Beruflich Dokumente
Kultur Dokumente
Field
Length
(Bits)
Purpose
Label
20
Experimental (EXP)
Bottom-of-Stack (S)
Time-to-Live (TTL)
2.
6. The MPLS TTL Field and MPLS TTL Propagation
1. The diagram below shows how MPLS TTL field is used. Remember that the IP
header is not used in MPLS, therefore the ip headers TTL field is not decremented.
However, when a label is pushed for the first time on the ingress PE router, the IP
TTL field is copied over to the MPLS TTL field and the MPLS field is decremented
at each router along the LSP until the label is popped. Once the label is popped, the
now decremented MPLS TTL Field is copied back over to the IP header TTL field
thus reflecting the number of hops traversed through the MPLS network in the IP
header.
2. The diagram below illustrates a disabled TTL propagation on the MPLS network;
effectively making the MPLS network invisible to the customers for traceroute. The
ingress PE router does not copy over the IP TTL field to the MPLS TTL field and the
MPLS TTL field is set to 255. The egress PE router does not modify the IP TTL
field when popping the label and forwarding the packet to the customer.
3. If disabling TTL propagation, it is best practice to disable it on all routers within the
MPLS network for consistent output of the TTL propagation.
7.
2. PE2 receives an update for a prefix from CE2. A local label that hasn't been used yet
is allocated to it and the prefix along with it's label is advertised out. IF PE2 starts to
get labeled packets with 39 in the label, PE2 will see that the LFIB says to pop the
label and forward it out to CE2.
3. As you can see above, starting off where the last diagram left off, P1 and P2 receive
the routing updates and label information, and allocate their own local labels and
advertise it out to ALL neighbors, even though advertising it back out to PE2 isn't all
that useful. The control plane protocols (eigrp in this case) take care of loop
avoidance.
3. The MPLS Label Information Base Feeding the FIB and LFIB
1. The Label Information Base (LIB) contains all label information, but only the best
Label Switch Path (LSP) is used to populate the FIB and LFIB.
2. LSRs rely on routing protocols for choice of best route and loop avoidance. The
best route from the RIB is used for MPLS. The label information is found with each
best route and is used to dynamically populate the FIB and LFIB.
3. The below diagram shows a sample MPLS unicast IP forwarding network.
4. f
6. f
1. In the last example, PE1 received an unlabeled packet and ended up sending it, with
an imposed label, to P1.
2. Below, P1's LFIB and LIB is shown using the following show commands:
1. show mpls forwarding-table 10.3.3.0 24 - The labeled packet is received with a
label of 22, which is the local label on P1 due to the fact that P1 allocated label
22 locally and advertised it out to all neighbors. Because the label is 22, P1
knows to pop this label and push outgoing label 39 and send it out S0/1/0.
2. show mpls ldp bindings 10.3.3.0 24 - P1's LIB showing all Labels advertised to
P1 via LDP, as well as the local label 22.
3. The below shows PE2's LFIB, which shows that PE2 must pop the label and send it
out interface Fa0/1 untagged (without a label).
Port numbers
224.0.0.2
Highest LDP ID
Configuration
Highest IP address of an up/up loopback when LDP
comes up
Highest IP address of an up/up non-loopback when
LDP comes up
4. f
2.
3. The Solution: MPLS VPNs
1. Use multiple routing tables in a single router, called Virtual Routing and Forwarding
(VRF) tables, which separate customer routes.
2. MPLS three main terms to describe MPLS router roles
1. Customer edge (CE) - A router that has no knowledge of MPLS protocols and
does not send any labeled packets but is directly connected to an LSR (PE) in the
MPLS VPN.
2. Provider edge (PE) - An LSR that shares a link with at least one CE router,
thereby providing function particular to the edge of the MPLS VPN, including
IBGP and VRF tables
3. Provider (P) - An LSR that does not have a direct link to a CE router, which
allows the router to just forward labeled packets, and allows the LSR to ignore
customer VPNs' routes
3. Provider LSRs have no knowledge of customer routes and are pure provider IGP
LSR routers. PE routers are the routers that know about customer routes and use the
provider MPLS network to transport from an ingress PE to an egress PE router from
customer to customer; again using the provider network consisting the P routers
which know only the internal routing, and the PE routers which know of the internal
provider routing and also have separate routing tables for customer routes.
4. PE routers keep track of customer routes by connecting to customers via EBGP, RIP2, OSPF or EIGRP noting which routes are learned from which customers, keeping
them separate via multiple per-customer routing tables called VRFs. PEs use IBGP
(MP-BGP) to exchange these routes never advertising them to the internal provider
routers.
5. Diagram below - PE ingress routers; aside form keeping track of VRFs, customer
routing protocols and IBGP between PE routers must also push two labels
1. An outer MPLS header (S-bit = 0), with a label value that causes the packet to be
label switched to the egress PE
2. An inner MPLS header (S-bit = 1), with a label that identifies the egress VRF on
which to base the forwarding decision.
4.
5. MPLS VPN Control Plane
1. Virtual Routing and Forwarding Tables
1. Each VRF has three main components, as follows:
1. An IP routing table (RIB)
2. A CEF FIB, populated based on that VRF's RIB
3. A separate instance or process of the routing protocol used to exchange routes
with the CEs that need to be supported by the VRF.
2. Steps above 1. The CE router, which has no knowledge of MPLS at all, advertises a route for
10.3.3.0/24 as normal - in this case with RIP-2.
2. In the top instance of step 2, the RIP-2 update arrives on PE2's S0/1/0, which has
been assigned to customer A's VRF, VRF-A. PE2 uses a separate RIP process
for each VRF, so PE2's VRF-A RIP process interprets the update. Similarly, the
VRF-B RIP process analyzes the update received on S0/1/1 from CE-B2.
3. In the top instance of step 3, the VRF-A RIP process adds an entry for
10.3.3.0/24 to the RIB for VRF-A. Similarly, the bottom instance of step 3
shows the RIP process for VRF-B adding a route to prefix 10.3.3.0/24 to the
VRF-B RIB.
2. MP-BGP and Route Distinguishers
1. IBGP is used (MP-BGP) to advertise routes for VRFs between PE routers. However
some customers will have overlapping routes, therefore the use of a Route
Distinguisher (address family).
2. RDs allow BGP to advertise and distinguish between duplicate IPv4 prefixes by
adding another number to the IPv4 prefix (RD).
3. The new NLRI format, called VPN-V4, has the following two parts:
1. A 64-bit RD
2. A 32-bit IPv4 prefix.
3. Route Targets
1. MPLS uses Route Targets to determine into which VRFs a PE places IBGP-learned
routes.
2. Route Targets are advertised with NLRI via Extended Communities.
3. One prefix can only have one RD, but can have one or multiple RTs.
4. Steps Above 1. The two VRFs on PE2 are configured with an export RT value
2. Redistribution out of the VRF into BGP occurs
3. This step simply notes that the export process - the redistribution out of the VRF
into BGP - sets the appropriate RT values in PE2's BGP table.
4. PE2 advertises the routes with IBGP.
5. PE1 examines the new BGP table entries and compares the RT values to the
configured import RT values, which identifies which BGP table entries should go
into which VRF.
6. PE1 redistributes routes into the respective VRFs, specifically the routes whose
RTs match the import RT configured in the VRFs, respectively.
4. Overlapping VPNs
1. By virtue of the RT concept, different sites could share certain routes, as shown
below. CE-A1 and CE-B2 both can access CE-Serv, however the other routers
cannot. This is accomplished by having at least two VRFs for Customer B, and two
VRFs for Customer A. CE-Serv, in this example, would simply need to import
routes from the VRF of CE-A1 and CE-B2 (the same VRF that is used to allow CEA1 and CE-B2 to have routes to CE-Serve, but not the normal customer VRF which
only has routes to other routers of the same customer.
5. g
2. Major areas of configuration to remember 1. Creating each VRF, RD, and RT, plus associating the customer-facing PE
interfaces with the correct VRF.
2. Configuring the IGP between PE and CE
3. Configuring mutual redistribution between the IGP and BGP
4. Configuring MP-BGP between PEs
1. The above configuration steps are also shown in the below diagram
7. f
2. f
3. f
3. Configuration steps for above 1. Configuring the EIGRP process, with an ASN that does not need to match the
CE router, using the router eigrp asn global command.
2. Identifying the VRF for which additional commands apply, using the addressfamily ipv4 vrf vrf-name router subcommand
3. From VRF configuration submode (reached with the address-family ipv4 vrf
command), configure the ASN to match the CE router's router eigrp asn global
command.
4. From VRF configuration submode, configure the network command. This
command only matches interfaces that include an ip vrf forwarding vrf-name
interface subcommand, with a VRF name that matches the address-family ipv4
vrf command.
5. From VRF configuration submode, configure any other traditional IGP router
subcommands (for example, no auto-summary, redistribute).
5. f
6. f
9. f
10. f
11. f
12.
13. Configuring MP-BGP Between PEs
1.
14. f
15. f
16.
10.
1. Building the (Inner) VPN Label
2. f
3.
4. Creating LFIB Entries to Forward Packets to the Egress PE
5. f
6.
7. Creating VRF FIB Entries for the Ingress PE
8. f
9.
10. Penultimate Hop Popping
11. f
12. f
13.
3. f
4. f
5.
6. VRF Lite with MPLS
7. f
8.