Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Session Number
Presentation_ID
Agenda
Introduction to MPLS
LDP
MPLS VPN
Monitoring MPLS
Presentation_ID
MPLS Concept
At Edge:
Classify packets
Label them
Edge Label
Switch
Router
In Core:
Forward using
labels (as opposed
to IP addr)
Label indicates
service class and
destination
(ATM Switch
or Router)
Label Switch
Router (LSR)
Router
Label
Distribution
Protocol (LDP)
Presentation_ID
ATM switch +
Tag Switch
Controller
MPLS concept
MPLS: Multi Protocol Label Switching
Packet forwarding is done based on Labels.
Labels are assigned when the packet
enters into the network.
Labels are on top of the packet.
MPLS nodes forward packets/cells based on
the label value (not on the IP information).
Presentation_ID
MPLS concept
MPLS allows:
Packet classification only where the packet
enters the network.
The packet classification is encoded as a label.
In the core, packets are forwarded without
having to re-classify them.
- No further packet analysis
- Label swapping
Presentation_ID
MPLS Operation
1a. Existing routing protocols (e.g. OSPF, IS-IS)
establish reachability to destination networks.
1b. Label Distribution Protocol (LDP)
establishes label to destination
network mappings.
Encapsulations
ATM Cell Header
GFC
VPI
VCI
PTI
CLP HEC
DATA
Label
PPP Header
(Packet over SONET/SDH)
PPP Header
Label Header
Layer 3 Header
MAC Header
Label Header
Layer 3 Header
Presentation_ID
Label Header
0
1
2
3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Label
Label = 20 bits
S = Bottom of Stack, 1 bit
EXP S
TTL
Presentation_ID
10
LSR-2
IP packet
TTL = 10
Label = 25
IP packet
TTL = 6
Label = 39
IP packet
TTL = 6
LSR-6
LSR-6 --> 25
Hops=4
IGP domain with a label
distribution protocol
Label = 21
IP packet
TTL = 6
LSR-4
IP packet
TTL = 6
LSR-5
Egress
11
Presentation_ID
12
171.68.10/24
Rtr-A
Rtr-B
Rtr-C
13
171.68.40/24
171.68.10/24
Rtr-A
In
I/F
In
Lab
Address
Prefix
171.68.10
... ...
Out
I/F
Rtr-B
Out
Lab
30
Next-Hop...
...
...
1
Rtr-C
In
I/F
In
Lab
30 171.68.10
... ...
Address
Prefix
Out
I/F
Out
Lab
40
Next-Hop...
...
...
1
In
I/F
In
Lab
40 171.68.10
... ...
Address
Prefix
Out
I/F
Out
Lab
...
Next-Hop...
...
14
On-Demand Downstream
Distribution
171.68.10/24
171.68.40/24 Rtr-A
Rtr-B
Request label for
destination 171.68.10/24
Rtr-C
Request label for
destination 171.68.10/24
Presentation_ID
15
Presentation_ID
16
Presentation_ID
17
I/F
Address
Prefix
I/F
Address
Prefix
I/F
128.89
128.89
128.89
171.69
171.69
128.89
128.89.25.4 Data
0 128.89.25.4 Data
1
128.89.25.4 Data
128.89.25.4 Data
Packets Forwarded
Based on IP Address
Presentation_ID
171.69
18
Out
In
Address Out
Label
Iface
Label Prefix
128.89
128.89
171.69
171.69
Out
In
Address Out
Label
Iface
Label Prefix
128.89
0
0
Routing Updates
(OSPF, EIGRP, )
Presentation_ID
128.89
171.69
19
Out
In
Address Out
Label
Iface
Label Prefix
128.89
128.89
171.69
171.69
Out
In
Address Out
Label
Iface
Label Prefix
128.89
128.89
Label Distribution
Protocol (LDP)
171.69
(downstream allocation)
Presentation_ID
20
Out
In
Address Out
Label
Iface
Label Prefix
128.89
128.89
171.69
171.69
Out
In
Address Out
Label
Iface
Label Prefix
128.89
128.89
128.89.25.4
128.89.25.4
Data
Data
128.89.25.4 Data
128.89.25.4
Data
21
Agenda
Introduction to MPLS
LDP
MPLS VPN
Monitoring MPLS
Presentation_ID
22
23
Neighbor discovery
Basic and extended discovery
Presentation_ID
24
Control plane
Routing protocol
IP routing table
Exchange of
labels
Incoming
IP packets
Incoming
labeled packets
Presentation_ID
Data plane
IP forwarding table
Label forwarding table
Outgoing
IP packets
Outgoing
labeled packets
25
10.0.0.0/8 1.2.3.4
RT:
10.0.0.0/8 1.2.3.4
OSPF: 10.0.0.0/8
LIB:
Data plane
10.1.1.1
L=5 10.1.1.1
Presentation_ID
FIB:
10.0.0.0/8 1.2.3.4
10.1.1.1
LFIB:
26
OSPF:
10.0.0.0/8 1.2.3.4
RT:
10.0.0.0/8 1.2.3.4
LIB:
OSPF: 10.0.0.0/8
Data plane
10.1.1.1
L=5 10.1.1.1
Presentation_ID
FIB:
LFIB:
L=3 10.1.1.1
L=5 L=3
L=3 10.1.1.1
27
Presentation_ID
28
Routing table of B
Network Next-hop
X
C
Routing table of C
Network Next-hop
X
D
FIB on A
Network Next hop Label
X
B
Routing table of E
Network Next-hop
X
C
Network X
29
Allocating Labels
Routing table of B
Network Next-hop
X
C
Network X
E
30
Label
25
LFIB on B
Action Next hop
E
pop
C
LIB on B
Network
LSR label
X
local
25
31
Label Distribution
LIB on B
Network
LSR label
X
local
25
X = 25
A
X = 25
B
25
Network X
E
32
LIB on C
Network
LSR label
X
B
25
X = 25
A
X = 25
B
FIB on A
Network Next hop Label
X
B
25
25
Network X
E
LIB on E
Network
LSR label
X
B
25
33
Label
25
IP: X
Lab: 25
LFIB on B
Action Next hop
pop
C
B
FIB on A
Network Next hop Label
X
B
25
IP: X
IP lookup is performed in
FIB, packet is labeled.
34
X = 47
A
X
E
47
LFIB on C
Action Next hop
pop
D
35
LIB on B
Network
LSR label
X
local
25
C
47
X = 47
A
X
FIB on E
Network Next hop
X
C
Label
47
47
Network X
LIB on E
Network
LSR label
X
B
25
C
47
36
Populating LFIB
FIB on B
Network Next hop Label
X
C
47
LIB on B
Network
LSR label
X
local
25
C
47
X = 47
A
Label
25
LFIB on B
Action Next hop
47
C
47
Network X
37
Ingress LSR
IP: X
Label
25
Lab: 25
LFIB on B
Action Next hop
47
C
B
FIB on A
Network Next hop Label
X
B
25
Lab: 47
Label
47
E
Egress LSR
C
IP: X
LFIB on C
Action Next hop
pop
D
IP lookup is performed in
FIB, packet is labeled.
Label lookup is performed
in LFIB, label is removed.
Presentation_ID
38
FIB on B
Network Next hop Label
X
C
47
LIB on B
Network
LSR label
X
local
25
C
47
E
75
Label
25
Network X
E
LFIB on B
Action Next hop
47
C
After the LSRs have exchanged the labels, LIB, LFIB and
FIB data structures are completely populated.
Presentation_ID
39
FIB on B
Network Next hop Label
X
C
47
LIB on B
Network
LSR label
X
local
25
C
47
E
75
Label
25
Presentation_ID
LFIB on B
Action Next hop
47
C
Network X
E
40
FIB on B
Network Next hop Label
X
E
LIB on B
Network
LSR label
X
local
25
C
47
E
75
Label
25
Presentation_ID
LFIB on B
Action Next hop
47
C
Network X
E
41
MPLS Convergence
Routing table of B
Network Next-hop
X
E
FIB on B
Network Next hop Label
X
E
75
LIB on B
Network
LSR label
X
local
25
C
47
E
75
Label
25
Presentation_ID
LFIB on B
Action Next hop
75
E
Network X
E
42
Presentation_ID
43
FIB on B
Network Next hop Label
X
E
75
LIB on B
Network
LSR label
X
local
25
C
47
E
75
Label
25
Presentation_ID
Network X
E
LFIB on B
Action Next hop
75
E
44
FIB on B
Network Next hop Label
X
E
75
C
LIB on B
Network
LSR label
X
local
25
C
47
E
75
Label
25
Presentation_ID
LFIB on B
Action Next hop
75
E
pop
C
Network X
E
45
Presentation_ID
46
47
MPLS_A
1.0.0.1
UDP:
Hello
UDP:
Hello
UDP:
Hello
(1.0.0.1:1050
(1.0.0.1:1051 224.0.0.2:646)
224.0.0.2:646)
(1.0.0.1:1052 224.0.0.2:646)
TCP (1.0
.0
.4:1065
1.0.0
.1:646
UDP:
Hello
UDP:
Hello
UDP:
Hello
(1.0.0.4:1033
(1.0.0.4:1034224.0.0.2:646)
224.0.0.2:646)
(1.0.0.4:1035 224.0.0.2:646)
TCP
6)
1.0.0.1:64
3
4
0
:1
(1.0.0.2
MPLS_B
1.0.0.2
NO_MPLS_C
1.0.0.3
MPLS_D
1.0.0.4
48
1.0.0.1
MPLS_B
1.0.0.2
Initialization message
Keepalive
Keepalive
49
10.0.0.0/8
L=18
10.1.1.1
18
10.0.0.0/8
L=19
10.1.1.1
19
10.0.0.0/8
10.1.1.1
10.1.1.1
FIB
10/8 NH, 17
FIB
10/8 NH, 18
FIB
10/8 NH, 19
FIB
10/8 NH
LFIB
35 17
LFIB
17 18
LFIB
18 19
LFIB
19 untagged
50
MPLS Domain
10.0.0.0/8
L=17
17
10.0.0.0/8
L=18
10.1.1.1
18
10.0.0.0/8
L=pop
10.1.1.1
10.0.0.0/8
10.1.1.1
10.1.1.1
FIB
10/8 NH, 17
FIB
10/8 NH, 18
FIB
10/8 NH, 19
FIB
10/8 NH
LFIB
35 17
LFIB
17 18
LFIB
18 pop
LFIB
51
Presentation_ID
52
LDP Messages
Discovery messages
Used to discover and maintain the presence of
new peers
Hello packets (UDP) sent to all-routers multicast
address
Once neighbor is discovered, the LDP session is
established over TCP
Presentation_ID
53
LDP Messages
Session messages
Establish, maintain and terminate LDP sessions
Advertisement messages
Create, modify, delete label mappings
Notification messages
Error signalling
Presentation_ID
54
Agenda
Introduction to MPLS
LDP
MPLS VPN
Monitoring MPLS
Presentation_ID
55
What Is a VPN?
VPN is a set of sites which are allowed to
communicate with each other.
VPN is defined by a set of administrative policies
Policies determine both connectivity and QoS
among sites.
Policies established by VPN customers.
Policies could be implemented completely by VPN
service providers.
Using BGP/MPLS VPN mechanisms
Presentation_ID
56
Presentation_ID
57
IP VPN Taxonomy
IP VPNs
DIAL
ClientInitiated
DEDICATED
NASInitiated
Security
Appliance
Presentation_ID
IP
Tunnel
Router
Virtual
Circuit
FR
ATM
NetworkBased VPNs
RFC 2547
Virtual
Router
58
MPLS-VPN Terminology
Provider Network (P-Network)
The backbone under control of a Service
Provider
CE router
Customer Edge router. Part of the C-network
and
interfaces to a PE router
Presentation_ID
59
MPLS-VPN Terminology
Site
Set of (sub)networks part of the C-network and
co-located
A site is connected to the VPN backbone through
one or more PE/CE links
PE router
Provider Edge router. Part of the P-Network and
interfaces to CE routers
P router
Provider (core) router, without knowledge of VPN
Presentation_ID
60
MPLS-VPN Terminology
Route-Target
64 bits identifying routers that should receive
the route
Route Distinguisher
Attributes of each route used to uniquely
identify prefixes among VPNs (64 bits)
VRF based (not VPN based)
VPN-IPv4 addresses
Address including the 64 bits Route
Distinguisher and the 32 bits IP address
Presentation_ID
61
MPLS-VPN Terminology
VRF
VPN Routing and Forwarding Instance
Routing table and FIB table
Populated by routing protocol contexts
VPN-Aware network
A provider backbone where MPLS-VPN
is deployed
Presentation_ID
62
Presentation_ID
63
VPN-C
VPN-A
Site-2
Site-3
VPN-B
Presentation_ID
64
65
VPN_A
iBGP sessions
10.2.0.0
CE
CE
VPN_B
10.2.0.0 CE
PE
11.5.0.0
VPN_A
PE
CE
10.1.0.0
VPN_A
11.6.0.0
VPN_B
CE
PE
PE
CE
VPN_B
10.3.0.0
10.1.0.0 CE
66
PE
EBGP,OSPF, RIPv2,Static
CE
Site-2
67
Site-1
EBGP,OSPF, RIPv2,Static
PE
VPN Backbone IGP (OSPF, ISIS)
Site-2
Presentation_ID
68
PE
EBGP,OSPF, RIPv2,Static
CE
Site-2
69
Presentation_ID
70
PE
PE
VPN Backbone IGP
iBGP session
71
P
PE-2
PE-1
VPN Backbone IGP
BGP,RIPv2 update
for Net1,NextHop=CE-1
Site-1
CE-1
CE-2
Site-2
VPN-IPv4 update:
RD:Net1, Next-hop=PE1
SOO=Site1, RT=Green,
Label=(intCE1)
72
P
PE-2
PE-1
VPN Backbone IGP
BGP,OSPF, RIPv2
update for Net1
Next-Hop=CE-1
Site-1
CE-1
CE-2
Site-2
VPN-IPv4 update:
RD:Net1, Next-hop=PE1
SOO=Site1, RT=Green,
Label=(intCE1)
73
Presentation_ID
74
VPN-IPV4 address
Route Distinguisher
64 bits
Makes the IPv4 route globally unique
RD is configured in the PE for each VRF
RD may or may not be related to a site or a VPN
IPv4 address (32bits)
Presentation_ID
75
Presentation_ID
76
General form
<16bits type>:<ASN>:<32 bit number>
Registered AS number
<16bits type>:<IP address>:<16 bit number>
Registered IP address
Presentation_ID
77
Presentation_ID
78
Presentation_ID
79
MPLS Forwarding
Packet forwarding
PE and P routers have BGP next-hop reachability
through the backbone IGP
Labels are distributed through LDP (hop-by-hop)
corresponding to BGP Next-Hops
Label Stack is used for packet forwarding
Top label indicates BGP Next-Hop (interior label)
Second level label indicates outgoing interface or
VRF (exterior label)
Presentation_ID
80
MPLS Forwarding
Penultimate Hop Popping
CE1
IP
packet
PE1
Penultimate Hop
Popping
P2 is the penultimate
hop for the BGP nexthop
P2 remove the top label
This has been
requested through LDP
by PE2
CE2
IGP
Label(PE2)
VPN
IP Label
IP
packet
packet
PE1 receives IP packet
Lookup is done on site VRF
BGP route with Next-Hop and
Label is found
BGP next-hop (PE2) is reachable
through IGP route with
associated label
Presentation_ID
P1
IGP
Label(PE2)
VPN
IP Label
VPN Label
P2
IP
packet
PE2
packet
CE3
81
VPN_A
10.2.0.0
CE
CE
VPN_B
10.2.0.0 CE
PE2
11.5.0.0
VPN_A
PE
CE
10.1.0.0
VPN_A
11.6.0.0
VPN_B
CE
T8T2Data
Data
CE
PE1
10.1.0.0 CE
VPN_B
10.3.0.0
<RD_B,10.1>,, iBGP
iBGP next
hop
PE1, T2
<RD_B,10.2>
NH=
PE2
T1 T7 T8
T8
T9
T7
TB
TB
T8
82
VPN_A
10.2.0.0
VPN_B
CE
Data
10.2.0.0 CE
T2 Data
CE
TB T2 Data
PE2
VPN_A
11.6.0.0
VPN_B
CE
P
TAT2 Data
VPN_A
PE
CE
10.1.0.0
T8T2 Data
CE
PE1
10.1.0.0 CE
11.5.0.0
VPN_B
10.3.0.0
in / out
T7 Tu
T8,
T8 TA
Tw
T9 Tx
Ta Ty
Tb Tz
Presentation_ID
83
12
130.130.10.1
B
12
130.130.11.3
84
VPN-ID
VPN Site
Address
VPN Site
Label
Provider Edge
Router Address
PE
Label
12
130.130.10.0/24
26
172.68.1.11/32
42
12
130.130.11.0/24
989
172.68.1.2/32
101
...
...
...
...
...
Presentation_ID
85
VPN Site
Address
VPN Site
Label
Provider Edge
Router Address
PE
Label
12
130.130.10.0/24
26
172.68.1.11/32
42
12
130.130.11.0/24
989
172.68.1.2/32
101
...
...
...
...
...
A
12
3. PE router A matches
the incoming packets
destination address
with VPN 12s
forwarding table.
101
989 130.130.11.3
Rest of IP packet
86
87
12
130.130.11.3
6. PE router B identifies the correct
site in VPN 12 from the inner label.
7. PE router B removes the labels
and forwards the IP packet to the
correct VPN 12 site.
Presentation_ID
88
Presentation_ID
89
Presentation_ID
90
Routing
processe
s
BGP
RIP
Routing
contexts
VRF Forwarding
tables
Presentation_ID
Static
91
Logical view
Site-1
VPN-C
VPN-A
Site-2
Multihop MP-iBGP
P
PE
VRF
for site-1
Site-1
routes
Site-2
routes
Site-1
Presentation_ID
Routing view
PE
VRF
for site-2
Site-1
routes
Site-2
routes
Site-3
routes
Site-2
VPN-B
Site-3
VRF
for site-3
Site-2 routes
Site-3 routes
Site-4 routes
Site-3
VRF
for site-4
Site-3 routes
Site-4 routes
Site-4
92
VPN_A
VPN_A
10.2.0.0
CE
CE
VPN_B
10.2.0.0 CE
PE
11.5.0.0
VPN_A
PE
CE
10.1.0.0
VPN_A
11.6.0.0
VPN_B
CE
PE
PE
CE
VPN_B
10.3.0.0
10.1.0.0 CE
Presentation_ID
93
94
EBGP/RIP/Static
N3
NH=CE3
IntCE3
PE3
VRF
for site-1
N1,NH=CE
1
N2,NH=PE
2
N3,NH=PE
3
Routing Table on
CE1
N1, Local
N2, PE1
N3, PE1
PE1
VRF
for site-3
N1,NH=PE1
N2,NH=PE2
N3,NH=CE
3
PE2
IntCE
1
EBGP/RIP/Static
EBGP/RIP/Static
IntCE2
VRF
for site-2
N1,NH=PE
1
N2,NH=CE
2
N3,NH=PE
3
N2,NH=CE2
Site-2
N2
Routing Table on
CE2
N1,NH=PE2
N2,Local
N3,NH=PE2
N1
NH=CE1
Site-1
N1
Presentation_ID
95
96
CE1
Site-2
N2
CE2
IntCE1 VRF
(Import RT=Spoke)
(Export RT=Hub)
N1,NH=CE1 (exported)
N2,NH=PE3 (imported)
N3,NH=PE3 (imported
IntCE2 VRF
(Import RT=Spoke)
(Export RT=Hub)
N1,NH=PE3 (imported)
N2,NH=CE2 (exported)
N3,NH=PE3 (imported)
BGP/RIPv2
PE1
PE3
PE2
IntCE3-Hub VRF
(Import RT=Hub)
Site-3
CE3-Hub
N1,NH=PE1
N2,NH=PE2
IntCE3-Spoke
VRF
N3
(Export
CE3-Spoke
RT=Spoke)
N1,NH=CE3Spoke
BGP/RIPv2
N2,NH=CE3Spoke
VPN-IPv4N3,NH=CE3updates advertised by PE3
Spoke
RD:N1, NH=PE3,Label=IntCE3-Spoke,
RT=Spoke
RD:N2, NH=PE3,Label=IntCE3-Spoke,
RT=Spoke
RD:N3, NH=PE3,Label=IntCE3-Spoke,
RT=Spoke
97
Site-1
N1
CE1
IntCE1 VRF
(Import RT=Spoke)
(Export RT=Hub)
N1,NH=CE1 (exported)
N2,NH=PE3 (imported)
N3,NH=PE3 (imported
PE1
PE3
Site-2
N2
IntCE3-Hub VRF
(Import RT=Hub)
N1,NH=PE1
N2,NH=PE2
CE2
PE2
IntCE2 VRF
(Import RT=Spoke)
(Export RT=Hub)
N1,NH=PE3 (imported)
N2,NH=CE2 (exported)
N3,NH=PE3 (imported)
IntCE3-Spoke
VRF
(Export
RT=Spoke)
N1,NH=CE3Spoke
N2,NH=CE3Spoke
N3,NH=CE3Spoke
BGP/RIPv2
CE3-Hub
Site-3
N3
CE3-Spoke
BGP/RIPv2
Traffic from one spoke to another will travel across the hub site
Hub site may host central services
Security, NAT, centralised Internet access
Presentation_ID
98
Presentation_ID
99
Presentation_ID
100
101
102
Internet
PE-IG
192.168.1.2
MP-BGP
PE
PE
Serial0
Site-1
Network 171.68.0.0/16
Site-2
Presentation_ID
ip vrf VPN-A
rd 100:1
route-target both 100:1
!
Interface Serial0
ip address 192.168.10.1 255.255.255.0
ip vrf forwarding VPN-A
!
Router bgp 100
no bgp default ipv4-unicast
network 171.68.0.0 mask 255.255.0.0
neighbor 192.168.1.1 remote 100
neighbor 192.168.1.1 activate
neighbor 192.168.1.1 next-hop-self
neighbor 192.168.1.1 update-source loopback0
!
address-family ipv4 vrf VPN-A
neighbor 192.168.10.2 remote-as 65502
neighbor 192.168.10.2 activate
exit-address-family
!
address-family vpnv4
neighbor 192.168.1.2 activate
exit-address-family
!
ip route 171.68.0.0 255.255.0.0 Serial0
ip route vrf VPN-A 0.0.0.0 0.0.0.0 192.168.1.1 glob
103
IP packet
D=cisco.co
m
Internet
PE-IG
Label = 3
IP packet
D=cisco.co
m
192.168.1.2
PE
PE
Serial0
IP packet
D=cisco.co
m
Site-1
Network 171.68.0.0/16
Site-2
Presentation_ID
104
Presentation_ID
105
Presentation_ID
106
Presentation_ID
107
Internet
PE-IG
192.168.1.2
PE
MP-BGP
PE
Serial0.1
Serial0.2
BGP-4
Site-1
Network 171.68.0.0/16
Site-2
Presentation_ID
ip vrf VPN-A
rd 100:1
route-target both 100:1
!
Interface Serial0
no ip address
!
Interface Serial0.1
ip address 192.168.10.1 255.255.255.0
ip vrf forwarding VPN-A
!
Interface Serial0.2
ip address 171.68.10.1 255.255.255.0
!
Router bgp 100
no bgp default ipv4-unicast
neighbor 192.168.1.1 remote 100
neighbor 192.168.1.1 activate
neighbor 192.168.1.1 next-hop-self
neighbor 192.168.1.1 update-source loopback0
neighbor 171.68.10.2 remote 502
!
address-family ipv4 vrf VPN-A
neighbor 192.168.10.2 remote-as 502
neighbor 192.168.10.2 activate
exit-address-family
!
address-family vpnv4
neighbor 192.168.1.2 activate
exit-address-family
108
IP packet
D=cisco.co
m
Internet
PE-IG
Label = 3
PE Global Table
Internet routes --->
192.168.1.1
192.168.1.1, Label=3
IP packet
D=cisco.co
m
192.168.1.2
PE
PE
Serial0.1
Serial0.1
Site-1
Serial0.2
IP packet
D=cisco.co
m
Serial0.2
CE routing table
Site-2 routes ---->
Serial0.1
Network 171.68.0.0/16 Internet routes --->
Serial0.2
Site-2
Presentation_ID
109
Scaling
Presentation_ID
110
MPLS-VPN
Scaling BGP
Route Reflectors
VPN_A
RR
10.2.0.0
VPN_B
VPN_A
VPN_B
CE 11.5.0.0
CE
10.2.0.0 CE
11.6.0.0
VPN_A
RR
PE2
CE
10.1.0.0 CE
PE1
PE
PE
VPN_A
CE 10.1.0.0
CE VPN_B
10.3.0.0
111
MPLS-VPN Scaling
BGP updates filtering
iBGP full mesh between PEs results in flooding all VPNs
routes to all PEs
Scaling problems when large amount of routes. In addition
PEs need only routes for attached VRFs
Therefore each PE will discard any VPN-IPv4 route that
hasnt a route-target configured to be imported in any of
the attached VRFs
This reduces significantly the amount of information each
PE has to store
Volume of BGP table is equivalent of volume of attached
VRFs (nothing more)
Presentation_ID
112
MPLS-VPN Scaling
BGP updates filtering
VPN-IPv4 update:
RD:Net1, Next-hop=PEX
SOO=Site1, RT=Green,
Label=XYZ
Import RT=yellow
VRFs for VPNs
yellow
green
PE
MP-iBGP sessions
Import RT=green
VPN-IPv4 update:
RD:Net1, Next-hop=PEX
SOO=Site1, RT=Red,
Label=XYZ
113
MPLS-VPN Scaling
Route Refresh
Import RT=yellow
PE
Import RT=green
Import RT=red
VPN-IPv4 update:
RD:Net1, Next-hop=PEX
SOO=Site1, RT=Green,
Label=XYZ
VPN-IPv4 update:
RD:Net1, Next-hop=PEX
SOO=Site1, RT=Red,
Label=XYZ
3. Neighbors re-send
updates and red
route-target is now
accepted
114
MPLS-VPN Scaling
Outbound Route Filters - ORF
Import RT=yellow
PE
2. PE issue a ORF
message to all neighbors
in order not to receive red
routes
Import RT=green
1. PE doesnt need
red routes
VPN-IPv4 update:
RD:Net1, Next-hop=PEX
SOO=Site1, RT=Green,
Label=XYZ
VPN-IPv4 update:
RD:Net1, Next-hop=PEX
SOO=Site1, RT=Red,
Label=XYZ
3. Neighbors
dynamically configure
the outbound filter and
send updates
accordingly
115
Presentation_ID
116
Presentation_ID
117
Site-4
Site-1
VPN-A
Site-2
Presentation_ID
VPN-B
Site-3
Multihop MP-iBGP
P
PE1
VRF
for site-1
(100:1)
Site-1 routes
Site-2 routes
Site-1
ip vrf site3
rd 100:3
route-target export 100:2
route-target import 100:2
route-target import 100:3
route-target export 100:3
ip vrf site-4
rd 100:4
route-target export 100:3
route-target import 100:3
VPN-C
PE2
VRF
for site-2
(100:2)
Site-1 routes
Site-2 routes
Site-3 routes
Site-2
VRF
for site-3
(100:3)
Site-2 routes
Site-3 routes
Site-4 routes
Site-3
VRF
for site-4
(100:4)
Site-3 routes
Site-4 routes
Site-4
118
119
Presentation_ID
120
Presentation_ID
121
ip vrf site1
rd 100:1
route-target export 100:12
route-target import 100:12
ip vrf site2
rd 100:2
route-target export 100:12
route-target import 100:12
route-target import 100:23
route-target export 100:23
!
interface Serial3/6
ip vrf forwarding site1
ip address 192.168.61.6
255.255.255.0
encapsulation ppp
!
interface Serial3/7
ip vrf forwarding site2
ip address 192.168.62.6
255.255.255.0
encapsulation ppp
Site-4
Site-1
VPN-A
Site-2
Site-3
VPN-B
Multihop MP-iBGP
P
PE1
P
PE2
VRF
for site-1
(100:1)
Site-1
routes
Site-2
routes
VRF
for site-2
(100:2)
Site-1 routes
Site-2 routes
Site-3 routes
Site-1
Presentation_ID
VPN-C
Site-2
VRF
for site-3
(100:3)
Site-2 routes
Site-3 routes
Site-4 routes
Site-3
VRF
for site-4
(100:4)
Site-3 routes
Site-4 routes
ip vrf site3
rd 100:3
route-target export 100:23
route-target import 100:23
route-target import 100:34
route-target export 100:34
ip vrf site-4
rd 100:4
route-target export 100:34
route-target import 100:34
!
interface Serial4/6
ip vrf forwarding site3
ip address 192.168.73.7
255.255.255.0
encapsulation ppp
!
interface Serial4/7
ip vrf forwarding site4
ip address 192.168.74.7
255.255.255.0
encapsulation ppp
Site-4
122
Site-4
Site-1
VPN-A
Site-2
Site-3
VPN-B
Multihop MP-iBGP
P
PE1
P
PE2
VRF
for site-1
(100:1)
Site-1
routes
Site-2
routes
VRF
for site-2
(100:2)
Site-1 routes
Site-2 routes
Site-3 routes
Site-1
Presentation_ID
VPN-C
Site-2
VRF
for site-3
(100:2)
Site-2 routes
Site-3 routes
Site-4 routes
Site-3
VRF
for site-4
(100:3)
Site-3 routes
Site-4 routes
Site-4
123
Summary
124
Point-to-point connections vs
BGP/MPLS VPNs: routing peering
CE
Site
Mesh of point-to-point
connections requires each
(virtual) router to maintain O(n)
peering (where n is the number
of sites)
does not scale to VPNs with
large number of sites (due to
the properties of existing
routing protocols)
Presentation_ID
Routing peering
PE
All other sites
125
Point-to-point connections vs
BGP/MPLS VPNs: provisioning
New
Site
CE
PE
All other sites
Config
change
Mesh of point-to-point
connections requires O(n)
configuration changes (where n
is the number of sites) when
adding a new site
New
Site
Config
change
Amount of configuration
changes needed to add a new
site (new CE) is O(1):
need to configure only the
directly attached PE
independent of the total
number of sites within a VPN
Presentation_ID
126
Agenda
Introduction to MPLS
LDP
MPLS VPN
Monitoring MPLS
Presentation_ID
127
12.1(3)T
128
Router#show
Router#show tag-switching
tag-switching tdp
tdp parameters
parameters
Protocol
Protocol version:
version: 11
No
No tag
tag pool
pool for
for downstream
downstream tag
tag distribution
distribution
Session
Session hold
hold time:
time: 180
180 sec;
sec; keep
keep alive
alive interval:
interval: 60
60
sec
sec
Discovery
Discovery hello:
hello: holdtime:
holdtime: 15
15 sec;
sec; interval:
interval: 55 sec
sec
Discovery
Discovery directed
directed hello:
hello: holdtime:
holdtime: 180
180 sec;
sec;
interval:
interval: 55 sec
sec
Presentation_ID
129
Router#show
Router#show tag-switching
tag-switching interface
interface detail
detail
Interface
Interface Serial1/0.1:
Serial1/0.1:
IP
IP tagging
tagging enabled
enabled
TSP
TSP Tunnel
Tunnel tagging
tagging not
not enabled
enabled
Tagging
Tagging operational
operational
MTU
MTU == 1500
1500
Interface
Interface Serial1/0.2:
Serial1/0.2:
IP
IP tagging
tagging enabled
enabled
TSP
TSP Tunnel
Tunnel tagging
tagging not
not enabled
enabled
Tagging
Tagging operational
operational
MTU
MTU == 1500
1500
Presentation_ID
130
Router#show
Router#show tag-switching
tag-switching tdp
tdp discovery
discovery
Local
Local TDP
TDP Identifier:
Identifier:
192.168.3.102:0
192.168.3.102:0
TDP
TDP Discovery
Discovery Sources:
Sources:
Interfaces:
Interfaces:
Serial1/0.1:
Serial1/0.1: xmit/recv
xmit/recv
TDP
TDP Id:
Id: 192.168.3.101:0
192.168.3.101:0
Serial1/0.2:
Serial1/0.2: xmit/recv
xmit/recv
TDP
TDP Id:
Id: 192.168.3.100:0
192.168.3.100:0
Presentation_ID
131
132
Router#show
Router#show tag-switching
tag-switching tdp
tdp neighbors
neighbors
Peer
Peer TDP
TDP Ident:
Ident: 192.168.3.100:0;
192.168.3.100:0; Local
Local TDP
TDP Ident
Ident
192.168.3.102:0
192.168.3.102:0
TCP
TCP connection:
connection: 192.168.3.100.711
192.168.3.100.711 -- 192.168.3.102.11000
192.168.3.102.11000
State:
State: Oper;
Oper; PIEs
PIEs sent/rcvd:
sent/rcvd: 55/53;
55/53; ;; Downstream
Downstream
Up
Up time:
time: 00:43:26
00:43:26
TDP
TDP discovery
discovery sources:
sources:
Serial1/0.2
Serial1/0.2
Addresses
Addresses bound
bound to
to peer
peer TDP
TDP Ident:
Ident:
192.168.3.10
192.168.3.14
192.168.3.100
192.168.3.10
192.168.3.14
192.168.3.100
Presentation_ID
133
Router#show
Router#show tag-switching
tag-switching tdp
tdp neighbors
neighbors detail
detail
Peer
Peer TDP
TDP Ident:
Ident: 192.168.3.100:0;
192.168.3.100:0; Local
Local TDP
TDP Ident
Ident 192.168.3.102:0
192.168.3.102:0
TCP
TCP connection:
connection: 192.168.3.100.711
192.168.3.100.711 -- 192.168.3.102.11000
192.168.3.102.11000
State:
State: Oper;
Oper; PIEs
PIEs sent/rcvd:
sent/rcvd: 55/54;
55/54; ;; Downstream;
Downstream; Last
Last TIB
TIB
rev
rev sent
sent 26
26
UID:
UID: 1;
1; Up
Up time:
time: 00:44:01
00:44:01
TDP
TDP discovery
discovery sources:
sources:
Serial1/0.2;
Serial1/0.2; holdtime:
holdtime: 15000
15000 ms,
ms, hello
hello interval:
interval: 5000
5000 ms
ms
Addresses
Addresses bound
bound to
to peer
peer TDP
TDP Ident:
Ident:
192.168.3.10
192.168.3.14
192.168.3.100
192.168.3.10
192.168.3.14
192.168.3.100
Peer
Peer holdtime:
holdtime: 180000
180000 ms;
ms; KA
KA interval:
interval: 60000
60000 ms;
ms; Peer
Peer state:
state:
estab
estab
Presentation_ID
134
Router#show
Router#show tag
tag tdp
tdp bindings
bindings
tib
tib entry:
entry: 192.168.3.1/32,
192.168.3.1/32, rev
rev 99
local
local binding:
binding: tag:
tag: 28
28
remote
remote binding:
binding: tsr:
tsr: 19.16.3.3:0,
19.16.3.3:0,
tib
tib entry:
entry: 192.168.3.2/32,
192.168.3.2/32, rev
rev 88
local
local binding:
binding: tag:
tag: 27
27
remote
remote binding:
binding: tsr:
tsr: 19.16.3.3:0,
19.16.3.3:0,
tib
tib entry:
entry: 192.168.3.3/32,
192.168.3.3/32, rev
rev 77
local
local binding:
binding: tag:
tag: 26
26
remote
remote binding:
binding: tsr:
tsr: 19.16.3.3:0,
19.16.3.3:0,
null(1)
null(1)
tib
tib entry:
entry: 192.168.3.10/32,
192.168.3.10/32, rev
rev 66
local
local binding:
binding: tag:
tag: imp-null(1)
imp-null(1)
remote
remote binding:
binding: tsr:
tsr: 19.16.3.3:0,
19.16.3.3:0,
Presentation_ID
tag:
tag: 28
28
tag:
tag: 27
27
tag:
tag: impimp-
tag:
tag: 26
26
135
Presentation_ID
136
Presentation_ID
137
Router#show
Router#show tag-switching
tag-switching forwarding-table
forwarding-table detail
detail
Local
Outgoing
Prefix
Bytes
tag
Local Outgoing
Prefix
Bytes tag Outgoing
Outgoing
tag
tag
or
switched
interface
tag
tag or
or VC
VC
or Tunnel
Tunnel Id
Id
switched
interface
26
Untagged
192.168.3.3/32
0
Se1/0.3
26
Untagged
192.168.3.3/32
0
Se1/0.3
MAC/Encaps=0/0,
MAC/Encaps=0/0, MTU=1504,
MTU=1504, Tag
Tag Stack{}
Stack{}
27
Pop
tag
192.168.3.4/32
00
Se0/0.4
27
Pop tag
192.168.3.4/32
Se0/0.4
MAC/Encaps=4/4,
MAC/Encaps=4/4, MTU=1504,
MTU=1504, Tag
Tag Stack{}
Stack{}
20618847
20618847
28
29
192.168.3.4/32
00
Se1/0.3
28
29
192.168.3.4/32
Se1/0.3
MAC/Encaps=4/8,
MTU=1500,
Tag
Stack{29}
MAC/Encaps=4/8, MTU=1500, Tag Stack{29}
18718847
18718847 0001D000
0001D000
Presentation_ID
Next
Next Hop
Hop
point2point
point2point
point2point
point2point
point2point
point2point
138
Router#show
Router#show ip
ip cef
cef 192.168.20.0
192.168.20.0 detail
detail
192.168.20.0/24,
192.168.20.0/24, version
version 23,
23, cached
cached adjacency
adjacency to
to Serial1/0.2
Serial1/0.2
00 packets,
packets, 00 bytes
bytes
tag
tag information
information set
set
local
local tag:
tag: 33
33
fast
fast tag
tag rewrite
rewrite with
with Se1/0.2,
Se1/0.2, point2point,
point2point, tags
tags imposed:
imposed: {32}
{32}
via
via 192.168.3.10,
192.168.3.10, Serial1/0.2,
Serial1/0.2, 00 dependencies
dependencies
next
next hop
hop 192.168.3.10,
192.168.3.10, Serial1/0.2
Serial1/0.2
valid
valid cached
cached adjacency
adjacency
tag
tag rewrite
rewrite with
with Se1/0.2,
Se1/0.2, point2point,
point2point, tags
tags imposed:
imposed: {32}
{32}
Presentation_ID
139
12.1(3)T
12.1(3)T
140
Presentation_ID
141
Diagnosis
MPLS is not enabled on adjacent router.
Verification
Verify with show tag interface on the adjacent router.
Presentation_ID
142
Diagnosis
Label distribution protocol mismatch - TDP on one
end, LDP on the other end.
Verification
Verify with show tag interface detail on both routers.
Presentation_ID
143
Diagnosis
Packet filter drops TDP/LDP neighbor discovery
packets.
Verification
Verify access-list presence with show ip interface.
Verify access-list contents with show access-list.
Presentation_ID
144
Diagnosis
Connectivity between loopback interfaces is broken TDP session is usually established between
loopback interfaces of adjacent LSRs.
Verification
Verify connectivity with extended ping command.
Presentation_ID
145
Symptom
Labels are not allocated for local routes.
show tag-switching forwarding-table does not display any labels
Diagnosis
CEF is not enabled.
Verification
Verify with show ip cef.
Presentation_ID
146
Diagnosis
Problems with conditional label distribution.
Verification
Debug label distribution with debug tag tdp advertisement.
Examine the neighbor TDP router IDP with show tag tdp
discovery.
Verify that the neighbor TDP router ID is matched by the access
list specified in tag advertise command.
Presentation_ID
147
Packet Labeling
Symptom
Labels are distributed, packets are not labeled.
show interface statistic does not labeled packets being sent
Diagnosis
CEF is not enabled on input interface (potentially due to
conflicting feature being configured).
Verification
Verify with show cef interface.
Presentation_ID
148
Presentation_ID
149
Diagnosis
IP address of a physical interface is used for TDP/LDP
identifier. Configure a loopback interface on the router.
Verification
Verify local TDP identifier with show tag-switching tdp
neighbors.
Presentation_ID
150
Packet Propagation
Symptom
Large packets are not propagated across the network.
Extended ping with varying packet sizes fails for packet sizes close to 1500
Diagnosis
Tag MTU issues or switches with no support for jumbo frames in
the forwarding path.
Verification
Trace the forwarding path; identify all LAN segments in the path.
Verify Tag MTU setting on routers attached to LAN segments.
Check for low-end switches in the transit path.
Presentation_ID
151
Summary
After completing this lesson, you will be able
to perform the following tasks:
Describe procedures for monitoring MPLS on
IOS platforms.
List the debugging commands associated with
label switching, LDP and TDP.
Identify common configuration or design errors.
Use the available debugging commands in reallife troubleshooting scenarios.
Presentation_ID
152
Customer Reference
Session Number
Presentation_ID
153
Presentation_ID
EMEA
APT/Japan
154
Thank you.
Session Number
Presentation_ID
155