MPLS is a packet forwarding technology which uses labels to make data forwarding decisions. Originally developed by Cisco and was referred to as Tagged Switching, and was later adopted by the IETF and renamed MPLS. With MPLS, the Layer 3 header analysis is done just once when the packet enters the MPLS domain or when it reaches the PE Router. The label inspection drives subsequent packet forwarding. This allows Service Providers to deliver and scale secure Customers Networks. MPLS was actually developed by Cisco and was originally referred to as Tag Switching later on it was adopted by the ITU and became MPLS.
When I think about network virtualization three things always come to mind. The first and most often used are VLAN’s. The second thing that comes to mind are VRF’s, and the third is OTV. The reason I even bring this up is due to the fact that VRF’s play such a significant role in an overall MPLS design. The real purpose behind MPLS is routing table virtualization or segmentation. MPLS is a key technology for Service Providers, and honestly the real reason it even exist today.
Labels
- Label Distribution Protocol or LDP
- Tag Distribution Protocol or TDP – Legacy
- LDP establishes neighbors over both TCP / UDP 646
- TDP establishes neighbors over TCP 711 – Legacy
- Labels are locally significant between neighbors
- Builds the mapping between the Labels and the Routes to form the FEC
- The same label numbers can be used over and over highly scalable
- Penultimate Hop Popping or PHP is the next to last label in the path or LSP that gets removed
- Tunnels or Label Switch Paths ( LSPs ) are formed between Loopbacks with the help of IGP + LDP
- The Transport Labels are advertised via LDP
- The VPN Labels are advertised via BGP
- Interface Level: mpls ip
- IGP: mpls ldp autoconfig
- RFC – 3031
- RFC – 3032
CEF
- Cisco Express Forward is a mandatory in order to build the LFIB or Label Fib
- The RIB or Global Routing Table or VRF Table
- The FIB or CEF Table
- The LFIB or The MPLS Forwarding Table
FEC
- Forwarding Equivalency Class or FEC
- The mapping between the IPv4 / VPNv4 Route and the Label
- The PE & P Routers use Labels for forwarding
Label – 4 Byte Header
- Label size 20 bits
- EXP or experimental 3 bits
- S or bottom of the stack 1 bit
- TTL or Time to Live 8 bits
VRF
Virtual Route Forward or VRF allow multiple Customers to reside on a single Provider Edge Router or PE yet maintaining a separate secure Layer 3 routing table. The Customer Edge or CE is unaware of the upstream VRF table on the Provider Edge. VRF’s themselves are mutually exclusive, and can be used outside of MPLS however they play an important role in the overall MPLS design. I like to think of VRF’s much in the same way I think about VLAN’s. A VLAN gives us logical separation at Layer 2, and a VRF gives us logical separation at Layer 3.
- Establishes a logical separation for both the Control Plan and Data Plan
- Allows for overlapping address space
- IPv4 Address family format: ip vrf [ name ]
- IPv4 & IPv6 Address family format: vrf definition [ name ]
MP-BGP / VPNv4
- 8 byte Route Distinguisher encoded as ASN:NN
- The Route Targets an Extended Communities encoded ASN:NN
- 4 byte unique IPv4 address based on the following encoded format
- The Route Distingusher which makes the route unique by prepending the RD + Prefix + Length
- RFC – 4360
- RFC – 4364
CE vs. PE
The foundation of any MPLS / VPN is the relationship between the Customer provided equipment or CE, and the Service Provider equipment or PE. In most cases the Customer equipment is completely unaware that MPLS is running on the Service Providers equipment. This is the real beauty behind delivering MPLS as a Service Provider. The Labels are pushed and popped on the Service Providers equipment and the Customer equipment is completely unaware.
Lets get started with the configuration of Customer Router’s CE1, and CE2.
CE1#configure terminal CE1(config)#ip cef CE1(config)#
CE1(config)#interface Serial0/0 CE1(config-if)#ip address 10.1.1.2 255.255.255.252 CE1(config-if)#serial restart-delay 0 CE1(config-if)#exit CE1(config)#
CE1(config-router)#no synchronization CE1(config-router)#bgp router-id 10.1.1.2 CE1(config-router)#bgp log-neighbor-changes CE1(config-router)#network 1.1.1.0 mask 255.255.255.0 CE1(config-router)#network 10.1.1.0 mask 255.255.255.252 CE1(config-router)#network 192.168.1.0 CE1(config-router)#neighbor 10.1.1.1 remote-as 1000 CE1(config-router)#no auto-summary CE1(config-router)#exit CE1(config)#
CE2(config)#ip cef CE2(config)#
CE2(config)#interface Serial0/0 CE2(config-if)#ip address 10.2.2.2 255.255.255.252 CE2(config-if)#serial restart-delay 0 CE2(config-if)#exit CE2(config)#
CE2(config)#router bgp 10 CE2(config-router)#no synchronization CE2(config-router)#bgp router-id 10.2.2.2 CE2(config-router)#bgp log-neighbor-changes CE2(config-router)#network 2.2.2.0 mask 255.255.255.0 CE2(config-router)#network 10.2.2.0 mask 255.255.255.252 CE2(config-router)#network 192.168.2.0 CE2(config-router)#neighbor 10.2.2.1 remote-as 1000 CE2(config-router)#no auto-summary CE2(config-router)#end CE2#
Next lets enable CEF and configure the VRF definitions for A and B routing tables.
PE1#configure terminal PE1(config)#ip cef
PE1(config)#vrf definition A PE1(config-vrf)#rd 1000:10 PE1(config-vrf)route-target import 1000:10 PE1(config-vrf)route-target export 1000:10 PE1(config-vrf)#exit PE1(config)#
PE1(config)#vrf definition B PE1(config-vrf)#rd 1000:11 PE1(config-vrf)route-target import 1000:11 PE1(config-vrf)route-target export 1000:11 PE1(config-vrf)#exit PE1(config)#
Next we need to configure a loopback interface for the label in in order to form the FEC along with peering to CE2.
PE1(config)#interface loopback0 PE1(config-if)#description MP-BGP PE1(config-if)#ip address 1.0.0.1 255.255.255.255 PE1(config-if)#exit PE1(config)#
Moving on lets configure the interface on PE1 used to form the control plane to the P
PE1(config)#interface FastEthernet0/0 PE1(config-if)#ip address 10.0.1.2 255.255.255.252 PE1(config-if)#duplex full PE1(config-if)#speed 100 PE1(config-if)#mpls label protocol ldp PE1(config-if)#mpls ip PE1(config-if)#exit PE1(config#
PE1#configure terminal PE1(config)#interface Serial1/0 PE1(config-if)#vrf forwarding A PE1(config-if)#ip address 10.1.1.1 255.255.255.252 PE1(config-if)#serial restart-delay 0 PE1(config-if)#exit PE1(config)#
PE1(config)#interface Serial1/1 PE1(config-if)#vrf forwarding B PE1(config-if)#ip address 10.2.2.1 255.255.255.252 PE1(config-if)#serial restart-delay 0 PE1(config-if)#exit PE1(config)#
PE1(config)#router bgp 1000 PE1(config-router)#no synchronization PE1(config-router)#bgp router-id 10.0.1.2 PE1(config-router)#bgp log-neighbor-changes PE1(config-router)#network 10.0.1.0 mask 255.255.255.252 PE1(config-router)#neighbor 2.0.0.2 remote-as 1000 PE1(config-router)#neighbor 2.0.0.2 update-source Loopback0 PE1(config-router)#neighbor 2.0.0.2 next-hop-self PE1(config-router)#no auto-summary PE1(config-router)#
Next lets configure the VPNv4 Address Family and VRF for PE1.
PE1(config-router)#address-family vpnv4 PE1(config-router-af)#neighbor 2.0.0.2 activate PE1(config-router-af)#neighbor 2.0.0.2 send-community extended PE1(config-router-af)exit-address-family PE1(config-router)#
PE1(config-router)#address-family ipv4 vrf B PE1(config-router-af)#redistribute connected PE1(config-router-af)#redistribute static PE1(config-router-af)#neighbor 10.2.2.2 remote-as 11 PE1(config-router-af)#neighbor 10.2.2.2 activate PE1(config-router-af)#no synchronization PE1(config-router-af)#exit-address-family PE1(config-router)#
PE1(config-router-af)#address-family ipv4 vrf A PE1(config-router-af)#redistribute connected PE1(config-router-af)#redistribute static PE1(config-router-af)#neighbor 10.1.1.2 remote-as 10 PE1(config-router-af)#neighbor 10.1.1.2 activate PE1(config-router-af)#neighbor 10.1.1.2 as-override PE1(config-router-af)#no synchronization PE1(config-router-af)#exit-address-family PE1(config-router)#exit PE1(config)#
We need to add a static route for the loopback interfaces used to peer with PE2
PE1(config)#ip route 2.0.0.2 255.255.255.255 10.0.1.1 PE1(config)#
I’m using LDP for the control plane control throughout the configurations as opposed to TDP ( Tag Distribution Protocol ) which isn’t really used in production environments anymore. Before we moving forwarding with LDP lets be sure the CEF is enabled. CEF is key to forming the LFIB which is used for LDP forwarding through the Service Providers core.
P#configure terminal P(config)#ip cef P(config)#
Now lets configure LDP as the control plane protocol on the CORE and get the interfaces up and running.
P(config)#interface FastEthernet0/0 P(config-if)#ip address 10.0.1.1 255.255.255.252 P(config-if)#duplex full P(config-if)#speed 100 P(config-if)#mpls label protocol ldp P(config-if)#mpls ip P(config-if)#exit P(config)#
We can see from the syslog message that our LDP neighbor session come up.
*Mar 1 00:00:13.763: %LDP-5-NBRCHG: LDP Neighbor 10.0.1.2:0 (2) is UP
P(config)#interface FastEthernet1/0 P(config-if)#ip address 10.0.2.1 255.255.255.252 P(config-if)#duplex full P(config-if)#speed 100 P(config-if)#mpls label protocol ldp P(config-if)#mpls ip P(config-if)#exit P(config)#
Again we can see from the syslog message that our LDP neighbor come up.
*Mar 1 00:00:13.691: %LDP-5-NBRCHG: LDP Neighbor 2.0.0.2:0 (1) is UP
In this simple example I’m not actually using an IGP such as IS-IS or OSPF in the Service Providers core, so I need to add necessary static routes for the loopback interfaces on PE1, and PE2.
P(config)#ip route 1.0.0.1 255.255.255.255 10.0.1.2 P(config)#ip route 2.0.0.2 255.255.255.255 10.0.2.2 P(config)#end P#
PE2#configure terminal PE2(config)#ip cef PE2(config)#
PE2(config)#vrf definition A PE2(config-vrf)#rd 1000:10 PE2(config-vrf)route-target import 1000:10 PE2(config-vrf)route-target export 1000:10 PE2(config-vrf)#exit PE2(config)#
PE2(config)#vrf definition B PE2(config-vrf)#rd 1000:11 PE2(config-vrf)route-target import 1000:11 PE2(config-vrf)route-target export 1000:11 PE2(config-vrf)#exit PE2(config)#
PE2(config)#interface Loopback0 PE2(config-if)#description MP-BGP PE2(config-if)#ip address 2.0.0.2 255.255.255.255 PE2(config-if)#exit PE2(config)#
Now lets configure the interface on PE2 used for the Control Plane to the P.
PE2(config)#interface FastEthernet0/0 PE2(config-if)#ip address 10.0.2.2 255.255.255.252 PE2(config-if)#duplex full PE2(config-if)#speed 100 PE2(config-if)#mpls label protocol ldp PE2(config-if)#mpls ip PE2(config-if)#exit PE2(config)#
PE2(config)#interface Serial1/0 PE2(config-if)#vrf forwarding A PE2(config-if)#ip address 10.3.3.1 255.255.255.252 PE2(config-if)#serial restart-delay 0 PE2(config-if)#exit PE2(config)#
PE2(config)#interface Serial1/1 PE2(config-if)#vrf forwarding B PE2(config-if)#ip address 10.4.4.1 255.255.255.252 PE2(config-if)#serial restart-delay 0 PE2(config-if)#exit PE2(config)#
PE2(config)#router bgp 1000 PE2(config-router)#no synchronization PE2(config-router)#bgp router-id 10.0.2.2 PE2(config-router)#bgp log-neighbor-changes PE2(config-router)#network 10.0.1.0 mask 255.255.255.252 PE2(config-router)#neighbor 1.0.0.1 remote-as 1000 PE2(config-router)#neighbor 1.0.0.1 update-source Loopback0 PE2(config-router)#neighbor 1.0.0.1 next-hop-self PE2(config-router)#no auto-summary PE2(config-router)#
PE2(config-router)#address-family vpnv4 PE2(config-router-af)#neighbor 1.0.0.1 activate PE2(config-router-af)#neighbor 1.0.0.1 send-community extended PE2(config-router-af)exit-address-family PE2(config-router)#
PE2(config-router)#address-family ipv4 vrf B PE2(config-router-af)#redistribute connected PE2(config-router-af)#redistribute static PE2(config-router-af)#neighbor 10.4.4.2 remote-as 11 PE2(config-router-af)#neighbor 10.4.4.2 activate PE2(config-router-af)#neighbor 10.4.4.2 as-override PE2(config-router-af)#no synchronization PE2(config-router-af)#exit-address-family PE2(config-router)#
PE2(config-router-af)#address-family ipv4 vrf A PE2(config-router-af)#redistribute connected PE2(config-router-af)#redistribute static PE2(config-router-af)#neighbor 10.3.3.2 remote-as 10 PE2(config-router-af)#neighbor 10.3.3.2 activate PE2(config-router-af)#neighbor 10.3.3.2 as-override PE2(config-router-af)#no synchronization PE2(config-router-af)#exit-address-family PE2(config-router)#exit PE2(config)#
Next we need to add a static route for the Loopback interfaces used to peer with PE1
PE2(config)#ip route 2.0.0.2 255.255.255.255 10.0.2.1 PE2(config)#end PE2#
CE1#configure terminal CE1(config)#ip cef CE1(config)#
CE1(config)#interface Serial0/0 CE1(config-if)#ip address 10.3.3.2 255.255.255.252 CE1(config-if)#serial restart-delay 0 CE1(config-if)#exit CE1(config)#
CE1#configure terminal CE1(config)#router bgp 10 CE1(config-router)#no synchronization CE1(config-router)#bgp router-id 10.3.3.2 CE1(config-router)#bgp log-neighbor-changes CE1(config-router)#network 3.3.3.0 mask 255.255.255.0 CE1(config-router)#network 10.3.3.0 mask 255.255.255.252 CE1(config-router)#network 192.168.3.0 CE1(config-router)#neighbor 10.3.3.1 remote-as 1000 CE1(config-router)#no auto-summary CE1(config-router)#exit CE1(config)#
Be sure to enable the required Cisco Express Forwarding on R2-A in order to form the LFIB
CE2(config)#ip cef
CE2(config)#interface Serial0/0 CE2(config-if)#ip address 10.4.4.2 255.255.255.252 CE2(config-if)#serial restart-delay 0 CE2(config-if)#exit CE2(config)#
CE2(config)#router bgp 10 CE2(config-router)#no synchronization CE2(config-router)#bgp router-id 10.4.4.2 CE2(config-router)#bgp log-neighbor-changes CE2(config-router)#network 4.4.4.0 mask 255.255.255.0 CE2(config-router)#network 10.4.4.0 mask 255.255.255.252 CE2(config-router)#network 192.168.4.0 CE2(config-router)#neighbor 10.4.4.1 remote-as 1000 CE2(config-router)#no auto-summary CE2(config-router)#exit CE2(config)#
Now lets take a look at the VRF routing table on PE1 for CE1, and CE2
PE1#show ip route vrf A Gateway of last resort is not set 1.0.0.0/24 is subnetted, 1 subnets B 1.1.1.0 [20/0] via 10.1.1.2, 00:11:27 3.0.0.0/24 is subnetted, 1 subnets B 3.3.3.0 [200/0] via 2.0.0.2, 00:11:12 10.0.0.0/30 is subnetted, 2 subnets B 10.3.3.0 [200/0] via 2.0.0.2, 00:11:12 C 10.1.1.0 is directly connected, Serial1/0 B 192.168.1.0/24 [20/0] via 10.1.1.2, 00:11:27 B 192.168.2.0/24 [200/0] via 2.0.0.2, 00:11:12
Lets also take a look at the BGP table between CE1, and CE2
CE1#show ip route bgp 3.0.0.0/24 is subnetted, 1 subnets B 3.3.3.0 [20/0] via 10.1.1.1, 00:06:56 10.0.0.0/30 is subnetted, 2 subnets B 10.3.3.0 [20/0] via 10.1.1.1, 00:06:56 B 192.168.2.0/24 [20/0] via 10.1.1.1, 00:06:56
Verify the VRF routing table on PE1 for CE1, and CE2
PE1#show ip route vrf B Gateway of last resort is not set B 192.168.4.0/24 [200/0] via 2.0.0.2, 00:01:41 10.0.0.0/30 is subnetted, 2 subnets B 10.4.4.0 [200/0] via 2.0.0.2, 00:25:57 C 10.2.2.0 is directly connected, Serial1/1 B 192.168.2.0/24 [20/0] via 10.2.2.2, 00:00:14
Next lets take a look at the LDP peering between PE1 and the P from PE1 perspective
PE1#show mpls ldp neighbor Peer LDP Ident: 10.0.2.1:0; Local LDP Ident 10.0.1.2:0 TCP connection: 10.0.2.1.11865 - 10.0.1.2.646 State: Oper; Msgs sent/rcvd: 7/7; Downstream Up time: 00:00:43 LDP discovery sources: FastEthernet0/0, Src IP addr: 10.0.1.1 Addresses bound to peer LDP Ident: 10.0.1.1 10.0.2.1
Now lets take a look at the MPLS bindings and Labels on PE1
PE1#show mpls ip binding 1.0.0.1/32 in label: imp-null out label: 16 lsr: 10.0.2.1:0 2.0.0.2/32 in label: 16 out label: 17 lsr: 10.0.2.1:0 inuse 10.0.1.0/30 in label: imp-null out label: imp-null lsr: 10.0.2.1:0 10.0.2.0/30 in label: 17 out label: imp-null lsr: 10.0.2.1:0 inuse
Lets take a look at the VPNv4 summary for VRF A on PE1
PE1#show ip bgp vpnv4 vrf A BGP table version is 18, local router ID is 10.0.1.2 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 1000:10 (default for vrf CA) *> 1.1.1.0/24 10.1.1.2 0 0 10 i *>i3.3.3.0/24 2.0.0.2 0 100 0 10 i * 10.1.1.0/30 10.1.1.2 0 0 10 i *> 0.0.0.0 0 32768 ? *>i10.3.3.0/30 2.0.0.2 0 100 0 ? *> 192.168.1.0 10.1.1.2 0 0 10 i *>i192.168.2.0 2.0.0.2 0 100 0 10 I
Lets take a look at the LDP bindings on the P Router
P#show mpls ldp bindings tib entry: 1.0.0.1/32, rev 6 local binding: tag: 16 remote binding: tsr: 2.0.0.2:0, tag: 16 remote binding: tsr: 10.0.1.2:0, tag: imp-null tib entry: 2.0.0.2/32, rev 8 local binding: tag: 17 remote binding: tsr: 2.0.0.2:0, tag: imp-null remote binding: tsr: 10.0.1.2:0, tag: 16 tib entry: 10.0.1.0/30, rev 4 local binding: tag: imp-null remote binding: tsr: 2.0.0.2:0, tag: 17 remote binding: tsr: 10.0.1.2:0, tag: imp-null tib entry: 10.0.2.0/30, rev 3 local binding: tag: imp-null remote binding: tsr: 2.0.0.2:0, tag: imp-null remote binding: tsr: 10.0.1.2:0, tag: 17
A lot of time and effort went into this post approximately two weeks, but it was worth totally worth it. Ever since we made the move from a Layer 2 Frame Hub and Spoke Topology to MPLS I have been totally fascinated with how it actually works. It’s an awesome feeling when you finally put it all together and the VPN / VRF isolation and propagation works between all Routers as advertised. Lots of fun lots of work.
I hope you found this post on MPLS helpful and informative. Be sure to let me know what you think by leaving suggestions, and feedback in the comments section below. You can find out more about these and other articles be checking out recent posts and archives. To learn more about me be sure to check out the About page. And as always thanks again for visiting The Packet.
