Introduction to MPLS

Session Goals
Objectives
Understand history and business drivers for MPLS
Learn about MPLS customer and market segments
Understand the problems MPLS is addressing
Understand the major MPLS technology components
Understand typical MPLS applications
Understand benefits of deploying MPLS
Learn about MPLS futures; where MPLS is going
Agenda
Introduction
MPLS Technology Basics
MPLS Layer-3 VPNs
MPLS Layer-2 VPNs
Summary
Introduction
What Is MPLS?
Multi-Protocol: The ability to carry any
Multi payload

Have: IPv4, IPv6, Ethernet, ATM, FR

Protocol

Uses Labels to tell a node what to do

Label with a packet; separates forwarding
(hop by hop behavior) from routing
(control plane)
Routing == IPv4 or IPv6 lookup.
Switching Everything else is Switching.
What is MPLS?
Brief Summary
Its all about labels
Use the best of both worlds
Layer-2 (ATM/FR): efficient forwarding and traffic engineering
Layer-3 (IP): flexible and scalable

MPLS forwarding plane

Use of labels for forwarding Layer-2/3 data traffic
Labeled packets are being switched instead of routed
Leverage layer-2 forwarding efficiency

MPLS control/signaling plane

Use of existing IP control protocols extensions + new protocols
to exchange label information
Leverage layer-3 control protocol flexibility and scalability
Evolution of MPLS
Technology Evolution and Main Growth Areas
Evolved from tag switching in 1996 to full IETF Optimize MPLS
standard, covering over 130 RFCs for SDN and Cloud

Key application initially were Layer-3 VPNs, Optimize MPLS for

followed by Traffic Engineering (TE), packet transport
and Layer-2 VPNs Optimize MPLS for video
(Planned)
First
SDN/PCE
Deployments
Complete base MPLS portfolio
First G-MPLS
Bring MPLS to Market Deployment

(Planned)
First Large Scale
First L2VPN First Segment
L3VPNs L2VPN
Deployments Routing
Deployed Deployments
Deployments

Large Scale Large Scale (Planned) First

Cisco ships First MPLS TE First LSM First MPLS TP
L3VPN MPLS TE PBB-EVPN
MPLS Deployments Deployments Deployments
Deployments Deployments Deployments

1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015
MPLS Technology Basics
Topics
Basics of MPLS Signaling and Forwarding
MPLS reference architecture
Service (Clients) Management
MPLS Labels
Layer-3 VPNs Layer-2 VPNs
MPLS signaling and forwarding
operations

MPLS OAM
Transport
MPLS Traffic Engineering
IP/MPLS (LDP/RSVP-TE/BGP/OSPF/IS-IS)
MPLS OAM
MPLS Forwarding
MPLS Reference Architecture
Different Type of Nodes in a MPLS Network
P (Provider) router
Label switching router (LSR) MPLS Domain

Switches MPLS-labeled packets

P P
PE PE
PE (Provider Edge) router CE CE

Label edge router (LER)

Imposes and removes MPLS labels
CE CE

CE (Customer Edge) router

PE P P PE
Connects customer network to MPLS
network Label switched traffic
MPLS Labels
Label Definition and Encapsulation
MPLS Label Stack Entry
Labels used for making Label = 20 bits TC S TTL
forwarding decision
TC = Traffic Class: 3 Bits; S = Bottom of Stack; TTL = Time to Live
Multiple labels can be used for
MPLS packet encapsulation
No limit on the number of labels in a
stack LAN MAC Header Label, S=1 Layer 3
Packet
Outer label always used for MPLS Label Stack (1 label)
switching MPLS packets in network
Inner labels usually used for
services (e.g. L2/L3 VPN) LAN MAC Header Label, S=0 Label, S=1 Layer 3
Packet

MPLS Label Stack (2 labels)

MPLS QoS
QoS Marking in MPLS Labels
MPLS label has 3 Traffic Class (TC) bits
Used for packet classification and prioritization
Similar to Type of Service (ToS) field in IP packet
(DSCP values)
MPLS DiffServ Marking
IP DiffServ Marking
DSCP values of IP packet mapped into TC bits in Traffic Class Bits
of MPLS label
At ingress PE router TC DSCP

Most providers have defined 35 service Layer-2 Header MPLS Header Layer 3 Header
classes (TC values)
Different DSCP <-> TC mapping schemes
possible
Uniform mode, pipe mode, and short pipemode
Basic MPLS Forwarding Operations
How Labels Are Being Used to Establish End-to-end Connectivity
Label imposition (Push) Label Imposition Label Swap Label Swap Label Disposition
By ingress PE router; classify and label (Push) (PoP)

packets
Based on Forwarding Equivalence Class
(FEC)
P P
CE PE PE CE
Label swapping L1
L2 L3

By P router; forward packets using labels;

indicates service class & destination
CE CE
Label disposition (Pop)
By egress PE router; remove label and PE P P PE
forward original packet to destination CE
MPLS Path (LSP) Setup and Traffic Forwarding
MPLS Traffic Forwarding and MPLS Path (LSP) Setup
IP MPLS
LSP signaling protocols
Either LDP* or RSVP Destination address Label based
based
Leverages IP routing Forwarding table learned
Forwarding table learned from control plane
Routing table (Routing Information Base Forwarding from control plane TTL support
RIB) TTL support

Exchange of labels LDP, RSVP, BGP,

Control Plane OSPF, IS-IS, BGP OSPF, IS-IS
Label bindings
Downstream MPLS node advertises what Packet
Encapsulation IP Header One or more labels
label to use to send traffic to node
8 bit TOS field in IP
MPLS forwarding QoS header 3 bit TC field in label
MPLS Forwarding table (Forwarding
Information Base FIB)
OAM IP ping, traceroute MPLS OAM

(*) LDP signaling assumed for next the examples

MPLS Path (LSP) Setup
Signaling Options
LDP RSVP
LDP signaling
Leverages existing routing LSP or TE Tunnel
Forwarding path LSP Primary and, optionally, backup

RSVP signaling Based on TE topology

database
Aka MPLS RSVP / TE Forwarding Based on IP routing database
Shortest-path and/or other
Enables enhanced capabilities, such Calculation Shortest-Path based constraints
(CSPF calculation)
as Fast ReRoute (FRR)
Packet
Single label One or two labels
Can use both protocols Encapsulation

simultaneously
Initiated by head-end node
They work differently, they solve towards tail-end node
By each node independently
different problems Signaling Uses existing routing
Uses routing protocol
extensions/information
protocols/information
Dual-protocol deployments are very Supports bandwidth reservation
Supports link/node protection
common
MPLS Path (LSP) Setup with LDP
Step 1: IP Routing (IGP) Convergence
Exchange of IP routes Forwarding Table Forwarding Table Forwarding Table
OSPF, IS-IS, EIGRP, etc. In Address
Label Prefix
Out Out
Iface Label
In Address
Label Prefix
Out Out
Iface Label
In Address
Label Prefix
Out Out
Iface Label
128.89 1 128.89 0 128.89 0
Establish IP reachability 171.69 1 171.69 1

0 128.89

1
0

You Can Reach 128.89 Thru Me

You Can Reach 128.89 and 1
171.69 Thru Me

Routing Updates You Can Reach 171.69 Thru Me

171.69
(OSPF, EIGRP,)
IP Packet Forwarding Example
Basic IP Packet Forwarding
IP routing information exchanged Forwarding
Forwarding Forwarding Table
between nodes Table Table Address I/F
Via IGP (e.g., OSFP, IS-IS) Address I/F Address I/F
128.89 0

Packets being forwarded based on 128.89 1 128.89 0 171.69 1

171.69 1 171.69 1
destination IP address

Lookup in routing table (RIB)
128.89

0
0 128.89.25.4 Data
1 128.89.25.4 Data
1
128.89.25.4 Data 128.89.25.4 Data

171.69
MPLS Path (LSP) Setup with LDP
Step 2: Assignment of Remote Labels
Local label mapping are sent to Forwarding Table Forwarding Table Forwarding Table
In Address Out Out In Address Out Out In Address Out Out
connected nodes Labe Prefix Iface Labe Labe Prefix Iface Labe Labe Prefix Iface Labe
l l l l l l
Receiving nodes update forwarding -
-
128.89
171.69
1
1
20
21
20 128.89
21 171.69
0
1
30
36
30 128.89 0 -

table

Out label
128.89
0 0
LDP label advertisement happens in 1

parallel (downstream unsolicited) Use Label 30 for 128.89

Use Label 20 for 128.89 and 1
Use Label 21 for 171.69

Label Distribution Use Label 36 for 171.69

Protocol (LDP) 171.69
(Downstream
Allocation)
MPLS Traffic Forwarding with LDP
Hop-by-hop Traffic Forwarding Using Labels
Ingress PE node adds label to Forwarding Table Forwarding Table Forwarding Table
In Address Out Out In Address Out Out In Address Out Out
packet (push) Labe Prefix Iface Labe Labe Prefix Iface Labe Labe Prefix Iface Labe
-l 128.89 1 l 20 l
20 128.89 0 l 30 l
30 128.89 0 l -
Via forwarding table - 171.69 1 21 21 171.69 1 36

Downstream node use label for
forwarding decision (swap) 0 128.89
0
Outgoing interface 128.89.25.4 Data
Out label 1 30 128.89.25.4 Data
128.89.25.4 Data 20 128.89.25.4 Data 11
Egress PE removes label and
forwards original packet (pop)
Forwarding based on 171.69
Label
MPLS Traffic Forwarding with LDP
Quick recap
Routing protocol distributes routes
LDP distributes labels that map to routes
Packets are forwarded using labels

So what?

MPLSs benefit shows up later, in two places:
Divergence from IP routed shortest path
Payload-independent tunneling
MPLS Path (RSVP) Setup
MPLS-TE lets you deviate from the IGP shortest-cost path
This gives you lots of flexibility around how you send traffic across your network
Three steps:
Information distribution
Path calculation
LSP signaling
MPLS Path (RSVP) Setup
Flood link characteristics in the IGP
Reservable bandwidth, link colors,
other properties
IP/MPLS

R1

R8

TE
Topology
database
MPLS Path (RSVP) Setup
IGP: Find shortest (lowest cost) path n Link with insufficient bandwidth
to all nodes Find
shortest n Link with sufficient bandwidth
path to R8
with 8Mbps
TE: Per node, find the shortest IP/MPLS

(lowest cost) path which meets R1

constraints 15 3
5
R8
10

10 8
10

10

TE
Topology
database
MPLS Path (RSVP) Setup
Set up the calculated path using
RSVP (Resource ReSerVation
Protocol) IP/MPLS
Head end
Once labels are learned, theyre
programmed just like LDP labels
At the forwarding level, you cant tell
whether your label came from RSVP
L=16
or LDP RESV Tail end
All the hard work is in the control plane
No per-packet forwarding hit for any of PATH
this

Input Out Label,

Label Interface TE LSP
17 16, 0
 Topic covered in detail in
MPLS TE Fast ReRoute (FRR) BRKMPL-2100 (MON)

Implementing Network Failure Protection Using MPLS RSVP/TE

Steady state
Router A Router B Router D Router E
Primary tunnel:
A B D E
Backup tunnel:
B C D (pre-provisioned)

Failure of link between router B and

D
Traffic rerouted over backup tunnel Router X Router Y
Router C
Recovery time 50 ms Primary Tunnel
Actual Time VariesWell Below 50 Backup Tunnel
ms in Lab Tests
MPLS OAM
Tools for Reactive and Proactive Trouble Shooting of MPLS Connectivity
MPLS LSP Ping
Used for testing end-to-end MPLS connectivity similar to IP ping
Can we used to validate reachability of LDP-signaled LSPs, TE tunnels, and PWs

MPLS LSP Trace

Used for testing hop-by-hop tracingof MPLS path similar to traceroute
Can we used for path tracing LDP-signaled LSPs and TE tunnels

MPLS LSP Multipath (ECMP) Tree Trace

Used to discover of all available equal cost LSP paths between PEs
Unique capability for MPLS OAM; no IP equivalent!

Auto IP SLA
Automated discovery of all available equal cost LSP paths between PEs
LSP pings are being sent over each discovered LSP path
Summary
Key Takeaways
MPLS networks consist of PE routers at in/egress and P routers in core
Traffic is encapsulated with label(s) at ingress (PE router)
Labels are removed at egress (PE router)
MPLS forwarding operations include label imposition (PUSH), swapping, and
disposition (POP)
LDP and RSVP can be used for signaling label mapping information to set up an
end-to-end Label Switched Path (LSP)
RSVP label signaling enables setup of TE tunnels, supporting enhanced traffic
engineering capabilities; traffic protection and path management
MPLS Virtual Private
Networks
MPLS Virtual Private Networks
Topics
Definition of MPLS VPN service
Service (Clients) Management
Basic MPLS VPN deployment
scenario Layer-3 VPNs Layer-2 VPNs
Technology options

MPLS OAM
Transport

IP/MPLS (LDP/RSVP-TE/BGP/OSPF/IS-IS)
MPLS Forwarding
What Is a Virtual Private Network?
Definition
Set of sites which communicate with each other in a secure way
Typically over a shared public or private network infrastructure
Defined by a set of administrative policies
Policies established by VPN customers themselves (DIY)
Policies implemented by VPN service provider (managed/unmanaged)
Different inter-site connectivity schemes possible
Full mesh, partial mesh, hub-and-spoke, etc.
VPN sites may be either within the same or in different organizations
VPN can be either intranet (same org) or extranet (multiple orgs)
VPNs may overlap; site may be in more than one VPN
MPLS VPN Example
Basic Building Blocks
VPN policies
PE-CE BGP Route Reflector PE-CE
Configured on PE routers (manual Link Link
operation)
PE VPN PE
VPN signaling CE
Signaling
CE
Between PEs VPN VPN
Policy Policy
Exchange of VPN policies VPN
VPN
CE Policy Policy CE
VPN traffic forwarding
Additional VPN-related MPLS label PE PE
encapsulation

PE-CE link
Connects customer network to MPLS
network; either layer-2 or layer-3
MPLS VPN Models
Technology Options
MPLS VPN Models
MPLS Layer-3 VPNs
Peering relationship between CE and
PE MPLS Layer-2 VPNs MPLS Layer-3 VPNs
MPLS Layer-2 VPNs CE connected to PE via IP-
Interconnect of layer-2 Attachment Point-to-Point Multi-Point based connection (over any
Layer-2 VPNs Layer-2 VPNs layer-2 type)
Circuits (ACs)
Static routing
CE CE
connected connected to PE-CE routing protocol;
to PE via L2 PE Ethernet eBGP, OSPF, IS-IS
(Eth, FR, connection CE routing has peering
ATM, etc) relationship with PE router; PE
CE-CE L2
connection routers are part of customer
(Eth) mp
CE-CE L2 connectivity routing
p2p CE-CE PE routers maintain customer-
connectivity routing; no specific routing tables and
CE-CE SP exchange customer=specific
routing; no involvement routing information
SP
involvement
 Topic covered in detail in
BRKMPL-2102 (WED)

MPLS Layer-3 Virtual

Private Networks
MPLS Layer-3 Virtual Private Networks
Topics
Technology components
Service (Clients) Management
VPN control plane mechanisms
Layer-3 VPNs Layer-2 VPNs
VPN forwarding plane

MPLS OAM
Deployment use cases Transport
Business VPN services
Network segmentation IP/MPLS (LDP/RSVP-TE/BGP/OSPF/IS-IS)
Data Center access
MPLS Forwarding
MPLS Layer-3 VPN Overview
Technology Components
VPN policies
Separation of customer routing via virtual VPN routing table (VRF)
In PE router, customer interfaces are connected to VRFs

VPN signaling
Between PE routers: customer routes exchanged via BGP (MP-BGP)

VPN traffic forwarding

Separation of customer VPN traffic via additional VPN label
VPN label used by receiving PE to identify VPN routing table

PE-CE link
Can be any type of layer-2 connection (e.g., FR, Ethernet)
CE configured to route IP traffic to/from adjacentPE router
Variety of routing options; static routes, eBGP, OSPF, IS-IS
Virtual Routing and Forwarding Instance
Virtual Routing Table and Forwarding to Separate Customer Traffic
Virtual routing and forwarding table
On PE router
Separate instance of routing (RIB) and CE
VPN 1 VRF
forwarding table
Green
PE
Typically, VRF created for each
MPLS Backbone
customer VPN CE
Separates customer traffic
VPN 2 VRF
VRF associated with one or more Blue
customer interfaces
VRF has its own routing instance for PE-
CE configured routing protocols
E.g., eBGP
VPN Route Distribution
Exchange of VPN Policies Among PE Routers
Full mesh of BGP sessions among
BGP Route Reflector
all PE routers PE-CE
Link
PE-CE
Link
Or BGP Route Reflector (common)
PE PE
CE CE
Multi-Protocol BGP extensions (MP-
iBGP) to carry VPN policies Blue VRF Blue VRF

Red VRF Red VRF

PE-CE routing options CE CE

Static routes PE PE
eBGP
OSPF
IS-IS
EIGRP
VPN Control Plane Processing
Make customer routes unique:
Route Distinguisher (RD):
8-byte field, VRF parameters; unique value to make VPN IP routes unique
VPNv4 address: RD + VPN IP prefix
Selective distribute VPN routes:
Route Target (RT):
8-byte field, VRF parameter, unique value to define the import/export rules for VPNv4
routes
MP-iBGP: advertises VPNv4 prefixes + labels
VPN Control Plane Processing
Interactions Between VRF and BGP VPN Signaling
BGP advertisement:
CE1 redistribute IPv4 route to PE1 via VPN-IPv4 Addr = RD:16.1/16
eBGP BGP Next-Hop = PE1
Route Target = 100:1
Label=42
PE1 allocates VPN label for prefix learnt eBGP: eBGP:
16.1/16
from CE1 to create unique VPNv4 route 16.1/16

PE1 redistributes VPNv4 route into MP- CE1

PE1 Blue VPN PE2
CE2
iBGP, it sets itself as a next hop and
relays VPN site routes to PE2
PE2 receives VPNv4 route and, via
ip vrf blue-vpn
processing in local VRF (green), it RD 1:100
VRF parameters:
redistributes original IPv4 route to CE2 route-target export
Name = blue-vpn
1:100
RD = 1:100
route-target import
Import Route-Target = 100:1
1:100
Export Route-Target = 100:1
VPN Forwarding Plane Processing
Forwarding of Layer-3 MPLS VPN Packets
CE2 forwards IPv4 packet to PE2
PE2 imposes pre-allocated VPN label to
IPv4 packet received from CE2 IPv4
IGP
Label C
VPNv4
Label
IPv4 IGP
Label B
VPNv4
Label
IPv4 IGP
Label A
VPNv4
Label
IPv4
IPv4

Learned via MP-IBGP IPv4

IPv4
Packet Packet
PE2 imposes outer IGP label A (learned PE1 P1 P2 PE2
via LDP) and forwards labeled packet to CE1 CE2
next-hop P-router P2
P-routers P1 and P2 swap outer IGP
label and forward label packet to PE1
A->B (P2) and B->C (P1)

Router PE1 strips VPN label and IGP

labels and forwards IPv4 packet to CE1
MPLS VPN Forwarding

PE2 receives the packets

P routers switch the packets with the label corresponding
based on the IGP label to the outgoing interface
CE1 (label on top of the stack)
Penultimate Hop (VRF)
Popping One single lookup
P2 is the penultimate Label is popped and packet
hop for BGP next-hop sent to IP neighbour
IP PE1 P2 remove the top label
packet This has been requested CE2
through LDP by PE2

IGP Label(PE2)
VPN Label
IP
IP packet
packet
IGP Label(PE2) VPN Label
PE1 receives IP packet P1 VPN Label P2 IP PE2
Lookup is done in site VRF packet
IP
BGP route with Next-Hop and
Label is found packet
BGP next-hop (PE2) is reachable CE3
through IGP route with
associated label
Thank you