Du-MPLS
Short Description
Download Du-MPLS...
Description
Introduction to MPLS
Gary Day
MPLS Training - Basic
© 2005 Cisco Systems, Inc. All rights reserved. Version 2.0 Oct-2005
Cisco Confidential
1
1
Business Drivers for MPLS
© 2003 Cisco Systems, Inc. All rights reserved.
2
Changing Telecom Landscape Old World
New World
Infrastructure
Circuit-Switched
Packet-Switched
Traffic
Voice-Centric
Data-Centric
Services Focus
Transport
IP Value-Added
Private Networks
FR-Based VPNs
IP-Based VPNs
Business Networks
In-House
Outsourced
OSS
Network-Based
Service-Based
MPLS Training - Basic
3
Customer Requirements
IP Intranet
Remote Offices
MPLS Training - Basic
Telecommuters Mobile Users
IP Extranet
Customers Suppliers Partners
4
Service Provider Requirements Content
Private Voice Networks
Hosting
Managed Intranets
Multimedia
Service Portfolio
MPLS Training - Basic
5
The Barriers
• Frame Relay and ATM services are available:
• Carriers’ customers want IP services:
They provide connectionoriented service
They need connectionless IP services
They have inflexible point-topoint bandwidth guarantees
They need more flexible IP quality of service guarantees
But they have good privacy
MPLS Training - Basic
They need more privacy than the Internet provides 6
The Solution - MPLS • MULTI-PROTOCOL LABEL SWITCHING • A mechanism that delivers the best of both worlds: PRIVACY and QOS of ATM, Frame Relay FLEXIBILITY and SCALABILITY of IP
• Foundation for IP business services Flexible grouping of users and value-added services
• Low cost managed IP services scales to large and small private networks
MPLS Training - Basic
7
MPLS Concepts
© 2003 Cisco Systems, Inc. All rights reserved.
8
MPLS concepts • Packet forwarding is done based on labels • Labels assigned when the packet enters the network • Labels inserted between layer 2 and layer 3 headers • MPLS nodes forward packets based on the label • Separates ROUTING from FORWARDING Routing uses IP addresses Forwarding uses Labels
• Labels can be stacked
MPLS Training - Basic
9
MPLS Capabilities
© 2003 Cisco Systems, Inc. All rights reserved.
10
Relevant MPLS Capabilities • The ability to FORWARD on and STACK LABELS allows MPLS to provide some useful features including: • IP+ATM Integration Provides Layer 3 intelligence in ATM switches
• Virtual Private Networks Layer 3 – Provider has knowledge of customer routing Layer 2 – Provider has no knowledge of customer routing
• Traffic Engineering Force traffic along predetermined paths
MPLS Training - Basic
11
Traditional IP over ATM
• Put routers around the edge of an ATM network • Connect routers using Permanent Virtual Circuits • This does not provide optimal integration of IP and ATM MPLS Training - Basic
12
MPLS VPN – Layer 3 Connection-Oriented VPN Topology
• Private, connectionless IP VPNs • Outstanding scalability • Customer IP addressing freedom
VPN B
VPN A VPN C VPN B
VPN C
• Multiple QoS classes VPN A
• Secure support for intranets and extranets
VPN A
VPN B
• Easy to provide Intranet/Extranet/ 3rd Party ASP • Support over any access or backbone technology
VPN C
Connectionless VPN Topology
VPN C VPN B
VPN A
VPN B
VPN A VPN C
VPN C
VPN B
VPN A
Determines VPN on PE Router
IP Packet MPLS Training - Basic
VPN Label
Determines PE Router
IGP Label
VPN A VPN B VPN C VPN A
VPN B
VPN C
13
Why Providers like MPLS VPN… vs
MPLS VPN Network
Build once, Sell once
MPLS Training - Basic
Build once, Sell many
14
MPLS VPN – Layer 2 • Additional Capabilities: Virtual leased line service Offer “PVC-like” Layer 2-based service
• Reduced cost—consolidate multiple core technologies into a single packet-based network infrastructure • Simpler provisioning of L2 services
L2 Pseudowire/Emulated VC L2 Frames Attachment Circuit Attachment Circuit
• Attractive to Enterprise that wish keep routing private Determines VC inside the tunnel
L2 Frame MPLS Training - Basic
VC Label
Determines PE Router end point
Tunnel Label 15
Traffic Engineering • Why traffic engineer? Optimise link utilisation Specific paths by customer or class
Route chosen by IP routing protocol
Route specified by traffic engineering
Balance traffic load
• Traffic follows pre-specified path • Path differs from normally routed path • Controls packet flows across a L2 or L3 network Determines LSP next hop contrary to IGP
IP Packet MPLS Training - Basic
VPN Label
IGP Label
TE Label 16
MPLS Components
© 2003 Cisco Systems, Inc. All rights reserved.
17
MPLS Components • Edge Label Switching Routers (ELSR or PE) Label previously unlabeled packets - at the beginning of a Label Switched Path (LSP) Strip labels from labeled packets - at the end of an LSP
• Label Switching Routers (LSR or P) Forward labeled packets based on the information carried by labels
MPLS Training - Basic
18
MPLS Components CE
P
PE
ELSR
LSR
PE LSR
LSR
MPLS Training - Basic
ELSR
ELSR
ELSR
C Network (Customer Control)
CE
LSR
P Network (Provider Control)
C Network (Customer Control)
19
Functional Components • Forwarding component: Uses label information carried in a packet and label binding information maintained by a Label Switching Router to forward the packet
• Control component: Responsible for maintaining correct label binding information among Label Switching Routers
MPLS Training - Basic
20
Forwarding Component • Label Forwarding Information Base (LFIB) • Each entry consists of: incoming label outgoing label outgoing interface outgoing MAC address
• LFIB is indexed by incoming label • LFIB could be either per Label Switching Router or per interface
MPLS Training - Basic
21
Forwarding Component • IOS Label Forwarding Code is based on Cisco Express Forwarding (CEF) Maintenance of label rewrite structures in LFIB Recursive route resolution IP to label switching (label imposition) path
MPLS Training - Basic
22
Forwarding Component • Forwarding algorithm: Extract label from a packet Find an entry in the LFIB with the INCOMING LABEL equal to the label in the packet Replace the label in the packet with the OUTGOING LABEL (from the found entry) Send the packet on the outgoing interface (from the found entry)
MPLS Training - Basic
23
Label Header (Shim) Bit
1
2
3
4
5
6
7
8 1
Label
EXP TTL Label EXP S TTL
S
3
Byte
2
4
Label Value (20 bits) Class of Service (3 bits) Bottom of Stack (1 bit) Time to Live
• Can be used over Ethernet, 802.3, or PPP links • Ethertype 0x8847 • Four octets per label in stack
MPLS Training - Basic
24
Label Encapsulation Packet over SONET/SDH Ethernet Frame Relay PVC ATM PVC’s Subsequent cells
PPP
Label
IP header
Data
Ethernet
Label
IP Header
Data
Frame Relay
Label
IP Header
Data
ATM Header
Label
IP Header
Data
ATM Header
F R A M E
Data
Label ATM label switching
GFC VPI
VCI
PTI CLP HEC IP Header
Subsequent cells
GFC VPI
VCI
PTI CLP HEC
Data
Data
C E L L
Label MPLS Training - Basic
25
Control Component • Labels can be distributed by several protocols TDP/LDP – from IGP routes RSVP – for traffic engineering paths BGP – for VPN routes
• Responsible for binding between labels and routes: Create label binding (local) Distributing label binding information among Label Switching Routers
MPLS Training - Basic
26
MPLS Forwarding Decisions • Packets are forwarded based on the label value • IP header and forwarding decision have been decoupled for better flexibility • No need to strictly follow unicast destination based routing • Allows to have distinct forwarding decision based on different control component Destination unicast routing, Traffic Engineering Multicast, VPN, QoS
MPLS Training - Basic
27
Basic MPLS Forwarding
© 2003 Cisco Systems, Inc. All rights reserved.
28
MPLS: Forwarding
MPLS Training - Basic
29
MPLS: Forwarding Existing routing protocols (e.g. OSPF, IGRP) establish routes
MPLS Training - Basic
30
MPLS: Forwarding Label Distribution Protocol (e.g., LDP) establishes label to routes mappings
MPLS Training - Basic
31
MPLS: Forwarding Label Distribution Protocol (e.g., LDP) creates LFIB entries on LSRs IN OUT I/F MAC 16 32 S0/0 aa-00-bb 18 27 S0/0 aa-00-cc
IN OUT I/F MAC 32 64 S0/0 aa-00-bb 27 18 S0/1 aa-00-cc
MPLS Training - Basic
IN OUT Null Null -
IN OUT 64 POP 65 POP
I/F MAC E0/0 aa-00-bb E0/1 aa-00-cc
I/F MAC S0/0 aa-00-bb S0/1 aa-00-cc
32
MPLS: Forwarding Ingress edge LSR receives packet, performs Layer 3 value-added services, and “label” packets IN OUT I/F MAC 16 32 S0/0 aa-00-bb 18 27 S0/0 aa-00-cc
IN OUT I/F MAC 32 64 S0/0 aa-00-bb 27 18 S0/1 aa-00-cc
MPLS Training - Basic
IN OUT Null Null -
IN OUT 64 POP 65 POP
I/F MAC E0/0 aa-00-bb E0/1 aa-00-cc
I/F MAC S0/0 aa-00-bb S0/1 aa-00-cc
33
MPLS: Forwarding LSRs forward labelled packets using label swapping IN OUT I/F MAC 16 32 S0/0 aa-00-bb 18 27 S0/0 aa-00-cc
IN OUT I/F MAC 32 64 S0/0 aa-00-bb 27 18 S0/1 aa-00-cc
MPLS Training - Basic
IN OUT Null Null -
IN OUT 64 POP 65 POP
I/F MAC E0/0 aa-00-bb E0/1 aa-00-cc
I/F MAC S0/0 aa-00-bb S0/1 aa-00-cc
34
MPLS: Forwarding Edge LSR at egress removes remaining label* and delivers packet IN OUT I/F MAC 16 32 S0/0 aa-00-bb 18 27 S0/0 aa-00-cc
IN OUT I/F MAC 32 64 S0/0 aa-00-bb 27 18 S0/1 aa-00-cc
IN OUT Null Null -
IN OUT 64 POP 65 POP
I/F MAC E0/0 aa-00-bb E0/1 aa-00-cc
I/F MAC S0/0 aa-00-bb S0/1 aa-00-cc
* Pentulimate hop popping actually occurs. There may may not necessarily be a label in the packet at the ultimate or egress LSR. MPLS Training - Basic
35
Basic Application Framed Based MPLS
© 2003 Cisco Systems, Inc. All rights reserved.
36
Traditional Routing Route Distribution
1 0
1
0
128.89
You Can Reach 128.89 thru Me You Can Reach 128.89 and 171.69 thru me
2 171.69
Routing Updates (OSPF, EIGRP…) MPLS Training - Basic
You Can Reach 171.69 thru Me
37
Traditional Routing Packet Routing
1 0
1
Data | 128.89.25.4 Data | 128.89.25.4
0
128.89
Data | 128.89.25.4
2
Data | 128.89.25.4
171.69
Packets Forwarded Based on IP Address MPLS Training - Basic
38
MPLS Forwarding In/Out Label Fields Out Label
Out Label
Out Label
1 0
1
0
128.89
2 171.69
MPLS Training - Basic
39
Frame Based MPLS Assigning Labels Out Label
Out Label
Out Label
1 0
1
0
128.89
Pop Label for 128.89 Use Label 27 for 128.89 Use Label 29 for 171.69
Unsolicited Downstream Label Allocation MPLS Training - Basic
2 171.69
Use Label 22 for 171.69
40
Frame Based MPLS Packet Forwarding Out Label
Out Label
Out Label
1 0
1
Data
Data
128.89.25.4
Data
171.69.21.7
MPLS Training - Basic
0
Data
128.89.25.4 27
Data
171.69.21.7 29
2
128.89.25.4
Data
128.89 128.89.25.4
Penultimate Hop (Pop the label) 171.69
Data
171.69.21.7 22
41
Basic Application Hierarchical Routing
© 2003 Cisco Systems, Inc. All rights reserved.
42
Internet Scalability Out Label
Out Label
Out Label
1 0
1
0
Loopback 150.10.1.1 EBGP I can reach… 128.89,136.50 156.50,119.10 via the BGP next hop 150.10.1.1 using only label 18! MPLS Training - Basic
128.89 136.50 156.50 119.10
2
EBGP
Loopback 150.10.1.2
171.69 127.18 204.162 43
Basic Application Cell Based MPLS (IP+ATM)
© 2003 Cisco Systems, Inc. All rights reserved.
44
MPLS and ATM • Label Switching Steps: Make forwarding decision using fixed-length Label Rewrite label with new value Similar to ATM cell switching
• Key differences: Label set up: LDP vs ATM Forum Signaling Label granularity: Per-prefix
MPLS Training - Basic
45
MPLS and ATM • Common forwarding paradigm label swapping = ATM switching
• Use ATM user plane use VPI/VCI for labels Label is applied to each cell, not whole packet
• Replace ATM Forum control plane with the MPLS control component: Network Layer routing protocols (e.g., OSPF, BGP, PIM) + Label Distribution Protocol (e.g., LDP)
MPLS Training - Basic
46
Label Distribution for ATM • Uses LDP in “Downstream on Demand” mode • Referred to as Cell Based MPLS (rather than Frame Based MPLS) • Label Virtual Circuit (LVC) labels are requested when topology changes • Precedence can be associated with Label Virtual Circuit (LVC) • Some LDP extensions for negotiation of ATM specific parameters
MPLS Training - Basic
47
Summary and Benefits
© 2003 Cisco Systems, Inc. All rights reserved.
48
Summary • MPLS allows flexible packet classification and network resources optimisation • Labels are distributed by different protocols LDP, RSVP, BGP
• Different distribution protocols may co-exist in the same LSR • Labels have local (LSR) significance No need for global (domain) wide label allocation/ numbering
MPLS Training - Basic
49
Benefits of MPLS • De-couples IP packet forwarding from the information carried in the IP header of the packet • Provides multiple routing paradigms (e.g., destination-based, explicit routing, VPN, multicast, CoS, etc…) over a common forwarding algorithm (label swapping) • Facilitates integration of ATM and IP - from control plane point of view an MPLS-capable ATM switch looks like a router
MPLS Training - Basic
50
LDP
© 2003 Cisco Systems, Inc. All rights reserved.
51
LDP
© 2003 Cisco Systems, Inc. All rights reserved.
52
Label Distribution Protocol (LDP) • The fundamental concept in MPLS based networks is the meaning of the label • The Label Distribution Protocol (LDP) provides a set of methods that allow an Label Switch Router (LSR) to share a particular label and its association with other LSRs
MPLS Training - Basic
53
LDP Overview • IETF standard protocol RFC 3036 Distributes bindings for MPLS forwarding along normally routed paths
• Runs in parallel with routing protocols • Neighbor discovery with UDP (646) • Incremental updates over TCP (646) • Other label distribution mechanisms can run in parallel • Descendent of Cisco proprietary Tag Distribution Protocol (TDP)
MPLS Training - Basic
54
LDP Introduction • LDP is not the only protocol that can share knowledge about labels: TDP (Cisco specific)
• And other protocols have been extended to support label distribution:
MPLS Training - Basic
BGP
(rfc3107)
RSVP
(draft-ietf-mpls-rsvp-lsp-tunnel-09.txt )
PIM
Under development
55
Terminology – Upstream and Downstream
Label Switch Path (LSP) direction! (Packet flow)! Destination IP-Prefix
Source
Upstream! platform!
Downstream! platform!
Label binding {Label, IP-Prefix}!
MPLS Training - Basic
56
Terminology • Label Information Base (LIB) A data structure that holds locally assigned labels and labels learned from LDP peers
• Label Forwarding Information Base (LFIB) A data structure and way of managing forwarding in which destinations and incoming labels are associated with outgoing interfaces and labels. The LFIB can be updated by routing changes and label advertisements from peers
• Forwarding Equivalence Class (FEC) Groups of packets that are forwarded over the same Label Switch Path
MPLS Training - Basic
57
LIB and LFIB structures 156.50.20.0
156.50.20.0
Label
Distribution!
156.50.20.0
Label
Distribution!
Label
Distribution!
S0/2! S0/1!
Label Information Base (LIB)!
S0/0!
Routing Information Base (RIB)!
Destination
In Label
(Peer, Out Label)
Destination
Interface
156.50.20.0/24
27
(R2:0, 32), (R3:0, 56), (R4:0, 85)
156.50.20.0/24
S0/0
Label Forwarding Information Base (LFIB)! Destination
In Label
Out Label
Interface
156.50.20.0/24
27
85
S0/0
MPLS Training - Basic
58
Basic Configuration ip cef mpls ip mpls label protocol ldp mpls ldp router-id loopback0
Use LDP protocol as opposed to TDP
interface e0/0 ip address 10.10.20.0 255.255.255.0 mpls ip
Use loopback when establishing LDP session
Enables LDP on this interface
MPLS Training - Basic
59
Label Space
© 2003 Cisco Systems, Inc. All rights reserved.
60
Concepts • LSRs must be able to distinguish between labelled packets A label corresponds to a particular Forwarding Equivalence Class (FEC)
• LSR can distribute the same label/FEC mapping to different neighbours • Same label can be assigned to different FECs if and only if the LSR can distinguish the interface from which the packet will arrive That is, the LSR can identify who the upstream neighbour that inserted the label
MPLS Training - Basic
61
Classes of Label Space • There are two classes of label spaces: INTERFACE LABEL SPACE the label is specific to a particular interface. This is generally found (but not restricted to) in ATM interfaces in MPLS cell mode– which uses the VPI/VCI fields as labels. PLATFORM LABEL SPACE the label value/meaning is not specific to an interface, but can be understood by a number of interfaces on the same box. This is generally found in frame mode (This is the Cisco implementation for Frame Mode)
MPLS Training - Basic
62
Per Interface Label Space • Per interface label space Label are unique in a per interface base Used over ATM interfaces Label = VCs With interface label space, an LSR will accept labelled packets from upstream neighbours only if the labels have been previously advertised to that neighbour. No label spoofing Useful when interconnecting MPLS domains
MPLS Training - Basic
63
Per Interface Label Space LFIB on Router C Destination
Incoming I/F
IN VPI/VCI
Outgoing I/F
OUT VPI/VCI
156.50.4.0/24
ATM 0/0
1/73
ATM 1/3
1/339
156.50.4.0/24
ATM 1/0
1/73
ATM 1/3
1/342
A
ATM 1/3
ATM 0/0 ATM 1/0
C
D 156.50.4.0/24
B
• LFIB on an LSR contains incoming interface.! • Labels have to be assigned for individual interfaces.! • The same label can be reused (with a different meaning) on different interfaces.! • Label allocation is secure – LSRs cannot send packets with labels that were not assigned to them.! MPLS Training - Basic
64
Per Platform Label Space LFIB on Router C Destination X A
X=25!
IN Label XOUT Label Next Hop = 25! 25
38
C
Router D D
X=38!
E X
B
• LFIB on a LSR does not contain an incoming interface.! • The same label can be used on any interface and is announced to all adjacent LSRs.! • The label is announced to adjacent LSRs only once and can be used on any link.! • Per-platforms label-space is less secure than per-interface label space.! MPLS Training - Basic
65
LDP Identifier & Sessions
© 2003 Cisco Systems, Inc. All rights reserved.
66
LDP Identifier a! b! c! d! LSR ID!
n! Label Space ID!
• LSR ID The LSR ID is a four byte number that identifies a specific LSR. These four bytes must be unique in the network. Generally they are derived from an interface on the LSR. In IOS (by default) this is the highest IP address, or highest IP address of a loopback– if it is available.
• Label Space ID A two byte number that identifies a specific label space on the LSR. The label space id 0x00 is reserved for the platform label space (This is the Cisco default for Frame based MPLS)
• LDP Identifier The six byte concatenation of the LSR ID and LABEL SPACE ID results in the LDP Identifier. This uniquely identifies the label space.
• Example: 156.50.10.1:0 MPLS Training - Basic
67
LDP Identifier – IOS Commands router#show mpls ldp discovery detail Local LDP Identifier: Local LSR ID, global space 200.200.200.200:0 Discovery Sources: Remote LSR ID discovered Interfaces: Ethernet0/0 (ldp): xmit/recv LDP Id: 10.10.10.10:0 Src IP addr: 100.50.0.2; Transport IP addr: 10.10.10.10
router(config)#mpls ldp router-id loopback0 force Force will change the LSR ID immediately, rather than waiting for reload or current ID being removed
MPLS Training - Basic
68
LDP Session • Each LDP identifier has a separate LDP session per neighbour Each LSR label space has its own distinct LDP session Multiple links between adjacent routers use the same session
• Each session has its own TCP (646) connection and discovery process.
MPLS Training - Basic
69
LDP Sessions and Label Space Single LDP Session! 1.0.0.1:0! 1.0.0.1:0!
POS!
POS!
POS! 1.0.0.1:0!
Per Platform Label Space!
1.0.0.1:10! ATM!
Two LDP Sessions!
Ethernet! 1.0.0.1:0!
Per Platform Label Space!
ATM! 1.0.0.1:20!
Per Interface Label Space!
• One LDP session is established for each announced LDP identifier (Router ID + Label Space). • The number of LDP sessions is determined by the number of different label spaces. MPLS Training - Basic
70
LDP Neighbor Discovery
© 2003 Cisco Systems, Inc. All rights reserved.
71
LDP Neighbor Discovery • Basic Discovery Directly connected LSRs Discovered through hello packets Sent to multicast all-routers-in-subnet address
• Extended discovery Non-directly connected LSRs (e.g., across TE path) Targeted hello packets to specific address Discovery is asymmetric (one in each direction)
• Once discovery is done, LDP sessions are established over TCP (646) MPLS Training - Basic
72
Basic LDP Discovery B
UDP: Hello! (1.0.0.2:1064 224.0.0.2:646)!
A MPLS_A!
.0.1:646)!
UDP: Hello! (1.0.0.1:1050 224.0.0.2:646)!
1.0.0.1! TCP (1. 0
.0.4:106
5 1.0
.0.1:646
)!
UDP: Hello! (1.0.0.4:1033 224.0.0.2:646)!
TCP (1.0.0.4:1066 1.0.0.2:646)!
TCP
43 1.0 (1.0.0.2:10
MPLS_B!
1.0.0.2! NO MPLS! C NO_MPLS_C!
1.0.0.3!
D MPLS_!
1.0.0.4! • LDP Session is established from the LSR with higher transport address. The establishing router is called the Active LSR. MPLS Training - Basic
73
Extended LDP Discovery • LDP neighbor discovery of non adjacent neighbors Differs from normal discovery only in the addressing of hello packets
• Targeted hello packets use unicast IP address Instead of multicast address
• Extended discovery is asymmetric • Once a neighbor is discovered, the mechanism to establish a session is the same.
MPLS Training - Basic
74
LDP Sessions - Non directly connected LSR Normally routed path 133.0.0.33
R7!
R6!
R5!
R1! 118.1.1.1
R8!
R9! Targeted LDP session
R2!
R3!
R4! Traffic Engineered Path R1 – R8
UDP: Hello! (118.1.1.1:1052 133.0.0.33)! UDP: Hello! (133.0.0.33:1052 118.1.1.1)! MPLS Training - Basic
75
LDP Identifier – IOS Commands Router# show mpls ldp discovery Local LDP Identifier: 118.1.1.1:0 Discovery Sources: Interfaces: Targeted Hello being sent POS2/0 (ldp): xmit/recv LDP Id: 155.0.0.55:0 Tunnel1 (ldp): Targeted -> 133.0.0.33 Targeted Hellos: 118.1.1.1 -> 133.0.0.33 (ldp): active, xmit/recv LDP Id: 133.0.0.33:0 Targeted LDP session is active across the tunnel interface
MPLS Training - Basic
76
Targeted Configuration ip cef mpls ip mpls label protocol ldp mpls ldp router-id loopback0 interface tunnel0 tunnel destination 10.20.10.1 mpls ip Enables LDP with target of 10.20.10.1 mpls ldp discovery targeted-hellos accept
If this command is entered then it means that the router will accept and LDP hellos from other end and establish session
MPLS Training - Basic
77
Label Stacking across tunnel interface R7!
R6!
R5!
R8!
R2!
R3!
R4!
TE!
TE!
TE!
LDP!
LDP!
LDP!
LDP!
Packet!
Packet!
Packet!
Packet!
R9!
R1!
Labels
MPLS Training - Basic
78
LDP Session Establishment
© 2003 Cisco Systems, Inc. All rights reserved.
79
LDP Session Negotiation A MPLS_A!
1.0.0.1!
B MPLS_B!
1.0.0.2!
• Peers first exchange initialization messages. • The session is ready to exchange label mappings after receiving the first keepalive.
MPLS Training - Basic
80
LDP Session Negotiation A MPLS_A!
1.0.0.1!
B Establish TCP session!
MPLS_B!
1.0.0.2! Initialization message!
• Peers first exchange initialization messages. • The session is ready to exchange label mappings after receiving the first keepalive.
MPLS Training - Basic
81
LDP Session Negotiation A MPLS_A!
1.0.0.1!
B Establish TCP session!
MPLS_B!
1.0.0.2! Initialization message! Initialization message! Keepalive!
• Peers first exchange initialization messages. • The session is ready to exchange label mappings after receiving the first keepalive.
MPLS Training - Basic
82
LDP Session Negotiation A MPLS_A!
1.0.0.1!
B Establish TCP session!
MPLS_B!
1.0.0.2! Initialization message! Initialization message! Keepalive! Keepalive! Address message ….!
• Peers first exchange initialization messages. • The session is ready to exchange label mappings after receiving the first keepalive.
MPLS Training - Basic
83
LDP Session Maintenance • LSRs maintain their session by: Continued periodic transmission of discovery Hello packets to indicate willingness to label switch on link Periodic transmission of keepalive messages on session TCP connection to monitor integrity of TCP connection
• In session establishment, if there is a Init fatal notification, there is an backoff starting at less than 15 seconds and exponentially increasing to 2 minutes. Only the active LSR does this. • Hello configuration TLV could be used to speed up session establishment.
MPLS Training - Basic
84
LDP Neighbours – IOS command Unsolicited downstream label allocation router#show mpls ldp neighbor Peer LDP Ident: 10.13.1.52:0; Local LDP Ident 10.13.1.59:0 TCP connection: 10.13.1.52.646 - 10.13.1.59.12331 State: Oper; Msgs sent/rcvd: 143/144; Downstream Up time: 00:00:55 LDP discovery sources: FastEthernet9/0/0, Src IP addr: 10.13.5.22 Addresses bound to peer LDP Ident: 10.13.1.52 10.13.5.18 200.37.52.5 200.6.52.13 10.13.0.52 10.13.5.22
These are the interface IP addresses of the LDP peer 10.13.1.52 MPLS Training - Basic
85
LDP Session Detail – IOS Command router#show mpls ldp neighbor detail Peer LDP Ident: 10.13.1.52:0; Local LDP Ident 10.13.1.59:0 TCP connection: 10.13.1.52.646 - 10.13.1.59.12331 State: Oper; Msgs sent/rcvd: 150/153; Downstream; Last TIB rev sent 1138 Up time: 00:07:49; UID: 74; Peer Id 0; Hello holdtime, Hello Interval LDP discovery sources: FastEthernet9/0/0; Src IP addr: 10.13.5.22 holdtime: 15000 ms, hello interval: 5000 ms Addresses bound to peer LDP Ident: 10.13.1.52 10.13.5.18 200.37.52.5 200.6.52.13 10.13.0.52 10.13.5.22 Peer holdtime: 180000 ms; KA interval: 60000 ms; Peer state: estab
LDP TCP session holdtime, keepalive interval
MPLS Training - Basic
86
Label Distribution, Control and Retention
© 2003 Cisco Systems, Inc. All rights reserved.
87
Label Distribution Methods Router
IP+ATM
Control
Independent
Ordered
Retention
Liberal
Conservative
Advertisement
Unsolicited Downstream
On-demand
• Control
Whether labels are distributed regardless if there an outgoing label is available for the prefix
• Retention
Whether received labels are kept on local router
• Advertisement
Whether labels are distributed if requested
• The modes shown here are generally how Router and ATM switches are configured for MPLS MPLS Training - Basic
88
Label Distribution: Unsolicited Downstream
A
B
C
B X
B
• Label for a prefix is allocated and advertised to all neighbor LSRs, regardless of whether the neighbors are upstream or downstream LSRs for the destination.! MPLS Training - Basic
89
Label Distribution: Unsolicited Downstream LIB on Router B" Network
LSR
Label
X
Local
25
X = 25! A
X = 25! B
C
E X
D
• Label for a prefix is allocated and advertised to all neighbor LSRs, regardless of whether the neighbours are upstream or downstream LSRs for the destination.! MPLS Training - Basic
90
Label Distribution: Downstream on Demand Routing Table B"
Routing Table C"
Routing Table D"
Routing Table E"
Network
Next-Hop
Network
Next-Hop
Network
Next-Hop
Network
Next-Hop
X
C
X
D
X
E
X
Conn
RQ X! B
C
D
E X
• A LSR can always assign a label for a prefix, even if it has no downstream label. ! • Independent control can only be used for LSRs with layer-3 capabilities.! MPLS Training - Basic
91
LSP Control: Independent Control Routing Table B"
Routing Table C"
Routing Table D"
Routing Table E"
Network
Next-Hop
Network
Next-Hop
Network
Next-Hop
Network
Next-Hop
X
C
X
D
X
E
X
Conn
RQ X! B
C
D
E X
LFIB on Router C Destination X
IN Label XOUT Label Next Hop = 25! 37
-
Router E
• A LSR can always assign a label for a prefix, even if it has no downstream label. ! • Independent control can only be used for LSRs with layer-3 capabilities.! MPLS Training - Basic
92
LSP Control: Independent Control Routing Table B"
Routing Table C"
Routing Table D"
Routing Table E"
Network
Next-Hop
Network
Next-Hop
Network
Next-Hop
Network
Next-Hop
X
C
X
D
X
E
X
Conn
RQ X! B
C
D
E
X=37!
X
LFIB on Router C Destination X
IN Label XOUT Label Next Hop = 25! 37
-
Router E
• A LSR can always assign a label for a prefix, even if it has no downstream label. ! • Independent control can only be used for LSRs with layer-3 capabilities.! MPLS Training - Basic
93
LSP Control: Ordered Control Network
Next-Hop
Network
Next-Hop
Network
Next-Hop
Network
Next-Hop
X
C
X
D
X
E
X
Conn
RQ X! B
RQ X! C
RQ X! D
X=37!
X=17!
E
X=82!
X
LFIB on Router C Destination X
IN Label XOUT Label Next Hop = 25! 37
17 -
Router E
• A LSR can only assign a label if it has already received a label from the next-hop LSR; otherwise it must request a label from the next-hop LSR. Used in IP+ATM switches! MPLS Training - Basic
94
Label Retention: Liberal Retention Mode LIB on Router A"
LIB on Router C"
Network
LSR
Label
Network
LSR
Label
X
B -
25 -
X
B -
25 -
X = 25! A
X = 25! B
C
E X
D
LIB on Router D" Network
LSR
Label
X
B -
25 -
• Every LSR stores the received label in its LIB, even when the label is not received from a next-hop LSR.! • Liberal retention mode improves convergence speed.! MPLS Training - Basic
95
Label Retention: Conservative Retention Mode LIB on Router A"
LIB on Router C"
Network
LSR
Label
Network
LSR
Label
X
B -
25 -
X
-
-
X = 25! A
X = 25! B
C
E X
D
LIB on Router D" Network
LSR
Label
X
-
-
• LSR stores only the labels received from next-hop LSRs; all other labels are ignored.! • Downstream-on-demand distribution is required during the convergence phase.! MPLS Training - Basic
96
Some IOS commands
© 2003 Cisco Systems, Inc. All rights reserved.
97
IOS Show commands router#sh mpls ldp neig | inc TCP TCP connection: 10.7.0.1.646 - 10.7.0.3.11011 TCP connection: 10.7.0.5.11026 - 10.7.0.3.646 TCP connection: 10.7.0.6.11024 - 10.7.0.3.646 TCP connection: 10.7.0.9.11034 - 10.7.0.3.646 router#show mpls ldp bind 10.5.0.8 255.255.255.252 tib entry: 10.5.0.8/30, rev 46 local binding: tag: 33 LIB structure remote binding: tsr: 10.7.0.5:0, tag: 17 remote binding: tsr: 10.7.0.1:0, tag: 29 remote binding: tsr: 10.7.0.6:0, tag: 19 This one chosen remote binding: tsr: 10.7.0.9:0, tag: 20 router#show tag for 10.5.0.8 Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel Id switched interface 33 20 10.5.0.8/30 0 Et3/0 10.5.0.17 LFIB structure MPLS Training - Basic
98
IOS Show commands router#show ip route 10.5.0.8 Routing entry for 10.5.0.8/30 Known via "ospf 1", distance 110, metric 30, type intra area Last update from 10.5.0.17 on Ethernet3/0, 1w0d ago Routing Descriptor Blocks: * 10.5.0.17, from 10.7.0.2, 1w0d ago, via Ethernet3/0 Route metric is 30, traffic share count is 1 router#show mpls ldp neig 10.7.0.9 Peer LDP Ident: 10.7.0.9:0; Local LDP Ident 10.7.0.3:0 TCP connection: 10.7.0.9.11034 - 10.7.0.3.646 State: Oper; Msgs sent/rcvd: 12932/12965; Downstream Up time: 1w0d LDP discovery sources: Ethernet3/0, Src IP addr: 10.5.0.17 Addresses bound to peer LDP Ident: 10.5.0.17 10.7.0.9 10.5.0.38 10.5.0.46 10.6.3.1 10.5.0.57 10.6.3.5 10.5.0.21
MPLS Training - Basic
99
VPN Concepts
© 2003 Cisco Systems, Inc. All rights reserved.
100
What is an MPLS-VPN? • An IP network infrastructure delivering private network services over a public infrastructure Use a layer 3 backbone Scalability, easy provisioning Global as well as non-unique private address space QoS Controlled access Easy configuration for customers
MPLS Training - Basic
101
VPN Models • There are two basic types of design models that deliver VPN functionality Overlay Model Peer Model
MPLS Training - Basic
102
The Overlay model • Private trunks over a TELCO/SP shared infrastructure Leased/Dialup lines FR/ATM circuits IP (GRE) tunnelling
• Transparency between provider and customer networks • Optimal routing requires full mesh over over backbone
MPLS Training - Basic
103
The Peer model • Both provider and customer network use same network protocol and control plane • CE and PE routers have routing adjacency at each site • All provider routers hold the full routing information about all customer networks • Private addresses are not allowed • May use the virtual router capability Multiple routing and forwarding tables based on Customer Networks
MPLS Training - Basic
104
MPLS-VPN = True Peer model • MPLS-VPN is similar in operation to peer model • Provider Edge routers receive and hold routing information only about VPNs directly connected • Reduces the amount of routing information a PE router will store • Routing information is proportional to the number of VPNs a router is attached to • MPLS is used within the backbone to switch packets (no need of full routing)
MPLS Training - Basic
105
MPLS VPN Connection Model
© 2003 Cisco Systems, Inc. All rights reserved.
106
MPLS VPN Connection Model • A VPN is a collection of sites sharing a common routing information (routing table) • A site can be part of different VPNs • A VPN has to be seen as a community of interest (or Closed User Group) • Multiple Routing/Forwarding instances (VRF) on PE
MPLS Training - Basic
107
MPLS VPN Connection Model Site-4! Site-1!
VPN-C!
VPN-A! Site-3!
Site-2!
VPN-B!
• A site belonging to different VPNs may or MAY NOT be used as a transit point between VPNs • If two or more VPNs have a common site, address space must be unique among these VPNs MPLS Training - Basic
108
MPLS VPN Connection Model • The VPN backbone is composed by MPLS LSRs PE routers (edge LSRs) P routers (core LSRs)
• The customer router connecting to the VPN backbone is called the Customer Edge (CE) • PE routers are faced to CE routers and distribute VPN information through MP-BGP to other PE routers VPN-IPv4 addresses, Extended Community, Label
• P routers do not run MP-BGP and do not have any VPN knowledge MPLS Training - Basic
109
MPLS VPN Components CE
PE
ELSR
P LSR
PE LSR
LSR
MPLS Training - Basic
ELSR
ELSR
ELSR
C Network (Customer Control)
CE
LSR
P Network (Provider Control)
C Network (Customer Control)
110
PE–CE Routing
© 2003 Cisco Systems, Inc. All rights reserved.
111
PE-CE Routing CE1 PE CE2
PE-CE routing!
• PE and CE routers exchange routing information through eBGP, Static, OSPF, ISIS, RIP, EIGRP • The CE router runs standard routing software, not aware it is connected to a VPN network MPLS Training - Basic
112
PE-CE routing protocols • Static/BGP are the most scalable Single PE router can support 100s or 1000s of CE routers
• BGP is the most flexible Particularly for multi-homing but not popular with Enterprise Very useful if Enterprise requires Internet routes
• Use the others to meet customer requirements OSPF popular with Enterprises – but sucks up processes EIGRP not popular with Service Providers (Cisco proprietary) IS-IS less prevalent in Enterprise environments RIPv2 provides very simple functionality MPLS Training - Basic
113
Routing Protocol Contexts
BGP
Routing processes
RIP
Static • Routing processes run within specific routing contexts
Routing contexts
BGP 1
BGP 2
BGP 3
RIP 1
• Populate specific VPN routing table and FIBs (VRF)
RIP 2
• Interfaces are assigned to VRFs" VRF Routing tables VRF Forwarding tables
MPLS Training - Basic
VRF Site A
VRF Site B
VRF Site C
114
OSPF and Single Routing Instances
Routing processes
OSPF
OSPF
OSPF • With OSPF there is a single process per VRF
Routing contexts
• Same for IS-IS • No routing contexts
VRF Routing tables VRF Forwarding tables
MPLS Training - Basic
VRF Site A
VRF Site B
VRF Site C
• Prior to 12.0(27)S and 12.3(4)T maximum of 28 processes allowed
115
Routing Tables
© 2003 Cisco Systems, Inc. All rights reserved.
116
Routing Tables CE1
VRF!
PE CE2
PE-CE routing!
VPN Backbone IGP (OSPF, ISIS)!
Global Routing Table!
• PE routers maintain separate routing tables • Global Routing Table All the PE and P routes populated by the VPN backbone IGP (ISIS or OSPF)
• VPN Routing and Forwarding Tables (VRF) Routing and Forwarding table associated with one or more directly connected sites (CEs) VRF are associated to (sub/virtual/tunnel) interfaces Interfaces may share the same VRF if the connected sites may share the same routing information MPLS Training - Basic
117
IGP and label distribution in the backbone CE1
P1
PE1
P2
CE3
PE2
CE2
CE4
LFIB for PE-1
LFIB for P1
LFIB for P2
LFIB for PE2
Dest
Next Hop
IN
OUT
Dest
Next Hop
IN
OUT
Dest
Next Hop
IN
OUT
Dest
Next Hop
IN
OUT
PE2
P1
17
50
PE2
P2
50
34
PE2
P1
34
POP
P1
P2
44
38
P2
P1
18
65
P2
E0/2
65
POP
P1
E0/1
38
POP
P2
P2
36
65
P1
S0/0
19
POP
PE1
S3/0
67
POP
PE1
P1
39
67
PE1
P2
18
39
• All routers (P and PE) run an IGP and label distribution protocol • Each P and PE router has routes for the backbone nodes and a label is associated to each route • MPLS forwarding is used within the core MPLS Training - Basic
118
VPN Routing and Forwarding Table CE1
PE1
P1
P2
PE2
CE2
CE3 CE4
MP-iBGP session!
• Multiple routing tables (VRFs) are used on PEs • Each VRF contain customer routes • Customer addresses can overlap • VPNs are isolated • Multi-Protocol BGP (MP-BGP) is used to propagate these addresses + labels between PE routers only MPLS Training - Basic
119
MPLS VPN Requirements CE1
PE1
P1
P2
PE2
CE2
CE3 CE4
MP-iBGP session!
• VPN services allow Customers to use the overlapping address space Isolate customer VPNs – Intranets Join VPNs - Extranets
• MPLS-VPN backbone MUST Distinguish between customer addresses Forward packets to the correct destination MPLS Training - Basic
120
VPN Address Overlap CE1
PE1
P1
P2
PE2
CE2
CE3 CE4
MP-iBGP session!
• BGP propagates ONE route per destination Standard path selection rules are used
• What if two customers use the same address? • BGP will propagate only one route - PROBLEM !!! • Therefore MP-BGP must DISTINGUISH between customer addresses MPLS Training - Basic
121
VPN Address Overlap CE1
PE1
P1
P2
CE2
PE2
CE3 CE4
MP-iBGP session!
• When PE router receives VPN routes from MP-BGP how do we know what VRF to place route in? • How do we distinguish overlapping addresses between two VPNs
MPLS Training - Basic
122
Route-Target and Route-Distinguisher update X!
x
CE1
update X!
P1
PE1
P2
PE2
CE2
CE3 CE4
x MP-iBGP session! update X!
update X!
VPN-IPv4 update:
RD1:X, Next-hop=PE1
RT=RED, Label=10!
VPN-IPv4 update:
RD2:X, Next-hop=PE1
RT=ORANGE, Label=12!
VPN-IPv4 updates are translated into IPv4 address and inserted into the VRF corresponding to the RT value
• MP-BGP prepends an Route Distinguisher (RD) to each VPN route in order to make it unique • MP-BGP assign a Route-Target (RT) to each VPN route to identify VPN it belongs to (or CUG) Route-Target is the colour of the route MPLS Training - Basic
123
Route Propagation through MP-BGP update X!
x
CE1
update X!
P1
PE1
P2
PE2
CE2
CE3 CE4
x MP-iBGP session! update X!
update X!
VPN-IPv4 update:
RD1:X, Next-hop=PE1
RT=RED, Label=10!
VPN-IPv4 update:
RD2:X, Next-hop=PE1
RT=ORANGE, Label=12!
VPN-IPv4 updates are translated into IPv4 address and inserted into the VRF corresponding to the RT value
• When a PE router receives an MP-BGP VPN route: It checks the route-target value to VRF route-targets If match then route is inserted into appropriate VRF The label associated with the VPN route is stored and used to send packets towards the destination MPLS Training - Basic
124
Multi-Protocol BGP • Propagates VPN routing information Customer routes held in VPN Routing and Forwarding tables (VRFs)
• Only runs on Provider Edge P routers are not aware of VPN’s only labels
• PEs are fully meshed Using Route Reflectors or direct peerings between PE routers
MPLS Training - Basic
125
Forwarding Example
© 2003 Cisco Systems, Inc. All rights reserved.
126
MPLS VPN Protocols • OSPF/IS-IS Used as IGP provides reachability between all Label Switch Routers (PE P PE)
• TDP/LDP Distributes label information for IP destinations in core
• MP-BGP4 Used to distribute VPN routing information between PE’s
• RIPv2/BGP/OSPF/eiGRP/ISIS/Static Can be used to route between PE and CE
MPLS Training - Basic
127
VPN Components • VRF Tables Hold customer routes at PE
• Route-Distinguisher Allows MP-BGP to distinguish between identical customer routes that are in different VPNs
• Route-Targets Used to import and export routes between different VRF tables (creates Intranets and Extranets)
• Route-maps Allows finer granularity and control of importing exporting routes between VRFs instead of just using route-target MPLS Training - Basic
128
MPLS VPN Operation CE
= RT? PE
RD + RD + VPN labels, RTs P
PE CE
RR
P
RR
RD +
= RT?
CE
PE
PE
RD + RD + VPN labels, RTs
Import routes into VRF if route-targets match (export = import)
CE
Customer routes placed into separate VRF tables at each PE IGP (OSPF,ISIS) used to establish reachability to destination networks. Label Distribution Protocol establishes mappings to IGP addresses CE-PE dynamic routing (or static) populate the VRF routing tables MP-BGP between PE router to distribute routes between VPNs MPLS Training - Basic
129
MPLS VPN Label Stack • There are at least two labels when using MPLS-VPN • The first label is distributed by TDP/LDP Derived from an IGP route Corresponds to a PE address (VPN egress point) PE addresses are MP-BGP next-hops of VPN routes
• The second label is distributed MP-BGP Corresponds to the actual VPN route Identifies the PE outgoing interface or routing table
L2 Header
Label 1
Label 2
L3 Header
Data
Frame, e.g. HDLC, PPP, Ethernet MPLS Training - Basic
130
MPLS VPN Forwarding Example
CE
CE
PE
PE P
P
CE
CE PE
PE Swap IGP Label (From LFIB)
POP IGP Label (Pentultimate Hop)
Push VPN Label (Red Route) Push IGP Label (Green PE Router) MPLS Training - Basic
Pop VPN Label (Red Route) 131
VPN Topologies
© 2003 Cisco Systems, Inc. All rights reserved.
132
Basic Intranet – Full Mesh Finance Site 3
F FF FF F Finance Site 1
VLAN 205
MPLS Core
F FF FF F
F FF FF F
Finance Site 2
VRF
• Each site has of all other sites (same VPN) CE can be router or switch
• MP-BGP VPNv4 updates propagated between PEs • Routing is optimal in the backbone No site is used as central point for connectivity MPLS Training - Basic
133
Basic Extranet – Partial Mesh Engineering Site B (EB) DA DA EB E DA EB E EA E EB E EA E
Engineering Site A (EA)
E Design Site A (DA)
E E E
MPLS Core
D E
D D D
Design Site B (DB) D
VRF EB EB D EB D D D D
• Basic Extranet • Routes can be imported directly into corresponding VRF • NAT may be necessary – if Enterprise have overlapping addressing • Import granularity can be very fine Single host address can be imported as Extranet route MPLS Training - Basic
134
Branch to HQ – Hub and Spoke Bank Branch 3
BGP/OSPF/ RIProuting
VRF
Spoke OUT
S3 S1h X S2h
S3
S2h S1h S3h S1 S2 S3 X
MPLS Core Bank Branch 2 S2
Optional Firewall NAT to X
S2 S1h X S3h
VRF
Hub IN BGP/OSPF/RIP routing
S1 S2h X S3h
Central HQ
VRF Bank Branch 1
S1
• Forces all branches through the Central HQ • Spokes cannot communicate directly • Appropriate security screening can be applied • Firewalls can be used with NAT to ensure correct return path MPLS Training - Basic
135
Per Group Internet Access Legal
VRF L L L L D3
D3
L
Internet
Legal Only
Internet
Legal/Sales & Marketing Backup
Internet
Sales and Marketing
Gateway 3
Sales S S S S D1
MPLS Core
L
S M
D2
Gateway 2
Marketing M M M D1
S M1I
D
Gateway 1
• Choose appropriate Internet Gateway per group requirements • Use other gateways as backup in case of failure • Gateways can provide different service attributes/levels Speed of access Type of Content accessed Address translation if required MPLS Training - Basic
136
VPN with Internet • This example uses default route only to access Internet • If customer addresses are RFC1983 then NAT must be done Can be done at Internet Gateway or at customer edge
• Another model could use default route pointing to gateway in the global table This assumes that customer uses registered address space
MPLS Training - Basic
137
Enterprise Disaster Recovery Backup Data Centre (LOCALPREF=50)
C
CC
S1 C S2 C C S3
Site 1
Site 2
C
CC
S1 C S2 C C S3
VRF S1 C CC
Primary Data Centre (LOCALPREF=100)
Site 3
MPLS Core
S3 C CC
S2 C CC
• Disaster recovery can be provided to each site in the Enterprise • If Primary site fails, Backup site takes over with no intervention • Virtualisation/Mirroring takes place between Primary/Secondary MPLS Training - Basic
138
MPLS VPN Mechanisms
© 2003 Cisco Systems, Inc. All rights reserved.
139
Virtual Routing and Forwarding Table • A VRF is the routing and forwarding instance for a set of sites with identical connectivity requirements. • Data structures associated with a VRF: IP routing table Cisco Express Forwarding (CEF) forwarding table Set of rules and routing protocol parameters (routing protocol contexts) List of interfaces that use the VRF
• Other information associated with a VRF: Route Distinguisher (RD) Set of import and export route targets MPLS Training - Basic
140
Need for Routing Protocol Contexts VPN A!
• There are two backbones with
overlapping addresses.!
10.1.1.0/24!
MPLS VPN Backbone! CE-VPN-A
!
VPN B!
PE Router!
CE-VPN-B
10.1.1.0/24!
MPLS Training - Basic
!
• Routing Information Protocol (RIP)
is running in both VPNs.! • RIP in VPN A has to be different from RIP
in VPN B, but Cisco IOS software supports
only one RIP process per router.! 141
VPN-Aware Routing Protocols • Routing context = routing protocol run in one VRF Supported by VPN-aware routing protocols: External BGP (EBGP), OSPF, RIP version 2 (RIPv2), EIGRP, IS-IS, Dtatic routes Implemented as several instances of a single routing process (EBGP, RIPv2) or as several routing processes (OSPF) Independent per-instance router variables for each instance
MPLS Training - Basic
142
VRF Routing Table • Contains routes that should be available to a particular set of sites • Analogous to standard Cisco IOS software routing table; supports same set of mechanisms • VPN interfaces (physical interface, subinterfaces, logical interfaces) assigned to VRFs Many interfaces per VRF Each interface assignable to only one VRF
MPLS Training - Basic
143
Routing Contexts, VRF, and MP-BGP Interaction: 1/9 RIP Routing Process! CE-RIP-A
CE-RIP-B
!
!
VRF-A Routing Table!
Instance for VRF-A! Instance for VRF-B!
VRF-B Routing Table!
BGP Routing Process! Backbone! Multiprotocol ! BGP!
Instance for VRF-A! CE-BGP-A
CE-BGP-B
!
!
Instance for VRF-B!
• Two VPNs attached to the same PE router! • Each VPN represented by a VRF (VRF-A and VRF-B)! • RIP and BGP running between PE and CE routers! MPLS Training - Basic
144
Routing Contexts, VRF, and MP-BGP Interaction: 2/9 RIP Routing Process! CE-RIP-A
CE-RIP-B
!
!
VRF-A Routing Table!
Instance for VRF-A! Instance for VRF-B!
BGP Routing Process! Backbone! Multiprotocol ! BGP!
VRF-B Routing Table!
Instance for VRF-A! CE-BGP-A
CE-BGP-B
!
!
Instance for VRF-B!
• RIP-speaking CE routers announce their prefixes to the PE router via RIP.! • Instance of RIP process associated with the VRF into which the PE-CE
interface belongs collects the routes and inserts them into VRF routing
table.! MPLS Training - Basic
145
Routing Contexts, VRF, and MP-BGP Interaction: 3/9 RIP Routing Process! CE-RIP-A
CE-RIP-B
!
!
VRF-A Routing Table!
Instance for VRF-A! Instance for VRF-B!
BGP Routing Process! Backbone! Multiprotocol ! BGP!
VRF-B Routing Table!
Instance for VRF-A! CE-BGP-A
CE-BGP-B
!
!
Instance for VRF-B!
• BGP-speaking CE routers announce their prefixes to the PE router via BGP.! • Instance of BGP process associated with the VRF into which the PE-CE
interface belongs collects the routes and inserts them into VRF routing
table.! MPLS Training - Basic
146
Routing Contexts, VRF, and MP-BGP Interaction: 4/9 RIP Routing Process! CE-RIP-A
CE-RIP-B
!
!
VRF-A Routing Table!
Instance for VRF-A! Instance for VRF-B!
BGP Routing Process! Backbone! Multiprotocol ! BGP!
VRF-B Routing Table!
Instance for VRF-A! CE-BGP-A
CE-BGP-B
!
!
Instance for VRF-B!
• RIP routes entered in the VRF routing table are redistributed into BGP
for further propagation into the MPLS VPN backbone.! • Redistribution between RIP and BGP has to be configured for proper
MPLS VPN operation.! MPLS Training - Basic
147
Routing Contexts, VRF, and MP-BGP Interaction: 5/9 RIP Routing Process! CE-RIP-A
CE-RIP-B
!
!
VRF-A Routing Table!
BGP Routing Process!
Instance for VRF-A! Multiprotocol ! BGP! Instance for VRF-B!
VRF-B Routing Table!
Instance for VRF-A! CE-BGP-A
CE-BGP-B
!
!
Instance for VRF-B!
• Route distinguisher is prepended during route export to the BGP routes
from VRF instance of BGP process to convert them into VPNv4 prefixes.
Route targets are attached to these prefixes.! • VPNv4 prefixes are propagated to other PE routers.! MPLS Training - Basic
148
Routing Contexts, VRF, and MP-BGP Interaction: 6/9 RIP Routing Process! CE-RIP-A
CE-RIP-B
!
!
VRF-A Routing Table!
BGP Routing Process!
Instance for VRF-A! Multiprotocol ! BGP! Instance for VRF-B!
VRF-B Routing Table!
Instance for VRF-A! CE-BGP-A
CE-BGP-B
!
!
Instance for VRF-B!
• VPNv4 prefixes are received from other PE routers.! • The VPNv4 prefixes are inserted into proper VRF routing tables based
on their route targets and import route targets configured in VRFs.! • Route distinguisher is removed during this process.! MPLS Training - Basic
149
Routing Contexts, VRF, and MP-BGP Interaction: 7/9 RIP Routing Process! CE-RIP-A
CE-RIP-B
!
!
VRF-A Routing Table!
Backbone! Multiprotocol ! BGP!
Instance for VRF-A!
Instance for VRF-B!
BGP Routing Process!
VRF-B Routing Table!
Instance for VRF-A! CE-BGP-A
CE-BGP-B
!
!
Instance for VRF-B!
• Routes received from backbone MP-BGP and imported
into a VRF are forwarded as IPv4 routes to EBGP CE neighbors attached
to that VRF.! MPLS Training - Basic
150
Routing Contexts, VRF, and MP-BGP Interaction: 8/9 RIP Routing Process! CE-RIP-A
CE-RIP-B
!
!
VRF-A Routing Table!
BGP Routing Process!
Instance for VRF-A! Multiprotocol ! BGP! Instance for VRF-B!
VRF-B Routing Table!
Instance for VRF-A! CE-BGP-A
CE-BGP-B
!
!
Instance for VRF-B!
• MP-IBGP routes imported into a VRF are redistributed into the instance
of RIP configured for that VRF.! • Redistribution between BGP and RIP has to be configured for end-
to-end RIP routing between CE routers.! MPLS Training - Basic
151
Routing Contexts, VRF, and MP-BGP Interaction: 9/9 RIP Routing Process! CE-RIP-A
CE-RIP-B
!
!
VRF-A Routing Table!
Backbone! Multiprotocol ! BGP!
Instance for VRF-A!
Instance for VRF-B!
BGP Routing Process!
VRF-B Routing Table!
Instance for VRF-A! CE-BGP-A
CE-BGP-B
!
!
Instance for VRF-B!
• Routes redistributed from BGP into a VRF instance of RIP are sent to
RIP-speaking CE routers.!
MPLS Training - Basic
152
Configuring VRF tables
© 2003 Cisco Systems, Inc. All rights reserved.
153
Configuring VRF Tables • VRF configuration tasks: Create a VRF table Assign RD to the VRF Specify export and import route targets Assign interfaces to VRFs
MPLS Training - Basic
154
Creating VRF Tables and Assigning RDs router(config)#"
ip vrf name
!!
• Creates a new VRF or enters configuration of an existing VRF.! • VRF names are case-sensitive.! • VRF is not operational unless you configure RD.! • VRF names have only local significance.! router(config-vrf)#"
rd route-distinguisher!
• Assigns a route distinguisher to a VRF.! • You can use ASN:xx or A.B.C.D:xx format for RD.! • Each VRF in a PE router has to have a unique RD.! MPLS Training - Basic
155
Specify Export and Import RTs router(config-vrf)#"
route-target export RT
!!
• Specifies an RT to be attached to every route exported from this VRF to MP-BGP! • Allows specification to many export RTs—all to be attached to every exported route! router(config-vrf)#"
route-target import RT!
• Specifies an RT to be used as an import filter—only routes matching the RT are imported into the VRF! • Allows specification of many import RTs—any route where at least one RT attached to the route matches any import RT is imported into the VRF!
MPLS Training - Basic
156
Specify Export and Import RTs router(config-vrf)#"
route-target both RT!
• In cases where the export RT matches the import RT, use this form of route-target command.!
Sample router configuration for simple customer VPN:! ip vrf Customer_ABC rd 12703:15 route-target export 12703:15 route-target import 12703:15 MPLS Training - Basic
157
Assigning an Interface to VRF Table router(config-if)#"
ip vrf forwarding vrf-name
!!
• Associates an interface with the specified VRF! • Existing IP address removed from the interface when interface is put into VRF—IP address must be reconfigured! • CEF switching must be enabled on interface! Sample router configuration:! ip cef ! interface serial 0/0 ip vrf forwarding Customer_ABC ip address 10.0.0.1 255.255.255.252 MPLS Training - Basic
158
Sample VPN Network MPLS VPN Backbone! CE-RIP-A1!
CE-RIP-A2!
CE-BGP-A1!
CE-BGP-A2!
PE-Site-X!
PE-Site-Y!
CE-RIP-B1!
CE-RIP-B2!
• The network supports two VPN customers. • Customer A runs RIP and BGP with the service provider; customer B uses only RIP. • Both customers use network 10.0.0.0.
MPLS Training - Basic
159
Sample VPN Network VRF Configuration MPLS VPN Backbone ! ip vrf Customer_A rd 115:43 route-target both 115:43
CE-RIP-A1!
CE-BGP-A1!
PE-Site-X! CE-RIP-B1!
MPLS Training - Basic
CE-RIP-A2!
! ip vrf Customer_B CE-BGP-A2! rd 115:47 route-target both 115:47 PE-Site-Y ! ! interface serial 1/0/1 CE-RIP-B2! ip forwarding vrf Customer_A ip address 10.1.0.1 255.255.255.252 ! interface serial 1/0/2 ip vrf forwarding Customer_A ip address 10.1.0.5 255.255.255.252 ! interface serial 1/1/3 ip vrf forwarding Customer_B ip address 10.2.0.1 255.255.255.252 160
Configuring MP-BGP
© 2003 Cisco Systems, Inc. All rights reserved.
161
BGP Address Families • The BGP process in an MPLS VPN-enabled router performs three separate tasks: Global BGP routes (Internet routing) are exchanged as in traditional BGP setup VPNv4 prefixes are exchanged through MP-BGP VPN routes are exchanged with CE routers through perVRF EBGP sessions.
• Address families (routing contexts) are used to configure these three tasks in the same BGP process.
MPLS Training - Basic
162
Selecting the BGP Address Family router(config)#"
router bgp as-number
!!
• Selects global BGP routing process! router(config-router)#"
address-family vpnv4
!!
• Selects configuration of VPNv4 prefix exchanges under MP-BGP sessions! router(config-router)#"
address-family ipv4 vrf vrf-name
!!
• Selects configuration of per-VRF PE-CE EBGP parameters! MPLS Training - Basic
163
BGP Neighbors • MP-BGP neighbors are configured under the BGP routing process. These neighbors need to be activated for each global address family they support. Per-address-family parameters can be configured for these neighbors.
• VRF-specific EBGP neighbors are configured under corresponding address families.
MPLS Training - Basic
164
Configuring MP-BGP • MPLS VPN MP-BGP configuration steps: Configure MP-BGP neighbor under BGP routing process Configure BGP address family VPNv4 Activate configured BGP neighbor for VPNv4 route exchange Specify additional parameters for VPNv4 route exchange (filters, next hops, and so forth)
MPLS Training - Basic
165
Configuring MP-IBGP router(config)#"
router bgp AS-number! neighbor IP-address remote-as AS-number! neighbor IP-address update-source loopback-interface
!!
• All MP-BGP neighbors have to be configured under global BGP routing configuration.! • MP-IBGP sessions have to run between loopback interfaces.! router(config-router)#"
address-family vpnv4!
• Starts configuration of MP-BGP routing for VPNv4 route exchange.! • Parameters that apply only to MP-BGP exchange of VPNv4 routes between already configured IBGP neighbors are configured under this address family.! MPLS Training - Basic
166
Configuring MP-IBGP router(config-router-af)#"
neighbor IP-address activate
!!
• The BGP neighbor defined under BGP router configuration has to be activated for VPNv4 route exchange.! router(config-router-af)#"
neighbor IP-address next-hop-self!
• The next-hop-self command must be configured on the MP-IBGP session for proper MPLS VPN configuration if EBGP is being run with a CE neighbor.! MPLS Training - Basic
167
BGP Community Propagation router(config-router-af)#"
neighbor IP-address send-community [extended | both]
!!
• This command configures propagation of standard and extended BGP communities attached to VPNv4 prefixes.! • Default value: only extended communities are sent.! • Extended BGP communities attached to VPNv4 prefixes must be exchanged between MP-BGP neighbors for proper MPLS VPN operation.! • To propagate standard BGP communities between MP-BGP neighbors, use the both option.!
MPLS Training - Basic
168
Sample MP-IBGP Configuration MPLS VPN Backbone! CE-RIP-A1!
CE-RIP-A2!
CE-BGP-A1!
CE-BGP-A2!
PE-Site-X! CE-RIP-B1!
MPLS Training - Basic
PE-Site-Y!
interface loopback 0 ip address 172.16.1.1 255.255.255.255 CE-RIP-B2! ! router bgp 115 neighbor 172.16.1.2 remote-as 115 neighbor 172.16.1.2 update-source loopback 0 ! address-family vpnv4 neighbor 172.16.1.2 activate neighbor 172.16.1.2 next-hop-self neighbor 172.16.1.2 send-community both 169
Disabling IPv4 Route Exchange router(config-router)#"
no bgp default ipv4 unicast
!!
• Exchange of IPv4 routes between BGP neighbors is enabled by default—every configured neighbor will also receive IPv4 routes! • This command disables default exchange of IPv4 routes—neighbors that need to receive IPv4 routes have to be activated for IPv4 route exchange! • Use this command when the same router carries Internet and VPNv4 routes and you donʼt want to propagate Internet routes to some PE neighbors.!
MPLS Training - Basic
170
Sample Router Configuration • Neighbor 172.16.32.14 receives only Internet routes. • Neighbor 172.16.32.15 receives only VPNv4 routes. • Neighbor 172.16.32.27 receives Internet and VPNv4 routes.
router bgp 12703 no bgp default ipv4 unicast neighbor 172.16.32.14 remote-as 12703 neighbor 172.16.32.15 remote-as 12703 neighbor 172.16.32.27 remote-as 12703 ! Activate IPv4 route exchange neighbor 172.16.32.14 activate neighbor 172.16.32.27 activate ! Step#2 – VPNv4 route exchange address-family vpnv4 neighbor 172.16.32.15 activate neighbor 172.16.32.27 activate MPLS Training - Basic
171
Configuring PE-CE Routing
© 2003 Cisco Systems, Inc. All rights reserved.
172
Configuring PE-CE Routing Protocols • PE-CE routing protocols are configured for individual VRFs. • Per-VRF routing protocols can be configured in two ways: There is only one BGP or RIP process per router, per-VRF parameters are specified in routing contexts, which are selected with the address family command. A separate OSPF process has to be started for each VRF.
• Overall number of routing processes per router is limited to 32 Will be lifted in 12.0(27)S
MPLS Training - Basic
173
VRF Routing Context for BGP and RIP router(config)#"
router bgp AS-number! address-family ipv4 vrf vrf-name! ... Per-VRF BGP definitions ...
!!
• Per-VRF BGP context is selected with the address-family command.! • CE EBGP neighbors are configured in VRF context, not in the global BGP configuration.! router(config)#"
router rip! address-family ipv4 vrf vrf-name! ... Per-VRF RIP definitions ...! • Similar to BGP, select per-VRF RIP context with the address-family command.! • Configure all per-VRF RIP parameters there—starting with network numbers.! MPLS Training - Basic
174
Configuring per-VRF BGP Routing • CE neighbors have to be specified within the perVRF context, not in global BGP. • CE neighbors have to be activated with the neighbor activate command. • All non-BGP per-VRF routes have to be redistributed into per-VRF BGP context to be propagated by MP-BGP to other PE routers. • Per-VRF BGP context has auto-summarization and synchronization disabled by default.
MPLS Training - Basic
175
Sample PE-CE BGP Configuration
CE-RIP-A1!
router bgp 65001 VPN Backbone ! neighbor 10.200.1.2 remote-as 115 CE-RIP-A2! network 10.1.0.0 mask 255.255.0.0
CE-BGP-A1!
CE-BGP-A2!
MPLS
PE-Site-X!
PE-Site-Y!
CE-RIP-B1!
CE-RIP-B2!
router bgp 115 ! address-family ipv4 vrf Customer_A neighbor 10.200.1.1 remote-as 65001 neighbor 10.200.1.1 activate MPLS Training - Basic
176
Configuring RIP PE-CE Routing • A routing context is configured for each VRF running RIP • RIP parameters have to be specified in the VRF • Some parameters configured in the RIP process are propagated to routing contexts (for example, RIP version) • Only RIPv2 is supported
MPLS Training - Basic
177
RIP Metric Propagation router(config)#"
router rip! address-family ipv4 vrf vrf-name! redistribute bgp metric transparent
!!
• BGP routes have to be redistributed back into RIP if you want to have end-to-end RIP routing in the customer network.! • The RIP hop count is copied into BGP multi-exit discriminator attribute (default BGP behavior).! • The RIP hop count has to be manually set for routes redistributed into RIP.! • With metric transparent option, BGP MED is copied into the RIP hop count, resulting in a consistent end-to-end RIP hop count.! MPLS Training - Basic
178
Sample RIP Configuration MPLS VPN Backbone! CE-RIP-A1!
CE-RIP-A2!
CE-BGP-A1!
CE-BGP-A2!
PE-Site-X! CE-RIP-B1!
MPLS Training - Basic
PE-Site-Y!
router rip CE-RIP-B2! version 2 address-family ipv4 vrf Customer_ABC network 10.0.0.0 redistribute bgp 12703 metric transparent ! router bgp 12703 address-family ipv4 vrf Customer_ABC redistribute rip 179
Configuring OSPF PE-CE Routing • A separate OSPF routing process is configured for each VRF running OSPF. • OSPF route attributes are attached as extended BGP communities to OSPF routes redistributed into MP-BGP. • Routes redistributed from MP-BGP into OSPF get proper OSPF attributes. No additional configuration is needed.
MPLS Training - Basic
180
Configuring PE-CE OSPF Routing router(config)#"
router ospf process-id vrf name! ... Standard OSPF parameters ...!
• This command configures the per-VRF OSPF routing process.! Sample router configuration:! router ospf 123 vrf Customer_ABC network 0.0.0.0 255.255.255.255 area 0 redistribute bgp 12703 ! router bgp 12703 address-family ipv4 vrf Customer_ABC redistribute ospf 123 MPLS Training - Basic
181
Configuring Per-VRF Static Routes router(config)#"
ip route vrf name static route parameters
!!
• This command configures per-VRF static routes. ! • The route is entered in the VRF table.! • On Ethernet Interfaces, you must specify the the next hop as well as the outgoing interface! Sample router configuration:! ip route vrf Customer_ABC 10.0.0.0 255.0.0.0 10.250.0.2 ethernet 0/0 ! router bgp 12703 address-family ipv4 vrf Customer_ABC redistribute static MPLS Training - Basic
182
Monitoring MPLS VPN Operation
© 2003 Cisco Systems, Inc. All rights reserved.
183
Monitoring VRF router#"
show ip vrf
!!
• Displays the list of all VRFs configured in the router! router#"
show ip vrf detail
!!
• Displays detailed VRF configuration! router#"
show ip vrf interfaces
!!
• Displays interfaces associated with VRFs! MPLS Training - Basic
184
show ip vrf Router#show ip vrf Name SiteA2 SiteB SiteX Router#
MPLS Training - Basic
Default RD 103:30 103:11 103:20
Interfaces Serial1/0.20 Serial1/0.100 Ethernet0/0
185
show ip vrf detail Router#show ip vrf detail VRF SiteA2; default RD 103:30 Interfaces: Serial1/0.20 Connected addresses are not in global routing table No Export VPN route-target communities Import VPN route-target communities RT:103:10 No import route-map Export route-map: A2 VRF SiteB; default RD 103:11 Interfaces: Serial1/0.100 Connected addresses are not in global routing table Export VPN route-target communities RT:103:11 Import VPN route-target communities RT:103:11 RT:103:20 No import route-map No export route-map MPLS Training - Basic
186
show ip vrf interfaces Router#show ip vrf interfaces Interface IP-Address Serial1/0.20 150.1.31.37 Serial1/0.100 150.1.32.33 Ethernet0/0 192.168.22.3
MPLS Training - Basic
VRF SiteA2 SiteB SiteX
Protocol up up up
187
Monitoring VRF Routing router#"
show ip protocols vrf name
!!
• Displays the routing protocols configured in a VRF! router#"
show ip route vrf name …
!!
• Displays the VRF routing table! router#"
show ip bgp vpnv4 vrf name …
!!
• Displays per-VRF BGP parameters
(PE-CE neighbors …)! MPLS Training - Basic
188
show ip protocol vrf Router#show ip protocol vrf SiteX Routing Protocol is "rip" Sending updates every 30 seconds, next due in 10 seconds Invalid after 180 seconds, hold down 180, flushed after 240 Outgoing update filter list for all interfaces is Incoming update filter list for all interfaces is Redistributing: rip, bgp 3 Default version control: send version 2, receive version 2 Interface Send Recv Triggered RIP Key-chain Ethernet0/0 2 2 Routing for Networks: 192.168.22.0 Routing Information Sources: Gateway Distance Last Update Distance: (default is 120)
MPLS Training - Basic
189
show ip route vrf Router#show ip route vrf SiteA2 Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set O O B B B B
203.1.20.0/24 [110/782] via 150.1.31.38, 02:52:13, Serial1/0.20 203.1.2.0/32 is subnetted, 1 subnets 203.1.2.1 [110/782] via 150.1.31.38, 02:52:13, Serial1/0.20 203.1.1.0/32 is subnetted, 1 subnets 203.1.1.1 [200/1] via 192.168.3.103, 01:14:32 203.1.135.0/24 [200/782] via 192.168.3.101, 02:05:38 203.1.134.0/24 [200/1] via 192.168.3.101, 02:05:38 203.1.10.0/24 [200/1] via 192.168.3.103, 01:14:32
… rest deleted …
MPLS Training - Basic
190
show ip bgp vpnv4 vrf neighbor Router#show ip bgp vpnv4 vrf SiteB neighbors BGP neighbor is 150.1.32.34, vrf SiteB, remote AS 65032, external link BGP version 4, remote router ID 203.2.10.1 BGP state = Established, up for 02:01:41 Last read 00:00:56, hold time is 180, keepalive interval is 60 seconds Neighbor capabilities: Route refresh: advertised and received Address family IPv4 Unicast: advertised and received Received 549 messages, 0 notifications, 0 in queue Sent 646 messages, 0 notifications, 0 in queue Route refresh request: received 0, sent 0 Minimum time between advertisement runs is 30 seconds For address family: VPNv4 Unicast Translates address family IPv4 Unicast for VRF SiteB BGP table version 416, neighbor version 416 Index 4, Offset 0, Mask 0x10 Community attribute sent to this neighbor 2 accepted prefixes consume 120 bytes Prefix advertised 107, suppressed 0, withdrawn 63 … rest deleted …
MPLS Training - Basic
191
show ip bgp vpnv4 all summary Router#show ip bgp vpnv4 all summary BGP router identifier 10.7.0.5, local AS number 100 BGP table version is 35, main routing table version 35 20 network entries and 40 paths using 4980 bytes of memory 5 BGP path attribute entries using 300 bytes of memory 6 BGP rrinfo entries using 144 bytes of memory 4 BGP extended community entries using 96 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP activity 21/43 prefixes, 41/1 paths, scan interval 15 secs Neighbor V PfxRcd 10.7.0.17 4 10.7.0.18 4 … rest deleted …
MPLS Training - Basic
AS MsgRcvd MsgSent 100 100
13041 13041
13037 13037
TblVer 35 35
InQ OutQ Up/Down 0 0
0 1w2d 0 1w2d
State/ 13 13
192
Monitoring MP-BGP Sessions
router#"
show ip bgp neighbor
!!
• Displays global BGP neighbors and the protocols negotiated with these neighbors!
MPLS Training - Basic
193
show ip bgp neighbor (1/2) Router#show ip bgp neighbor 192.168.3.101 BGP neighbor is 192.168.3.101, remote AS 3, internal link BGP version 4, remote router ID 192.168.3.101 BGP state = Established, up for 02:15:33 Last read 00:00:33, hold time is 180, keepalive interval is 60 seconds Neighbor capabilities: Route refresh: advertised and received Address family IPv4 Unicast: advertised and received Address family VPNv4 Unicast: advertised and received Received 1417 messages, 0 notifications, 0 in queue Sent 1729 messages, 2 notifications, 0 in queue Route refresh request: received 9, sent 29 Minimum time between advertisement runs is 5 seconds For address family: IPv4 Unicast BGP table version 188, neighbor version 188 Index 2, Offset 0, Mask 0x4 1 accepted prefixes consume 36 bytes Prefix advertised 322, suppressed 0, withdrawn 230 ... Continued MPLS Training - Basic
194
show ip bgp neighbor (2/2) Router#show ip bgp neighbor 192.168.3.101 ... Continued For address family: VPNv4 Unicast BGP table version 416, neighbor version 416 Index 2, Offset 0, Mask 0x4 NEXT_HOP is always this router Community attribute sent to this neighbor 6 accepted prefixes consume 360 bytes Prefix advertised 431, suppressed 0, withdrawn 113 Connections established 7; dropped 6 Last reset 02:18:33, due to Peer closed the session ... Rest deleted
MPLS Training - Basic
195
Monitoring an MP-BGP VPNv4 Table router#!
show ip bgp vpnv4 all
!!
• Displays whole VPNv4 table! router#!
show ip bgp vpnv4 vrf name!
• Displays only BGP parameters (routes or neighbors) associated with specified VRF! • Any BGP show command can be used with these parameters! router#!
show ip bgp vpnv4 rd value!
• Displays only BGP parameters (routes or neighbors) associated with specified RD! MPLS Training - Basic
196
show ip bgp vpnv4 vrf … Router#show ip bgp vpnv4 vrf SiteA2 BGP table version is 416, local router ID is 192.168.3.102 Status codes: s suppressed, d damped, h history, * valid, > best, i internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 103:30 (default for vrf SiteA2) *> 150.1.31.36/30 0.0.0.0 0 32768 ? *>i150.1.31.128/30 192.168.3.101 0 100 0 ? *>i150.1.31.132/30 192.168.3.101 0 100 0 ? *>i203.1.1.1/32 192.168.3.103 1 100 0 65031 i *> 203.1.2.1/32 150.1.31.38 782 32768 ? *>i203.1.10.0 192.168.3.103 1 100 0 65031 i *> 203.1.20.0 150.1.31.38 782 32768 ? *>i203.1.127.3/32 192.168.3.101 1 100 0 ? *>i203.1.127.4/32 192.168.3.101 782 100 0 ? *>i203.1.134.0 192.168.3.101 1 100 0 ? *>i203.1.135.0 192.168.3.101 782 100 0 ?
MPLS Training - Basic
197
show ip bgp vpnv4 rd … Router#show ip bgp vpnv4 rd 103:30 203.1.127.3 BGP routing table entry for 103:30:203.1.127.3/32, version 164 Paths: (1 available, best #1, table SiteA2) Not advertised to any peer Local, imported path from 103:10:203.1.127.3/32 192.168.3.101 (metric 10) from 192.168.3.101 (192.168.3.101) Origin incomplete, metric 1, localpref 100, valid, internal, best Extended Community: RT:103:10
MPLS Training - Basic
198
Monitoring per-VRF CEF and LFIB structures router#!
show ip cef vrf name
!!
• Displays per-VRF CEF table! router#!
show ip cef vrf name prefix detail
!!
• Displays details of an individual CEF entry, including label stack! router#!
show tag-switching forwarding vrf name
!!
• Displays labels allocated by MPLS VPN for routes in specified VRF! MPLS Training - Basic
199
show ip cef vrf Router#show ip cef vrf SiteA2 203.1.1.1 255.255.255.255 detail 203.1.1.1/32, version 57, cached adjacency to Serial1/0.2 0 packets, 0 bytes tag information set local tag: VPN-route-head fast tag rewrite with Se1/0.2, point2point, tags imposed: {26 39} via 192.168.3.103, 0 dependencies, recursive next hop 192.168.3.10, Serial1/0.2 via 192.168.3.103/32 valid cached adjacency tag rewrite with Se1/0.2, point2point, tags imposed: {26 39}
• The show ip cef command can also display the label stack associated with the MP-IBGP route. MPLS Training - Basic
200
show tag-switching forwarding vrf Router#show tag-switching forwarding Local Outgoing Prefix tag tag or VC or Tunnel Id 26 Aggregate 150.1.31.36/30[V] 37 Untagged 203.1.2.1/32[V] 38 Untagged 203.1.20.0/24[V]
vrf SiteA2 Bytes tag switched 0 0 0
Router#show tag-switching forwarding vrf SiteA2 Local Outgoing Prefix Bytes tag tag tag or VC or Tunnel Id switched 37 Untagged 203.1.2.1/32[V] 0 MAC/Encaps=0/0, MTU=1504, Tag Stack{} VPN route: SiteA2 Per-packet load-sharing
MPLS Training - Basic
Outgoing interface
Next Hop
Se1/0.20 Se1/0.20
point2point point2point
tags 37 detail Outgoing Next Hop interface Se1/0.20 point2point
201
Monitoring Labels on VPNv4 Routes router#!
show ip bgp vpnv4 [ all | rd value | vrf name ] tags
!!
• Displays labels associated with VPNv4 routes! Router#show ip bgp vpnv4 all tags Network Next Hop In tag/Out tag Route Distinguisher: 100:1 (vrf1) 2.0.0.0 10.20.0.60 34/notag 10.0.0.0 10.20.0.60 35/notag 12.0.0.0 10.20.0.60 26/notag 10.20.0.60 26/notag 13.0.0.0 10.15.0.15 notag/26
MPLS Training - Basic
202
MPLS Troubleshooting
© 2003 Cisco Systems, Inc. All rights reserved.
203
MPLS Troubleshooting Agenda
• Troubleshooting falls under two categories • CONTROL Plane Involves LDP, LIB, etc.
• FORWARDING Plane Involves FIB, LFIB, etc.
MPLS Training - Basic
204
MPLS Control Plane • LDP is one of the primary ways, but not the only one, to enable MPLS on an interface; other ways are TDP BGP+Label RSVP
• Each of these protocols can distribute a label for IPv4 prefixes • Enabling MPLS means—the ability to send/receive MPLS packets on an interface
MPLS Training - Basic
205
MPLS Control Plane This Section Is All About LDP (and Its Related Components) • LDP vs. TDP • LDP (Discovery, Session Setup, Label Xchange) • RIB/FIB/LIB/LFIB Relationship • Troubleshooting Tips • Troubleshooting Case Studies
MPLS Training - Basic
206
MPLS Control Plane: LDP vs. TDP • LDP is quite similar to TDP • LDP is standardized by IETF • LDP has more features such as abort, MD5 authentication, notification, backoff logic, etc. • LDP is now the default on Cisco routers
MPLS Training - Basic
207
MPLS Control Plane • Control Plane LDP vs. TDP LDP (Discovery, Session Setup, Label Xchange) RIB/FIB/LIB/LFIB Relationship Troubleshooting Tips Troubleshooting Case Studies
• Forwarding Plane
MPLS Training - Basic
208
MPLS Control Plane: LDP • LDP/TDP operates in three steps— Neighbor Discovery Session establishment Label Distribution/exchange
• Once labels are exchanged, LIB is built • LIB and FIB together helps to build LFIB
MPLS Training - Basic
209
MPLS Control Plane: TDP (i) • TDP Neighbors are discovered via TDP Hellos (like most of the routing protocols) • TDP Hellos are sent to 255.255.255.255 • TDP hellos are sent to UDP port = 711 • TDP hellos are sent only after “mpls ip” is configured on an interface
Tx Hello (PE1:0)
PE1! MPLS Training - Basic
Rx Hello (PE2:0)
PE2! 210
MPLS Control Plane: LDP (i) • LDP Neighbors are discovered via LDP Hellos (like most of the routing protocols) • LDP Hellos are sent to 224.0.0.2 • LDP hellos are sent to UDP port = 646 • LDP hellos are sent only after both “mpls ip” and “mpls label protocol ldp” are configured on an interface **
Tx Hello (PE1:0)
PE1!
Rx Hello (PE2:0)
PE2!
** If LDP is the global default, then interface-level LDP is not needed. MPLS Training - Basic
211
MPLS Control Plane: LDP (i) • LDP_ID should be hardcoded via— “mpls ldp router-ID ”
• The above won’t do any good unless is UP when LDP gets started Existing LDP_ID (usually an interface) is shut/unshut
• Following avoids both shortcomings— “mpls ldp router-ID force”
MPLS Training - Basic
212
MPLS Control Plane: LDP (i) • Use the same Loopback0 as the router-ID for LDP, IGP, BGP, etc. • Assign an IP address to the Loopback0 from the separate IP address subnet (or space) • Avoid the IGP summarization of prefixes that correspond to the router-ids
MPLS Training - Basic
213
MPLS Control Plane: LDP (i) • “sh mpls ldp discovery [detail]” Must show xmit/recv on LDP enabled interface PE1#sh mpls ldp discovery Local LDP_ID Local LDP Identifier: Xmit & Received 10.13.1.61:0 Hellos Discovery Sources: Interfaces: Ethernet0/0 (ldp): xmit/recv Discovered E0/0 is configured LDP Id: 10.13.1.101:0 Neighbours with LDP LPD_ID Ethernet1/0 (ldp): xmit/recv LDP Id: 10.13.1.101:0
• “debug mpls ldp transport connections” Should give information regarding whether the HELLOS are advertised/received MPLS Training - Basic
214
MPLS Control Plane: LDP (i) • “sh mpls interface [detail]” Lists whether MPLS is enabled and the application that enabled MPLS on the interface PE2#sh mpls interface Interface Serial2/0 PE2#
Serial2/0 IP Yes (ldp)
Tunnel No
Operational Yes
PE2!
MPLS Enabled PE2#sh mpls interface ser2/0 detail Interface Serial2/0: IP labeling enabled (ldp) LSP Tunnel labeling not enabled BGP tagging not enabled Tagging operational Fast Switching Vectors: IP to MPLS Fast Switching Vector MPLS Turbo Vector MTU = 1508 PE2#
MPLS Training - Basic
LDP Enabled
P1! ! interface Serial2/0 description To P1 ser2/0 ip address 10.13.2.6/30 mpls label protocol ldp tag-switching ip tag-switching mtu 1508 !
MPLS MTU
215
MPLS Control Plane: LDP (i) • This slide is to show that BGPipv4+label (or MPeBGP) is another application that can enable MPLS; WHAT’S DIFFERENT HERE— RSP-PE-SOUTH-6#sh mpls int Interface IP Fddi1/0/0 Yes (ldp) ATM1/1/0.108 No RSP-PE-SOUTH-6#
Tunnel No No
Operational Yes Yes
RSP-PE-SOUTH-6#sh mpls int ATM1/1/0.108 de Interface ATM1/1/0.108: IP labeling not enabled LSP Tunnel labeling not enabled BGP tagging enabled Tagging operational Optimum Switching Vectors: IP to MPLS Feature Vector MPLS Feature Vector Fast Switching Vectors: IP to MPLS Fast Feature Switching Vector MPLS Feature Vector MTU = 4470 RSP-PE-SOUTH-6#
MPLS Training - Basic
MPLS is Operational. LDP not enabled LDP not enabled BGP+Label Enabled
MPLS MTU
216
MPLS Control Plane: LDP (ii) • After discovering each other, they want to get cozy and establish the session. (Even routers have the dating concept)
• LDP INITIALIZATION, KEEPALIVE and ADDRESS messages are exchanged to establish LDP session • LSR_ID (Transport address) MUST be IP reachable LDP Session Hello
PE1! 10.13.1.61/32
MPLS Training - Basic
Hello
P1! 10.13.1.101/32
217
MPLS Control Plane: LDP (ii) LDP_ID => LSR_ID
X Y Z !!W!!! n!!! LSR ID!
Label Space ID!
The LSR_ID is a four byte number that identifies a specific LSR. It is derived from an interface on the LSR. By default, it is the highest IP address, or highest IP address of a loopback– if it’s available.
Label_Space_Id A two byte number that identifies a specific label space on the LSR. 0x00 is reserved for the platform label space (i.e. frame-mode MPLS). Non-zero refers to the interface label space (i.e. cell-mode MPLS).
MPLS Training - Basic
218
MPLS Control Plane: LDP (ii) • LDP session is a TCP session (port = 646) • Multiple links between two routers still mean single LDP session LDP_ID
PE1#sh mpls ldp neighbor Peer LDP Ident: 10.13.1.101:0; Local LDP Ident 10.13.1.61:0 TCP connection: 10.13.1.101.11031 - 10.13.1.61.646 Unsolicited Label State: Oper; Msgs sent/rcvd: 58/60; Downstream Distribution Up time: 00:39:27 LDP discovery sources: Interfaces on Ethernet0/0, Src IP addr: 10.13.1.5 which peers Ethernet1/0, Src IP addr: 10.13.1.9 identified Addresses bound to peer LDP Ident: 10.13.1.9 10.13.1.5 10.13.2.5 10.13.1.101 Peers connected interfaces PE1#sh tcp brief| i 646 43ABB020 10.13.1.101.11031 MPLS Training - Basic
10.13.1.61.646
ESTAB 219
MPLS Control Plane: LDP (ii) Relevant LDP Session Commands/Debugs: • “sh mpls ldp neighbor [neighbor]” Shows LDP neighbor and relevant info
• “sh mpls ldp neighbor [interface]” LDP neighbors discovered over this interface
• “Debug mpls ldp session io|state” Useful when the session doesn’t come up
• “Debug mpls ldp messages sent|receive” Shows all the LDP messages sent or received
MPLS Training - Basic
220
MPLS Control Plane: LDP (iii) • Now, the LDP session is established, LDP neighbors start exchanging label bindings via LABEL MAPPING message (after the Keepalive gets exchanged) • Label binding => prefix + Label • Label bindings are stored in the LIB LIB => Label Information Base Label exchange
PE1!
10.13.1.61/32
MPLS Training - Basic
P1! 10.13.1.101/32
221
MPLS Control Plane: LDP (iii)
5
• LIB entry can be verified with the following PE1#sh mpls ip bindings 10.13.1.62 32 10.13.1.62/32 in label: 20 out label: 2001 lsr: 10.13.1.101:0 PE1# Ok. I hear you 10.13.1.101:0. I have the binding from you in my LIB now But whether I use your binding or not will be dictated by RIB entry
PE1!
E0/0 E0/1
10.13.1.61/32 Oh ok. Per RIB, 10.13.1.101 is the next-hop for 10.13.1.62/32. I have to use label 2001 in LFIB.
MPLS Training - Basic
PE1#sh Local tag 20
Local binding Remote binding
This is 10.13.1.101:0. Use label 2001 to reach 10.13.1.62/32
P1!
10.13.1.62/32
10.13.1.101/32
mpls forwarding 10.13.1.62 Outgoing Prefix tag or VC or Tunnel Id 2001 10.13.1.62/32 2001 10.13.1.62/32
Bytes tag switched 0 0
Outgoing interface Et0/0 Et1/0
Next Hop 10.13.1.5 10.13.1.9
PE1# 222
MPLS Control Plane: LDP (iii) • “sh mpls ip binding detail” Lists all prefixes with labels and LDP neighbors
• “sh mpls ip binding det” Lists ACLs (if any), prefix bindings, and LDP neighbors Notice “Advertised to:” field
• “sh mpls ip binding advertisement-acls” Lists LDP filter, if there is any, on the first line. Prefixes followed by “Advert acl(s):” are advertised via LDP, others are not
MPLS Training - Basic
223
MPLS Control Plane • Control Plane LDP vs. TDP LDP (Discovery, Session Setup, Label Xchange) RIB/FIB/LIB/LFIB Relationship Troubleshooting Tips Troubleshooting Case Studies
• Forwarding Plane
MPLS Training - Basic
224
RIB/FIB/LIB/LFIB • RIB is the Routing Information Base that is analogous to the ip routing table • FIB aka CEF is Forwarding information base that is derived from the ip routing table • LIB is Label Information Base that contains all the label bindings learned via LDP • LFIB is Label Forwarding Information Base that is derived from FIB entries and corresponding LIB entries • Let’s go through the pictorial view—
MPLS Training - Basic
225
MPLS Control Plane: RIB/FIB/LIB/LFIB Control plane Routing Protocols Database
Routing Updates from other routers
Label Bindings Learned Via LDP from Other Routers
Forwarding plane Incoming IP Packet
Incoming MPLS Packet
IP forwarding table (FIB)
Managed by CEF
Label forwarding table (LFIB)
Outgoing MPLS/IP Packet
Population of RIB/FIB/LIB/LFIB in a LSR MPLS Training - Basic
226
MPLS Control Plane: Debugs Be Careful on the Production Routers • “debug mpls ldp advertisements” Useful to see label bindings that are advertised
• “debug mpls ldp binding” Useful to see label bindings that are received
• “debug mpls ldp message sent|received” Useful for the protocol understanding purposes
MPLS Training - Basic
227
MPLS Control Plane • Control Plane LDP vs. TDP LDP (Discovery, Session Setup, Label Xchange) RIB/FIB/LIB/LFIB relationship Troubleshooting Tips Troubleshooting Case Studies
• Forwarding Plane
MPLS Training - Basic
228
MPLS Control Plane: Troubleshooting Tips
5
1. Check for same label protocol to be configured on both sides of the interface “Sh mpls ldp discovery | inc ldp|tdp” PE1#sh mpls ldp disc | i ldp|tdp Ethernet0/0 (ldp): xmit/recv PE1#
2. Check whether correct local LSR_ID is used on both LSRs (sh mpls ldp disc) “sh mpls ldp discovery”—2nd line in output
PE1#sh mpls ldp disco Local LDP Identifier: 10.13.1.61:0
3. Don’t assume that the neighbor discovery means everything is good
MPLS Training - Basic
229
MPLS Control Plane: Troubleshooting Tips 4. Check IP reachability to remote LSR_ID on both LSRs “ping ”
PE1#ping 10.13.1.101 source 10.13.1.61 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.13.1.101, timeout is 2 seconds: Packet sent with a source address of 10.13.1.61 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/49/72 ms PE1#
5. Check for ACL or ICMP unreachable blockages
6. Untagged outgoing label for /32 routes i.e. PEs’ loopbacks is almost always alarming
7. Check the label binding for a prefix on both LSRs “sh mpls ldp bind ” PE1#sh mpls ldp bind 10.13.1.62 32 tib entry: 10.13.1.62/32, rev 16 local binding: tag: 17 remote binding: tsr: 10.13.1.101:0, tag: 2001 PE1# MPLS Training - Basic
230
MPLS Control Plane: Troubleshooting Tips 8. Good practice is to configure the Loopback0 as the router-ID for LDP “mpls ldp router-id loopback0 force”
MPLS Training - Basic
231
MPLS Control Plane • Control Plane LDP vs. TDP LDP (Discovery, Session Setup, Label Xchange) RIB/FIB/LIB/LFIB Relationship Troubleshooting Tips Troubleshooting Case Studies
• Forwarding Plane
MPLS Training - Basic
232
MPLS Control Plane: LDP Troubles • Let’s do some REAL Troubleshooting now
MPLS Training - Basic
233
MPLS Control Plane: LDP Problems Prob #1—Session Establishment (Protocol Mismatch) Atm1/1/0.108
PE1!
10.13.1.61/32
PE1#sh mpls ldp discovery Local LDP Identifier: 10.13.1.61:0 Discovery Sources: Interfaces: ATM1/1/0.108 (tdp): xmit PE1#
TDP
P1! 10.13.1.101/32
Why no recv?
P1#sh mpls ldp discovery Local LDP Identifier: 10.13.1.101:0 LDP Discovery Sources: Interfaces: ATM2/0.108(ldp): xmit P1#
Why no recv?
LDP
TIP—Check for the Protocol Mismatch and Fix It PE1(config)#int atm1/1/0.108 PE1(config-if)#mpls label protocol ldp MPLS Training - Basic
234
MPLS Control Plane: LDP Troubles Prob #2—Session Establishment (No Route to Peer) Atm1/1/0.108
PE1!
10.13.1.61/32 PE1#sh mpls ldp discovery Local LDP Identifier: 10.13.1.61:0 Discovery Sources: Interfaces: ATM1/1/0.108 (ldp): xmit/recv LDP Id: 10.13.1.101:0 PE1# PE1#sh mpls ldp neigh 10.13.1.101 PE1#
P1! 10.13.1.101/32
Looks Good But No relationship
P1#sh mpls ldp discovery Local LDP Identifier: 10.13.1.101:0 LDP Discovery Sources: Interfaces: ATM2/0.108: xmit/recv LDP Id: 10.13.1.61:0; no route P1# P1#sh ip route 10.13.1.61 % Network not in table P1#
This is the problem
TIP—Check for IP reachability to LDP_ID; Fix It by Letting PE1 Advertise 10.13.1.61/32 via IGP to P1 MPLS Training - Basic
235
MPLS Control Plane: LDP Troubles Prob #3—Session Establishment (No Specific Route) Gig8/0/0.44
PE1!
10.13.1.41/32 oops Ok.
Ok.
P1! 10.13.1.48/32
PE1#sh mpls ldp neighbor 10.13.1.48 PE1# PE1#sh mpls ldp discovery Local LDP Identifier: 10.13.1.41:0 Gi8/0/0.44 (ldp): xmit/recv LDP Id: 10.13.1.48:0 PE1# PE1#sh ip route 10.13.1.48 Routing entry for 10.13.1.48/32 Known via "isis", distance 115, metric 10, type level-1 Redistributing via isis Last update from 10.13.4.9 on Gig8/0/0.44, 20:22:14 ago Routing Descriptor Blocks: * 10.13.4.9, from 10.13.1.48, via Gigt8/0/0.44 Route metric is 10, traffic share count is 1 PE1#
MPLS Training - Basic
P1#sh mpls ldp neighbor 10.13.1.41 oops P1# P1#sh mpls ldp discovery Local LDP Identifier: Ok. 10.13.1.48:0 Gi3/0/0.44 (ldp): xmit/recv LDP Id: 10.13.1.41:0 P1# P1#sh ip route 10.13.1.41 Routing entry for 10.13.0.0/22 Ouchhh Known via "bgp 30000", distance 200, metric 0 Tag 1, type internal Last update from 10.13.1.251 20:10:38 ago Routing Descriptor Blocks: * 10.13.1.251, from 10.13.1.40, 20:10:38 ago Route metric is 0, traffic share count is 1 AS Hops 5 P1#
P1 doesn’t have a specific route to PE1.
236
MPLS Control Plane: LDP Troubles Prob #3—Session Establishment (Cont.) Gig8/0/0.44
PE1!
10.13.1.41/32
P1! 10.13.1.48/32
PE1#ping 10.13.1.48 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.13.1.48, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms PE1#
P1#ping 10.13.1.41 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.13.1.41, timeout is 2 seconds: ..... Success rate is 0 percent (0/5) P1#
Eeeekks !! It is an IP problem.
TIP—Check for IP connectivity first. Unless Layer3 is up, Layer4 (TCP session for LDP) won’t come up. MPLS Training - Basic
237
MPLS Control Plane: LDP Troubles Prob #4—“Untagged” Problem PE1#sh tag for 11.10.128.138 Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel Id switched interface 16 Untagged 11.10.128.138/32 0 PO4/1/0 point2point PE1# PE1#sh mpls ldp bind 11.10.128.138 32 tib entry: 11.10.128.138/32, rev 14 local binding: tag: 16 PE1# P1#sh mpls ldp bind 11.10.128.138 32 tib entry: 11.10.128.138/32, rev 4849(no route) local binding: tag: 630 remote binding: tsr: 10.13.1.54:0, tag: 16 remote binding: tsr: 11.10.65.12:0, tag: 48 P1# P1#sh ip route 11.10.128.138 Routing entry for 11.10.0.0/16 Known via "isis", distance 115, metric 44, type level-2 Redistributing via isis Last update from 11.10.65.13 on POS0/0, 1d00h ago Routing Descriptor Blocks: * 11.10.65.13, from 11.10.128.31, via POS0/0 Route metric is 44, traffic share count is 1 P1# MPLS Training - Basic
PE1! Pos4/1/0
Untagged ? No remote binding. Huh No route
P1! But there is a RIB entry. Let’s check FIB entry -
11.10.128.138
238
MPLS Control Plane: LDP Troubles Prob #4—“No Route” Problem (Cont.) P1#sh ip cef 11.10.128.138 11.10.0.0/16, version 142, cached adjacency to POS0/0 0 packets, 0 bytes tag information set local tag: 307 fast tag rewrite with PO0/0, point2point, tags imposed {48} via 11.10.65.13, POS0/0, 0 dependencies next hop 11.10.65.13, POS0/0 unresolved
View more...
Comments
