From Blog to Book.

praviint.blogspot.com

Contents
1 2012 1.1 April . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MPLS (2012-04-07 22:03) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . (2012-04-07 22:14) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . (2012-04-07 23:09) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . BENEFITS (2012-04-07 23:47) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Label Switching Functions (2012-04-08 09:00) . . . . . . . . . . . . . . . . . . . . . . . . . . Distribution of LABEL BINDING (2012-04-08 09:24) . . . . . . . . . . . . . . . . . . . . . MPLS & Routing (2012-04-08 10:01) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MPLS Trac Engineering (2012-04-08 11:05) . . . . . . . . . . . . . . . . . . . . . . . . . . MPLS Commands (2012-04-08 13:57) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MPLS LDP (2012-04-08 14:05) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . TERMS (2012-04-08 19:30) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MPLS Header & Label (2012-04-08 20:00) . . . . . . . . . . . . . . . . . . . . . . . . . . . . MPLS Architecture (2012-04-09 08:36) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MPLS OPERATION (2012-04-09 18:17) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MPLS Applications (2012-04-09 18:24) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MPLS Forwarding Table (2012-04-09 21:36) . . . . . . . . . . . . . . . . . . . . . . . . . . . (2012-04-10 08:29) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Unsolicited & Lieberal (2012-04-10 08:47) . . . . . . . . . . . . . . . . . . . . . . . . . . . . Loop prevention in MPLS (2012-04-10 09:07) . . . . . . . . . . . . . . . . . . . . . . . . . . Cong MPLS (2012-04-10 09:19) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MPLS Troubleshooting (2012-04-10 10:37) . . . . . . . . . . . . . . . . . . . . . . . . . . . . MPLS Tunnel (2012-04-10 17:32) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MPLS Laeyer 3 VPNs (2012-04-10 18:25) . . . . . . . . . . . . . . . . . . . . . . . . . . . . VRF: Virtual Routing & Forwarding (2012-04-10 19:31) . . . . . . . . . . . . . . . . . . . . MPLS forwarding using FIB & LFIB (2012-04-11 08:07) . . . . . . . . . . . . . . . . . . . . 5 5 5 5 5 6 6 7 7 8 8 9 10 11 12 14 14 15 15 16 16 16 17 17 18 19 20 3

MPLS Label Filtering (2012-04-11 11:13) . . . . . . . . . . . . . . . . . . . . . . . . . . . . MPLS TTL eld & It propagation (2012-04-11 13:08) . . . . . . . . . . . . . . . . . . . . . Feeding the FIB & LFIB (2012-04-11 14:13) . . . . . . . . . . . . . . . . . . . . . . . . . . . PE Role in MPLS (2012-04-11 21:41) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MP-BGP & Routing Distinguishers (2012-04-11 22:48) . . . . . . . . . . . . . . . . . . . . . MPLS Route Targets (2012-04-11 22:58) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Loop Back Address in MPLS (2012-04-12 11:20) . . . . . . . . . . . . . . . . . . . . . . . . MPLS VPN Conguration (2012-04-12 11:34) . . . . . . . . . . . . . . . . . . . . . . . . . . MPLS VPN Data Plane (2012-04-12 18:28) . . . . . . . . . . . . . . . . . . . . . . . . . . . MP-BGP VPNv4 (2012-04-13 21:06) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . (2012-04-13 21:07) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MPLS conguration (2012-04-14 14:00) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . cong b/n PE to CE (2012-04-14 20:55) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . (2012-04-15 11:28) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . MPLS VPN services (2012-04-15 11:47) . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

21 22 23 24 24 25 26 26 29 30 30 30 32 33 34

Chapter 1

2012
1.1 April

MPLS (2012-04-07 22:03)

MPLS: (Multip Protocol Label Switching) Introduction:

(2012-04-07 22:14)
Generally in ip routing, packets are forward based on the ip address But in MPLS, ip packets are assigned with labels. Gnerally when forwarding ip packet, whole packet will be read. then forward But in MPLS, read only the top label, based on thins info ip packet will be forwarded Today MPLS is, for the most part, a standardized version of Ciscos proprietary tag switching.

(2012-04-07 23:09)
Before using the MPLS you must enable the CEF (Cisco Express Forwarding) on the router. MPLS terminology LSR: Label Switch Routher A router forward IP Packets based on the Labels. Edge-LSR: 5

 A router at the end of MPLS network. which forward both labeled & unlabeled packets Ingress E-LSR: A router at an end of MPLS network(Edge-LSR or E-LSR), which add labels to the unlabeled & labeled ip packets. Egress E-LSR: A router removes the labels of received labeled ip packet & forward as unlabeled. CE Router:

BENEFITS (2012-04-07 23:47)

Highly Scalable In VPN(Virtual Private Networks) MPLS support any-to-any communication among VPN sites for this no requirement of full mesh of PVCs or sub optimal routing. Explicit Routing capabilities. It will be possible due to the MPLS Trac Engineering. MPLS enables an ATM switch to perform virtually all of the functions of an IP router. Eliminates the dependence on particular OSI layer technology. Eliminate the need for multiple layer-2 networks to satisfy dierent types of trac.

Label Switching Functions (2012-04-08 09:00)

In label switching, analysis of the layer 3 header is done only once. After this analysis, add a xed length, unstructured value called a label. Many dierent header add to the same label (those headers are have same next hop) i.e. a label represents a forwarding equivalence class Means a set of packets which are dierent but they are indistinguishably by the forwarding function. 6

The initial choice of label may not depend upon the content of layer 3 packet header Ex: Forwarding decisions at subsequent hops can also be based on routing policies. The packet header need not be reanalysis during packet transit through the network. Because the label is xed length and unstructured. So the MPLS forwarding table lookup process is straight forward & fast

Distribution of LABEL BINDING (2012-04-08 09:24)

Each LSR in network have independent & local decision when forwarding ip packet. Label Binding: Each LSR in the network makes an independent, local decision as to which label value to use to represent a Forwarding Equivalence Class (dierent or same ip packets with same forwarding function). Each LSR informs its neighbors of the label bindings it has made. For this following protocols are used: TDP: Tag Distribution Protocol MPLS forwarding along normally routed path Cisco proprietorial and legacy RSVP: Resource Reservation Protocol To support MPLS trac engineering. BGP: Border Gateway Protocol Used to support MPLS VPNs Label value changes as the ip packet traverse the network.

MPLS & Routing (2012-04-08 10:01)

A label represent a set of packets but not the particular path in network. Routing path is choosen by the existing layer 3 routing protocols

MPLS Trac Engineering (2012-04-08 11:05)

Trac Engineering: Manipulating trac to t to the available network resources. In Trac Engineering, simply tweaking the IP metrics on interfaces. Trac engineering with MPLS is the best of connection-oriented trac engineering techniques (such as ATM PVC placement) & merge them with IP routing. MPLS is an integration of Layer2 & Layer 3 technologies. MPLS enables Trac Engineering, by making Layer 2 feature available to Layer 3.

MPLS Commands (2012-04-08 13:57)

ip cef mpls label protocol [LDP/TDP] LDP is default for new version ios TDP is default for old version ios mpls ip sh mpls ldp inerface sh mpls ldp neighbour sh mpls ldb bindings (local/remote) sh mpls forwarding-table sh ip cef cong) # mpls ldp advertise-labels for 20 to 30 advertise labels only 20 to 30 to its neighbors. sh control-plane host open-ports sh ip cef a.b.c.d 255.255.255.0 sh mpls ldp parameters sh mpls ldp discovery mpls ldp router-id <interface> force mpls ldp discovery transport-address interface if some reasons loopback ip address is not reachable, tcp connection will not establish. then ldp to establish a tcp connection using physical interface ip address use above command under the interface level. 8

mpls ldp neighbor <ip> password <password> ip-neighbors ldp router-id mpls ldp password required to make use of password mandatory use the above command globally.

MPLS LDP (2012-04-08 14:05)

LSRs uses LDP to send messages to their neighbors. By advertising an IP prex & label in the update, the LSR says: if you want to send packets to this prex, send them(packets) to me Stand for RFC 3036 LDP specication Neighbor discovery: send via UDP port 646 to 224.0.0.5 Neighbor adjacency uses tcp port 646 to remote LDP router-id Label advertisement Advertise FEC for connected IGP interfaces IGP learned routes For MPLS unicast ip routing: LDP simply advertises labels for each prex listed in the IP routing table. New ip route in the unicast ip routing table triggers the LDP advertisement. To learn the new route LSR allocates a label called a local label Local Label: which represent the ip prex just added to the routing table.

TERMS (2012-04-08 19:30)

Overlay Model: In which the routers are connected in a full mesh through virtual circuits. Forward Equivalence Class (FEC): FEC is group of IP packets that are treated in same way(based on a number of criteria, like ip protocol id, port numbers, etc. CE: Customer Edge device Router that connect to the customer network & a service provider CE devices are not LSRs & can handle regular unlabeled IP packets PE: Provider Edge device This is a service provider equipment It connects to a customer & into the Provider(P) Network. P: Provider Device: Service provider equipment It exist in Provider network & connect to another service provider device not the customer LSR: Label Switch Router A router/switch that is capable of forwarding packets based on labels Edge-LSR: More specic term for the PE router Also an LSR Push/Pop the label to/from the ip packet and forward to next hop. A PE device is an Edge-LS in MPLS based networks. RIB: Routing Information Base: A routers unicast ip forwarding control plane uses routing protocols, static routes and connected routes to create a Routing Information Base. FIB: Forward Information Base: adding a FIB entry for each destination IP prex in the routing table 10

 it will be possible after enabling the CEF. FIB entry has detailed information needed for forwarding: next-hop router outgoing interface Used for incoming unlabeled packets LFIB:

MPLS Header & Label (2012-04-08 20:00)

The MPLS header is 4-byte header, located immediately before the IP header also referred as MPLS shim header MPLS label is actually a 20-bit eld in the MPLS header. MPLS Label or MPLS Label Stack (specically) Fields in MPLS Header are: Label: length is 20-bits,with identies the potion of a LSP EXP(Experiment): 3-bits in length Used to map the standard IP packet Type Of Service (TOS) into the Experimental eld fro MPLS Class Of Service(COS) only used for experimental purpose only S(Stack bit): MPLS labels are stacked one on other label. to indicate last MPLS header before ip header TTL(Time To Live) The TTl eld from the IP TTL is decremented by 1 & then copied into the MPLS label TTL eld. 11

 When exiting from the MPLS network, MPLS label TTL value is copied back to the IP TTL eld If this eld is set to 0, the packet will be discarded this eld length is 8-bits MPLS label stack Placement: It is placed between Layer 2 header & Layer 3 header. For this some times MPLS labels stack referred as shim header Router forward packets based on the MPLS label header because it comes before the Layer 3 header. In MPLS, ip packets are switched instead of routed. Labels are bound to routes in the routing table In label stack, the outer label is used to forward the packet along the LSP, inner label is used to identify the VPN site. This beneath label called as the VPN label

MPLS Architecture (2012-04-09 08:36)

Labels are bound to routes in the routing table MPLS architecture components: Control plane Forwarding plane CONTROL: Responsible for binding a label to network routes for this we need routing table to get routing table we need a routing protocol and distribute those bindings among other MPLS enabled routers for this 2 protocols are used TDP LDP 12

Tag Distribution Protocol(TDP): Cisco proprietary protocol used to bind tags to network routes in the routing table. FORWARDING: The routing table is built in the control plane & cached in forwarding plane. Forward Information Base is built by CEF. FIB is a cached version of the ip routing table that eliminates the need for a lookup of routing table. Router compares the packets destination ip address to the CEF FIB, ignore the ip routing table. CEF optimizes the organization of FIB, so that router easily nd the correct FIB entry, resulting in a smaller forwarding delay & high volume of packets per second through a router. For each packet, the router nds the matching FIB entry, then nds the adjacency table entry referenced by the matching FIB entry, and forward the packet

[1]
1. http://3.bp.blogspot.com/-vNSxALKFm10/T4Tp1bD5VQI/AAAAAAAAAd8/vrvlCWJpGOw/s1600/forward.JPG

13

MPLS OPERATION (2012-04-09 18:17)

Unlabeled packet enter into the service provider network via PE router. PE router add label impose a label to the unlabeled packet & then forward to the P router(also known as LSR) along the Label Switch Path(LSP) in the core network of service provider. In the core network of service provider each P routers forward the packet by swapping the labels along the LSR learned by protocol LDP. At other end when leaving service provider network PE router (also known as Edge-LSR) pops the label by mechanism called Penultimate Hop Popping. Penultimate meaning is next to last last hop in the service provider network must look up MPLS label POP MPLS label Look for IPv4 destination PHP avoids extra look up for MPLS label on last hop For this implict NULL label was advertised

MPLS Applications (2012-04-09 18:24)

MPLS change network design by eliminating the need for an Overlay (full mesh of routers). Performance is improved because packets are switched instead of routed. QoS can be implemented end to end by having an PE router classify packets & map a value to the Experimental (EXP) eld of the MPLS label stack. Trac Engineering is made possible through label stacking & trac-engineered tunnels.

14

MPLS Forwarding Table (2012-04-09 21:36)

Outgoing label or VC no label means MPLS is not enable on that interface Pop label means MPLS is enabled and MPLS was enabled on directly connected interface. Digit indicates the remote interfaces on which MPLS is enabled

[1]
1. http://2.bp.blogspot.com/-4z70WiMOvPU/T4MIoL8vobI/AAAAAAAAAd0/l8RqRGxQNFY/s1600/Capture_2.JPG

(2012-04-10 08:29)
Order

IP IGP routing protocols build the ip tables. LSR assign a local label for each route learned(but not bgp learned routes) LSRs share their labels with other LSRs using LDP LSRs build their own LIB(Label Information Base), LFIB(Label Forward Information Base) & FIB(Forward Information Base) based on what they have learned from their LDP neighbor. LDP Neighbor: Hellow Messages LDP link hello uses destination UDP port 646 & is sent to 224.0.0.2 every 5 sec. Session is TCP based on destination port 646. Router with highest LDP router ID(Active LSR) will initiate TCP session. Keepalives are sent for every 60 sec.

15

Unsolicited & Lieberal (2012-04-10 08:47)

Without asking, labels can advertise towards downstream is called downstream Unsolicited label advertising. Liberal Label retention: LSR learn the both best & 2nd best path from all received advertisements.

Loop prevention in MPLS (2012-04-10 09:07)

LDP learns best routes from IGP. IGP will give best loop free paths. If the IGP have loops, MPLS TTL stops the forwarding of packet by TTL run from 255 to 0. for every switching of packet TTL will be decremented by 1. The initial TTL MPLS use in the label is copied from original IP packet TTL.

Cong MPLS (2012-04-10 09:19)

Requirements: CEF enabled: ip cef globally. IGP routing with full connectivity. Enable MPLS ip globally & on interfaces. Optional : Specify TDP/LDP/both as protocol Specify LDP router ID Specify transport IP address If there are so many interfaces to enable MPLS use MPLS LDP autocong under the routing process(OSPF or EIGRP or etc)

16

MPLS Troubleshooting (2012-04-10 10:37)

LDP Neighborship failed MPLS not enabled, LDP TCP-646/711 ports ltered No L3 route to LDP neigh Router ID Label not assigned CEF not enabled Label not shared LDP/TCP comaptible problems between neighbor. Slow convergence Dont use RIP(slow protocol) as IGP IGP is main reason for delay in convergense Large packets dropped Multiple labels may be present, pushing the MTU to a size not supported by the infrastructure. MPU not supported by switches

MPLS Tunnel (2012-04-10 17:32)

MPLS tunnels are known as LSP(label switching path) MPLS tunnels(LSP) are unidirectional. MPLS main advantages No need to know about source & destination IP address. No need to run BGP in MPLS core. Router outside the sp network can be label switched based on the BGP next-hop MPLS tunnel label, transports MPLS labeled VPN packets b/n Provider Edge routers along the LSP. MPLS VPN label remains the same between PEs. MPLS tunneling is most widely supported, particularly for manually congured, point to point tunnels. MPLS tunnel problems: 17

 BGP next-hop values must be loopback interface of remote PE. BGP next-hop determine what label value should be used. Incorrect next-hop vlalue can result in trac black hole in MPLS network label is PHPed one shop to soon MPLS tunnels are similar to Frame-Relay or ATM PVCs. Frame-Relay packets are switched based on the DLCI value found in the header. This DLCI value is purely local These DLCI value on packet header is rewritten every time the packet switched out. similar principle is employed in MPLS.

MPLS Laeyer 3 VPNs (2012-04-10 18:25)

VPNs: Customers can connect geographically divers sites across the providers network Traditionally VPN were based on IPsec(layer-3) or TLS(laery-2) These 2 were slow & having less features. By using MPLS we will overcome these problems. With Layer-3 VPNs the service provider participate in the customers Layer-3 routing. Service providers PE router connect with CE router with L3 protocols Layer 2 VPNs: Provider connect the customer site with layer 2 technologies like ATM, Frame-relay or ethernet. MPLS Layer 3 VPNs: Combines the logic of MPLS tunnels with layer 3 routing information PE routers learn customer routes from Customer Edge(CE) routers. PE routers advertise customer routes to other PEs via multi-protocol BGP. No need to know about the customer route in the middle of the SP network. BGP next-hops point to MPLS tunnels ex: loopbacks of PE routers 18

MPLS L3 VPNs have 2 basic components Seperation of customer routing information to do this VRF (Virtual Routing & Forwarding) used. VRF used on PE routers to keep track on customer routes on per interface basis. Exchange of customer routing information. to do this MP-BGP is used over the MPLS network. Trace is label switched towards the BGP next-hops. The idea of MPLS VPN is establishing a full-mesh of dynamic MPLS LSRs between PE routers. using these PE routers for tunneling VPN packets across the network core.

VRF: Virtual Routing & Forwarding (2012-04-10 19:31)

VRF: VRF tables are the fundamental building block for virtualizing a router, it turn into multiple virtual routers. Technically VRF is a separate RIB(Routing Information Base) & FIB (Forward Information Base) Any interface on the router could be assigned to a VRF. using command ip vrf forwarding <name> this command will erase all existing ip address cong on the interface (to avoid duplication) After this conguration, all packets recevied on the interface are routed & forwarded using the associated VRF table. VRF enabled interfaces are not showed in global routing table i.e show ip route Each VRF has its own routing table to see this routing table use show ip vrf Interfaces showed in global routing table are not in any vrf. 19

 i.e. VRF & global routes are separate. VRFs without MPLS is considered as VRF Lite If 2 VRFs have same ip prex but they cannot route to each other. Because they are separately labeled. We cannot manually leak the trac between VRFs by creating static routes. i.e. interfaces are route with other interfaces which are in same VRF. BGP is enhanced to handle VRF specic routes. A new sepcial MP-BGP address family named VPN IPv4 has been added to bgp along with new NLRI format. To support multiple customers in MPLS VPN, VRF tables were used. VRF tables are used to store routes separately for dierent customer VPNs. The use of separate tables solves some problems: Leakage packets from one customer to another due to overlapping prexes VRF has 3 main components: An IP routing table (RIB) A CEF FIB, populated based on that VRFs RIB A separate process of the routing protocol used to exchange routes with the CEs.

MPLS forwarding using FIB & LFIB (2012-04-11 08:07)

To forward packets LSR uses: CEF FIB MPLS LFIB Both the FIB & LFIB hold necessary label information outgoing interface next-hop 20

CEF FIB: Forward Information Base Used for incoming unlabeled packets. Router matches the packets destination IP address to the best prex in the FIB And forward the packet based on that entry. MPLS LFIB: Labeled Forward Information Base: Used for labeled packets. Router compares the label in the incoming packet to the LFIBs list of label and forward the packet based on that LFIB entry.

[1] Above image taken from Cisco press: ccie R &S certication guide, 4th edition MPLS enable forwarding process based on something other than the destination ip address such as: VPN from which the packet originated forwarding to balance trac with trac engineering & forwarding over dierent links based on QoS goals.
1. http://1.bp.blogspot.com/-Pn_ajljdHEE/T4TuK0d6BlI/AAAAAAAAAeE/ZIsRL6bwJVs/s1600/for.JPG

MPLS Label Filtering (2012-04-11 11:13)

By default LDP will generate & advertise labels for every prex in the local routing table. To lter & generate labels only for required prexes we can use access control lists to select the required prexes eligible for label generation. 21

example: create access list: access-list 10 permit 150.1.0.0 0.0.255.255 Stop automatic assigning of labels to prexes. no mpls ldp advertise-labels use of access list to lter the label generation mpls ldp advertise-labels for 10 Before MPLS label ltering:

[1] After MPLS label ltering:

[2]
1. http://2.bp.blogspot.com/-Nzy0uJnC3fw/T4UZbMdymnI/AAAAAAAAAeM/nEidLu0siDs/s1600/before.JPG 2. http://1.bp.blogspot.com/-zvMuyZVMvHY/T4UZvdHHFKI/AAAAAAAAAeU/P5ZdKc9vJIE/s1600/after.JPG

MPLS TTL eld & It propagation (2012-04-11 13:08)

MPLS TTL is similar to IP headers TTL IP headers TTL used for: identifying loops traceroute command to nd the ip address of each router in a particular end to end route. 22

MPLS TTL used for same above ip TTL functions. From this we conrmed that, presence or absence of MPLS in a network has no eect on the TTL related processes. When switching LSR will decrement the MPLS TTL but not the IP TTL. TTL in MPLS network: At Ingress E-LSR: It decrements the IP TTL eld in unlabeled packet then push a label in unlabeled packet & copy the decremented IP TTL into the new MPLS TTL. At LSR: When LSR swaps a label, MPLS TTL will be decremented & doesnt eect the IP TTL At Egress E-LSR: After an egress E-LSR decrements the MPLS TTL eld, it pops the MPLS label (header) & then copies the MPLS TTL to the IP TTL. A looping packet would decrements to TTL 0 and discarded.

Feeding the FIB & LFIB (2012-04-11 14:13)

LIB: Label Information Base Each LSR store all labels & their related information in Label Information Base. Each LSR must choose the best label & outgoing interface & then populate that information into the FIB & LFIB As a result, the FIB & LFIB having the best currently used LSP. Best route in IP routing table become the best LSP in LIB. LSR makes the following decision: for each route in the routing table nd the corresponding label information in LIB based on the outgoing interface & next hop router. Add the corresponding label information to the FIB & LFIB.

23

PE Role in MPLS (2012-04-11 21:41)

PE router: An LSR that shares a link with at least one Customer Edge router, edge of MPLS VPN, IBGP & VRF tables PE & P routers can together label switch packets from the ingress PE to the egress PE router. PE .have several other duties: Learn customer routes & keep track of which routes belong to which customer. Exchange routes with connected CE routers from various customers. To keep the track of the possibly overlapping prexes. PE routers do not put the routers in normal IP routing table instead , PEs store routes in separate per-customer routing tables, called VRFs To exchange these customer routes with other PEs use IBGP. never advertise these routes to P routers. PEs advertise Route Targets in BGP updates as BGP Extended Community Path Attributes (PAs)

MP-BGP & Routing Distinguishers (2012-04-11 22:48)

Routes learned from the CE router are advertised to other PE routers uses the IBGP from all the routes, from all the dierent VRFs. If use normal BGP is used, may overlapping of prexes will be occurred. MPLS deals this problem by Add another number in front of the original BGP NLRI. Each dierent number can represent a dierent customer. To do this MPLS uses the MultiProtocol BGP. MP BGP allows re-dene the NLRI led in BGP updates. This re-denation allows for an additional variable-length umber, called Address family This address family added at, in front of the prex. 24

MPLS RFC 4363, BGP/MPLS IP Virtual Private Networks(VPNs), denes a specic new address family to support IPv4 MPLS VPNsnamed as an MP-BGP address family called Route Distinguishers (RDs) RDs allow BGp to advertise & distinguish between duplicate IPv4 prexes. The concept is simple: Advertise each NLRI as the traditional IPv4 prex, but add another number (the RD) RD uniquely identies the route. In the new NLRI format, called VPN-V4, has 2 parts: 64-bit RD 32-bit IPv4 prex example: 1:111:10.2.2.0/24 Every VRF must be congured with an RD.

MPLS Route Targets (2012-04-11 22:58)

MPLS uses Route Targets to determine in which VRFs, a PE places IBGP-learned routes. It is 64-bit extended BGP community. It is attached to a VPNv4 BGP route to indicate its VPN membership Any number of RTs attached to a single route up to the BGP update packet size of 4096 bits. Export RTs Attached to a route when it is converted into a VPN4 route. Identify the VPN membership by associating routes to a VRF Import RTs Used to select VPNv4 routes for insertion into matching VRF tables. On the receiving PE router, a route is imported into a vrf only if at least one RT attached to the route matches at least one import RT congured in that VRF(route map condition must be met if congured). An import or export map allows route control on a per-route basis.

25

Loop Back Address in MPLS (2012-04-12 11:20)

Enable Loopback interfaces on all P & PE routers. These loopback addresses must be in the core IGP. Establish MP-BGP sessions with these loopback addresses on all PE routers. These loopback interfaces will be used & referred as BGP next-hop address which carries MPLS VPN trac. A BGP next-hop address must be an IGP route.

MPLS VPN Conguration (2012-04-12 11:34)

Main steps in conguring MPLS VPN conguration: Creating each VRF, RD, & RT, plus associating the customer-facing PE interfaces with the correct VRF Conguring the IGP between PE & CE Conguring mutual redistribution between the IGP & BGP Conguring MP-BGP between PEs

[1] VPNs are congured only on PE routers only. The customer routers no need to know about VPNs P routers no need to know about the MPLS VPN features 26

VRFs allow PEs to store routes learned from various CEs, even if the prexes overlap. RD allows PEs to store routes as unique prexes. RT tells the PEs which routes should be added to each VRF which provides greater control & ability to allow sites to be reachable from multiple VPNs. VRF conguration on PE use the following commands: Congure the VRF using command: ip vrf <vrf-name> Congure the RD under VRF sub-command using rd <rd-value> Congure the RT under VRF sub-command using rt {import|export } <rt-value> Associating an interface with the VRF under interface sub-command using ip vrf forwarding <vrf-name> Each VRF has: One RD At least one import & export routing tag. If we give unique RD to every VRF, overlapping of prexes will be overcomes. Conguring the IGP between PE & CE: Congure a routing protocol between PE & CE. This allows the PE router to learn the customer routes & CE to learn the other customer routes learned by PE from other PE in the MPLS cloud. Any IGP or even BGP can be used as the routing protocol. Show Commands: sh ip route vrf cust-A shows connected route on PE router & router learned from CE. Conguring Redistribution between PE-CE IGP & MP-BGP PE have no ability to advertise these routes across the MPLS VPN cloud. 27

 Then redistribute the IGP learned routes from CE into BGP table contain other CE routes learned from remaining PEs & vice-versa. 2 methods to add new routes to BGP table are Using network command Redistribution The BGP network command works well when adding small number of predictable prexes. The Redistribution process works best when the prexes are not predictable there may be many no.of prexes,... etc. So MPLS VPN BGP congurations uses the Redistribution process for adding new routes. MPLS VPN mutual redistribution conguration requires specic VRF told by both IGP & BGP. Redistribution command under the IGP & BGP process is address-family ipv4 vrf <vrf-name> Conguring MP-BGP between PFs To congure each peer, commands used are in normal BGP in non-MPLS congurations & others occur inside a new VPNv4 address family. Compare MPLS VPN BGP & traditional BGP conguration. The PE neighbors are dened under the main BGP process, not for particular address family. In MPLS VPN designs loopback is used as update source on the PE routers. In that case, the neighbor update-source command is also under the mail BGP process. The PE neighbors are then activated, using the neighbor activate command, under the VPNv4 address family process (address-family vpnv4). BGP must be told to send the community PA (neighbor send-community) command, under theaddress-family vpnv4 command. The VPNv4 address family does not refer to any particular VRF. Thre is no need of iBGP neighbor per VRF on each remote VRF.
1. http://2.bp.blogspot.com/-ZLd1oauWW3M/T4Zw1Aa1WHI/AAAAAAAAAec/HJVaMjy1ZUQ/s1600/Capture.JPG

28

MPLS VPN Data Plane (2012-04-12 18:28)

To support the forwarding of packets, ingress PEs need appropriate FIB entries, Ps & PEs needing appropriate LFIB entries The outer label identies the segments of the LSP between between the ingress PE & the egress PE, but it doesnt identify how the egress PE should forward the packet. The inner label identies the egress PEs forwarding details, in particular the outgoing interface for the unlabeled packet. Building the Inner (VPN) label: The inner label called VPN label VPN label must be allocated for each route added to each customer VRF. More specically, a CE will advertise routes to the PE, PE stores these routes in the corresponding customers VRF In order to prepare to forward packets to those customer subnets, the PE needs to allocate a new local label That local label contain the prex & the routes next-hop ip address & outgoing interface & stores this information in LFIB. Steps in LSRs ll the FIB & LFIB when using MPLS VPNs An unlabeled packet arrives on an interface assigned to VRF, which will cause ingress PE to use VRFs FB to make a forwarding decision. At ingress PEs VRF, FIB shows the outgoing interface for destination ip & Add a label stack with 2 labes an inner label(having original destination IP address) an outer label Then ingress PE forwards the packet to next Ps P uses the LFIB entry for incoming label (outer label), swap this label.

29

MP-BGP VPNv4 (2012-04-13 21:06)

VRF lite is the USING VRF without MPLS. VRF lite main problem is scalability issue. this scalability problem will be overcomed by dynamic tunneling For dynamic tunneling MPLS technology is used. there are remote customers. they were connected via cloud. Remote customers are connected to cloud via Provider edge routers. Provider edger routers are connected with full mesh of label switching routers. These Label switching packets are used for tunneling VPN packets. When packet switching via tunnel between & to reach the customer uses the 2 types of Labels one for switch between 2 provider edge routers(outer label) 2nd one for selecting the correct vrf on outgoing provider edge(inner label) This label is also known as VPN label MPLS label switching routers are unidirectional. MPLS LSR are not used normal IGP protocols. send from source udp port number 646 to destination tcp add 224.0.0.2

(2012-04-13 21:07)
lldd

MPLS conguration (2012-04-14 14:00)

MPLS also called Dynamic Label Switching Before conguring rst enable the CEF command used is ip cef in global mode Verify by show command show ip cef It increases the packet switching speed. 30

 main Enable MPLS forwarding of ipv4 packets along the routed paths( also called Dynamic Label Switching must be enable on interface & device command: mpls ip unique router-id important in MPLS As a router-id loopback address is more advantage than interface address command used to router-id as loopback is mpls ldp router-id loopback0 force In sometimes loopback ip address used as router-id cannot be reachable at that time an interface is used as router-id, to this use the following command under interface mpls ldp discovery transport-address interface enable mpls on routing protocol enabled interfaces mpls ldp autocong under routing process. enable mpls authentication globally. mpls ldp password required in global mode mpls ldp neighbour 150.1.5.55 password CISCO to show mpls neighbours show mpls ldp neighbors to show mpls enabled interfaces show mpls interfaces to show mpls authentication show mpls ldp neighbor password to show LFIB table show mpls forwarding-table 31

to check the packets are forwarding by MPLS traceroute 150.1.5.5 normally LDP will generate & adverties labels for every prex found in the local routing table to avoid this & enable only on some prexes uses the access control list exampls: access-list 10 permit 150.1.0.0 0.0.255.255 no mpls ldp advertise-labels mpls ldp advertise-labels for 10 PE conguration in mpls network full mesh of PEs was created using ibgp peerings for example router bgp 100 neighbor 155.1.5.5 remote-as 1oopback0 neighbor 155.1.5.5 update-source loopback0 address-family vpv4 unicast /** activating vpv4 address family neighbor 150.1.5.5 activate neighbor 150.1.5.5 send-community extended neighbor 150.1.5.5 route-reector-client to dene VRF use command ip vrf vrf-name

cong b/n PE to CE (2012-04-14 20:55)

create vrf & apply to interfaces create ip vrf by command ip vrf A in global mode Route Distinguishers 32

 goal is to make the prex unique in entire mpls network formate of RD changed based on service provider AS followed by locally signicant number router-id followed by locally signicant number rd cong rd 200:1 /** cong underip vrf A rd 200:2 apply vrfs to interfaces int e0/0 ip vrf forwarding A ip address 1.1.1.1 255.255.255.0 /** reenter ip add because enabling of vrf on interface remove the ip add of the interface sh ip route /*** global routing table shows the separate tables for the each customer sh route | in interface | in ip address under the igp process enable seperate address family router eigrp /**under given igp route process address-family ipv4 vrf A sh ip vrf detail sh ip route vrf * /** sh all vrf routing tables address-family ip v4 vrf / vpv4

(2012-04-15 11:28)
VRF contain :

ip routing table CEF table set of interfaces that use the cef forwarding table set of rules & routing protocol parameters to control the information in the routing tables

33

MPLS VPN services (2012-04-15 11:47)

connection less service: VPN connection less network dont need the tunnels & encryption for network privacy. Centralized services: VPNs in layer 3 allows the targeted services to a group of users which are represented by VPN. Scalability: Security: MPLS VPN oer same level security as connection-oriented VPNs. Easy to create: MPLS VPNs are connection less, no need of specic point-to-point connection maps or topologies are required. So it is easy for customers to create new VPNs & user community. Flexible Addressing: Most of customers use private address spaces. MPLS VPNs allow customers to continue to use their present address space without NAT. A NAT is required only if 2 vpns with overlapping address spaces want to communicate. this enable customer use their own private address in freely in public ip network. Integrated Class of service (COS) support: cos provides performance & policy implementation

34

BlogBook v0.4, EX 2 & GNU/Linux. http://www.blogbooker.com

A LT

Edited: April 15, 2012