VRF: Virtual Routing & Forwarding

• VRF:
• VRF tables are the fundamental building block for virtualizing a router, it turn into multiple virtual routers.
• Technically VRF is a separate RIB(Routing Information Base) & FIB (Forward Information Base)
• Any interface on the router could be assigned to a VRF.
• using command "ip vrf forwarding <name>"
• this command will erase all existing ip address config on the interface (to avoid duplication)
• After this configuration, all packets recevied on the interface are routed & forwarded using the associated VRF table.
• VRF enabled interfaces are not showed in global routing table
• i.e show ip route
• Each VRF has its own routing table
• to see this routing table use "show ip vrf "
• Interfaces showed in global routing table are not in any vrf.
• i.e. VRF & global routes are separate.
• VRFs without MPLS is considered as "VRF Lite"
• If 2 VRFs have same ip prefix but they cannot route to each other.
• Because they are separately labeled.
• We cannot manually leak the traffic between VRFs by creating static routes.
• i.e. interfaces are route with other interfaces which are in same VRF.
• BGP is enhanced to handle VRF specific routes.
• A new sepcial MP-BGP address family named "VPN IPv4" has been added to bgp along with new NLRI format.
• To support multiple customers in MPLS VPN, VRF tables were used.
• VRF tables are used to store routes separately for different customer VPNs.
• The use of separate tables solves some problems:
• Leakage packets from one customer to another due to overlapping prefixes
• VRF has 3 main components:
• An IP routing table (RIB)
• A CEF FIB, populated based on that VRF's RIB
• A separate process of the routing protocol used to exchange routes with the CE's.
• 
  

MPLS Laeyer 3 VPNs

• VPNs:
• Customers can connect geographically divers sites across the provider's network
• Traditionally VPN were based on IPsec(layer-3) or TLS(laery-2)
• These 2 were slow & having less features.
• By using MPLS we will overcome these problems.
•  With Layer-3 VPNs the service provider participate in the customer's Layer-3 routing.
• Service provider's PE router  connect with CE router with L3 protocols
• Layer 2 VPNs: Provider connect the customer site with layer 2 technologies like ATM, Frame-relay or ethernet.
• MPLS Layer 3 VPNs:
• Combines the logic of MPLS tunnels with layer 3 routing information
•  PE routers learn customer routes from Customer Edge(CE) routers.
• PE routers advertise customer routes to other PEs via multi-protocol BGP.
• No need to know about the customer route in the middle of the SP network.
• BGP next-hops point to MPLS tunnels
• ex: loopbacks of PE routers
• MPLS L3 VPNs have 2 basic components
• Seperation of customer routing information
• to do this VRF (Virtual Routing & Forwarding) used.
• VRF used on PE routers to keep track on customer routes on per interface basis.
• Exchange of customer routing information.
• to do this MP-BGP is used over the MPLS network.
• Traffice is label switched towards the BGP next-hops.
• The idea of MPLS VPN is 
• establishing a full-mesh of dynamic MPLS LSRs between PE routers.
• using these PE routers for tunneling VPN packets across the network core.
• 
  

MPLS Tunnel

• MPLS tunnels are known as LSP(label switching path)
• MPLS tunnels(LSP) are unidirectional.
• MPLS main advantages No need to know about source & destination IP address.
• No need to run BGP in MPLS core. 
• Router outside the sp network can be label switched based on the BGP next-hop
• MPLS tunnel label, transports MPLS labeled VPN packets b/n Provider Edge routers along the LSP.
• MPLS VPN label remains the same between PEs.
• MPLS tunneling is most widely supported, particularly for manually configured, point to point tunnels.
• MPLS tunnel problems:
• BGP next-hop values must be loopback interface of remote PE.
•  BGP next-hop determine what label value should be used.
• Incorrect next-hop vlalue can result in traffic black hole in MPLS network
• label is PHPed one shop to soon
• MPLS tunnels are similar to Frame-Relay or ATM PVCs.
• Frame-Relay packets are switched based on the DLCI value found in the header.
• This DLCI value is purely local
• These DLCI value on packet header is rewritten every time the packet switched out.
• similar principle is employed in MPLS.
•  

MPLS Troubleshooting

• LDP Neighborship failed
• MPLS not enabled,
• LDP TCP-646/711 ports filtered
• No L3 route to LDP neigh
• Router ID
• Label not assigned
• CEF not enabled
• Label not shared
• LDP/TCP comaptible problems between neighbor.
• Slow convergence
• Don't use RIP(slow protocol) as IGP
• IGP is main reason for delay in convergense
• Large packets dropped
• Multiple labels may be present, pushing the MTU to a size not supported by the infrastructure.
• MPU not supported by switches

Config MPLS

• Requirements:
• CEF enabled:
• ip cef globally.
• IGP routing with full connectivity.
• Enable MPLS ip globally & on interfaces.
• Optional :
• Specify TDP/LDP/both as protocol
• Specify LDP router ID
• Specify transport IP address 
• If there are so many interfaces to enable MPLS
• use MPLS LDP autoconfig under the routing process(OSPF or EIGRP or etc)
• 
  

Loop prevention in MPLS

• LDP learns best routes from IGP.
• IGP will give best loop free paths.
• If the IGP have loops, MPLS TTL stops the forwarding of packet
• by TTL run from 255 to 0.
• for every switching of packet TTL will be decremented by 1.
• The initial TTL MPLS use in the label is copied from original IP packet TTL.

Unsolicited & Lieberal

• Without asking, labels can advertise towards downstream is called downstream Unsolicited label advertising.
• Liberal Label retention:
• LSR learn the both best & 2nd best path from all received advertisements.