MPLS Cisco

MPLS Introduction
Session Number
Presentation_ID
2001, Cisco Systems, Inc. All rights reserved.
Agenda
Introduction to MPLS
LDP
MPLS VPN
Monitoring MPLS
Presentation_ID
MPLS Concept
At Edge:
Classify packets
Label them
Edge Label
Switch
Router
In Core:
Forward using
labels (as opposed
to IP addr)
Label indicates
service class and
destination
(ATM Switch
or Router)
Label Switch
Router (LSR)
Router
Label
Distribution
Protocol (LDP)
Presentation_ID
ATM switch +
Tag Switch
Controller
MPLS concept
MPLS: Multi Protocol Label Switching
Packet forwarding is done based on Labels.
Labels are assigned when the packet
enters into the network.
Labels are on top of the packet.
MPLS nodes forward packets/cells based on
the label value (not on the IP information).
Presentation_ID
MPLS concept
MPLS allows:
Packet classification only where the packet
enters the network.
The packet classification is encoded as a label.
In the core, packets are forwarded without
having to re-classify them.
- No further packet analysis
- Label swapping
Presentation_ID
MPLS Operation
1a. Existing routing protocols (e.g. OSPF, IS-IS)
establish reachability to destination networks.
1b. Label Distribution Protocol (LDP)
establishes label to destination
network mappings.
2. Ingress Edge LSR receives packet,

performs Layer 3 value-added
services, and labels(PUSH) packets.
Presentation_ID
4. Edge LSR at egress

removes(POP) label
and delivers packet.
3. LSR switches packets using

label swapping(SWAP) .
6
Label Switch Path (LSP)
IGP domain with a label

distribution protocol
LSP follows IGP shortest path

LSP diverges from IGP shortest path
LSPs are derived from IGP routing information

LSPs may diverge from IGP shortest path
LSPs are unidirectional
Return traffic takes another LSP
Presentation_ID
Encapsulations
ATM Cell Header
GFC
VPI
VCI
PTI
CLP HEC
DATA
Label
PPP Header
(Packet over SONET/SDH)
PPP Header
Label Header
Layer 3 Header
LAN MAC Label Header
MAC Header
Label Header
Layer 3 Header
Presentation_ID
Label Header
0
1
2
3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Label
Label = 20 bits
S = Bottom of Stack, 1 bit
EXP S
TTL
EXP = Class of Service, 3 bits

TTL = Time to Live, 8 bits
Header= 4 bytes, Label = 20 bits.

Can be used over Ethernet, 802.3, or PPP
links
Contains everything needed at forwarding
time
Presentation_ID
Loops and TTL
In IP networks TTL is used to prevent packets

to travel indefinitely in the network
MPLS may use same mechanism as IP, but not
on all encapsulations
TTL is present in the label header for PPP and LAN
headers (shim headers)
ATM cell header does not have TTL
Presentation_ID
10
Loops and TTL

LSR-1
LSR-3
LSR-2
IP packet
TTL = 10
Label = 25
IP packet
TTL = 6
Label = 39
IP packet
TTL = 6
LSR-6
LSR-6 --> 25
Hops=4
Label = 21
IP packet
TTL = 6
LSR-4
IP packet
TTL = 6
LSR-5
Egress
TTL is decremented prior to enter the non-TTL capable

LSP
If TTL is 0 the packet is discarded at the ingress point
TTL is examined at the LSP exit
Presentation_ID
11
Label Assignment and Distribution
Labels have link-local significance:

Each LSR binds his own label mappings
Each LSR assign labels to his FECs
Labels are assigned and exchanged
between adjacent neighboring LSR
Presentation_ID
12
Label Assignment and Distribution

Upstream and Downstream LSRs
171.68.40/24
171.68.10/24
Rtr-A
Rtr-B
Rtr-C
Rtr-C is the downstream neighbor of Rtr-B for

destination 171.68.10/24
Rtr-B is the downstream neighbor of Rtr-A for
LSRs know their downstream neighbors through the IP
routing protocol
Next-hop address is the downstream neighbor
Presentation_ID
13
Unsolicited Downstream Distribution

Use label 30 for destination
171.68.10/24

171.68.10/24
171.68.40/24
171.68.10/24
Rtr-A
In
I/F
In
Lab
Address
Prefix
171.68.10
... ...
Out
I/F
Rtr-B
Out
Lab
30
Next-Hop...
...
...
1
Rtr-C
In
I/F
In
Lab
30 171.68.10
... ...
Address
Prefix
Out
I/F
Out
Lab
40
Next-Hop...
...
...
1
In
I/F
In
Lab
40 171.68.10
... ...
Address
Prefix
Out
I/F
Out
Lab
...
Next-Hop...
...
IGP derived routes
LSRs distribute labels to the upstream neighbors

Presentation_ID
14
On-Demand Downstream
Distribution

171.68.10/24

171.68.10/24
171.68.10/24
171.68.40/24 Rtr-A
Rtr-B
Request label for
Rtr-C
Request label for
Upstream LSRs request labels to downstream neighbors

Downstream LSRs distribute labels upon request
Presentation_ID
15
Label Retention Modes

Liberal retention mode
LSR retains labels from all neighbors
Improve convergence time, when next-hop is again available
after IP convergence
Require more memory and label space
Conservative retention mode

LSR retains labels only from next-hops neighbors
LSR discards all labels for FECs without next-hop
Free memory and label space
Presentation_ID
16
Label Distribution Modes

Independent LSP control
LSR binds a Label to a FEC independently, whether or not the LSR has
received a Label the next-hop for the FEC
The LSR then advertises the Label to its neighbor
Ordered LSP control

LSR only binds and advertise a label for a particular FEC if:
it is the egress LSR for that FEC or
it has already received a label binding from its next-hop
Presentation_ID
17
Router Example: Forwarding

Packets
Address
Prefix
I/F
Address
Prefix
I/F
Address
Prefix
I/F
128.89
128.89
128.89
171.69
171.69
128.89
128.89.25.4 Data
0 128.89.25.4 Data
1
128.89.25.4 Data
128.89.25.4 Data
Packets Forwarded
Based on IP Address
Presentation_ID
171.69
18
MPLS Example: Routing Information

Out
In
Address Out
Label
Iface
Label Prefix
Out
In
Address Out
Label
Iface
Label Prefix
128.89
128.89
171.69
171.69
Out
In
Address Out
Label
Iface
Label Prefix
128.89
0
0
You Can Reach 128.89 and

171.69 Thru Me
Routing Updates
(OSPF, EIGRP, )
Presentation_ID
128.89
You Can Reach 128.89 Thru

Me
1
You Can Reach 171.69 Thru

Me
171.69
19
MPLS Example: Assigning Labels

Out
In
Address Out
Label
Iface
Label Prefix
Out
In
Address Out
Label
Iface
Label Prefix
128.89
128.89
171.69
171.69
Out
In
Address Out
Label
Iface
Label Prefix
128.89
128.89
Use Label 9 for 128.89

Use Label 4 for 128.89 and
Label Distribution
Protocol (LDP)
171.69
(downstream allocation)
Presentation_ID
20
MPLS Example: Forwarding Packets

Out
In
Address Out
Label
Iface
Label Prefix
Out
In
Address Out
Label
Iface
Label Prefix
128.89
128.89
171.69
171.69
Out
In
Address Out
Label
Iface
Label Prefix
128.89
128.89
128.89.25.4
128.89.25.4
Data
Data
128.89.25.4 Data
128.89.25.4
Data
Label Switch Forwards

Based on Label
Presentation_ID
21
Agenda
LDP
MPLS VPN
Monitoring MPLS
Presentation_ID
22
MPLS Unicast IP Routing

MPLS introduces a new field that is used for
forwarding decisions.
Although labels are locally significant, they have
to be advertised to directly reachable peers.
One option would be to include this parameter into
existing IP routing protocols.
The other option is to create a new protocol to
exchange labels.
The second option has been used because there

are too many existing IP routing protocols that
would have to be modified to carry labels.
Presentation_ID
23
Label Distribution Protocol
Defined in RFC 3036 and 3037

Used to distribute labels in a MPLS network
Forwarding equivalence class
How packets are mapped to LSPs (Label
Switched Paths)
Advertise labels per FEC

Reach destination a.b.c.d with label x
Neighbor discovery
Basic and extended discovery
Presentation_ID
24
MPLS Unicast IP Routing

Architecture
LSR
Exchange of
routing information
Control plane
Routing protocol
IP routing table
Exchange of
labels
Incoming
IP packets
Incoming
labeled packets
Presentation_ID
Label distribution protocol
Data plane
IP forwarding table
Label forwarding table
Outgoing
IP packets
Outgoing
labeled packets
25
MPLS Unicast IP Routing: Example

LSR
Control plane
OSPF:
10.0.0.0/8 1.2.3.4
RT:
10.0.0.0/8 1.2.3.4
OSPF: 10.0.0.0/8
LIB:
Data plane
10.1.1.1
L=5 10.1.1.1
Presentation_ID
FIB:
10.0.0.0/8 1.2.3.4
10.1.1.1
LFIB:
26
MPLS Unicast IP Routing: Example

LSR
Control plane
LDP: 10.0.0.0/8, L=5
OSPF:
10.0.0.0/8 1.2.3.4
RT:
10.0.0.0/8 1.2.3.4
LIB:
10.0.0.0/8 Next-hop L=3, Local L=5
OSPF: 10.0.0.0/8
LDP: 10.0.0.0/8, L=3
Data plane
10.1.1.1
L=5 10.1.1.1
Presentation_ID
FIB:
LFIB:
10.0.0.0/8 1.2.3.4 , L=3
L=3 10.1.1.1
L=5 L=3
L=3 10.1.1.1
27
Label Allocation in Packet-Mode

MPLS Environment
Label allocation and distribution in packet-mode
MPLS environment follows these steps:
1. IP routing protocols build the IP routing table.
2. Each LSR assigns a label to every destination in the
IP routing table independently.
3. LSRs announce their assigned labels to all other
LSRs.
4. Every LSR builds its LIB, LFIB data structures based
on received labels.
Presentation_ID
28
Building the IP Routing Table

Routing table of A
Network Next-hop
X
B
Routing table of B
Network Next-hop
X
C
Routing table of C
Network Next-hop
X
D
FIB on A
Network Next hop Label
X
B
Routing table of E
Network Next-hop
X
C
Network X
IP routing protocols are used to build IP routing tables

on all LSRs.
Forwarding tables (FIB) are built based on IP routing
tables with no labeling information.
Presentation_ID
29
Allocating Labels
Routing table of B
Network Next-hop
X
C
Router B assigns label 25 to

destination X.
Network X
E
Every LSR allocates a label for every destination in the

IP routing table.
Labels have local significance.
Label allocations are asynchronous.
Presentation_ID
30
LIB and LFIB Set-up

Routing table of B
Network Next-hop
X
C
Label
25
LFIB on B
Action Next hop
E
pop
C
LIB on B
Network
LSR label
X
local
25
Router B assigns label 25 to

destination X.
Outgoing action is POP as B

has received no label
for X
Network X
from C.
Local label is stored in LIB.
LIB and LFIB structures have to be initialized on the LSR

allocating the label.
Presentation_ID
31
Label Distribution
LIB on B
Network
LSR label
X
local
25
X = 25
A
X = 25
B
25
Network X
E
The allocated label is advertised to all neighbor

LSRs, regardless of whether the neighbors are
upstream or downstream LSRs for the destination.
Presentation_ID
32
Receiving Label Advertisement

LIB on A
Network
LSR label
X
B
25
LIB on C
Network
LSR label
X
B
25
X = 25
A
X = 25
B
FIB on A
X
B
25
25
Network X
E
LIB on E
Network
LSR label
X
B
25
Every LSR stores the received label in its LIB.

Edge LSRs that receive the label from their next-hop
also store the label information in the FIB.
Presentation_ID
33
Interim Packet Propagation

Label lookup is performed
in LFIB, label is removed.
Label
25
IP: X
Lab: 25
LFIB on B
Action Next hop
pop
C
B
FIB on A
X
B
25
IP: X
IP lookup is performed in
FIB, packet is labeled.
Forwarded IP packets are labeled only on the path

segments where the labels have already been assigned.
Presentation_ID
34
Further Label Allocation

LIB on C
Network
LSR label
X
B
25
local
47
X = 47
A
X
E
47
Router C assigns label

Network X
47 to destination X.
Label
47
LFIB on C
Action Next hop
pop
D
Every LSR will eventually assign a label for every

destination.
Presentation_ID
35
Receiving Label Advertisement

FIB on B
X
C
47
LIB on B
Network
LSR label
X
local
25
C
47
X = 47
A
X
FIB on E
Network Next hop
X
C
Label
47
47
Network X
LIB on E
Network
LSR label
X
B
25
C
47
Every LSR stores received information in its LIB.

LSRs that receive their label from their next-hop LSR
will also populate the IP forwarding table (FIB).
Presentation_ID
36
Populating LFIB
FIB on B
X
C
47
LIB on B
Network
LSR label
X
local
25
C
47
X = 47
A
Label
25
LFIB on B
Action Next hop
47
C
47
Network X
Router B has already assigned label to X and created

an entry in LFIB.
Outgoing label is inserted in LFIB after the label is
received from the next-hop LSR.
Presentation_ID
37
Packet Propagation Across MPLS

Network
in LFIB, label is switched.
Ingress LSR
IP: X
Label
25
Lab: 25
LFIB on B
Action Next hop
47
C
B
FIB on A
X
B
25
Lab: 47
Label
47
E
Egress LSR
C
IP: X
LFIB on C
Action Next hop
pop
D
IP lookup is performed in
FIB, packet is labeled.
in LFIB, label is removed.
Presentation_ID
38
Convergence in Packet-mode MPLS

Steady State Description
Routing table of B
Network Next-hop
X
C
FIB on B
X
C
47
LIB on B
Network
LSR label
X
local
25
C
47
E
75
Label
25
Network X
E
LFIB on B
Action Next hop
47
C
After the LSRs have exchanged the labels, LIB, LFIB and
FIB data structures are completely populated.
Presentation_ID
39
Link Failure Actions

Routing table of B
Network Next-hop
X
C
FIB on B
X
C
47
LIB on B
Network
LSR label
X
local
25
C
47
E
75
Label
25
Presentation_ID
LFIB on B
Action Next hop
47
C
Network X
E
Routing protocol neighbors and LDP neighbors are lost

after a link failure.
Entries are removed from various data structures.
40
Routing Protocol Convergence

Routing table of B
Network Next-hop
X
E
FIB on B
X
E
LIB on B
Network
LSR label
X
local
25
C
47
E
75
Label
25
Presentation_ID
LFIB on B
Action Next hop
47
C
Network X
E
Routing protocols rebuild the IP routing

table and the IP forwarding table.
41
MPLS Convergence
Routing table of B
Network Next-hop
X
E
FIB on B
X
E
75
LIB on B
Network
LSR label
X
local
25
C
47
E
75
Label
25
Presentation_ID
LFIB on B
Action Next hop
75
E
Network X
E
LFIB and labeling information in FIB are rebuilt

immediately after the routing protocol convergence,
based on labels stored in LIB.
42
MPLS Convergence After a Link

Failure
MPLS convergence in packet-mode

MPLS does not impact the overall
convergence time.
MPLS convergence occurs immediately
after the routing protocol convergence,
based on labels already stored in LIB.
Presentation_ID
43
Link Recovery Actions

Routing table of B
Network Next-hop
X
E
FIB on B
X
E
75
LIB on B
Network
LSR label
X
local
25
C
47
E
75
Label
25
Presentation_ID
Network X
E
Routing protocol neighbors are

discovered after link recovery.
LFIB on B
Action Next hop
75
E
44
IP Routing Convergence After Link

Recovery
Routing table of B
Network Next-hop
X
E
C
FIB on B
X
E
75
C
LIB on B
Network
LSR label
X
local
25
C
47
E
75
Label
25
Presentation_ID
LFIB on B
Action Next hop
75
E
pop
C
Network X
E
IP routing protocols rebuild the IP routing table.

FIB and LFIB are also rebuilt, but the label information
might be lacking.
45
MPLS Convergence After a Link

Recovery
Routing protocol convergence optimizes the
forwarding path after a link recovery.
LIB might not contain the label from the new nexthop by the time the IP convergence is complete.
End-to-end MPLS connectivity might be
intermittently broken after link recovery.
Use MPLS Traffic Engineering for make-beforebreak recovery.
Presentation_ID
46
LDP Session Establishment

LDP and TDP use a similar process to establish a
session:
Hello messages are periodically sent on all interfaces
enabled for MPLS.
If there is another router on that interface it will respond by
trying to establish a session with the source of the hello
messages.
UDP is used for hello messages. It is targeted at all

routers on this subnet multicast address (224.0.0.2).
TCP is used to establish the session.
Both TCP and UDP use well-known LDP port number
646 (711 for TDP).
Presentation_ID
47
LDP Neighbor Discovery

UDP:
Hello
UDP:
Hello
UDP:
Hello
(1.0.0.2:1064
(1.0.0.2:1065224.0.0.2:646)
224.0.0.2:646)
(1.0.0.2:1066 224.0.0.2:646)
MPLS_A
1.0.0.1
UDP:
Hello
UDP:
Hello
UDP:
Hello
(1.0.0.1:1050
(1.0.0.1:1051 224.0.0.2:646)
224.0.0.2:646)
(1.0.0.1:1052 224.0.0.2:646)
TCP (1.0
.0
.4:1065
1.0.0
.1:646
UDP:
Hello
UDP:
Hello
UDP:
Hello
(1.0.0.4:1033
(1.0.0.4:1034224.0.0.2:646)
224.0.0.2:646)
(1.0.0.4:1035 224.0.0.2:646)
TCP (1.0.0.4:1066 1.0.0.2:646)
TCP
6)
1.0.0.1:64
3
4
0
:1
(1.0.0.2
MPLS_B
1.0.0.2
NO_MPLS_C
1.0.0.3
MPLS_D
1.0.0.4
LDP Session is established from the router with higher IP address.

Presentation_ID
48
LDP Session Negotiation

MPLS_A
1.0.0.1
Establish TCP session

Initialization message
MPLS_B
1.0.0.2
Initialization message
Keepalive
Keepalive
Peers first exchange initialization messages.

The session is ready to exchange label
mappings after receiving the first keepalive.
Presentation_ID
49
Double Lookup Scenario

MPLS Domain
10.0.0.0/8
L=17
17
10.0.0.0/8
L=18
10.1.1.1
18
10.0.0.0/8
L=19
10.1.1.1
19
10.0.0.0/8
10.1.1.1
10.1.1.1
FIB
10/8 NH, 17
FIB
10/8 NH, 18
FIB
10/8 NH, 19
FIB
10/8 NH
LFIB
35 17
LFIB
17 18
LFIB
18 19
LFIB
19 untagged
Double lookup is not an optimal way of

forwarding labeled packets.
Double lookup is needed:

1. LFIB: remove the label.
2. FIB: forward the IP
packet based on IP nexthop address.
A label can be removed one hop

earlier.
Presentation_ID
50
Penultimate Hop Popping

Pop or implicit null
label is adveritsed.
MPLS Domain
10.0.0.0/8
L=17
17
10.0.0.0/8
L=18
10.1.1.1
18
10.0.0.0/8
L=pop
10.1.1.1
10.0.0.0/8
10.1.1.1
10.1.1.1
FIB
10/8 NH, 17
FIB
10/8 NH, 18
FIB
10/8 NH, 19
FIB
10/8 NH
LFIB
35 17
LFIB
17 18
LFIB
18 pop
LFIB
One single lookup.
A label is removed on the router before

the last hop within an MPLS domain.
Presentation_ID
51
Penultimate hop popping optimizes

MPLS performace (one less LFIB lookup).
PHP does not work on ATM (VPI/VCI
cannot be removed).
Pop or implicit null label uses value 3
when being advertised to a neighbor.
Presentation_ID
52
LDP Messages
Discovery messages
Used to discover and maintain the presence of
new peers
Hello packets (UDP) sent to all-routers multicast
address
Once neighbor is discovered, the LDP session is
established over TCP
Presentation_ID
53
LDP Messages
Session messages
Establish, maintain and terminate LDP sessions
Advertisement messages
Create, modify, delete label mappings
Notification messages
Error signalling
Presentation_ID
54
Agenda
LDP
MPLS VPN
Monitoring MPLS
Presentation_ID
55
What Is a VPN?
VPN is a set of sites which are allowed to
communicate with each other.
VPN is defined by a set of administrative policies
Policies determine both connectivity and QoS
among sites.
Policies established by VPN customers.
Policies could be implemented completely by VPN
service providers.
Using BGP/MPLS VPN mechanisms
Presentation_ID
56
What Is a VPN? (Cont.)
Flexible inter-site connectivity

Ranging from complete to partial mesh
Sites may be either within the same or in different

organizations
VPN can be either intranet or extranet
Site may be in more than one VPN

VPNs may overlap
Not all sites have to be connected to the same service

provider
VPN can span multiple providers
Presentation_ID
57
IP VPN Taxonomy
IP VPNs
DIAL
ClientInitiated
DEDICATED
NASInitiated
Security
Appliance
Presentation_ID
IP
Tunnel
Router
Virtual
Circuit
FR
ATM
NetworkBased VPNs
RFC 2547
Virtual
Router
58
MPLS-VPN Terminology
Provider Network (P-Network)
The backbone under control of a Service
Provider
Customer Network (C-Network)

Network under customer control
CE router
Customer Edge router. Part of the C-network
and
interfaces to a PE router
Presentation_ID
59
Site
Set of (sub)networks part of the C-network and
co-located
A site is connected to the VPN backbone through
one or more PE/CE links
PE router
Provider Edge router. Part of the P-Network and
interfaces to CE routers
P router
Provider (core) router, without knowledge of VPN
Presentation_ID
60
Route-Target
64 bits identifying routers that should receive
the route
Route Distinguisher
Attributes of each route used to uniquely
identify prefixes among VPNs (64 bits)
VRF based (not VPN based)
VPN-IPv4 addresses
Address including the 64 bits Route
Distinguisher and the 32 bits IP address
Presentation_ID
61
VRF
VPN Routing and Forwarding Instance
Routing table and FIB table
Populated by routing protocol contexts
VPN-Aware network
A provider backbone where MPLS-VPN
is deployed
Presentation_ID
62
MPLS VPN Connection Model

A VPN is a collection of sites sharing a
common routing information (routing table)
A site can be part of different VPNs
A VPN has to be seen as a community of
interest (or Closed User Group)
Multiple Routing/Forwarding instances
(VRF) on PE routers
Presentation_ID
63

Site-4
Site-1
VPN-C
VPN-A
Site-2
Site-3
VPN-B
A site belonging to different VPNs may or MAY

NOT be used as a transit point between VPNs
If two or more VPNs have a common site, address
space must be unique among these VPNs
Presentation_ID
64

The VPN backbone is composed by MPLS LSRs
PE routers (edge LSRs)
P routers (core LSRs)
PE routers are faced to CE routers and distribute
VPN information through
MP-BGP to other PE routers
VPN-IPv4 addresses, Extended Community,
Label
P routers do not run BGP and do not have any VPN
knowledge
Presentation_ID
65

VPN_A
VPN_A
iBGP sessions
10.2.0.0
CE
CE
VPN_B
10.2.0.0 CE
PE
11.5.0.0
VPN_A
PE
CE
10.1.0.0
VPN_A
11.6.0.0
VPN_B
CE
PE
PE
CE
VPN_B
10.3.0.0
10.1.0.0 CE
P routers (LSRs) are in the core of the MPLS cloud

PE routers use MPLS with the core and plain IP with
CE routers
P and PE routers share a common IGP
PE router are MP-iBGP fully meshed
Presentation_ID
66

C
E Site-1
PE
EBGP,OSPF, RIPv2,Static
CE
Site-2
PE and CE routers exchange routing

information through:
EBGP, OSPF , RIPv2, Static routing
CE router run standard routing software
Presentation_ID
67

C
E
CE
Site-1
PE
VPN Backbone IGP (OSPF, ISIS)
Site-2
PE routers maintain separate routing tables

The global routing table
With all PE and P routes
Populated by the VPN backbone IGP (ISIS or OSPF)
VRF (VPN Routing and Forwarding)
Routing and Forwarding table associated with one or more directly
connected sites (CEs)
VRF are associated to (sub/virtual/tunnel)interfaces
Interfaces may share the same VRF if the connected sites may share
the same routing information
Presentation_ID
68

C
E Site-1
PE
VPN Backbone IGP
CE
Site-2
The routes the PE receives from CE routers are

installed in the appropriate VRF
The routes the PE receives through the backbone IGP
are installed in the global routing table
By using separate VRFs, addresses need NOT to be
unique among VPNs
Presentation_ID
69

The Global Routing Table is populated by
IGP protocols.
In PE routers it may contain the BGP
Internet routes (standard BGP-4 routes)
BGP-4 (IPv4) routes go into global routing
table
MP-BGP (VPN-IPv4) routes go into VRFs
Presentation_ID
70

P
PE
PE
VPN Backbone IGP
iBGP session
PE and P routers share a common IGP (ISIS or OSPF)

PEs establish MP-iBGP sessions between them
PEs use MP-BGP to exchange routing information
related to the connected sites and VPNs
VPN-IPv4 addresses, Extended Community, Label
Presentation_ID
71

P
P
PE-2
PE-1
VPN Backbone IGP
BGP,RIPv2 update
for Net1,NextHop=CE-1
Site-1
CE-1
VPN-IPv4 update is translated

into IPv4 address (Net1) put
into VRF green since RT=Green
and advertised to CE-2
CE-2
Site-2
VPN-IPv4 update:
RD:Net1, Next-hop=PE1
SOO=Site1, RT=Green,
Label=(intCE1)
PE routers receive IPv4 updates (EBGP, RIPv2, Static)

PE routers translate into VPN-IPv4
Assign a SOO and RT based on configuration
Re-write Next-Hop attribute
Assign a label based on VRF and/or interface
Send MP-iBGP update to all PE neighbors
Presentation_ID
72

P
P
PE-2
PE-1
VPN Backbone IGP
BGP,OSPF, RIPv2
update for Net1
Next-Hop=CE-1
Site-1
CE-1
VPN-IPv4 update is translated

into IPv4 address (Net1) put
into VRF green since RT=Green
and advertised to CE-2
CE-2
Site-2
VPN-IPv4 update:
RD:Net1, Next-hop=PE1
Label=(intCE1)
Receiving PEs translate to IPv4

Insert the route into the VRF identified by the
RT attribute (based on PE configuration)
The label associated to the VPN-IPv4 address will be set
on packet forwarded towards the destination
Presentation_ID
73

Route distribution to sites is driven by the Site of
Origin (SOO) and Route-target attributes
BGP Extended Community attribute
A route is installed in the site VRF corresponding to
the Route-target attribute
Driven by PE configuration
A PE which connects sites belonging to multiple
VPNs will install the route into the site VRF if the
Route-target attribute contains one or more VPNs to
which the site is associated
Presentation_ID
74

MP-BGP Update
VPN-IPV4 address
Route Distinguisher
64 bits
Makes the IPv4 route globally unique
RD is configured in the PE for each VRF
RD may or may not be related to a site or a VPN
IPv4 address (32bits)
Extended Community attribute (64 bits)

Site of Origin (SOO): identifies the originating site
Route-target (RT): identifies the set of sites the route has to
be advertised to
Presentation_ID
75

MP-BGP Update
Any other standard BGP attribute
Local Preference
MED
Next-hop
AS_PATH
Standard Community
...
A Label identifying:
The outgoing interface
The VRF where a lookup has to be done
The BGP label will be the second label in the label
stack of packets travelling in the core
Presentation_ID
76

MP-BGP Update - Extended community
BGP extended community attribute

Structured, to support multiple applications
64 bits for increased range
General form
<16bits type>:<ASN>:<32 bit number>
Registered AS number
<16bits type>:<IP address>:<16 bit number>
Registered IP address
Presentation_ID
77

MP-BGP Update - Extended community
The Extended Community is used to:

Identify one or more routers where the route has
been originated (site)
Site of Origin (SOO)
Selects sites which should receive the route
Route-Target
Presentation_ID
78

MP-BGP Update
The Label can be assigned only by the router which
address is the Next-Hop attribute
PE routers re-write the Next-Hop with their own
address (loopback interface address)
Next-Hop-Self BGP command towards iBGP
neighbors
Loopback addresses are advertised into the
backbone IGP
PE addresses used as BGP Next-Hop must be
uniquely known in the backbone IGP
No summarisation of loopback addresses in the core
Presentation_ID
79
MPLS Forwarding
Packet forwarding
PE and P routers have BGP next-hop reachability
through the backbone IGP
Labels are distributed through LDP (hop-by-hop)
corresponding to BGP Next-Hops
Label Stack is used for packet forwarding
Top label indicates BGP Next-Hop (interior label)
Second level label indicates outgoing interface or
VRF (exterior label)
Presentation_ID
80
MPLS Forwarding
CE1
IP
packet
P routers switch the

packets based on the IGP
label (label on top of the
stack)
PE1
Penultimate Hop
Popping
P2 is the penultimate
hop for the BGP nexthop
P2 remove the top label
This has been
requested through LDP
by PE2
PE2 receives the packets

with the label
corresponding to the
outgoing interface (VRF)
One single lookup
Label is popped and packet
sent to IP neighbor
CE2
IGP
Label(PE2)
VPN
IP Label
IP
packet
packet
PE1 receives IP packet
Lookup is done on site VRF
BGP route with Next-Hop and
Label is found
BGP next-hop (PE2) is reachable
through IGP route with
associated label
Presentation_ID
P1
IGP
Label(PE2)
VPN
IP Label
VPN Label
P2
IP
packet
PE2
packet
CE3
81
Packet Forwarding Example 1

VPN_A
VPN_A
10.2.0.0
CE
CE
VPN_B
10.2.0.0 CE
PE2
11.5.0.0
VPN_A
PE
CE
10.1.0.0
VPN_A
11.6.0.0
VPN_B
CE
T8T2Data
Data
CE
PE1
10.1.0.0 CE
VPN_B
10.3.0.0
<RD_B,10.1>,, iBGP
iBGP next
hop
PE1, T2
<RD_B,10.2>
NH=
PE2
T1 T7 T8
Ingress PE receives normal IP

Packets from CE router
PE router does IP Longest Match
from VPN_B FIB , find iBGP next
hop PE2 and impose a stack of
labels:
Presentation_ID
<RD_B,10.2> , iBGP next hop PE2

T2
<RD_B,10.3> , iBGP next hop PE3T3
<RD_A,11.6> , iBGP next hop PE1 T4
<RD_A,10.1> , iBGP next hop PE4T5
T8
T9
T7
TB
TB
T8
82
Packet Forwarding Example 1 (cont.)

VPN_A
VPN_A
10.2.0.0
VPN_B
CE
Data
10.2.0.0 CE
T2 Data
CE
TB T2 Data
PE2
VPN_A
11.6.0.0
VPN_B
CE
P
TAT2 Data
VPN_A
PE
CE
10.1.0.0
T8T2 Data
CE
PE1
10.1.0.0 CE
11.5.0.0
VPN_B
10.3.0.0
in / out
T7 Tu
T8,
T8 TA
Tw
T9 Tx
Ta Ty
Tb Tz
All Subsequent P routers do switch the packet

Solely on Interior Label
Egress PE router, removes Interior Label
Egress PE uses Exterior Label to select which VPN/CE
to forward the packet to.
Presentation_ID
83
12
130.130.10.1
B
12
130.130.11.3
In VPN 12, host 130.130.10.1 sends a packet

with destination 130.130.11.3
Customer sites are attached to Provider
Edge (PE) routers A & B.
Presentation_ID
84

(cont.)
1. Packet arrives on VPN 12

link on PE router A.
A
12
2. PE router A selects the

correct VPN forwarding table
based on the links VPN ID (12).
VPN-ID
VPN Site
Address
VPN Site
Label
Provider Edge
Router Address
PE
Label
12
130.130.10.0/24
26
172.68.1.11/32
42
12
130.130.11.0/24
989
172.68.1.2/32
101
...
...
...
...
...
Presentation_ID
85

(cont.)
VPN-ID
VPN Site
Address
VPN Site
Label
Provider Edge
Router Address
PE
Label
12
130.130.10.0/24
26
172.68.1.11/32
42
12
130.130.11.0/24
989
172.68.1.2/32
101
...
...
...
...
...
A
12
3. PE router A matches
the incoming packets
destination address
with VPN 12s
forwarding table.
101
989 130.130.11.3
Rest of IP packet
4. PE router A adds two

labels to the packet: one
identifying the destination
PE, and one identifying the
destination VPN site.
Presentation_ID
86
Packet Forwarding Example 2 (cont.)
5. Packet is label-switched from PE router A to PE B based on

the top label, using normal MPLS.
The network core knows nothing about VPNs and sites: it
only knows how to get packets from A to B using MPLS.
Presentation_ID
87

(cont.)
12
130.130.11.3
6. PE router B identifies the correct
site in VPN 12 from the inner label.
7. PE router B removes the labels
and forwards the IP packet to the
correct VPN 12 site.
Presentation_ID
88
MPLS VPN mechanisms
VRF and Multiple Routing Instances
VRF: VPN Routing and Forwarding

Instance
VRF Routing Protocol Context
VRF Routing Tables
VRF CEF Forwarding Tables
Presentation_ID
89
MPLS VPN mechanisms
VRF Routing table contains routes which should be

available to a particular set of sites
Analogous to standard IOS routing table, supports the
same set of mechanisms
Interfaces (sites) are assigned to VRFs
One VRF per interface (sub-interface, tunnel or virtual-template)
Possible many interfaces per VRF
Presentation_ID
90
MPLS VPN mechanisms
Routing
processe
s
BGP
RIP
Routing
contexts
VRF Routing tables
Routing processes run

within specific routing
contexts
Populate specific VPN
routing table and FIBs
(VRF)
Interfaces are assigned to
VRFs
VRF Forwarding
tables
Presentation_ID
Static
91
MPLS VPN mechanisms

Site-4
Logical view
Site-1
VPN-C
VPN-A
Site-2
Multihop MP-iBGP
P
PE
VRF
for site-1
Site-1
routes
Site-2
routes
Site-1
Presentation_ID
Routing view
PE
VRF
for site-2
Site-1
routes
Site-2
routes
Site-3
routes
Site-2
VPN-B
Site-3
VRF
for site-3
Site-2 routes
Site-3 routes
Site-4 routes
Site-3
VRF
for site-4
Site-3 routes
Site-4 routes
Site-4
92
MPLS VPN Topologies

iBGP sessions
VPN_A
VPN_A
10.2.0.0
CE
CE
VPN_B
10.2.0.0 CE
PE
11.5.0.0
VPN_A
PE
CE
10.1.0.0
VPN_A
11.6.0.0
VPN_B
CE
PE
PE
CE
VPN_B
10.3.0.0
10.1.0.0 CE
VPN-IPv4 address are propagated together with the associated

label in BGP Multiprotocol extension
Extended Community attribute (route-target) is associated to
each VPN-IPv4 address, to populate the site VRF
Presentation_ID
93
MPLS VPN Topologies
VPN sites with optimal intra-VPN routing
Each site has full routing knowledge of all

other sites (of same VPN)
Each CE announces his own address space
MP-BGP VPN-IPv4 updates are propagated
between PEs
Routing is optimal in the backbone
Each route has the BGP Next-Hop closest to
the destination
No site is used as central point for connectivity
Presentation_ID
94
MPLS VPN Topologies
VPN sites with optimal intra-VPN routing

Site-3
N3
Routing Table on
CE3
N1, PE3
N2, PE3
N3, Local
EBGP/RIP/Static
N3
NH=CE3
IntCE3
PE3
VRF
for site-1
N1,NH=CE
1
N2,NH=PE
2
N3,NH=PE
3
Routing Table on
CE1
N1, Local
N2, PE1
N3, PE1
PE1
VRF
for site-3
N1,NH=PE1
N2,NH=PE2
N3,NH=CE
3
VPN-IPv4 updates exchanged between

PEs
RD:N1, NH=PE1,Label=IntCE1, RT=Blue
PE2
IntCE
1
EBGP/RIP/Static
EBGP/RIP/Static
IntCE2
VRF
for site-2
N1,NH=PE
1
N2,NH=CE
2
N3,NH=PE
3
N2,NH=CE2
Site-2
N2
Routing Table on
CE2
N1,NH=PE2
N2,Local
N3,NH=PE2
N1
NH=CE1
Site-1
N1
Presentation_ID
95
MPLS VPN Topologies
VPN sites with Hub & Spoke routing
One central site has full routing knowledge of

all other sites (of same VPN)
Hub-Site
Other sites will send traffic to Hub-Site for any
destination
Spoke-Sites
Hub-Site is the central transit point between
Spoke-Sites
Use of central services at Hub-Site
Presentation_ID
96
MPLS VPN Topologies

VPN-IPv4 update advertised by PE1
RD:N1, NH=PE1,Label=IntCE1,
RT=Hub
Site-1
N1
CE1
Site-2
N2
CE2
IntCE1 VRF
(Import RT=Spoke)
(Export RT=Hub)
N1,NH=CE1 (exported)
N2,NH=PE3 (imported)
N3,NH=PE3 (imported
IntCE2 VRF
(Import RT=Spoke)
(Export RT=Hub)
BGP/RIPv2
PE1
PE3
PE2
VPN-IPv4 update advertised by PE2

RD:N2, NH=PE2,Label=IntCE2,
RT=Hub
IntCE3-Hub VRF
(Import RT=Hub)
Site-3
CE3-Hub
N1,NH=PE1
N2,NH=PE2
IntCE3-Spoke
VRF
N3
(Export
CE3-Spoke
RT=Spoke)
N1,NH=CE3Spoke
BGP/RIPv2
N2,NH=CE3Spoke
VPN-IPv4N3,NH=CE3updates advertised by PE3
Spoke
RD:N1, NH=PE3,Label=IntCE3-Spoke,
RT=Spoke
RT=Spoke
RT=Spoke
Routes are imported/exported into VRFs based on RT value

of the VPN-IPv4 updates
PE3 uses 2 (sub)interfaces with two different VRFs
Presentation_ID
97
MPLS VPN Topologies
Site-1
N1
CE1
IntCE1 VRF
(Import RT=Spoke)
(Export RT=Hub)
N3,NH=PE3 (imported
PE1
PE3
Site-2
N2
IntCE3-Hub VRF
(Import RT=Hub)
N1,NH=PE1
N2,NH=PE2
CE2
PE2
IntCE2 VRF
(Import RT=Spoke)
(Export RT=Hub)
IntCE3-Spoke
VRF
(Export
RT=Spoke)
N1,NH=CE3Spoke
N2,NH=CE3Spoke
N3,NH=CE3Spoke
BGP/RIPv2
CE3-Hub
Site-3
N3
CE3-Spoke
BGP/RIPv2
Traffic from one spoke to another will travel across the hub site
Hub site may host central services
Security, NAT, centralised Internet access
Presentation_ID
98
MPLS VPN Internet Routing

In a VPN, sites may need to have Internet
connectivity
Connectivity to the Internet means:
Being able to reach Internet destinations
Being able to be reachable from any Internet source
The Internet routing table is treated separately

In the VPN backbone the Internet routes are in the
Global routing table of PE routers
Labels are not assigned to external (BGP) routes
Presentation_ID
99
MPLS VPN Internet routing

VRF specific default route
A default route is installed into the site

VRF and pointing to a Internet Gateway
The default route is NOT part of any VPN
A single label is used for packets forwarded
according to the default route
The label is the IGP label corresponding to the
IP address of the Internet gateway
Known in the IGP
Presentation_ID
100

PE router originates CE routes for the Internet
Customer (site) routes are known in the site VRF

Not in the global table
The PE/CE interface is NOT known in the global
table. However:
A static route for customer routes and pointing
to the PE/CE interface is installed in the global
table
This static route is redistributed into BGP-4 global
table and advertised to the Internet Gateway
The Internet gateway knows customer routes and
with the PE address as next-hop
Presentation_ID
101

The Internet Gateway specified in the

default route (into the VRF) need NOT
to be directly connected
Different Internet gateways can be
used for different VRFs
Using default route for Internet
routing does NOT allow any other
default route for intra-VPN routing
As in any other routing scheme
Presentation_ID
102

192.168.1.1
BGP-4
Internet
PE-IG
192.168.1.2
MP-BGP
PE
PE
Serial0
Site-1
Network 171.68.0.0/16
Site-2
Presentation_ID
ip vrf VPN-A
rd 100:1
route-target both 100:1
!
Interface Serial0
ip address 192.168.10.1 255.255.255.0
ip vrf forwarding VPN-A
!
Router bgp 100
no bgp default ipv4-unicast
network 171.68.0.0 mask 255.255.0.0
neighbor 192.168.1.1 remote 100
neighbor 192.168.1.1 activate
neighbor 192.168.1.1 next-hop-self
neighbor 192.168.1.1 update-source loopback0
!
address-family ipv4 vrf VPN-A
neighbor 192.168.10.2 remote-as 65502
exit-address-family
!
address-family vpnv4
exit-address-family
!
ip route 171.68.0.0 255.255.0.0 Serial0
ip route vrf VPN-A 0.0.0.0 0.0.0.0 192.168.1.1 glob
103

192.168.1.1
IP packet
D=cisco.co
m
Internet
PE-IG
Label = 3
IP packet
D=cisco.co
m
192.168.1.2
PE
PE
Serial0
IP packet
D=cisco.co
m
Global Table and LFIB

192.168.1.1/32 Label=3
192.168.1.2/32 Label=5
...
Site-2 VRF
0.0.0.0/0 192.168.1.1
(global)
Site-1 routes
Site-2 routes
Site-1
Network 171.68.0.0/16
Site-2
Presentation_ID
104

PE routers need not to hold the

Internet table
PE routers will use BGP-4 sessions to
originate customer routes
Packet forwarding is done with a
single label identifying the Internet
Gateway IP address
More labels if Traffic Engineering is used
Presentation_ID
105

Separated (sub)interfaces
If CE wishes to receive and announce routes
from/to the Internet
A dedicated BGP session is used over a separate
(sub) interface
The PE imports CE routes into the global routing
table and advertise them to the Internet
The interface is not part of any VPN and does not
use any VRF
Default route or Internet routes are exported to the
CE
PE needs to have Internet routing table
Presentation_ID
106

The PE uses separate (sub)interfaces

with the CE
One (sub)interface for VPN routing
associated to a VRF
Can be a tunnel interface
One (sub)interface for Internet routing
Associated to the global routing table
Presentation_ID
107

192.168.1.1
BGP-4
Internet
PE-IG
192.168.1.2
PE
MP-BGP
PE
Serial0.1
Serial0.2
BGP-4
Site-1
Network 171.68.0.0/16
Site-2
Presentation_ID
ip vrf VPN-A
rd 100:1
route-target both 100:1
!
Interface Serial0
no ip address
!
Interface Serial0.1
ip address 192.168.10.1 255.255.255.0
ip vrf forwarding VPN-A
!
Interface Serial0.2
ip address 171.68.10.1 255.255.255.0
!
Router bgp 100
neighbor 192.168.1.1 update-source loopback0
!
address-family ipv4 vrf VPN-A
exit-address-family
!
exit-address-family
108

192.168.1.1
IP packet
D=cisco.co
m
Internet
PE-IG
Label = 3
PE Global Table
Internet routes --->
192.168.1.1
192.168.1.1, Label=3
IP packet
D=cisco.co
m
192.168.1.2
PE
PE
Serial0.1
Serial0.1
Site-1
Serial0.2
IP packet
D=cisco.co
m
Serial0.2
CE routing table
Site-2 routes ---->
Serial0.1
Network 171.68.0.0/16 Internet routes --->
Serial0.2
Site-2
Presentation_ID
109
Scaling
Existing BGP techniques can be used to

scale the route distribution: route reflectors
Each edge router needs only the
information for the VPNs it supports
Directly connected VPNs
RRs are used to distribute VPN routing

information
Presentation_ID
110
MPLS-VPN
Scaling BGP
Route Reflectors
VPN_A
RR
10.2.0.0
VPN_B
VPN_A
VPN_B
CE 11.5.0.0
CE
10.2.0.0 CE
11.6.0.0
VPN_A
RR
PE2
CE
10.1.0.0 CE
PE1
PE
PE
VPN_A
CE 10.1.0.0
CE VPN_B
10.3.0.0
Route Reflectors may be partitioned

Each RR store routes for a set of VPNs
Thus, no BGP router needs to store ALL VPNs
information
PEs will peer to RRs according to the VPNs they
directly connect
Presentation_ID
111
MPLS-VPN Scaling
BGP updates filtering
iBGP full mesh between PEs results in flooding all VPNs
routes to all PEs
Scaling problems when large amount of routes. In addition
PEs need only routes for attached VRFs
Therefore each PE will discard any VPN-IPv4 route that
hasnt a route-target configured to be imported in any of
the attached VRFs
This reduces significantly the amount of information each
PE has to store
Volume of BGP table is equivalent of volume of attached
VRFs (nothing more)
Presentation_ID
112
MPLS-VPN Scaling
BGP updates filtering
VPN-IPv4 update:
RD:Net1, Next-hop=PEX
Label=XYZ
Import RT=yellow
VRFs for VPNs
yellow
green
PE
MP-iBGP sessions
Import RT=green
VPN-IPv4 update:
SOO=Site1, RT=Red,
Label=XYZ
Each VRF has an import and export policy configured

Policies use route-target attribute (extended community)
PE receives MP-iBGP updates for VPN-IPv4 routes
If route-target is equal to any of the import values configured in
the PE, the update is accepted
Otherwise it is silently discarded
Presentation_ID
113
MPLS-VPN Scaling
Route Refresh
Import RT=yellow
PE
2. PE issue a RouteRefresh to all neighbors

in order to ask for retransmission
Import RT=green
Import RT=red
1. PE doesnt have red

routes (previously filtered
out)
VPN-IPv4 update:
Label=XYZ
VPN-IPv4 update:
SOO=Site1, RT=Red,
Label=XYZ
3. Neighbors re-send
updates and red
route-target is now
accepted
Policy may change in the PE if VRF modifications are done

New VRFs, removal of VRFs
However, the PE may not have stored routing information which
become useful after a change
PE request a re-transmission of updates to neighbors
Route-Refresh
Presentation_ID
114
MPLS-VPN Scaling
Outbound Route Filters - ORF
Import RT=yellow
PE
2. PE issue a ORF
message to all neighbors
in order not to receive red
routes
Import RT=green
1. PE doesnt need
red routes
VPN-IPv4 update:
Label=XYZ
VPN-IPv4 update:
SOO=Site1, RT=Red,
Label=XYZ
3. Neighbors
dynamically configure
the outbound filter and
send updates
accordingly
PE router will discard update with unused route-target

Optimization requires these updates NOT to be sent
Outbound Route Filter (ORF) allows a router to tell its
neighbors which filter to use prior to propagate BGP
updates
Presentation_ID
115
MPLS VPN - Configuration

VPN knowledge is on PE routers
PE router have to be configured for
VRF and Route Distinguisher

VRF import/export policies (based on Route-target)
Routing protocol used with CEs
MP-BGP between PE routers
BGP for Internet routers
With other PE routers
With CE routers
Presentation_ID
116

VRF and Route Distinguisher
RD is configured on PE routers (for each VRF)

VRFs are associated to RDs in each PE
Common (good) practice is to use the same RD for
the same VPN in all PEs
But not mandatory
VRF configuration command
ip vrf <vrf-symbolic-name>
rd <route-distinguisher-value>
route-target import <community>
route-target export <community>
Presentation_ID
117
CLI - VRF configuration

ip vrf site1
rd 100:1
route-target export
100:1
route-target import
100:1
ip vrf site2
rd 100:2
route-target export
100:2
route-target import
100:2
route-target import
100:1
route-target export
100:1
Site-4
Site-1
VPN-A
Site-2
Presentation_ID
VPN-B
Site-3
Multihop MP-iBGP
P
PE1
VRF
for site-1
(100:1)
Site-1 routes
Site-2 routes
Site-1
ip vrf site3
rd 100:3
route-target export 100:2
route-target import 100:2
ip vrf site-4
rd 100:4
VPN-C
PE2
VRF
for site-2
(100:2)
Site-1 routes
Site-2 routes
Site-3 routes
Site-2
VRF
for site-3
(100:3)
Site-2 routes
Site-3 routes
Site-4 routes
Site-3
VRF
for site-4
(100:4)
Site-3 routes
Site-4 routes
Site-4
118

PE/CE routing protocols
PE/CE may use BGP, RIPv2 or Static routes

A routing context is used for each VRF
Routing contexts are defined within the routing
protocol instance
Address-family router sub-command
Router rip
version 2
address-family ipv4 vrf <vrf-symbolic-name>
any common router sub-command

Presentation_ID
119

BGP uses same address-family command

Router BGP <asn>
...
address-family ipv4 vrf <vrf-symbolic-name>
any common router BGP sub-command
Static routes are configured per VRF

ip route vrf <vrf-symbolic-name>
Presentation_ID
120

PE router commands
All show commands are VRF based
Show ip route vrf <vrf-symbolic-name> ...

Show ip protocol vrf <vrf-symbolic-name>
Show ip cef <vrf-symbolic-name>
PING and Telnet commands are VRF based
telnet /vrf <vrf-symbolic-name>

ping vrf <vrf-symbolic-name>
Presentation_ID
121

ip vrf site1
rd 100:1
ip vrf site2
rd 100:2
!
interface Serial3/6
ip vrf forwarding site1
ip address 192.168.61.6
255.255.255.0
encapsulation ppp
!
interface Serial3/7
ip address 192.168.62.6
255.255.255.0
encapsulation ppp
Site-4
Site-1
VPN-A
Site-2
Site-3
VPN-B
Multihop MP-iBGP
P
PE1
P
PE2
VRF
for site-1
(100:1)
Site-1
routes
Site-2
routes
VRF
for site-2
(100:2)
Site-1 routes
Site-2 routes
Site-3 routes
Site-1
Presentation_ID
VPN-C
Site-2
VRF
for site-3
(100:3)
Site-2 routes
Site-3 routes
Site-4 routes
Site-3
VRF
for site-4
(100:4)
Site-3 routes
Site-4 routes
ip vrf site3
rd 100:3
ip vrf site-4
rd 100:4
!
interface Serial4/6
ip address 192.168.73.7
255.255.255.0
encapsulation ppp
!
interface Serial4/7
ip address 192.168.74.7
255.255.255.0
encapsulation ppp
Site-4
122

router bgp 100

neighbor 7.7.7.7 update-source
Loop0
!
address-family ipv4 vrf site2
neighbor 192.168.62.2 remote-as
65502
exit-address-family
!
65501
exit-address-family
!
exit-address-family
Site-4
Site-1
VPN-A
Site-2
Site-3
VPN-B
Multihop MP-iBGP
P
PE1
P
PE2
VRF
for site-1
(100:1)
Site-1
routes
Site-2
routes
VRF
for site-2
(100:2)
Site-1 routes
Site-2 routes
Site-3 routes
Site-1
Presentation_ID
VPN-C
Site-2
VRF
for site-3
(100:2)
Site-2 routes
Site-3 routes
Site-4 routes
Site-3
router bgp 100

neighbor 6.6.6.6 update-source
Loop0
!
65504
exit-address-family
!
65503
exit-address-family
!
exit-address-family
VRF
for site-4
(100:3)
Site-3 routes
Site-4 routes
Site-4
123
Summary
Supports large scale VPN services

Increases value add by the VPN Service
Provider
Decreases Service Providers cost of providing
VPN services
Mechanisms are general enough to enable VPN
Service Provider to support a wide range of VPN
customers
See RFC2547
Presentation_ID
124
Point-to-point connections vs
BGP/MPLS VPNs: routing peering
CE
Site
Mesh of point-to-point
connections requires each
(virtual) router to maintain O(n)
peering (where n is the number
of sites)
does not scale to VPNs with
large number of sites (due to
the properties of existing
routing protocols)
Presentation_ID
Routing peering
PE
All other sites
Amount of routing peering

maintained by CE is O(1) - CE
peers only with directly attached
PE
independent of the total
number of sites within a VPN
scales to VPNs with large
number of sites (100s - 1000s
sites per VPN)
125
Point-to-point connections vs
BGP/MPLS VPNs: provisioning
New
Site
CE
PE
All other sites
Config
change
Mesh of point-to-point
connections requires O(n)
configuration changes (where n
is the number of sites) when
adding a new site
New
Site
Config
change
Amount of configuration
changes needed to add a new
site (new CE) is O(1):
need to configure only the
directly attached PE
independent of the total
number of sites within a VPN
Presentation_ID
126
Agenda
LDP
MPLS VPN
Monitoring MPLS
Presentation_ID
127
Basic MPLS Monitoring Commands

router(config)#
show tag-switching tdp parameters
Displays TDP parameters on the local router.

router(config)#
show tag-switching interface

show mpls interface
12.1(3)T
Displays MPLS status on individual interfaces.

router(config)#
show tag-switching tdp discovery
Displays all discovered TDP neighbors.

Presentation_ID
128
show tag-switching tdp parameters
Router#show
Router#show tag-switching
tag-switching tdp
tdp parameters
parameters
Protocol
Protocol version:
version: 11
No
No tag
tag pool
pool for
for downstream
downstream tag
tag distribution
distribution
Session
Session hold
hold time:
time: 180
180 sec;
sec; keep
keep alive
alive interval:
interval: 60
60
sec
sec
Discovery
Discovery hello:
hello: holdtime:
holdtime: 15
15 sec;
sec; interval:
interval: 55 sec
sec
Discovery
Discovery directed
directed hello:
hello: holdtime:
holdtime: 180
180 sec;
sec;
interval:
interval: 55 sec
sec
Presentation_ID
129
show tag-switching interface
Router#show
tag-switching interface
interface detail
detail
Interface
Interface Serial1/0.1:
Serial1/0.1:
IP
IP tagging
tagging enabled
enabled
TSP
TSP Tunnel
Tunnel tagging
tagging not
not enabled
enabled
Tagging
Tagging operational
operational
MTU
MTU == 1500
1500
Interface
Interface Serial1/0.2:
Serial1/0.2:
IP
IP tagging
tagging enabled
enabled
TSP
TSP Tunnel
Tunnel tagging
tagging not
not enabled
enabled
Tagging
Tagging operational
operational
MTU
MTU == 1500
1500
Presentation_ID
130
show tag-switching tdp discovery
Router#show
tag-switching tdp
tdp discovery
discovery
Local
Local TDP
TDP Identifier:
Identifier:
192.168.3.102:0
192.168.3.102:0
TDP
TDP Discovery
Discovery Sources:
Sources:
Interfaces:
Interfaces:
Serial1/0.1:
Serial1/0.1: xmit/recv
xmit/recv
TDP
TDP Id:
Id: 192.168.3.101:0
192.168.3.101:0
Serial1/0.2:
Serial1/0.2: xmit/recv
xmit/recv
TDP
TDP Id:
Id: 192.168.3.100:0
192.168.3.100:0
Presentation_ID
131
More TDP Monitoring Commands

router(config)#
show tag-switching tdp neighbor
Displays individual TDP neighbors.

router(config)#
show tag-switching tdp neighbor detail
Displays more details about TDP neighbors.

router(config)#
show tag-switching tdp bindings
Displays Tag Information Base (TIB).

Presentation_ID
132
show tag tdp neighbor
Router#show
tag-switching tdp
tdp neighbors
neighbors
Peer
Peer TDP
TDP Ident:
Ident: 192.168.3.100:0;
192.168.3.100:0; Local
Local TDP
TDP Ident
Ident
192.168.3.102:0
192.168.3.102:0
TCP
TCP connection:
connection: 192.168.3.100.711
192.168.3.100.711 -- 192.168.3.102.11000
192.168.3.102.11000
State:
State: Oper;
Oper; PIEs
PIEs sent/rcvd:
sent/rcvd: 55/53;
55/53; ;; Downstream
Downstream
Up
Up time:
time: 00:43:26
00:43:26
TDP
TDP discovery
discovery sources:
sources:
Serial1/0.2
Serial1/0.2
Addresses
Addresses bound
bound to
to peer
peer TDP
TDP Ident:
Ident:
192.168.3.10
192.168.3.14
192.168.3.100
192.168.3.10
192.168.3.14
192.168.3.100
Presentation_ID
133
show tag tdp neighbor detail
Router#show
tag-switching tdp
tdp neighbors
neighbors detail
detail
Peer
Peer TDP
TDP Ident:
Ident: 192.168.3.100:0;
192.168.3.100:0; Local
Local TDP
TDP Ident
Ident 192.168.3.102:0
192.168.3.102:0
TCP
TCP connection:
connection: 192.168.3.100.711
192.168.3.100.711 -- 192.168.3.102.11000
192.168.3.102.11000
State:
State: Oper;
Oper; PIEs
PIEs sent/rcvd:
sent/rcvd: 55/54;
55/54; ;; Downstream;
Downstream; Last
Last TIB
TIB
rev
rev sent
sent 26
26
UID:
UID: 1;
1; Up
Up time:
time: 00:44:01
00:44:01
TDP
TDP discovery
discovery sources:
sources:
Serial1/0.2;
Serial1/0.2; holdtime:
holdtime: 15000
15000 ms,
ms, hello
hello interval:
interval: 5000
5000 ms
ms
Addresses
Addresses bound
bound to
to peer
peer TDP
TDP Ident:
Ident:
192.168.3.10
192.168.3.14
192.168.3.100
192.168.3.10
192.168.3.14
192.168.3.100
Peer
Peer holdtime:
holdtime: 180000
180000 ms;
ms; KA
KA interval:
interval: 60000
60000 ms;
ms; Peer
Peer state:
state:
estab
estab
Presentation_ID
134
show tag tdp bindings
Router#show
Router#show tag
tag tdp
tdp bindings
bindings
tib
tib entry:
entry: 192.168.3.1/32,
192.168.3.1/32, rev
rev 99
local
local binding:
binding: tag:
tag: 28
28
remote
remote binding:
binding: tsr:
tsr: 19.16.3.3:0,
19.16.3.3:0,
tib
tib entry:
entry: 192.168.3.2/32,
192.168.3.2/32, rev
rev 88
local
local binding:
binding: tag:
tag: 27
27
remote
remote binding:
binding: tsr:
tsr: 19.16.3.3:0,
19.16.3.3:0,
tib
tib entry:
entry: 192.168.3.3/32,
192.168.3.3/32, rev
rev 77
local
local binding:
binding: tag:
tag: 26
26
remote
remote binding:
binding: tsr:
tsr: 19.16.3.3:0,
19.16.3.3:0,
null(1)
null(1)
tib
tib entry:
entry: 192.168.3.10/32,
192.168.3.10/32, rev
rev 66
local
local binding:
binding: tag:
tag: imp-null(1)
imp-null(1)
remote
remote binding:
binding: tsr:
tsr: 19.16.3.3:0,
19.16.3.3:0,
Presentation_ID
tag:
tag: 28
28
tag:
tag: 27
27
tag:
tag: impimp-
tag:
tag: 26
26
135
Monitoring Label Switching

router(config)#
show tag-switching forwarding-table

show mpls forwarding-table
Displays contents of Label Forwarding Information

Base.
router(config)#
show ip cef detail
Displays label(s) attached to a packet during label

imposition on edge LSR.
Presentation_ID
136
Monitoring Label Switching

Monitoring LFIB
Router#show
tag-switching forwarding-table
forwarding-table ??
A.B.C.D
Destination
A.B.C.D
Destination prefix
prefix
detail
Detailed
detail
Detailed information
information
interface
Match
interface
Match outgoing
outgoing interface
interface
next-hop
Match
next-hop
Match next
next hop
hop neighbor
neighbor
tags
Match
tags
Match tag
tag values
values
tsp-tunnel
tsp-tunnel TSP
TSP Tunnel
Tunnel id
id
||
Output
Output modifiers
modifiers
<cr>
<cr>
Presentation_ID
137
show tag-switching forwarding-table
Router#show
tag-switching forwarding-table
forwarding-table detail
detail
Local
Outgoing
Prefix
Bytes
tag
Local Outgoing
Prefix
Bytes tag Outgoing
Outgoing
tag
tag
or
switched
interface
tag
tag or
or VC
VC
or Tunnel
Tunnel Id
Id
switched
interface
26
Untagged
192.168.3.3/32
0
Se1/0.3
26
Untagged
192.168.3.3/32
0
Se1/0.3
MAC/Encaps=0/0,
MAC/Encaps=0/0, MTU=1504,
MTU=1504, Tag
Tag Stack{}
Stack{}
27
Pop
tag
192.168.3.4/32
00
Se0/0.4
27
Pop tag
192.168.3.4/32
Se0/0.4
MAC/Encaps=4/4,
MAC/Encaps=4/4, MTU=1504,
MTU=1504, Tag
Tag Stack{}
Stack{}
20618847
20618847
28
29
192.168.3.4/32
00
Se1/0.3
28
29
192.168.3.4/32
Se1/0.3
MAC/Encaps=4/8,
MTU=1500,
Tag
Stack{29}
MAC/Encaps=4/8, MTU=1500, Tag Stack{29}
18718847
18718847 0001D000
0001D000
Presentation_ID
Next
Next Hop
Hop
point2point
point2point
point2point
point2point
point2point
point2point
138
show ip cef detail
Router#show
Router#show ip
ip cef
cef 192.168.20.0
192.168.20.0 detail
detail
192.168.20.0/24,
192.168.20.0/24, version
version 23,
23, cached
cached adjacency
adjacency to
to Serial1/0.2
Serial1/0.2
00 packets,
packets, 00 bytes
bytes
tag
tag information
information set
set
local
local tag:
tag: 33
33
fast
fast tag
tag rewrite
rewrite with
with Se1/0.2,
Se1/0.2, point2point,
point2point, tags
tags imposed:
imposed: {32}
{32}
via
via 192.168.3.10,
192.168.3.10, Serial1/0.2,
Serial1/0.2, 00 dependencies
dependencies
next
next hop
hop 192.168.3.10,
192.168.3.10, Serial1/0.2
Serial1/0.2
valid
valid cached
cached adjacency
adjacency
tag
tag rewrite
rewrite with
with Se1/0.2,
Se1/0.2, point2point,
point2point, tags
tags imposed:
imposed: {32}
{32}
Presentation_ID
139
Debugging Label Switching and TDP

router(config)#
debug tag-switching tdp ...
Debugs TDP adjacencies, session establishment,

and label bindings exchange.
router(config)#
debug tag-switching tfib ...

debug mpls lfib
12.1(3)T
Debugs Tag Forwarding Information Base events:

label creations, removals, rewrites.
router(config)#
debug tag-switching packets [ interface ]

debug mpls packets [ interface ]
12.1(3)T
Debugs labeled packets switched by the router.

Disables fast or distributed tag switching.
Presentation_ID
140
Common Frame-Mode MPLS

Symptoms
TDP/LDP session does not start.
Labels are not allocated or distributed.
Packets are not labeled although the labels have
been distributed.
MPLS intermittently breaks after an interface failure.
Large packets are not propagated across the
network.
Presentation_ID
141
TDP Session Startup Issues: 1/4

Symptom
TDP neighbors are not discovered.
show tag tdp discovery does not display expected TDP
neighbors.
Diagnosis
MPLS is not enabled on adjacent router.
Verification
Verify with show tag interface on the adjacent router.
Presentation_ID
142

Symptom
Diagnosis
Label distribution protocol mismatch - TDP on one
end, LDP on the other end.
Verification
Verify with show tag interface detail on both routers.
Presentation_ID
143

Symptom
Diagnosis
Packet filter drops TDP/LDP neighbor discovery
packets.
Verification
Verify access-list presence with show ip interface.
Verify access-list contents with show access-list.
Presentation_ID
144

Symptom
TDP neighbors discovered, TDP session is not
established.
show tdp neighbor does not display a neighbor in
Oper state.
Diagnosis
Connectivity between loopback interfaces is broken TDP session is usually established between
loopback interfaces of adjacent LSRs.
Verification
Verify connectivity with extended ping command.
Presentation_ID
145
Label Allocation Issues
Symptom
Labels are not allocated for local routes.
show tag-switching forwarding-table does not display any labels
Diagnosis
CEF is not enabled.
Verification
Verify with show ip cef.
Presentation_ID
146
Label Distribution Issues

Symptom
Labels are allocated, but not distributed.
show tag-switching tdp bindings on adjacent LSR does not display
labels from this LSR
Diagnosis
Problems with conditional label distribution.
Verification
Debug label distribution with debug tag tdp advertisement.
Examine the neighbor TDP router IDP with show tag tdp
discovery.
Verify that the neighbor TDP router ID is matched by the access
list specified in tag advertise command.
Presentation_ID
147
Packet Labeling
Symptom
Labels are distributed, packets are not labeled.
show interface statistic does not labeled packets being sent
Diagnosis
CEF is not enabled on input interface (potentially due to
conflicting feature being configured).
Verification
Verify with show cef interface.
Presentation_ID
148
show cef interface

Router#show
Router#show cef
cef interface
interface
Serial1/0.1
Serial1/0.1 is
is up
up (if_number
(if_number 15)
15)
Internet
Internet address
address is
is 192.168.3.5/30
192.168.3.5/30
ICMP
ICMP redirects
redirects are
are always
always sent
sent
Per
Per packet
packet loadbalancing
loadbalancing is
is disabled
disabled
IP
IP unicast
unicast RPF
RPF check
check is
is disabled
disabled
Inbound
Inbound access
access list
list is
is not
not set
set
Outbound
Outbound access
access list
list is
is not
not set
set
IP
IP policy
policy routing
routing is
is disabled
disabled
Interface
is
marked
as
Interface is marked as point
point to
to point
point interface
interface
Hardware
Hardware idb
idb is
is Serial1/0
Serial1/0
Fast
switching
type
Fast switching type 5,
5, interface
interface type
type 64
64
IP
IP CEF
CEF switching
switching enabled
enabled
IP
CEF
VPN
Fast
switching
IP CEF VPN Fast switching turbo
turbo vector
vector
Input
Input fast
fast flags
flags 0x1000,
0x1000, Output
Output fast
fast flags
flags 0x0
0x0
ifindex
3(3)
ifindex 3(3)
Slot
Slot 11 Slot
Slot unit
unit 00 VC
VC -1
-1
Transmit
limit
accumulator
Transmit limit accumulator 0x0
0x0 (0x0)
(0x0)
IP
IP MTU
MTU 1500
1500
Presentation_ID
149
Intermittent MPLS Failures after

Interface Failure
Symptom
Overall MPLS connectivity in a router intermittently breaks
after an interface failure.
Diagnosis
IP address of a physical interface is used for TDP/LDP
identifier. Configure a loopback interface on the router.
Verification
Verify local TDP identifier with show tag-switching tdp
neighbors.
Presentation_ID
150
Packet Propagation
Symptom
Large packets are not propagated across the network.
Extended ping with varying packet sizes fails for packet sizes close to 1500
In some cases, MPLS might work, but MPLS/VPN will fail.
Diagnosis
Tag MTU issues or switches with no support for jumbo frames in
the forwarding path.
Verification
Trace the forwarding path; identify all LAN segments in the path.
Verify Tag MTU setting on routers attached to LAN segments.
Check for low-end switches in the transit path.
Presentation_ID
151
Summary
After completing this lesson, you will be able
to perform the following tasks:
Describe procedures for monitoring MPLS on
IOS platforms.
List the debugging commands associated with
label switching, LDP and TDP.
Identify common configuration or design errors.
Use the available debugging commands in reallife troubleshooting scenarios.
Presentation_ID
152
Customer Reference
Session Number
Presentation_ID
153
Ciscos MPLS Is Proven

150+ Deployments Today
Americas
Presentation_ID
EMEA
APT/Japan
154
Thank you.
Session Number
Presentation_ID
155

MPLS Cisco

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

MPLS Cisco

Diunggah oleh

Hak Cipta:

Format Tersedia

MPLS Introduction

2001, Cisco Systems, Inc. All rights reserved.

2001, Cisco Systems, Inc. All rights reserved.

2001, Cisco Systems, Inc. All rights reserved.

2001, Cisco Systems, Inc. All rights reserved.

2001, Cisco Systems, Inc. All rights reserved.

2. Ingress Edge LSR receives packet,

2001, Cisco Systems, Inc. All rights reserved.

4. Edge LSR at egress

3. LSR switches packets using

Label Switch Path (LSP)

IGP domain with a label

LSP follows IGP shortest path

IGP domain with a label

LSP diverges from IGP shortest path

LSPs are derived from IGP routing information

2001, Cisco Systems, Inc. All rights reserved.

LAN MAC Label Header

2001, Cisco Systems, Inc. All rights reserved.

EXP = Class of Service, 3 bits

Header= 4 bytes, Label = 20 bits.

2001, Cisco Systems, Inc. All rights reserved.

Loops and TTL

In IP networks TTL is used to prevent packets

2001, Cisco Systems, Inc. All rights reserved.

Loops and TTL

TTL is decremented prior to enter the non-TTL capable

2001, Cisco Systems, Inc. All rights reserved.

Label Assignment and Distribution

Labels have link-local significance:

2001, Cisco Systems, Inc. All rights reserved.

Label Assignment and Distribution

Rtr-C is the downstream neighbor of Rtr-B for

2001, Cisco Systems, Inc. All rights reserved.

Unsolicited Downstream Distribution

Use label 40 for destination

IGP derived routes

LSRs distribute labels to the upstream neighbors

2001, Cisco Systems, Inc. All rights reserved.

Use label 40 for destination

Use label 30 for destination

Upstream LSRs request labels to downstream neighbors

2001, Cisco Systems, Inc. All rights reserved.

Label Retention Modes

Conservative retention mode

2001, Cisco Systems, Inc. All rights reserved.

Label Distribution Modes

Ordered LSP control

2001, Cisco Systems, Inc. All rights reserved.

Router Example: Forwarding

2001, Cisco Systems, Inc. All rights reserved.

MPLS Example: Routing Information

You Can Reach 128.89 and

You Can Reach 128.89 Thru

You Can Reach 171.69 Thru

2001, Cisco Systems, Inc. All rights reserved.

MPLS Example: Assigning Labels

Use Label 9 for 128.89

Use Label 7 for 171.69

2001, Cisco Systems, Inc. All rights reserved.

MPLS Example: Forwarding Packets

Label Switch Forwards

2001, Cisco Systems, Inc. All rights reserved.