Transcript MPLS

MPLS Introduction
Session Number
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
1
Agenda
• Introduction to MPLS
• LDP
• MPLS VPN
• Monitoring MPLS
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
2
MPLS Concept
• At Edge:
Classify packets
Label them
Edge Label
Switch
Router
• In Core:
Forward using labels
(as opposed to IP
addr)
Label indicates service
class and destination
(ATM Switch or
Router)
Label Switch
Router (LSR)
Router
Label Distribution
Protocol (LDP)
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
ATM switch +
Tag Switch
Controller
3
MPLS concept
• MPLS: Multi Protocol Label Switching
• Packet forwarding is done based on Labels.
• Labels are assigned when the packet enters into
the network.
• Labels are on top of the packet.
• MPLS nodes forward packets/cells based on the
label value (not on the IP information).
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
4
MPLS concept
• MPLS allows:
Packet classification only where the packet
enters the network.
The packet classification is encoded as a label.
In the core, packets are forwarded without
having to re-classify them.
- No further packet analysis
- Label swapping
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
5
MPLS Operation
1a. Existing routing protocols (e.g. OSPF, IS-IS)
establish reachability to destination networks.
1b. Label Distribution Protocol (LDP)
establishes label to destination
network mappings.
2. Ingress Edge LSR receives packet,
performs Layer 3 value-added
services, and labels(PUSH) packets.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
4. Edge LSR at egress
removes(POP) label
and delivers packet.
3. LSR switches packets using
label swapping(SWAP) .
6
Label Switch Path (LSP)
IGP domain with a label
distribution protocol
LSP follows IGP shortest path
IGP domain with a label
distribution protocol
LSP diverges from IGP shortest path
• LSPs are derived from IGP routing information
• LSPs may diverge from IGP shortest path
• LSPs are unidirectional
Return traffic takes another LSP
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
7
Encapsulations
ATM Cell Header
GFC
VPI
VCI
PTI
CLP HEC
DATA
Label
PPP Header
(Packet over SONET/SDH)
PPP Header
Label Header
Layer 3 Header
LAN MAC Label Header
MAC Header
Label Header
Layer 3 Header
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
8
Label Header
0
1
2
3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Label
Label = 20 bits
S = Bottom of Stack, 1 bit
EXP S
TTL
EXP = Class of Service, 3 bits
TTL = Time to Live, 8 bits
• Header= 4 bytes, Label = 20 bits.
• Can be used over Ethernet, 802.3, or PPP links
• Contains everything needed at forwarding time
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
9
Loops and TTL
• In IP networks TTL is used to prevent packets
to travel indefinitely in the network
• MPLS may use same mechanism as IP, but not
on all encapsulations
• TTL is present in the label header for PPP and LAN
headers (shim headers)
• ATM cell header does not have TTL
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
10
Loops and TTL
LSR-1
LSR3
LSR-2
IP packet
TTL = 10
Label = 25
IP packet
TTL = 6
Label = 39
IP packet
TTL = 6
LSR-6
LSR-6 --> 25
Hops=4
IGP domain with a label
distribution protocol
Label = 21
IP packet
TTL = 6
LSR-4
IP packet
TTL = 6
Egress
LSR-5
• TTL is decremented prior to enter the non-TTL capable
LSP
If TTL is 0 the packet is discarded at the ingress point
• TTL is examined at the LSP exit
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
11
Label Assignment and Distribution
• Labels have link-local significance:
Each LSR binds his own label mappings
• Each LSR assign labels to his FECs
• Labels are assigned and exchanged
between adjacent neighboring LSR
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
12
Label Assignment and Distribution
Upstream and Downstream LSRs
171.68.40/24
171.68.10/24
Rtr-A
Rtr-B
Rtr-C
• Rtr-C is the downstream neighbor of Rtr-B for destination
171.68.10/24
• Rtr-B is the downstream neighbor of Rtr-A for destination
171.68.10/24
• LSRs know their downstream neighbors through the IP routing
protocol
Next-hop address is the downstream neighbor
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
13
Unsolicited Downstream Distribution
Use label 30 for destination
171.68.10/24
Use label 40 for destination
171.68.10/24
171.68.40/24
171.68.10/24
Rtr-A
In
I/F
In
Lab
Address
Prefix
0
-
171.68.10
...
...
Out
I/F
Rtr-B
Rtr-C
Out
Lab
In
I/F
In
Lab
30
Next-Hop...
...
...
0
30 171.68.10
...
...
1
Address
Prefix
Out
I/F
Out
Lab
1
40
...
Next-Hop...
...
In
I/F
In
Lab
Address
Prefix
0
40 171.68.10
...
...
Out
I/F
Out
Lab
1
...
Next-Hop...
...
IGP derived routes
• LSRs distribute labels to the upstream neighbors
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
14
On-Demand Downstream Distribution
Use label 40 for destination
171.68.10/24
Use label 30 for destination
171.68.10/24
171.68.10/24
171.68.40/24 Rtr-A
Rtr-B
Request label for
destination 171.68.10/24
Rtr-C
Request label for
destination 171.68.10/24
• Upstream LSRs request labels to downstream neighbors
• Downstream LSRs distribute labels upon request
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
15
Label Retention Modes
• Liberal retention mode
• LSR retains labels from all neighbors
Improve convergence time, when next-hop is again available
after IP convergence
Require more memory and label space
• Conservative retention mode
• LSR retains labels only from next-hops neighbors
LSR discards all labels for FECs without next-hop
Free memory and label space
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
16
Label Distribution Modes
• Independent LSP control
LSR binds a Label to a FEC independently, whether or not the LSR has
received a Label the next-hop for the FEC
The LSR then advertises the Label to its neighbor
• Ordered LSP control
LSR only binds and advertise a label for a particular FEC if:
it is the egress LSR for that FEC or
it has already received a label binding from its next-hop
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
17
Router Example: Forwarding Packets
Address
Prefix
I/F
Address
Prefix
I/F
Address
Prefix
I/F
128.89
1
128.89
0
128.89
0
171.69
1
171.69
1
…
…
…
…
0
128.89
0
1
128.89.25.4 Data
0 128.89.25.4 Data
1
128.89.25.4 Data
128.89.25.4 Data
Packets Forwarded
Based on IP Address
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
171.69
18
MPLS Example: Routing Information
Out
In Address Out
I’face Label
Label Prefix
Out
In Address Out
I’face Label
Label Prefix
128.89
1
128.89
0
171.69
1
171.69
1
…
…
…
…
Out
In Address Out
I’face Label
Label Prefix
128.89
0
…
…
0
128.89
0
1
You Can Reach 128.89 Thru
Me
You Can Reach 128.89 and
171.69 Thru Me
Routing Updates
(OSPF, EIGRP, …)
Presentation_ID
1
You Can Reach 171.69 Thru
Me
© 2001, Cisco Systems, Inc. All rights reserved.
171.69
19
MPLS Example: Assigning Labels
Out
In Address Out
Label
I’face
Label Prefix
Out
In Address Out
Label
I’face
Label Prefix
-
128.89
1
4
4
128.89
0
9
-
171.69
1
5
5
171.69
1
7
…
…
…
…
…
…
…
…
Out
In Address Out
Label
I’face
Label Prefix
9
128.89
0
-
…
…
…
…
0
128.89
0
1
Use Label 9 for 128.89
Use Label 4 for 128.89 and
Use Label 5 for 171.69
Label Distribution
Protocol (LDP)
1
171.69
Use Label 7 for 171.69
(downstream allocation)
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
20
MPLS Example: Forwarding Packets
Out
In Address Out
Label
I’face
Label Prefix
Out
In Address Out
Label
I’face
Label Prefix
-
128.89
1
4
4
128.89
0
9
-
171.69
1
5
5
171.69
1
7
…
…
…
…
…
…
…
…
Out
In Address Out
Label
I’face
Label Prefix
9
128.89
0
-
…
…
…
…
0
128.89
0
1
128.89.25.4
9
128.89.25.4
Data
Data
1
128.89.25.4 Data
4
128.89.25.4
Data
Label Switch Forwards
Based on Label
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
21
Agenda
• Introduction to MPLS
• LDP
• MPLS VPN
• Monitoring MPLS
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
22
MPLS Unicast IP Routing
• MPLS introduces a new field that is used for
forwarding decisions.
• Although labels are locally significant, they have to
be advertised to directly reachable peers.
One option would be to include this parameter into
existing IP routing protocols.
The other option is to create a new protocol to exchange
labels.
• The second option has been used because there are
too many existing IP routing protocols that would
have to be modified to carry labels.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
23
Label Distribution Protocol
• Defined in RFC 3036 and 3037
• Used to distribute labels in a MPLS network
• Forwarding equivalence class
How packets are mapped to LSPs (Label
Switched Paths)
• Advertise labels per FEC
Reach destination a.b.c.d with label x
• Neighbor discovery
Basic and extended discovery
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
24
MPLS Unicast IP Routing Architecture
LSR
Exchange of
routing information
Control plane
Routing protocol
IP routing table
Exchange of
labels
Incoming
IP packets
Incoming
labeled packets
Presentation_ID
Label distribution protocol
Data plane
IP forwarding table
Label forwarding table
© 2001, Cisco Systems, Inc. All rights reserved.
Outgoing
IP packets
Outgoing
labeled packets
25
MPLS Unicast IP Routing: Example
LSR
Control plane
OSPF:
10.0.0.0/8  1.2.3.4
RT:
10.0.0.0/8  1.2.3.4
OSPF: 10.0.0.0/8
LIB:
Data plane
10.1.1.1
L=5 10.1.1.1
Presentation_ID
FIB:
10.0.0.0/8  1.2.3.4
10.1.1.1
LFIB:
© 2001, Cisco Systems, Inc. All rights reserved.
26
MPLS Unicast IP Routing: Example
LSR
Control plane
LDP: 10.0.0.0/8, L=5
OSPF:
10.0.0.0/8  1.2.3.4
RT:
10.0.0.0/8  1.2.3.4
LIB:
10.0.0.0/8  Next-hop L=3, Local L=5
OSPF: 10.0.0.0/8
LDP: 10.0.0.0/8, L=3
Data plane
10.1.1.1
L=5 10.1.1.1
Presentation_ID
FIB:
LFIB:
10.0.0.0/8  1.2.3.4 , L=3
L=3 10.1.1.1
L=5  L=3
L=3 10.1.1.1
© 2001, Cisco Systems, Inc. All rights reserved.
27
Label Allocation in Packet-Mode MPLS
Environment
Label allocation and distribution in packet-mode MPLS
environment follows these steps:
1. IP routing protocols build the IP routing table.
2. Each LSR assigns a label to every destination in the IP
routing table independently.
3. LSRs announce their assigned labels to all other LSRs.
4. Every LSR builds its LIB, LFIB data structures based on
received labels.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
28
Building the IP Routing Table
Routing table of A
Network Next-hop
X
B
Routing table of B
Network Next-hop
X
C
Routing table of C
Network Next-hop
X
D
B
C
A
FIB on A
Network Next hop Label
X
B
—
E
Routing table of E
Network Next-hop
X
C
D
Network X
• IP routing protocols are used to build IP routing tables on all
LSRs.
• Forwarding tables (FIB) are built based on IP routing tables
with no labeling information.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
29
Allocating Labels
Routing table of B
Network Next-hop
X
C
A
Router B assigns label 25 to
destination X.
B
C
D
Network X
E
• Every LSR allocates a label for every destination in the IP
routing table.
• Labels have local significance.
• Label allocations are asynchronous.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
30
LIB and LFIB Set-up
Routing table of B
Network Next-hop
X
C
A
B
Label
25
LFIB on B
Action Next hop
E
pop
C
LIB on B
Network
LSR label
X
local
25
Router B assigns label 25 to
destination X.
C
D
Outgoing action is POP as B
has received no label
for X
Network X
from C.
Local label is stored in LIB.
LIB and LFIB structures have to be initialized on the LSR
allocating the label.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
31
Label Distribution
LIB on B
Network
LSR label
X
local
25
X = 25
A
X = 25
B
C
D
Network X
E
The allocated label is advertised to all neighbor LSRs,
regardless of whether the neighbors are upstream or
downstream LSRs for the destination.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
32
Receiving Label Advertisement
LIB on A
Network
LSR label
X
B
25
LIB on C
Network
LSR label
X
B
25
X = 25
A
X = 25
B
FIB on A
Network Next hop Label
X
B
25
C
D
Network X
E
LIB on E
Network
LSR label
X
B
25
• Every LSR stores the received label in its LIB.
• Edge LSRs that receive the label from their next-hop also store
the label information in the FIB.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
33
Interim Packet Propagation
Label lookup is performed
in LFIB, label is removed.
Label
25
IP: X
A
Lab: 25
LFIB on B
Action Next hop
pop
C
B
FIB on A
Network Next hop Label
X
B
25
IP: X
C
E
IP lookup is performed in
FIB, packet is labeled.
Forwarded IP packets are labeled only on the path segments
where the labels have already been assigned.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
34
Further Label Allocation
LIB on C
Network
LSR label
X
B
25
local
47
X = 47
A
B
C
E
D
Router C assigns label
Network X
47 to destination
X.
Label
47
LFIB on C
Action Next hop
pop
D
Every LSR will eventually assign a label for every destination.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
35
Receiving Label Advertisement
LIB on B
Network
LSR label
X
local
25
C
47
FIB on B
Network Next hop Label
X
C
47
X = 47
A
B
C
D
Network X
E
FIB on E
Network Next hop
X
C
Label
47
LIB on E
Network
LSR label
X
B
25
C
47
• Every LSR stores received information in its LIB.
• LSRs that receive their label from their next-hop LSR will also
populate the IP forwarding table (FIB).
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
36
Populating LFIB
FIB on B
Network Next hop Label
X
C
47
LIB on B
Network
LSR label
X
local
25
C
47
X = 47
A
Label
25
B
LFIB on B
Action Next hop
47
C
C
D
Network X
E
• Router B has already assigned label to X and created an entry
in LFIB.
• Outgoing label is inserted in LFIB after the label is received
from the next-hop LSR.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
37
Packet Propagation Across MPLS Network
Label lookup is performed
in LFIB, label is switched.
Ingress LSR
IP: X
A
Label
25
Lab: 25
LFIB on B
Action Next hop
47
C
B
FIB on A
Network Next hop Label
X
B
25
Lab: 47
Label
47
E
Egress LSR
C
IP: X
LFIB on C
Action Next hop
pop
D
IP lookup is performed in
FIB, packet is labeled.
Label lookup is performed
in LFIB, label is removed.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
38
Convergence in Packet-mode MPLS
Steady State Description
FIB on B
Network Next hop Label
X
C
47
Routing table of B
Network Next-hop
X
C
A
B
LIB on B
Network
LSR label
X
local
25
C
47
E
75
Label
25
C
D
Network X
E
LFIB on B
Action Next hop
47
C
• After the LSRs have exchanged the labels, LIB, LFIB and FIB
data structures are completely populated.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
39
Link Failure Actions
FIB on B
Network Next hop Label
X
C
47
Routing table of B
Network Next-hop
X
C
A
B
LIB on B
Network
LSR label
X
local
25
C
47
E
75
Label
25
Presentation_ID
LFIB on B
Action Next hop
47
C
© 2001, Cisco Systems, Inc. All rights reserved.

C
D
Network X
E
• Routing protocol neighbors and
LDP neighbors are lost after a
link failure.
• Entries are removed from
various data structures.
40
Routing Protocol Convergence
Routing table of B
Network Next-hop
X
E
A
FIB on B
Network Next hop Label
X
E
—
B
LIB on B
Network
LSR label
X
local
25
C
47
E
75
Label
25
Presentation_ID
LFIB on B
Action Next hop
47
C
© 2001, Cisco Systems, Inc. All rights reserved.

C
D
Network X
E
Routing protocols rebuild the IP
routing table and the IP
forwarding table.
41
MPLS Convergence
FIB on B
Network Next hop Label
X
E
75
Routing table of B
Network Next-hop
X
E
A
B
LIB on B
Network
LSR label
X
local
25
C
47
E
75
Label
25
Presentation_ID
LFIB on B
Action Next hop
75
E
© 2001, Cisco Systems, Inc. All rights reserved.

C
D
Network X
E
LFIB and labeling information in
FIB are rebuilt immediately after
the routing protocol convergence,
based on labels stored in LIB.
42
MPLS Convergence After a Link Failure
• MPLS convergence in packet-mode MPLS
does not impact the overall convergence
time.
• MPLS convergence occurs immediately after
the routing protocol convergence, based on
labels already stored in LIB.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
43
Link Recovery Actions
FIB on B
Network Next hop Label
X
E
75
Routing table of B
Network Next-hop
X
E
A
B
LIB on B
Network
LSR label
X
local
25
C
47
E
75
Label
25
Presentation_ID
C
D
Network X
E
• Routing protocol neighbors are
discovered after link recovery.
LFIB on B
Action Next hop
75
E
© 2001, Cisco Systems, Inc. All rights reserved.
44
IP Routing Convergence After Link
Recovery
FIB on B
Network Next hop Label
X
E
75
C
—
Routing table of B
Network Next-hop
C
X
E
A
B
LIB on B
Network
LSR label
X
local
25
C
47
E
75
Label
25
Presentation_ID
LFIB on B
Action Next hop
75
E
pop
C
© 2001, Cisco Systems, Inc. All rights reserved.
C
D
Network X
E
• IP routing protocols rebuild the IP
routing table.
• FIB and LFIB are also rebuilt, but
the label information might be
lacking.
45
MPLS Convergence After a Link Recovery
• Routing protocol convergence optimizes the forwarding
path after a link recovery.
• LIB might not contain the label from the new next-hop by
the time the IP convergence is complete.
• End-to-end MPLS connectivity might be intermittently
broken after link recovery.
• Use MPLS Traffic Engineering for make-before-break
recovery.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
46
LDP Session Establishment
• LDP and TDP use a similar process to establish a session:
Hello messages are periodically sent on all interfaces enabled for
MPLS.
If there is another router on that interface it will respond by trying
to establish a session with the source of the hello messages.
• UDP is used for hello messages. It is targeted at “all routers on
this subnet” multicast address (224.0.0.2).
• TCP is used to establish the session.
• Both TCP and UDP use well-known LDP port number 646 (711
for TDP).
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
47
LDP Neighbor Discovery
UDP:
Hello
UDP:
Hello
UDP:
Hello
(1.0.0.2:1064  224.0.0.2:646)
(1.0.0.2:1065

224.0.0.2:646)
(1.0.0.2:1066  224.0.0.2:646)
MPLS_B
1.0.0.2
MPLS_A
UDP:
Hello
UDP:
Hello
UDP:
Hello
(1.0.0.1:1050
 224.0.0.2:646)
(1.0.0.1:1051
(1.0.0.1:1052224.0.0.2:646)
224.0.0.2:646)
NO_MPLS_C
1.0.0.3
1.0.0.1
UDP:
UDP:Hello
Hello
UDP:
Hello
(1.0.0.4:1033
224.0.0.2:646)
(1.0.0.4:1034
224.0.0.2:646)
(1.0.0.4:1035  224.0.0.2:646)
MPLS_D
1.0.0.4
• LDP Session is established from the router with higher IP
address.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
48
LDP Session Negotiation
MPLS_A
1.0.0.1
Establish TCP session
MPLS_B
1.0.0.2
Initialization message
Initialization message
Keepalive
Keepalive
• Peers first exchange initialization messages.
• The session is ready to exchange label mappings
after receiving the first keepalive.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
49
Double Lookup Scenario
MPLS Domain
10.0.0.0/8
L=17
17
FIB
10/8  NH, 17
LFIB
35  17

10.0.0.0/8
L=18
10.1.1.1
18
FIB
10/8  NH, 18
LFIB
17  18

10.1.1.1
19
FIB
10/8  NH, 19
LFIB
18  19

• Double lookup is not an optimal way of
forwarding labeled packets.
10.0.0.0/8
L=19
10.0.0.0/8
10.1.1.1
10.1.1.1
FIB
10/8  NH
LFIB
19  untagged


Double lookup is needed:
1. LFIB: remove the label.
2. FIB: forward the IP
packet based on IP nexthop address.
• A label can be removed one hop earlier.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
50
Penultimate Hop Popping
Pop or implicit null
label is adveritsed.
MPLS Domain
10.0.0.0/8
L=17
17
FIB
10/8  NH, 17
LFIB
35  17

10.0.0.0/8
L=18
10.1.1.1
18
FIB
10/8  NH, 18
LFIB
17  18

10.0.0.0/8
L=pop
10.1.1.1
10.0.0.0/8
10.1.1.1
FIB
10/8  NH, 19
LFIB
18  pop

10.1.1.1
FIB
10/8  NH

LFIB
One single lookup.
• A label is removed on the router before the
last hop within an MPLS domain.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
51
Penultimate Hop Popping
• Penultimate hop popping optimizes MPLS
performace (one less LFIB lookup).
• PHP does not work on ATM (VPI/VCI cannot
be removed).
• Pop or implicit null label uses value 3 when
being advertised to a neighbor.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
52
LDP Messages
• Discovery messages
• Used to discover and maintain the presence of
new peers
• Hello packets (UDP) sent to all-routers multicast
address
• Once neighbor is discovered, the LDP session is
established over TCP
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
53
LDP Messages
• Session messages
• Establish, maintain and terminate LDP sessions
• Advertisement messages
• Create, modify, delete label mappings
• Notification messages
• Error signalling
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
54
Agenda
• Introduction to MPLS
• LDP
• MPLS VPN
• Monitoring MPLS
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
55
What Is a VPN?
• VPN is a set of sites which are allowed to
communicate with each other.
• VPN is defined by a set of administrative policies
Policies determine both connectivity and QoS
among sites.
Policies established by VPN customers.
Policies could be implemented completely by VPN service
providers.
Using BGP/MPLS VPN mechanisms
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
56
What Is a VPN? (Cont.)
• Flexible inter-site connectivity
Ranging from complete to partial mesh
• Sites may be either within the same or in different
organizations
VPN can be either intranet or extranet
• Site may be in more than one VPN
VPNs may overlap
• Not all sites have to be connected to the same service
provider
VPN can span multiple providers
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
57
IP VPN Taxonomy
IP VPNs
DIAL
ClientInitiated
DEDICATED
NASInitiated
Security
Appliance
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
IP
Tunnel
Router
Virtual
Circuit
FR
ATM
NetworkBased VPNs
RFC 2547
Virtual
Router
58
MPLS-VPN Terminology
• Provider Network (P-Network)
The backbone under control of a Service Provider
• Customer Network (C-Network)
Network under customer control
• CE router
Customer Edge router. Part of the C-network and
interfaces to a PE router
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
59
MPLS-VPN Terminology
• Site
Set of (sub)networks part of the C-network and colocated
A site is connected to the VPN backbone through one
or more PE/CE links
• PE router
Provider Edge router. Part of the P-Network and
interfaces to CE routers
• P router
Provider (core) router, without knowledge of VPN
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
60
MPLS-VPN Terminology
• Route-Target
64 bits identifying routers that should receive the
route
• Route Distinguisher
Attributes of each route used to uniquely identify
prefixes among VPNs (64 bits)
VRF based (not VPN based)
• VPN-IPv4 addresses
Address including the 64 bits Route Distinguisher
and the 32 bits IP address
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
61
MPLS-VPN Terminology
• VRF
VPN Routing and Forwarding Instance
Routing table and FIB table
Populated by routing protocol contexts
• VPN-Aware network
A provider backbone where MPLS-VPN is
deployed
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
62
MPLS VPN Connection Model
• A VPN is a collection of sites sharing a
common routing information (routing table)
• A site can be part of different VPNs
• A VPN has to be seen as a community of
interest (or Closed User Group)
• Multiple Routing/Forwarding instances
(VRF) on PE routers
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
63
MPLS VPN Connection Model
Site-4
Site-1
VPN-C
VPN-A
Site-3
Site-2
VPN-B
• A site belonging to different VPNs may or
MAY NOT be used as a transit point between
VPNs
• If two or more VPNs have a common site,
address space must be unique among these
VPNs
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
64
MPLS VPN Connection Model
• The VPN backbone is composed by MPLS LSRs
PE routers (edge LSRs)
P routers (core LSRs)
• PE routers are faced to CE routers and distribute
VPN information through
MP-BGP to other PE routers
VPN-IPv4 addresses, Extended Community,
Label
• P routers do not run BGP and do not have any VPN
knowledge
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
65
MPLS VPN Connection Model
VPN_A
VPN_A
iBGP sessions
10.2.0.0
CE
CE
11.5.0.0
VPN_A
VPN_B
10.2.0.0 CE
PE
P
P
P
P
PE
CE
10.1.0.0
VPN_A
11.6.0.0
VPN_B
CE
PE
PE
CE
VPN_B
10.3.0.0
10.1.0.0 CE
• P routers (LSRs) are in the core of the MPLS cloud
• PE routers use MPLS with the core and plain IP with
CE routers
• P and PE routers share a common IGP
• PE router are MP-iBGP fully meshed
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
66
MPLS VPN Connection Model
C
E Site-1
PE
EBGP,OSPF, RIPv2,Static
CE
Site-2
• PE and CE routers exchange routing
information through:
EBGP, OSPF , RIPv2, Static routing
• CE router run standard routing software
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
67
MPLS VPN Connection Model
C
E
CE
Site-1
PE
EBGP,OSPF, RIPv2,Static
VPN Backbone IGP (OSPF, ISIS)
Site-2
•
PE routers maintain separate routing tables
The global routing table
With all PE and P routes
Populated by the VPN backbone IGP (ISIS or OSPF)
VRF (VPN Routing and Forwarding)
Routing and Forwarding table associated with one or more directly
connected sites (CEs)
VRF are associated to (sub/virtual/tunnel)interfaces
Interfaces may share the same VRF if the connected sites may share
the same routing information
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
68
MPLS VPN Connection Model
C
E Site-1
PE
EBGP,OSPF, RIPv2,Static
VPN Backbone IGP
CE
Site-2
• The routes the PE receives from CE routers are
installed in the appropriate VRF
• The routes the PE receives through the backbone IGP
are installed in the global routing table
• By using separate VRFs, addresses need NOT to be
unique among VPNs
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
69
MPLS VPN Connection Model
• The Global Routing Table is populated by
IGP protocols.
• In PE routers it may contain the BGP
Internet routes (standard BGP-4 routes)
• BGP-4 (IPv4) routes go into global routing
table
• MP-BGP (VPN-IPv4) routes go into VRFs
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
70
MPLS VPN Connection Model
P
P
PE
PE
VPN Backbone IGP
P
P
iBGP session
• PE and P routers share a common IGP (ISIS or OSPF)
• PEs establish MP-iBGP sessions between them
• PEs use MP-BGP to exchange routing information
related to the connected sites and VPNs
VPN-IPv4 addresses, Extended Community, Label
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
71
MPLS VPN Connection Model
P
P
PE-2
PE-1
VPN-IPv4 update is translated
into IPv4 address (Net1) put
into VRF green since RT=Green
and advertised to CE-2
VPN Backbone IGP
BGP,RIPv2 update
for Net1,NextHop=CE-1
P
CE-1
VPN-IPv4 update:
RD:Net1, Next-hop=PE1
SOO=Site1, RT=Green,
Label=(intCE1)
Site-1
P
CE-2
Site-2
PE routers receive IPv4 updates (EBGP, RIPv2, Static…)
PE routers translate into VPN-IPv4
Assign a SOO and RT based on configuration
Re-write Next-Hop attribute
Assign a label based on VRF and/or interface
Send MP-iBGP update to all PE neighbors
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
72
MPLS VPN Connection Model
P
P
PE-2
PE-1
VPN Backbone IGP
BGP,OSPF, RIPv2
update for Net1
Next-Hop=CE-1
Site-1
CE-1
VPN-IPv4 update is translated
into IPv4 address (Net1) put
into VRF green since RT=Green
and advertised to CE-2
P
P
CE-2
Site-2
VPN-IPv4 update:
RD:Net1, Next-hop=PE1
SOO=Site1, RT=Green,
Label=(intCE1)
Receiving PEs translate to IPv4
Insert the route into the VRF identified by the
RT attribute (based on PE configuration)
The label associated to the VPN-IPv4 address will be
set on packet forwarded towards the destination
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
73
MPLS VPN Connection Model
• Route distribution to sites is driven by the Site of
Origin (SOO) and Route-target attributes
BGP Extended Community attribute
• A route is installed in the site VRF corresponding to
the Route-target attribute
Driven by PE configuration
• A PE which connects sites belonging to multiple
VPNs will install the route into the site VRF if the
Route-target attribute contains one or more VPNs to
which the site is associated
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
74
MPLS VPN Connection Model
MP-BGP Update
•
VPN-IPV4 address
Route Distinguisher
64 bits
Makes the IPv4 route globally unique
RD is configured in the PE for each VRF
RD may or may not be related to a site or a VPN
IPv4 address (32bits)
•
Extended Community attribute (64 bits)
Site of Origin (SOO): identifies the originating site
Route-target (RT): identifies the set of sites the route has to
be advertised to
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
75
MPLS VPN Connection Model
MP-BGP Update
Any other standard BGP attribute
Local Preference
MED
Next-hop
AS_PATH
Standard Community
...
A Label identifying:
The outgoing interface
The VRF where a lookup has to be done
The BGP label will be the second label in the
label stack of packets travelling in the core
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
76
MPLS VPN Connection Model
MP-BGP Update - Extended community
• BGP extended community attribute
Structured, to support multiple applications
64 bits for increased range
• General form
<16bits type>:<ASN>:<32 bit number>
Registered AS number
<16bits type>:<IP address>:<16 bit number>
Registered IP address
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
77
MPLS VPN Connection Model
MP-BGP Update - Extended community
• The Extended Community is used to:
Identify one or more routers where the route has
been originated (site)
Site of Origin (SOO)
Selects sites which should receive the route
Route-Target
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
78
MPLS VPN Connection Model
MP-BGP Update
• The Label can be assigned only by the router which
address is the Next-Hop attribute
PE routers re-write the Next-Hop with their own
address (loopback interface address)
“Next-Hop-Self” BGP command towards iBGP
neighbors
Loopback addresses are advertised into the
backbone IGP
• PE addresses used as BGP Next-Hop must be
uniquely known in the backbone IGP
No summarisation of loopback addresses in the core
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
79
MPLS Forwarding
Packet forwarding
• PE and P routers have BGP next-hop
reachability through the backbone IGP
• Labels are distributed through LDP (hop-by-hop)
corresponding to BGP Next-Hops
• Label Stack is used for packet forwarding
Top label indicates BGP Next-Hop (interior
label)
Second level label indicates outgoing interface
or VRF (exterior label)
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
80
MPLS Forwarding
Penultimate Hop Popping
CE1
IP
packet
P routers switch the
packets based on the IGP
label (label on top of the
stack)
PE1
Penultimate Hop
Popping
P2 is the penultimate
hop for the BGP nexthop
P2 remove the top label
This has been
requested through LDP
by PE2
PE2 receives the packets
with the label
corresponding to the
outgoing interface (VRF)
One single lookup
Label is popped and packet
sent to IP neighbor
CE2
IGP
Label(PE2)
VPN
IP Label
IP
packet
packet
PE1 receives IP packet
Lookup is done on site VRF
BGP route with Next-Hop and
Label is found
BGP next-hop (PE2) is reachable
through IGP route with
associated label
Presentation_ID
P1
© 2001, Cisco Systems, Inc. All rights reserved.
IGP
Label(PE2)
VPN
IP Label
VPN Label
P2
IP
packet
PE2
packet
CE3
81
Packet Forwarding Example 1
VPN_A
VPN_A
10.2.0.0
CE
CE
VPN_B
11.5.0.0
VPN_A
10.2.0.0 CE
PE2
P
P
P
P
PE
CE
10.1.0.0
VPN_A
11.6.0.0
VPN_B
CE
T8T2Data
Data
CE
PE1
VPN_B
10.3.0.0
10.1.0.0 CE
• Ingress PE receives normal IP
Packets from CE router
<RD_B,10.1>,, iBGP
iBGP next
hop
PE1, T2
<RD_B,10.2>
NH=
PE2
T1 T7 T8
• PE router does “IP Longest Match”
from VPN_B FIB , find iBGP next
hop PE2 and impose a stack of
labels:
exterior Label T2 + Interior Label
T8
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
<RD_B,10.2> , iBGP next hop PE2T2
<RD_B,10.3> , iBGP next hop PE3T3
<RD_A,11.6> , iBGP next hop PE1T4
<RD_A,10.1> , iBGP next hop PE4T5
<RD_A,10.4> , iBGP next hop PE4T6
T7
<RD_A,10.2> , iBGP next hop PE2
T8
T9
T7
TB
TB
T8
82
Packet Forwarding Example 1 (cont.)
VPN_A
VPN_A
10.2.0.0
CE
Data
CE
T2 Data
TB T2 Data
VPN_B
10.2.0.0 CE
PE2
P
11.5.0.0
VPN_A
P
PE
CE
10.1.0.0
VPN_A
11.6.0.0
VPN_B
TAT2 Data
P
CE
P
T8T2 Data
CE
PE1
10.1.0.0 CE
VPN_B
10.3.0.0
in / out
T7 Tu
T8,
T8 TA
Tw
T9 Tx
Ta Ty
Tb Tz
• All Subsequent P routers do switch the packet
Solely on Interior Label
• Egress PE router, removes Interior Label
• Egress PE uses Exterior Label to select which VPN/CE
to forward the packet to.
• Exterior Label is removed and packet routed to CE router
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
83
Packet Forwarding Example 2
A
12
130.130.10.1
B
12
130.130.11.3
• In VPN 12, host 130.130.10.1 sends a packet with
destination 130.130.11.3
• Customer sites are attached to Provider
Edge (PE) routers A & B.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
84
Packet Forwarding Example 2 (cont.)
1. Packet arrives on VPN 12
link on PE router A.
A
12
2. PE router A selects the
correct VPN forwarding table
based on the links’ VPN ID (12).
VPN-ID
VPN Site
Address
VPN Site
Label
Provider Edge
Router Address
PE
Label
12
130.130.10.0/24
26
172.68.1.11/32
42
12
130.130.11.0/24
989
172.68.1.2/32
101
...
...
...
...
...
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
85
Packet Forwarding Example 2 (cont.)
VPN-ID
VPN Site
Address
VPN Site
Label
Provider Edge
Router Address
PE
Label
12
130.130.10.0/24
26
172.68.1.11/32
42
12
130.130.11.0/24
989
172.68.1.2/32
101
...
...
...
...
...
A
12
3. PE router A matches
the incoming packet’s
destination address
with VPN 12’s
forwarding table.
101
989
130.130.11.3
Rest of IP packet
4. PE router A adds two
labels to the packet: one
identifying the destination
PE, and one identifying the
destination VPN site.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
86
Packet Forwarding Example 2 (cont.)
A
B
5. Packet is label-switched from PE router A to PE B based on
the top label, using normal MPLS.
The network core knows nothing about VPNs and sites: it
only knows how to get packets from A to B using MPLS.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
87
Packet Forwarding Example 2 (cont.)
B
12
130.130.11.3
6. PE router B identifies the correct
site in VPN 12 from the inner label.
7. PE router B removes the labels
and forwards the IP packet to the
correct VPN 12 site.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
88
MPLS VPN mechanisms
VRF and Multiple Routing Instances
• VRF: VPN Routing and Forwarding Instance
VRF Routing Protocol Context
VRF Routing Tables
VRF CEF Forwarding Tables
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
89
MPLS VPN mechanisms
VRF and Multiple Routing Instances
• VRF Routing table contains routes which should be
available to a particular set of sites
• Analogous to standard IOS routing table, supports
the same set of mechanisms
• Interfaces (sites) are assigned to VRFs
One VRF per interface (sub-interface, tunnel or virtualtemplate)
Possible many interfaces per VRF
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
90
MPLS VPN mechanisms
VRF and Multiple Routing Instances
Routing
processe
s
BGP
RIP
Routing
contexts
VRF Routing tables
• Routing processes run
within specific routing
contexts
• Populate specific VPN
routing table and FIBs
(VRF)
• Interfaces are assigned to
VRFs
VRF Forwarding
tables
Presentation_ID
Static
© 2001, Cisco Systems, Inc. All rights reserved.
91
MPLS VPN mechanisms
VRF and Multiple Routing Instances
Site-4
Logical view
Site-1
VPN-C
VPN-A
Site-3
Site-2
VPN-B
Multihop MP-iBGP
P
P
PE
VRF
for site-1
Site-1
routes
Site-2
routes
Site-1
Presentation_ID
Routing view
PE
VRF
for site-2
Site-1
routes
Site-2
routes
Site-3
routes
Site-2
VRF
for site-3
Site-2 routes
Site-3 routes
Site-4 routes
Site-3
© 2001, Cisco Systems, Inc. All rights reserved.
VRF
for site-4
Site-3 routes
Site-4 routes
Site-4
92
MPLS VPN Topologies
iBGP sessions
VPN_A
VPN_A
10.2.0.0
CE
CE
11.5.0.0
VPN_A
VPN_B
10.2.0.0 CE
PE
P
P
P
P
PE
CE
10.1.0.0
VPN_A
11.6.0.0
VPN_B
CE
PE
PE
CE
VPN_B
10.3.0.0
10.1.0.0 CE
• VPN-IPv4 address are propagated together with the associated
label in BGP Multiprotocol extension
• Extended Community attribute (route-target) is associated to
each VPN-IPv4 address, to populate the site VRF
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
93
MPLS VPN Topologies
VPN sites with optimal intra-VPN routing
• Each site has full routing knowledge of all
other sites (of same VPN)
• Each CE announces his own address space
• MP-BGP VPN-IPv4 updates are propagated
between PEs
• Routing is optimal in the backbone
Each route has the BGP Next-Hop closest to
the destination
• No site is used as central point for connectivity
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
94
MPLS VPN Topologies
VPN sites with optimal intra-VPN routing
Site-3
N3
Routing Table on
CE3
N1, PE3
N2, PE3
N3, Local
EBGP/RIP/Static
N3
NH=CE3
IntCE3
PE3
VRF
for site-1
N1,NH=CE
1
N2,NH=PE
2
N3,NH=PE
3
Routing Table on
CE1
N1, Local
N2, PE1
N3, PE1
PE1
VRF
for site-3
N1,NH=PE
1
N2,NH=PE
2
N3,NH=CE
3
VPN-IPv4 updates exchanged between
PEs
RD:N1, NH=PE1,Label=IntCE1, RT=Blue
RD:N2, NH=PE2,Label=IntCE2, RT=Blue
RD:N3, NH=PE3,Label=IntCE3, RT=Blue
IntCE
1
PE2
EBGP/RIP/Static
EBGP/RIP/Static
IntCE2
VRF
for site-2
N1,NH=PE
1
N2,NH=CE
2
N3,NH=PE
3
N2,NH=CE2
Site-2
N2
Routing Table on
CE2
N1,NH=PE2
N2,Local
N3,NH=PE2
N1
NH=CE1
Site-1
N1
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
95
MPLS VPN Topologies
VPN sites with Hub & Spoke routing
• One central site has full routing knowledge of
all other sites (of same VPN)
Hub-Site
• Other sites will send traffic to Hub-Site for any
destination
Spoke-Sites
• Hub-Site is the central transit point between
Spoke-Sites
Use of central services at Hub-Site
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
96
MPLS VPN Topologies
VPN sites with Hub & Spoke routing
VPN-IPv4 update advertised by PE1
RD:N1, NH=PE1,Label=IntCE1,
RT=Hub
Site-1
N1
CE1
Site-2
N2
CE2
IntCE1 VRF
(Import RT=Spoke)
(Export RT=Hub)
N1,NH=CE1 (exported)
N2,NH=PE3 (imported)
N3,NH=PE3 (imported
IntCE2 VRF
(Import RT=Spoke)
(Export RT=Hub)
N1,NH=PE3 (imported)
N2,NH=CE2 (exported)
N3,NH=PE3 (imported)
BGP/RIPv2
PE1
PE3
PE2
VPN-IPv4 update advertised by PE2
RD:N2, NH=PE2,Label=IntCE2,
RT=Hub
IntCE3-Hub VRF
(Import RT=Hub)
Site-3
CE3-Hub
N1,NH=PE1
N2,NH=PE2
IntCE3-Spoke
VRF
N3
(Export
CE3-Spoke
RT=Spoke)
N1,NH=CE3Spoke
BGP/RIPv2
N2,NH=CE3Spoke
VPN-IPv4N3,NH=CE3updates advertised by PE3
Spoke
RD:N1, NH=PE3,Label=IntCE3-Spoke,
RT=Spoke
RD:N2, NH=PE3,Label=IntCE3-Spoke,
RT=Spoke
RD:N3, NH=PE3,Label=IntCE3-Spoke,
RT=Spoke
• Routes are imported/exported into VRFs based on RT value
of the VPN-IPv4 updates
• PE3 uses 2 (sub)interfaces with two different VRFs
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
97
MPLS VPN Topologies
VPN sites with Hub & Spoke routing
Site-1
N1
CE1
IntCE1 VRF
(Import RT=Spoke)
(Export RT=Hub)
N1,NH=CE1 (exported)
N2,NH=PE3 (imported)
N3,NH=PE3 (imported
PE1
PE3
Site-2
N2
IntCE3-Hub VRF
(Import RT=Hub)
N1,NH=PE1
N2,NH=PE2
CE2
PE2
IntCE2 VRF
(Import RT=Spoke)
(Export RT=Hub)
N1,NH=PE3 (imported)
N2,NH=CE2 (exported)
N3,NH=PE3 (imported)
BGP/RIPv2
CE3-Hub
Site-3
N3
IntCE3-Spoke
VRF
(Export
RT=Spoke)
N1,NH=CE3Spoke
N2,NH=CE3Spoke
N3,NH=CE3Spoke
CE3-Spoke
BGP/RIPv2
• Traffic from one spoke to another will travel across the hub site
• Hub site may host central services
Security, NAT, centralised Internet access
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
98
MPLS VPN Internet Routing
• In a VPN, sites may need to have Internet
connectivity
• Connectivity to the Internet means:
Being able to reach Internet destinations
Being able to be reachable from any Internet source
• The Internet routing table is treated separately
• In the VPN backbone the Internet routes are in
the Global routing table of PE routers
• Labels are not assigned to external (BGP) routes
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
99
MPLS VPN Internet routing
VRF specific default route
• A default route is installed into the site
VRF and pointing to a Internet Gateway
• The default route is NOT part of any VPN
A single label is used for packets forwarded
according to the default route
The label is the IGP label corresponding to the
IP address of the Internet gateway
Known in the IGP
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
100
MPLS VPN Internet routing
VRF specific default route
• PE router originates CE routes for the Internet
Customer (site) routes are known in the site VRF
Not in the global table
The PE/CE interface is NOT known in the global table.
However:
A static route for customer routes and pointing to the
PE/CE interface is installed in the global table
This static route is redistributed into BGP-4 global table
and advertised to the Internet Gateway
• The Internet gateway knows customer routes and with
the PE address as next-hop
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
101
MPLS VPN Internet routing
VRF specific default route
• The Internet Gateway specified in the
default route (into the VRF) need NOT to
be directly connected
• Different Internet gateways can be used
for different VRFs
• Using default route for Internet routing
does NOT allow any other default route for
intra-VPN routing
As in any other routing scheme
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
102
MPLS VPN Internet routing
VRF specific default route
192.168.1.1
BGP-4
Internet
PE-IG
MP-BGP
PE
192.168.1.2
PE
Serial0
Site-1
Network 171.68.0.0/16
Site-2
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
ip vrf VPN-A
rd 100:1
route-target both 100:1
!
Interface Serial0
ip address 192.168.10.1 255.255.255.0
ip vrf forwarding VPN-A
!
Router bgp 100
no bgp default ipv4-unicast
network 171.68.0.0 mask 255.255.0.0
neighbor 192.168.1.1 remote 100
neighbor 192.168.1.1 activate
neighbor 192.168.1.1 next-hop-self
neighbor 192.168.1.1 update-source loopback0
!
address-family ipv4 vrf VPN-A
neighbor 192.168.10.2 remote-as 65502
neighbor 192.168.10.2 activate
exit-address-family
!
address-family vpnv4
neighbor 192.168.1.2 activate
exit-address-family
!
ip route 171.68.0.0 255.255.0.0 Serial0
ip route vrf VPN-A 0.0.0.0 0.0.0.0 192.168.1.1 glob
103
MPLS VPN Internet routing
VRF specific default route
192.168.1.1
IP packet
D=cisco.co
m
Internet
PE-IG
Label = 3
IP packet
D=cisco.co
m
192.168.1.2
PE
PE
Serial0
IP packet
D=cisco.co
m
Global Table and LFIB
192.168.1.1/32 Label=3
192.168.1.2/32 Label=5
...
Site-2 VRF
0.0.0.0/0 192.168.1.1
(global)
Site-1 routes
Site-2 routes
Site-1
Network 171.68.0.0/16
Site-2
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
104
MPLS VPN Internet routing
VRF specific default route
• PE routers need not to hold the Internet
table
• PE routers will use BGP-4 sessions to
originate customer routes
• Packet forwarding is done with a single
label identifying the Internet Gateway IP
address
More labels if Traffic Engineering is used
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
105
MPLS VPN Internet Routing
Separated (sub)interfaces
• If CE wishes to receive and announce routes
from/to the Internet
A dedicated BGP session is used over a separate (sub)
interface
The PE imports CE routes into the global routing table
and advertise them to the Internet
The interface is not part of any VPN and does not use
any VRF
Default route or Internet routes are exported to the CE
PE needs to have Internet routing table
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
106
MPLS VPN Internet Routing
Separated (sub)interfaces
• The PE uses separate (sub)interfaces with
the CE
One (sub)interface for VPN routing
associated to a VRF
Can be a tunnel interface
One (sub)interface for Internet routing
Associated to the global routing table
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
107
MPLS VPN Internet Routing
Separated (sub)interfaces
192.168.1.1
BGP-4
Internet
PE-IG
PE
MP-BGP
192.168.1.2
Serial0.1
PE
Serial0.2
BGP-4
Site-1
Network 171.68.0.0/16
Site-2
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
ip vrf VPN-A
rd 100:1
route-target both 100:1
!
Interface Serial0
no ip address
!
Interface Serial0.1
ip address 192.168.10.1 255.255.255.0
ip vrf forwarding VPN-A
!
Interface Serial0.2
ip address 171.68.10.1 255.255.255.0
!
Router bgp 100
no bgp default ipv4-unicast
neighbor 192.168.1.1 remote 100
neighbor 192.168.1.1 activate
neighbor 192.168.1.1 next-hop-self
neighbor 192.168.1.1 update-source loopback0
neighbor 171.68.10.2 remote 502
!
address-family ipv4 vrf VPN-A
neighbor 192.168.10.2 remote-as 502
neighbor 192.168.10.2 activate
exit-address-family
!
address-family vpnv4
neighbor 192.168.1.2 activate
exit-address-family
108
MPLS VPN Internet Routing
Separated (sub)interfaces
192.168.1.1
IP packet
D=cisco.co
m
Internet
PE-IG
Label = 3
IP packet
D=cisco.co
m
192.168.1.2
PE
Serial0.1
PE
Serial0.1
Site-1
PE Global Table
Internet routes --->
192.168.1.1
192.168.1.1, Label=3
Serial0.2
IP packet
D=cisco.co
m
Serial0.2
CE routing table
Site-2 routes ---->
Serial0.1
Network 171.68.0.0/16 Internet routes --->
Serial0.2
Site-2
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
109
Scaling
• Existing BGP techniques can be used to scale
the route distribution: route reflectors
• Each edge router needs only the information
for the VPNs it supports
Directly connected VPNs
• RRs are used to distribute VPN routing
information
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
110
MPLS-VPN
Scaling BGP
Route Reflectors
VPN_A
RR
10.2.0.0
VPN_A
RR
CE 11.5.0.0
CE
VPN_B
10.2.0.0 CE
VPN_B
P
P
P
PE2
VPN_A
11.6.0.0
P
CE
PE
PE
PE1
VPN_A
CE 10.1.0.0
CE VPN_B
10.3.0.0
10.1.0.0 CE
• Route Reflectors may be partitioned
Each RR store routes for a set of VPNs
• Thus, no BGP router needs to store ALL VPNs
information
• PEs will peer to RRs according to the VPNs they
directly connect
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
111
MPLS-VPN Scaling
BGP updates filtering
iBGP full mesh between PEs results in flooding all
VPNs routes to all PEs
Scaling problems when large amount of routes. In
addition PEs need only routes for attached VRFs
Therefore each PE will discard any VPN-IPv4 route
that hasn’t a route-target configured to be imported
in any of the attached VRFs
This reduces significantly the amount of information
each PE has to store
Volume of BGP table is equivalent of volume of
attached VRFs (nothing more)
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
112
MPLS-VPN Scaling
BGP updates filtering
VPN-IPv4 update:
RD:Net1, Next-hop=PEX
SOO=Site1, RT=Green,
Label=XYZ
Import RT=yellow
PE
VRFs for VPNs
yellow
green
MP-iBGP sessions
Import RT=green
VPN-IPv4 update:
RD:Net1, Next-hop=PEX
SOO=Site1, RT=Red,
Label=XYZ
Each VRF has an import and export policy configured
Policies use route-target attribute (extended community)
PE receives MP-iBGP updates for VPN-IPv4 routes
If route-target is equal to any of the import values
configured in the PE, the update is accepted
Otherwise it is silently discarded
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
113
MPLS-VPN Scaling
Route Refresh
Import RT=yellow
PE
2. PE issue a RouteRefresh to all neighbors
in order to ask for retransmission
Import RT=green
Import RT=red
1. PE doesn’t have red
routes (previously filtered
out)
VPN-IPv4 update:
RD:Net1, Next-hop=PEX
SOO=Site1, RT=Green,
Label=XYZ
VPN-IPv4 update:
RD:Net1, Next-hop=PEX
SOO=Site1, RT=Red,
Label=XYZ
3. Neighbors re-send
updates and “red”
route-target is now
accepted
Policy may change in the PE if VRF modifications are done
• New VRFs, removal of VRFs
However, the PE may not have stored routing information
which become useful after a change
PE request a re-transmission of updates to neighbors
• Route-Refresh
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
114
MPLS-VPN Scaling
Outbound Route Filters - ORF
Import RT=yellow
PE
2. PE issue a ORF
message to all neighbors
in order not to receive red
routes
Import RT=green
1. PE doesn’t need
red routes
VPN-IPv4 update:
RD:Net1, Next-hop=PEX
SOO=Site1, RT=Green,
Label=XYZ
VPN-IPv4 update:
RD:Net1, Next-hop=PEX
SOO=Site1, RT=Red,
Label=XYZ
3. Neighbors
dynamically configure
the outbound filter and
send updates
accordingly
PE router will discard update with unused route-target
Optimization requires these updates NOT to be sent
Outbound Route Filter (ORF) allows a router to tell its
neighbors which filter to use prior to propagate BGP
updates
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
115
MPLS VPN - Configuration
• VPN knowledge is on PE routers
• PE router have to be configured for
VRF and Route Distinguisher
VRF import/export policies (based on Route-target)
Routing protocol used with CEs
MP-BGP between PE routers
BGP for Internet routers
With other PE routers
With CE routers
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
116
MPLS VPN - Configuration
VRF and Route Distinguisher
• RD is configured on PE routers (for each VRF)
• VRFs are associated to RDs in each PE
• Common (good) practice is to use the same RD for
the same VPN in all PEs
But not mandatory
• VRF configuration command
ip vrf <vrf-symbolic-name>
rd <route-distinguisher-value>
route-target import <community>
route-target export <community>
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
117
CLI - VRF configuration
ip vrf site1
rd 100:1
route-target export
100:1
route-target import
100:1
ip vrf site2
rd 100:2
route-target export
100:2
route-target import
100:2
route-target import
100:1
route-target export
100:1
Site-4
Site-1
VPN-A
Presentation_ID
Site-3
Site-2
VPN-B
Multihop MP-iBGP
P
P
PE1
VRF
for site-1
(100:1)
Site-1 routes
Site-2 routes
Site-1
ip vrf site3
rd 100:3
route-target export 100:2
route-target import 100:2
route-target import 100:3
route-target export 100:3
ip vrf site-4
rd 100:4
route-target export 100:3
route-target import 100:3
VPN-C
PE2
VRF
for site-2
(100:2)
Site-1 routes
Site-2 routes
Site-3 routes
Site-2
© 2001, Cisco Systems, Inc. All rights reserved.
VRF
for site-3
(100:3)
Site-2 routes
Site-3 routes
Site-4 routes
Site-3
VRF
for site-4
(100:4)
Site-3 routes
Site-4 routes
Site-4
118
MPLS VPN - Configuration
PE/CE routing protocols
• PE/CE may use BGP, RIPv2 or Static routes
• A routing context is used for each VRF
• Routing contexts are defined within the routing
protocol instance
Address-family router sub-command
Router rip
version 2
address-family ipv4 vrf <vrf-symbolicname> …
any common router sub-command …
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
119
MPLS VPN - Configuration
PE/CE routing protocols
• BGP uses same “address-family” command
Router BGP <asn>
...
address-family ipv4 vrf <vrf-symbolicname>
…
any common router BGP sub-command
…
• Static routes are configured per VRF
ip route vrf <vrf-symbolic-name> …
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
120
MPLS VPN - Configuration
PE router commands
• All show commands are VRF based
Show ip route vrf <vrf-symbolic-name> ...
Show ip protocol vrf <vrf-symbolic-name>
Show ip cef <vrf-symbolic-name> …
…
• PING and Telnet commands are VRF based
telnet /vrf <vrf-symbolic-name>
ping vrf <vrf-symbolic-name>
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
121
MPLS VPN - Configuration
PE/CE routing protocols
ip vrf site1
rd 100:1
route-target export 100:12
route-target import 100:12
ip vrf site2
rd 100:2
route-target export 100:12
route-target import 100:12
route-target import 100:23
route-target export 100:23
!
interface Serial3/6
ip vrf forwarding site1
ip address 192.168.61.6
255.255.255.0
encapsulation ppp
!
interface Serial3/7
ip vrf forwarding site2
ip address 192.168.62.6
255.255.255.0
encapsulation ppp
Site-4
Site-1
VPN-A
Site-3
Site-2
VPN-B
Multihop MP-iBGP
P
P
PE1
PE2
VRF
for site-1
(100:1)
Site-1
routes
Site-2
routes
VRF
for site-2
(100:2)
Site-1 routes
Site-2 routes
Site-3 routes
Site-1
Presentation_ID
VPN-C
© 2001, Cisco Systems, Inc. All rights reserved.
Site-2
VRF
for site-3
(100:3)
Site-2
routes
Site-3
routes
Site-4
routes
Site-3
VRF
for site-4
(100:4)
Site-3 routes
Site-4 routes
ip vrf site3
rd 100:3
route-target export 100:23
route-target import 100:23
route-target import 100:34
route-target export 100:34
ip vrf site-4
rd 100:4
route-target export 100:34
route-target import 100:34
!
interface Serial4/6
ip vrf forwarding site3
ip address 192.168.73.7
255.255.255.0
encapsulation ppp
!
interface Serial4/7
ip vrf forwarding site4
ip address 192.168.74.7
255.255.255.0
encapsulation ppp
Site-4
122
MPLS VPN - Configuration
PE/CE routing protocols
router bgp 100
no bgp default ipv4-unicast
neighbor 7.7.7.7 remote-as 100
neighbor 7.7.7.7 update-source
Loop0
!
address-family ipv4 vrf site2
neighbor 192.168.62.2 remote-as
65502
neighbor 192.168.62.2 activate
exit-address-family
!
address-family ipv4 vrf site1
neighbor 192.168.61.1 remote-as
65501
neighbor 192.168.61.1 activate
exit-address-family
!
address-family vpnv4
neighbor 7.7.7.7 activate
neighbor 7.7.7.7 next-hop-self
exit-address-family
Site-4
Site-1
VPN-A
Site-3
Site-2
VPN-B
Multihop MP-iBGP
P
P
PE1
PE2
VRF
for site-1
(100:1)
Site-1
routes
Site-2
routes
VRF
for site-2
(100:2)
Site-1 routes
Site-2 routes
Site-3 routes
Site-1
Presentation_ID
VPN-C
© 2001, Cisco Systems, Inc. All rights reserved.
Site-2
VRF
for site-3
(100:2)
Site-2
routes
Site-3
routes
Site-4
routes
Site-3
router bgp 100
no bgp default ipv4-unicast
neighbor 6.6.6.6 remote-as 100
neighbor 6.6.6.6 update-source
Loop0
!
address-family ipv4 vrf site4
neighbor 192.168.74.4 remote-as
65504
neighbor 192.168.74.4 activate
exit-address-family
!
address-family ipv4 vrf site3
neighbor 192.168.73.3 remote-as
65503
neighbor 192.168.73.3 activate
exit-address-family
!
address-family vpnv4
neighbor 6.6.6.6 activate
neighbor 6.6.6.6 next-hop-self
exit-address-family
VRF
for site-4
(100:3)
Site-3 routes
Site-4 routes
Site-4
123
Summary
• Supports large scale VPN services
• Increases value add by the VPN Service Provider
• Decreases Service Provider’s cost of providing VPN
services
• Mechanisms are general enough to enable VPN
Service Provider to support a wide range of VPN
customers
• See RFC2547
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
124
Point-to-point connections vs
BGP/MPLS VPNs: routing peering
CE
Site
Mesh of point-to-point
connections requires each
(virtual) router to maintain O(n)
peering (where n is the number
of sites)
does not scale to VPNs with
large number of sites (due to
the properties of existing
routing protocols)
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
Routing peering
PE
All other sites
Amount of routing peering
maintained by CE is O(1) - CE peers
only with directly attached PE
independent of the total number
of sites within a VPN
scales to VPNs with large
number of sites (100s - 1000s
sites per VPN)
125
Point-to-point connections vs BGP/MPLS
VPNs: provisioning
New
Site
CE
PE
All other sites
Config
change
Mesh of point-to-point
connections requires O(n)
configuration changes (where n
is the number of sites) when
adding a new site
New
Site
Config
change
Amount of configuration changes
needed to add a new site (new CE)
is O(1):
need to configure only the
directly attached PE
independent of the total number
of sites within a VPN
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
126
Agenda
• Introduction to MPLS
• LDP
• MPLS VPN
• Monitoring MPLS
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
127
Basic MPLS Monitoring Commands
router(config)#
show tag-switching tdp parameters
• Displays TDP parameters on the local router.
router(config)#
show tag-switching interface
show mpls interface
12.1(3)T
• Displays MPLS status on individual interfaces.
router(config)#
show tag-switching tdp discovery
• Displays all discovered TDP neighbors.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
128
show tag-switching tdp parameters
Router#show tag-switching tdp parameters
Protocol version: 1
No tag pool for downstream tag distribution
Session hold time: 180 sec; keep alive interval: 60
sec
Discovery hello: holdtime: 15 sec; interval: 5 sec
Discovery directed hello: holdtime: 180 sec;
interval: 5 sec
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
129
show tag-switching interface
Router#show tag-switching interface detail
Interface Serial1/0.1:
IP tagging enabled
TSP Tunnel tagging not enabled
Tagging operational
MTU = 1500
Interface Serial1/0.2:
IP tagging enabled
TSP Tunnel tagging not enabled
Tagging operational
MTU = 1500
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
130
show tag-switching tdp discovery
Router#show tag-switching tdp discovery
Local TDP Identifier:
192.168.3.102:0
TDP Discovery Sources:
Interfaces:
Serial1/0.1: xmit/recv
TDP Id: 192.168.3.101:0
Serial1/0.2: xmit/recv
TDP Id: 192.168.3.100:0
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
131
More TDP Monitoring Commands
router(config)#
show tag-switching tdp neighbor
• Displays individual TDP neighbors.
router(config)#
show tag-switching tdp neighbor detail
• Displays more details about TDP neighbors.
router(config)#
show tag-switching tdp bindings
• Displays Tag Information Base (TIB).
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
132
show tag tdp neighbor
Router#show tag-switching tdp neighbors
Peer TDP Ident: 192.168.3.100:0; Local TDP Ident
192.168.3.102:0
TCP connection: 192.168.3.100.711 - 192.168.3.102.11000
State: Oper; PIEs sent/rcvd: 55/53; ; Downstream
Up time: 00:43:26
TDP discovery sources:
Serial1/0.2
Addresses bound to peer TDP Ident:
192.168.3.10
192.168.3.14
192.168.3.100
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
133
show tag tdp neighbor detail
Router#show tag-switching tdp neighbors detail
Peer TDP Ident: 192.168.3.100:0; Local TDP Ident 192.168.3.102:0
TCP connection: 192.168.3.100.711 - 192.168.3.102.11000
State: Oper; PIEs sent/rcvd: 55/54; ; Downstream; Last TIB
rev sent 26
UID: 1; Up time: 00:44:01
TDP discovery sources:
Serial1/0.2; holdtime: 15000 ms, hello interval: 5000 ms
Addresses bound to peer TDP Ident:
192.168.3.10
192.168.3.14
192.168.3.100
Peer holdtime: 180000 ms; KA interval: 60000 ms; Peer state:
estab
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
134
show tag tdp bindings
Router#show tag tdp bindings
tib entry: 192.168.3.1/32, rev 9
local binding: tag: 28
remote binding: tsr: 19.16.3.3:0,
tib entry: 192.168.3.2/32, rev 8
local binding: tag: 27
remote binding: tsr: 19.16.3.3:0,
tib entry: 192.168.3.3/32, rev 7
local binding: tag: 26
remote binding: tsr: 19.16.3.3:0,
tib entry: 192.168.3.10/32, rev 6
local binding: tag: imp-null(1)
remote binding: tsr: 19.16.3.3:0,
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
tag: 28
tag: 27
tag: imp-null(1)
tag: 26
135
Monitoring Label Switching
router(config)#
show tag-switching forwarding-table
show mpls forwarding-table
• Displays contents of Label Forwarding Information
Base.
router(config)#
show ip cef detail
• Displays label(s) attached to a packet during label
imposition on edge LSR.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
136
Monitoring Label Switching
Monitoring LFIB
Router#show tag-switching forwarding-table ?
A.B.C.D
Destination prefix
detail
Detailed information
interface
Match outgoing interface
next-hop
Match next hop neighbor
tags
Match tag values
tsp-tunnel TSP Tunnel id
|
Output modifiers
<cr>
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
137
show tag-switching forwarding-table
Router#show tag-switching forwarding-table detail
Local Outgoing
Prefix
Bytes tag Outgoing
tag
tag or VC
or Tunnel Id
switched
interface
26
Untagged
192.168.3.3/32
0
Se1/0.3
MAC/Encaps=0/0, MTU=1504, Tag Stack{}
27
Pop tag
192.168.3.4/32
0
Se0/0.4
MAC/Encaps=4/4, MTU=1504, Tag Stack{}
20618847
28
29
192.168.3.4/32
0
Se1/0.3
MAC/Encaps=4/8, MTU=1500, Tag Stack{29}
18718847 0001D000
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
Next Hop
point2point
point2point
point2point
138
show ip cef detail
Router#show ip cef 192.168.20.0 detail
192.168.20.0/24, version 23, cached adjacency to Serial1/0.2
0 packets, 0 bytes
tag information set
local tag: 33
fast tag rewrite with Se1/0.2, point2point, tags imposed: {32}
via 192.168.3.10, Serial1/0.2, 0 dependencies
next hop 192.168.3.10, Serial1/0.2
valid cached adjacency
tag rewrite with Se1/0.2, point2point, tags imposed: {32}
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
139
Debugging Label Switching and TDP
router(config)#
debug tag-switching tdp ...
• Debugs TDP adjacencies, session establishment,
and label bindings exchange.
router(config)#
debug tag-switching tfib ...
debug mpls lfib …
12.1(3)T
• Debugs Tag Forwarding Information Base events:
label creations, removals, rewrites.
router(config)#
debug tag-switching packets [ interface ]
debug mpls packets [ interface ]
12.1(3)T
• Debugs labeled packets switched by the router.
• Disables fast or distributed tag switching.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
140
Common Frame-Mode MPLS Symptoms
• TDP/LDP session does not start.
• Labels are not allocated or distributed.
• Packets are not labeled although the labels have
been distributed.
• MPLS intermittently breaks after an interface failure.
• Large packets are not propagated across the
network.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
141
TDP Session Startup Issues: 1/4
Symptom
TDP neighbors are not discovered.
show tag tdp discovery does not display expected TDP neighbors.
Diagnosis
MPLS is not enabled on adjacent router.
Verification
Verify with show tag interface on the adjacent router.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
142
TDP Session Startup Issues: 2/4
Symptom
TDP neighbors are not discovered.
Diagnosis
Label distribution protocol mismatch - TDP on one end,
LDP on the other end.
Verification
Verify with show tag interface detail on both routers.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
143
TDP Session Startup Issues: 3/4
Symptom
TDP neighbors are not discovered.
Diagnosis
Packet filter drops TDP/LDP neighbor discovery packets.
Verification
Verify access-list presence with show ip interface.
Verify access-list contents with show access-list.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
144
TDP Session Startup Issues: 4/4
Symptom
TDP neighbors discovered, TDP session is not established.
show tdp neighbor does not display a neighbor in Oper
state.
Diagnosis
Connectivity between loopback interfaces is broken - TDP
session is usually established between loopback
interfaces of adjacent LSRs.
Verification
Verify connectivity with extended ping command.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
145
Label Allocation Issues
Symptom
Labels are not allocated for local routes.
show tag-switching forwarding-table does not display any labels
Diagnosis
CEF is not enabled.
Verification
Verify with show ip cef.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
146
Label Distribution Issues
Symptom
Labels are allocated, but not distributed.
show tag-switching tdp bindings on adjacent LSR does not display labels
from this LSR
Diagnosis
Problems with conditional label distribution.
Verification
Debug label distribution with debug tag tdp advertisement.
Examine the neighbor TDP router IDP with show tag tdp discovery.
Verify that the neighbor TDP router ID is matched by the access list
specified in tag advertise command.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
147
Packet Labeling
Symptom
Labels are distributed, packets are not labeled.
show interface statistic does not labeled packets being sent
Diagnosis
CEF is not enabled on input interface (potentially due to conflicting
feature being configured).
Verification
Verify with show cef interface.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
148
show cef interface
Router#show cef interface
Serial1/0.1 is up (if_number 15)
Internet address is 192.168.3.5/30
ICMP redirects are always sent
Per packet loadbalancing is disabled
IP unicast RPF check is disabled
Inbound access list is not set
Outbound access list is not set
IP policy routing is disabled
Interface is marked as point to point interface
Hardware idb is Serial1/0
Fast switching type 5, interface type 64
IP CEF switching enabled
IP CEF VPN Fast switching turbo vector
Input fast flags 0x1000, Output fast flags 0x0
ifindex 3(3)
Slot 1 Slot unit 0 VC -1
Transmit limit accumulator 0x0 (0x0)
IP MTU 1500
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
149
Intermittent MPLS Failures after Interface
Failure
Symptom
Overall MPLS connectivity in a router intermittently breaks after an
interface failure.
Diagnosis
IP address of a physical interface is used for TDP/LDP identifier.
Configure a loopback interface on the router.
Verification
Verify local TDP identifier with show tag-switching tdp neighbors.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
150
Packet Propagation
Symptom
Large packets are not propagated across the network.
Extended ping with varying packet sizes fails for packet sizes close to 1500
In some cases, MPLS might work, but MPLS/VPN will fail.
Diagnosis
Tag MTU issues or switches with no support for jumbo frames in the
forwarding path.
Verification
Trace the forwarding path; identify all LAN segments in the path.
Verify Tag MTU setting on routers attached to LAN segments.
Check for low-end switches in the transit path.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
151
Summary
After completing this lesson, you will be able to
perform the following tasks:
Describe procedures for monitoring MPLS on IOS
platforms.
List the debugging commands associated with label
switching, LDP and TDP.
Identify common configuration or design errors.
Use the available debugging commands in real-life
troubleshooting scenarios.
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
152
Customer Reference
Session Number
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
153
Cisco’s MPLS Is Proven
150+ Deployments Today
Americas
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
EMEA
APT/Japan
154
Thank you.
Session Number
Presentation_ID
© 2001, Cisco Systems, Inc. All rights reserved.
155