on the outgoing interface & next hop router.
Add the corresponding label information to the FIB & LFIB.

MPLS TTL field & It propagation

MPLS TTL is similar to IP header's TTL
IP header's TTL used for:

identifying loops
traceroute command to find the ip address of each router in a particular end to end route.

MPLS TTL used for same above ip TTL functions.
From this we confirmed that, presence or absence of MPLS in a network has no effect on the TTL related processes.
When switching LSR will decrement the MPLS TTL but not the IP TTL.
TTL in MPLS network:

At Ingress E-LSR:

It decrements the IP TTL field in unlabeled packet
then push a label in unlabeled packet
& copy the decremented IP TTL into the new MPLS TTL.

At LSR:

When LSR swaps a label, MPLS TTL will be decremented
& doesn't effect the IP TTL

At Egress E-LSR:

After an egress E-LSR decrements the MPLS TTL field, it pops the MPLS label (header)
& then copies the MPLS TTL to the IP TTL.

A looping packet would decrements to TTL 0 and discarded.

MPLS Label Filtering

By default LDP will generate & advertise labels for every prefix in the local routing table.
To filter & generate labels only for required prefixes

we can use access control lists to select the required prefixes eligible for label generation.

example:

create access list:

"""access-list 10 permit 150.1.0.0 0.0.255.255"""

Stop automatic assigning of labels to prefixes.

"""no mpls ldp advertise-labels"""

use of access list to filter the label generation

"""mpls ldp advertise-labels for 10"""

Before MPLS label filtering:

After MPLS label filtering:

MPLS forwarding using FIB & LFIB

To forward packets LSR uses:

CEF FIB
MPLS LFIB

Both the FIB & LFIB hold

necessary label information
outgoing interface
next-hop

CEF FIB: Forward Information Base

Used for incoming unlabeled packets.
Router matches the packet's destination IP address to the best prefix in the FIB
And forward the packet based on that entry.

MPLS LFIB: Labeled Forward Information Base:

Used for labeled packets.
Router compares the label in the incoming packet to the LFIB's list of label
and forward the packet based on that LFIB entry.

Above image taken from Cisco press: ccie R&S certification guide, 4th edition

MPLS enable forwarding process based on something other than the destination ip address such as:

VPN from which the packet originated
forwarding to balance traffic with traffic engineering
& forwarding over different links based on QoS goals.

Tuesday, April 10, 2012

VRF: Virtual Routing & Forwarding

VRF:

VRF tables are the fundamental building block for virtualizing a router, it turn into multiple virtual routers.
Technically VRF is a separate RIB(Routing Information Base) & FIB (Forward Information Base)
Any interface on the router could be assigned to a VRF.

using command "ip vrf forwarding <name>"
this command will erase all existing ip address config on the interface (to avoid duplication)
After this configuration, all packets recevied on the interface are routed & forwarded using the associated VRF table.
VRF enabled interfaces are not showed in global routing table

i.e show ip route

Each VRF has its own routing table

to see this routing table use "show ip vrf "

Interfaces showed in global routing table are not in any vrf.

i.e. VRF & global routes are separate.

VRFs without MPLS is considered as "VRF Lite"
If 2 VRFs have same ip prefix but they cannot route to each other.

Because they are separately labeled.

We cannot manually leak the traffic between VRFs by creating static routes.

i.e. interfaces are route with other interfaces which are in same VRF.

BGP is enhanced to handle VRF specific routes.

A new sepcial MP-BGP address family named "VPN IPv4" has been added to bgp along with new NLRI format.

To support multiple customers in MPLS VPN, VRF tables were used.

VRF tables are used to store routes separately for different customer VPNs.
The use of separate tables solves some problems:

Leakage packets from one customer to another due to overlapping prefixes

VRF has 3 main components:

An IP routing table (RIB)
A CEF FIB, populated based on that VRF's RIB
A separate process of the routing protocol used to exchange routes with the CE's.

MPLS Laeyer 3 VPNs

VPNs:

Customers can connect geographically divers sites across the provider's network

Traditionally VPN were based on IPsec(layer-3) or TLS(laery-2)
These 2 were slow & having less features.
By using MPLS we will overcome these problems.
With Layer-3 VPNs the service provider participate in the customer's Layer-3 routing.

Service provider's PE router connect with CE router with L3 protocols

Layer 2 VPNs: Provider connect the customer site with layer 2 technologies like ATM, Frame-relay or ethernet.
MPLS Layer 3 VPNs:

Combines the logic of MPLS tunnels with layer 3 routing information
PE routers learn customer routes from Customer Edge(CE) routers.
PE routers advertise customer routes to other PEs via multi-protocol BGP.
No need to know about the customer route in the middle of the SP network.
BGP next-hops point to MPLS tunnels

ex: loopbacks of PE routers

MPLS L3 VPNs have 2 basic components

Seperation of customer routing information

to do this VRF (Virtual Routing & Forwarding) used.
VRF used on PE routers to keep track on customer routes on per interface basis.

Exchange of customer routing information.

to do this MP-BGP is used over the MPLS network.
Traffice is label switched towards the BGP next-hops.

The idea of MPLS VPN is

establishing a full-mesh of dynamic MPLS LSRs between PE routers.
using these PE routers for tunneling VPN packets across the network core.

MPLS Tunnel

MPLS tunnels are known as LSP(label switching path)
MPLS tunnels(LSP) are unidirectional.
MPLS main advantages No need to know about source & destination IP address.
No need to run BGP in MPLS core.
Router outside the sp network can be label switched based on the BGP next-hop
MPLS tunnel label, transports MPLS labeled VPN packets b/n Provider Edge routers along the LSP.
MPLS VPN label remains the same between PEs.
MPLS tunneling is most widely supported, particularly for manually configured, point to point tunnels.
MPLS tunnel problems:

BGP next-hop values must be loopback interface of remote PE.
BGP next-hop determine what label value should be used.
Incorrect next-hop vlalue can result in traffic black hole in MPLS network

label is PHPed one shop to soon

MPLS tunnels are similar to Frame-Relay or ATM PVCs.

Frame-Relay packets are switched based on the DLCI value found in the header.
This DLCI value is purely local
These DLCI value on packet header is rewritten every time the packet switched out.
similar principle is employed in MPLS.

MPLS Troubleshooting

LDP Neighborship failed

MPLS not enabled,
LDP TCP-646/711 ports filtered
No L3 route to LDP neigh
Router ID

Label not assigned

CEF not enabled

Label not shared

LDP/TCP comaptible problems between neighbor.

Slow convergence

Don't use RIP(slow protocol) as IGP
IGP is main reason for delay in convergense

Large packets dropped

Multiple labels may be present, pushing the MTU to a size not supported by the infrastructure.
MPU not supported by switches

Config MPLS

Requirements:

CEF enabled:

ip cef globally.
IGP routing with full connectivity.
Enable MPLS ip globally & on interfaces.

Optional :

Specify TDP/LDP/both as protocol
Specify LDP router ID
Specify transport IP address

If there are so many interfaces to enable MPLS

use MPLS LDP autoconfig under the routing process(OSPF or EIGRP or etc)

Loop prevention in MPLS

LDP learns best routes from IGP.
IGP will give best loop free paths.
If the IGP have loops, MPLS TTL stops the forwarding of packet

by TTL run from 255 to 0.
for every switching of packet TTL will be decremented by 1.

The initial TTL MPLS use in the label is copied from original IP packet TTL.

Unsolicited & Lieberal

Without asking, labels can advertise towards downstream is called downstream Unsolicited label advertising.
Liberal Label retention:

LSR learn the both best & 2nd best path from all received advertisements.

Monday, April 9, 2012

MPLS Forwarding Table

Outgoing label or VC

no label means MPLS is not enable on that interface
Pop label means MPLS is enabled and MPLS was enabled on directly connected interface.
Digit indicates the remote interfaces on which MPLS is enabled

MPLS Applications

MPLS change network design

by eliminating the need for an Overlay (full mesh of routers).

Performance is improved

because packets are switched instead of routed.

QoS can be implemented end to end

by having an PE router classify packets & map a value to the Experimental (EXP) field of the MPLS label stack.

Traffic Engineering is made possible through label stacking & traffic-engineered tunnels.

MPLS OPERATION

Unlabeled packet enter into the service provider network via PE router.
PE router add label impose a label to the unlabeled packet & then forward to the P router(also known as LSR) along the Label Switch Path(LSP) in the core network of service provider.
In the core network of service provider each P routers forward the packet by swapping the labels along the LSR learned by protocol LDP.
At other end when leaving service provider network PE router (also known as Edge-LSR) pops the label by mechanism called Penultimate Hop Popping.
Penultimate meaning is "next to last"
last hop in the service provider network must

look up MPLS label
POP MPLS label
Look for IPv4 destination

PHP avoids extra look up for MPLS label on last hop
For this implict NULL label was advertised

MPLS Architecture

Labels are bound to routes in the routing table
MPLS architecture components:

Control plane
Forwarding plane

CONTROL:

Responsible for

binding a label to network routes

for this we need routing table
to get routing table we need a routing protocol

and distribute those bindings among other MPLS enabled routers

for this 2 protocols are used

Tag Distribution Protocol(TDP):

Cisco proprietary protocol
used to bind tags to network routes in the routing table.

FORWARDING:

The routing table is built in the control plane & cached in forwarding plane.
Forward Information Base is built by CEF.
FIB is a cached version of the ip routing table that eliminates the need for a lookup of routing table.
Router compares the packet's destination ip address to the CEF FIB, ignore the ip routing table.
CEF optimizes the organization of FIB, so that router easily find the correct FIB entry,

resulting in a smaller forwarding delay & high volume of packets per second through a router.

For each packet, the router finds the matching FIB entry,

then finds the adjacency table entry referenced by the matching FIB entry,
and forward the packet

Sunday, April 8, 2012

MPLS Header & Label

The MPLS header is 4-byte header,

located immediately before the IP header
also referred as MPLS shim header

MPLS label is actually a 20-bit field in the MPLS header.
MPLS Label or MPLS Label Stack (specifically)
Fields in MPLS Header are:

Label:

length is 20-bits,with
identifies the potion of a LSP

EXP(Experiment):

3-bits in length
Used to map the standard IP packet Type Of Service (TOS) into the Experimental field fro MPLS Class Of Service(COS)
only used for experimental purpose only

S(Stack bit):

MPLS labels are stacked one on other label.
to indicate last MPLS header before ip header

TTL(Time To Live)

The TTl field from the IP TTL is decremented by 1 & then copied into the MPLS label TTL field.
When exiting from the MPLS network, MPLS label TTL value is copied back to the IP TTL field
If this field is set to 0, the packet will be discarded
this field length is 8-bits

MPLS label stack Placement:

It is placed between Layer 2 header & Layer 3 header.
For this some times MPLS labels stack referred as shim header
Router forward packets based on the MPLS label header because it comes before the Layer 3 header.
In MPLS, ip packets are switched instead of routed.

"Labels are bound to routes in the routing table"
In label stack, the outer label is used to forward the packet along the LSP, inner label is used to identify the VPN site.
This beneath label called as the VPN label

TERMS

Overlay Model:

In which the routers are connected in a full mesh through virtual circuits.

Forward Equivalence Class (FEC):

FEC is group of IP packets that are treated in same way(based on a number of criteria, like ip protocol id, port numbers, etc.

CE: Customer Edge device

Router that connect to the customer network & a service provider
CE devices are not LSRs & can handle regular unlabeled IP packets

PE: Provider Edge device

This is a service provider equipment
It connects to a customer & into the Provider(P) Network.

P: Provider Device:

Service provider equipment
It exist in Provider network & connect to another service provider device not the customer

LSR: Label Switch Router

A router/switch that is capable of forwarding packets based on labels

Edge-LSR:

More specific term for the PE router
Also an LSR
Push/Pop the label to/from the ip packet and forward to next hop.
A PE device is an Edge-LS in MPLS based networks.

RIB: Routing Information Base:

A router's unicast ip forwarding control plane uses routing protocols, static routes and connected routes to create a Routing Information Base.

FIB: Forward Information Base:

adding a FIB entry for each destination IP prefix in the routing table
it will be possible after enabling the CEF.
FIB entry has detailed information needed for forwarding:

next-hop router
outgoing interface

Used for incoming unlabeled packets

LFIB:

MPLS LDP

LSRs uses LDP to send messages to their neighbors.
By advertising an IP prefix & label in the update, the LSR says:

if you want to send packets to this prefix, send them(packets) to me"

Stand for RFC 3036 "LDP specification"
Neighbor discovery:

send via UDP port 646 to 224.0.0.5

Neighbor adjacency

uses tcp port 646 to remote LDP router-id

Label advertisement

Advertise FEC for

connected IGP interfaces
IGP learned routes

For MPLS unicast ip routing:

LDP simply advertises labels for each prefix listed in the IP routing table.

New ip route in the unicast ip routing table triggers the LDP advertisement.
To learn the new route LSR allocates a label called a local label
Local Label:

which represent the ip prefix just added to the routing table.

MPLS Commands

ip cef
mpls label protocol [LDP/TDP]

LDP is default for new version ios
TDP is default for old version ios

mpls ip
sh mpls ldp inerface
sh mpls ldp neighbour
sh mpls ldb bindings (local/remote)
sh mpls forwarding-table
sh ip cef
config)# mpls ldp advertise-labels for 20 to 30

advertise labels only 20 to 30 to its neighbors.

sh control-plane host open-ports
sh ip cef a.b.c.d 255.255.255.0
sh mpls ldp parameters
sh mpls ldp discovery
mpls ldp router-id <interface> force
mpls ldp discovery transport-address interface

if some reasons loopback ip address is not reachable, tcp connection will not establish.
then ldp to establish a tcp connection using physical interface ip address use above command under the interface level.

mpls ldp neighbor <ip> password <password>

ip-neighbor's ldp router-id

mpls ldp password required

to make use of password mandatory use the above command globally.

MPLS Traffic Engineering

Traffic Engineering: Manipulating traffic to fit to the available network resources.
In Traffic Engineering, simply tweaking the IP metrics on interfaces.
Traffic engineering with MPLS is the best of connection-oriented traffic engineering techniques (such as ATM PVC placement) & merge them with IP routing.
MPLS is an integration of Layer2 & Layer 3 technologies.
MPLS enables Traffic Engineering, by making Layer 2 feature available to Layer 3.

MPLS & Routing

A label represent a set of packets but not the particular path in network.
Routing path is choosen by the existing layer 3 routing protocols

Distribution of LABEL BINDING

Each LSR in network have independent & local decision when forwarding ip packet.
Label Binding:

Each LSR in the network makes an independent, local decision as to which label value to use to represent a Forwarding Equivalence Class (different or same ip packets with same forwarding function).

Each LSR informs its neighbors of the label bindings it has made.
For this following protocols are used:

TDP: Tag Distribution Protocol

MPLS forwarding along normally routed path
Cisco proprietorial and legacy

RSVP: Resource Reservation Protocol

To support MPLS traffic engineering.

BGP: Border Gateway Protocol

Used to support MPLS VPNs

Label value changes as the ip packet traverse the network.

Label Switching Functions

In label switching, analysis of the layer 3 header is done only once.

After this analysis, add a fixed length, unstructured value called a label.

Many different header add to the same label (those headers are have same next hop)

i.e. a label represents a forwarding equivalence class
Means a set of packets which are different but they are indistinguishably by the forwarding function.

The initial choice of label may not depend upon the content of layer 3 packet header

Ex: Forwarding decisions at subsequent hops can also be based on routing policies.

The packet header need not be reanalysis during packet transit through the network.

Because the label is fixed length and unstructured.
So the MPLS forwarding table lookup process is straight forward & fast

Saturday, April 7, 2012

BENEFITS

Highly Scalable
In VPN(Virtual Private Networks) MPLS support any-to-any communication among VPN sites

for this no requirement of full mesh of PVCs or sub optimal routing.

Explicit Routing capabilities.

It will be possible due to the MPLS Traffic Engineering.

MPLS enables an ATM switch to perform virtually all of the functions of an IP router.
Eliminates the dependence on particular OSI layer technology.
Eliminate the need for multiple layer-2 networks to satisfy different types of traffic.

Before using the MPLS you must enable the CEF (Cisco Express Forwarding) on the router.
MPLS terminology

LSR: Label Switch Routher

A router forward IP Packets based on the Labels.

Edge-LSR:

A router at the end of MPLS network.
which forward both labeled & unlabeled packets

Ingress E-LSR:

A router at an end of MPLS network(Edge-LSR or E-LSR), which add labels to the unlabeled & labeled ip packets.

Egress E-LSR:

A router removes the labels of received labeled ip packet & forward as unlabeled.

CE Router:

Generally in ip routing, packets are forward based on the ip address
But in MPLS, ip packets are assigned with labels.
Gnerally when forwarding ip packet, whole packet will be read. then forward
But in MPLS, read only the top label, based on thins info ip packet will be forwarded
Today MPLS is, for the most part, a standardized version of Cisco's proprietary "tag switching".

MPLS

MPLS: (Multip Protocol Label Switching)

Introduction: