OAM Message Mapping

OAM Message Mapping is important in the case of AToM. In AToM networks, pseudowires or VCs transport Layer 2 frames across the MPLS cloud. Toward the native Layer 2 clouds on either side of the MPLS network are ACs with the particular Layer 2 encapsulation. One important aspect when managing this service is the mapping of the OAM messages of the ACs onto newly defined pseudowire OAM messages on the pseudowires and vice versa. Specific alarm indications can be transported between the PE routers,...

VRFAware IP SLA

This means that it can run inside a VRF on PE routers. Therefore, you can use IP SLA to measure the network performance inside the VPN from the PE routers. IP SLA can, for instance, measure the RTT between PE routers inside the customer VRF. From the PE router, the IP SLA probes are forwarded using the VRF routing table. Equally, the IP SLA can run on multi-VRF CE routers. To make IP SLA run over MPLS VPN, you must put the rtr probe into the correct VRF. Look at...

Dot1q Tunneling QinQ over AToM

Dotlq tunneling, or QinQ, refers to a technique whereby Ethernet frames are double tagged that is, the Ethernet frames have two 802.1Q tags. This is done by configuring the interface in dotlqtunnel mode with an access VLAN instead of the normal access VLAN mode or trunk mode. The received frames on the interface that is configured for dot1qtunnel are left intact and another 802.1Q tag is put onto the frame. This 802.1Q tag refers to the VLAN number that is configured on the dot1qtunnel...

Carrying IPv6 over an MPLS Backbone

Because of the huge success of MPLS VPN, most service provider networks are running MPLS in their network today. If the service provider has customers connected to his network who want to run IPv6 and the service provider needs to carry IPv6 across his network, the obvious solution is to have IPv6 running on his routers, too. However, this approach has two disadvantages. First, the service provider needs to enable a new protocol (IPv6) on all his routers. Because IPv4 and IPv6 are running on...

Verifying Number of Bytes Label Switched

One way of tracking the level of traffic switched for a certain LSP is by looking at the accounting in the LFIB for that LSP. The LFIB has a column for Bytes Tag Switched that keeps track of the amount of label switched bytes. This can indicate whether the level of traffic for a certain LSP is anywhere near the level of traffic you expect. If that counter is 0 when you expect it to be far higher than that, the LSP is experiencing a problem. You can also keep an eye on the counter to see if it...

MPLSAware Netflow

Useful on certain occasions is the MPLS-aware Netflow feature. MPLS-aware Netflow collects statistics for labeled packets and can report them on a label position in the label stack. You can specify up to three label positions in the label stack to keep track of. The command to enable MPLS-aware Netflow globally is this ip flow-cache mpls label-positions label-position-1 label-position-2 label-position-3 mpls-length no-ip-fields You can specify up to the sixth label in the label stack. A...

Contents

Introduction xxi Part I Fundamentals of MPLS 2 Definition of MPLS 5 Pre-MPLS Protocols 5 Benefits of MPLS 6 Bogus Benefit 6 The Use of One Unified Network Infrastructure 7 Better IP over ATM Integration 7 BGP-Free Core 8 Peer-to-Peer VPN Model Versus Overlay VPN Model 10 Overlay VPN Model 10 Peer-to-Peer VPN Model 12 Optimal Traffic Flow 16 Traffic Engineering 17 History of MPLS in Cisco IOS 19 Tag Switching to MPLS 19 MPLS Applications 21 Summary 21 Introducing MPLS Labels 25 Label Stacking 26...

Frame Relay

Frame Relay can be carried across the MPLS network in two fashions DLCI-to-DLCI or port-toport. In the DLCI-to-DLCI method, one VC is carried over one pseudowire. In the port-to-port method, all VCs on one port are carried over one pseudowire. You can use both the Frame Relay encapsulation types of Cisco or the IETF (RFC 1490) for the DLCI-to-DLCI and the port-to-port methods. In the DLCI-to-DLCI method, each VC is carried across the MPLS network over one pseudowire. Frame Relay VCs to...

Chapter Review Questions

You can find answers to the following questions in Appendix A, Answers to the Chapter Review Questions. 1. What is the fundamental purpose of LDP 2. Name the four main functions that LDP takes care of. 3. How can you reduce the number of label bindings on an LSR 4. What problem does MPLS LDP-IGP synchronization solve 5. How many LDP sessions are established between two LSRs that have six links between them, of which two links are LC-ATM links and four are frame links 6. What do you need to...

Shared Explicit Style

The Shared Explicit (SE) RSVP style that is used for TE ensures that make-before-break is issued. SE style is advertised in the PATH message, as shown in Example 8-16. This means that when an LSR needs to reroute a TE LSP, the new TE LSP is built before the old TE LSP is torn down for a specific TE tunnel. The traffic is only switched onto the new LSP when it is completely set up to avoid or reduce traffic loss. The bandwidth reserved on the links that might be used by both the old and the new...

Labeling IP Packets by CEF

At the edge of the MPLS network, a router needs to label the IP packets. A stack of at least one label is imposed on the IP packet on the ingress LSR. The imposed label stack is not limited by the number of labels, so the IP packet can receive one, two, three, or more labels at the ingress PE router. When you look at the CEF table on the ingress PE router, you can see for each prefix what the imposed label stack is. Example 6-10 shows an example of labeling the packets that are destined for the...

The Basic VPLS Configuration

The configuration for VPLS is simple. First, you must configure a VPLS instance with the global 12 vfi command. The VFI needs to have a unique name on the PE router. Then you need to specify a unique VPN ID number for that VFI. Configure as neighbors all the egress PE routers of the full mesh of that VPLS. Router(config-vfi) neighbor remote-router-id encapsulation mpls After you define the VFI, associate the VLAN interfaces belonging to that VFI with the VFI. You do this with the interface...

Load Balancing Labeled Packets

If multiple equal-cost paths exist for an IPv4 prefix, the Cisco IOS can load-balance labeled packets, as illustrated in the Cisco IOS output of Example 3-6. You can see that the incoming local labels 17 and 18 have two outgoing interfaces. If labeled packets are load-balanced, they can have the same outgoing labels, but they can also be different. The outgoing labels are the same if the two links are between a pair of routers and both links belong to the platform label space. If multiple...

Encoding of MPLS

Where does this label stack reside The label stack sits in front of the Layer 3 packet that is, before the header of the transported protocol, but after the Layer 2 header. Often, the MPLS label stack is called the shim header because of its placement. Figure 2-3 shows you the placement of the label stack for labeled packets. Figure 2-3 Encapsulation for Labeled Packet The Layer 2 encapsulation of the link can be almost any encapsulation that Cisco IOS supports PPP, High-Level Data Link Control...

CE Management

Often, the service provider, not the customer, owns and manages the CE router. In that situation, the service provider wants management access to the CE router from a central management server. You can do this by having the PE router advertise one prefix from the managed CE router with one RT that is imported into the management VRF by the PE router connected to the management VRF. You can limit the number of prefixes advertised with this management RT by configuring an export map on each VRF...

How Mpls Ldpigp Synchronization Works

When the MPLS LDP-IGP synchronization is active for an interface, the IGP announces that link with maximum metric until the synchronization is achieved, or until the LDP session is running across that interface. The maximum link metric for OSPF is 65536 (hex OxFFFF). No path through the interface where LDP is down is used unless it is the only path. (No other paths have a better metric.) After the LDP session is established and label bindings have been exchanged, the IGP advertises the link...

SNMPMIBs

SNMP is a protocol that provides the communication between an SNMP manager (usually the management station) and the SNMP agent in IP networks. The SNMP agent is a software component that runs on a device to be managed. SNMP provides a standardized framework for managing devices in the network. Part of the framework is the MIBs and the Structure of Management Information (SMI). The SMI provides the mechanisms to define the MIB. Plenty of MIBs are available, and new ones are always being defined....

Label Aware ICMP

Tracerouting in an MPLS network is similar to tracerouting in an IP network. One difference is that the LSR on which the TTL of the labeled packet expires generates an ICMP message with a new extension. The ICMP message that the LSR generates is still a TTL exceeded ICMP message, but it is extended to hold the full MPLS label stack of the original packet received by the LSR that is the cause for the ICMP message being generated. This means that when you perform a traceroute from an LSR, the...

Context Based Access for SNMP over Mpls Vpn

So far, SNMP access to devices has been global, meaning that the SNMP access has been for the whole device. However, with the introduction of MPLS VPN, you see the concept of VPNs and VRFs on the PE routers. The VPN provides a VRF routing table, VRF CEF table, and VRF interfaces on the PE routers. The VRF is not part of the global context of the PE router, but rather the VRF context. The problem is when the SNMP traffic comes into the PE router via the VRF interfaces or when traps leave the PE...

Tunneling Cisco Discovery Protocol

Example 11-7 shows the output of show cdp neighbor on CE1 when VPLS-PE-1 is not configured for tunneling CDP for VPLS instance cust-one. The router CE1 sees the PE router VPLS-PE-1 as a CDP neighbor. Example 11-7 CDP Neighbors on CE1 Without Tunneling CDP Example 11-8 shows the output of the CDP command on router CE1 after enabling tunneling CDP on all physical ports that are associated with VPLS instance cust-one on the PE routers. Now VPLS and Tunneling Layer 2 Protocols 447 router CE1 sees...

The Table Map Feature

The table-map is a conversion table between the different types of QoS that a packet can have. It allows you to map IP precedence, DSCP, MPLS EXP bits, qos-group, and Layer 2 cos information (the 802.1Q priority bits) via an MQC command. For example, you can map the IP precedence in the incoming IP packet to the EXP bits value of the outgoing labeled packet by using this table instead of specifying an MQC command for each value to be mapped. Table 12-5 shows the categories of QoS information...

ToM and QoS

You can use QoS in MPLS networks to prioritize certain packets, just as you would prioritize IP packets. In the case of IP, you set the precedence or DiffServ Codepoint (DSCP) bits in the IP header to prioritize the IP packet. In the case of MPLS, you prioritize the packet by setting the Experimental (EXP) bits to a value between 0 and 7. The MPLS payload is a frame instead of an IP packet in the case of AToM. Three possibilities exist for marking the EXP bits Statically configuring the setting...

Pipe Model

In the Pipe model, the following rules apply The LSP DiffServ information is not necessarily (but might be) derived from the Tunneled DiffServ information on the ingress LSR. On an intermediate LSR (a P router), the LSP DiffServ information of the outgoing label is derived from the LSP DiffServ information of the incoming label. On the egress LSR, the forwarding treatment of the packet is based on the LSP DiffServ information, and the LSP DiffServ information is not propagated to the Tunneled...

MPLS Maximum Receive Unit

Maximum receive unit (MRU) is a parameter that Cisco IOS uses. It informs the LSR how big a received labeled packet of a certain FEC can be that can still be forwarded out of this LSR without fragmenting it. This value is actually a value per FEC (or prefix) and not just per interface. The reason for this is that labels can be added to or removed from a packet on an LSR. Think of the example of a router in which all the interfaces have an MTU of 1500 bytes. This means that the biggest IP packet...

IP Service Level Agreement

The Cisco IP Service Level Agreement (IP SLA) is a network performance measurement tool that is embedded in Cisco IOS. IP SLA allows the network operator to monitor the network performance-wise and see if the SLAs are adhered to. The network characteristics that you can monitor include jitter, one-way delay, RTT, and packet loss. These measurements can be done per class-of-service. IP SLA measures the network by sending periodic probes. The probes can be various protocol packets, such as ICMP,...

LDP Authentication

TCP sessions can be attacked by spoofed TCP segments. To protect LDP against such attacks, you can use Message Digest 5 (MD5) authentication. MD5 adds a signature called the MD5 digest to the TCP segments. The MD5 digest is calculated for the particular TCP segment using the configured password on both ends of the connection. The configured MD5 password is never transmitted. This would leave a potential hacker having to guess the TCP sequence numbers and the MD5...

Eigrp

EIGRP can be the PE-CE routing protocol. The usual disadvantage of the redistribution between iBGP and the routing protocol between the PE and CE router is present here, too. This means that redistributing the routes from BGP into EIGRP makes all the routes external EIGRP routes. However, as much EIGRP information as possible is coded in new BGP extended communities to alleviate the problem. This enables the remote PE router to reconstruct the EIGRP route with all its characteristics, including...

Moving MPLS QoS from the PE to the CE Router

These DiffServ Tunneling models are popular for MPLS VPN networks. However, the PE routers have some work to do, including running BGP, labeling packets, running LDP, running routing protocols over the virtual routing forwarding (VRF) interfaces to the customer CE routers, and so on. If the MPLS VPN network also does one of the DiffServ models, the PE must have some MQC configuration. To make matters worse, the DiffServ models are configurable per interface hence, per customer connecting to the...

ATM Cell Relay

With ATM cell relay, ATM cells are labeled and transported across the MPLS network. Every single cell is transported across the network, including the OAM cells. With ATM cell relay, you have two options single cell relay mode and packed cell relay mode as you learn about in the next sections. With single cell relay, each ATM cell is separately labeled and carried across the MPLS network. The disadvantage of single cell relay is the created overhead of adding two MPLS labels, a control word...

Troubleshooting CEF

Packets dropped by CEF IP CEF table events IP CEF fragmentation IP CEF hash events IP CEF IPC events Packets seen by IP CEF IP-prefixes related IPC Packets received by IP CEF IP CEF subblock events IP CEF table changes All CEF events CEF assert events CEF background events Example 6-13 debug ip cef and debug cef (Continued) consistency-check CEF consistency checker events hardware CEF hardware api debugging high-availability CEF high availability events Example 6-14 shows the interesting...

Ethernet

The AToM solution to carry Ethernet over MPLS is strictly point-to-point. In essence, all Ethernet frames are carried from one ingress PE to one egress PE router. This is the equivalent of LAN-to-LAN bridging over point-to-point WAN links. The connection is not multipoint, so no emulation of a LAN-like functionality occurs whereby one frame enters the ingress PE and is broadcast to all PE routers that belong to the same Layer 2 VPN. A LAN-like solution across MPLS in one VPN is possible it is...

Tracerouting in MPLS Networks

Tracerouting in an MPLS network is a bit different compared to tracerouting in an IP network. The probes sent are the same, but the routers that are running MPLS treat the ICMP messages differently. Look at Figure 13-4, which shows an MPLS VPN network that will be used to show how tracerouting works in an MPLS network. Figure 13-4 Tracerouting in an MPLS Network Network This network has two CE routers, two PE routers, and two P routers. The traceroute is done on the left CE router toward the...

MPLS and the OSI Reference Model

The OSI reference model consists of seven layers. Refer to Figure 2-4 for the OSI reference model. Figure 2-4 OSI Reference Model Application Presentation Session Transport Network Data Link Physical The bottom layer is Layer 1, or the physical layer, and the top layer is Layer 7, or the application layer. Whereas the physical layer concerns the cabling, mechanical, and electrical characteristics, Layer 2, the data link layer, is concerned with the formatting of the frames. Examples of the data...

Overview of the IPv6 Protocol

The biggest changes in IPv6 compared to IPv4 are the bigger addresses and the simplified header. The next sections explain the new IPv6 header and how it is different from the IPv4 header. You can see the header of the IPv4 protocol in Figure 9-1. Compare that to the IPv6 header in Figure 9-2. The obvious change is the length of the addresses. The source and destination address are four times bigger in the IPv6 header. Also, the header is simplified because certain fields have been omitted. For...

Mpls Ldp Inbound Label Binding Filtering

You can filter out incoming label bindings from an LDP neighbor. In effect, this is the opposite of the feature that prevents the advertising of label bindings. You can use the inbound label binding filtering on the receiving LDP peer if you cannot apply the outbound filtering of label bindings, as described in the previous section. This feature can limit the number of label bindings stored in the MPLS LDP Inbound Label Binding Filtering 91 LIB of the router. For instance, you can filter out...

O

As potential IETF draft topic, 582-584 goals of control data plane defects, detecting and diagnosing, 523-524 LSP defects, detecting, 524 management MIBs, 526 OAM interworking, 526 path characterization, 525 SLA measurement, 525 message mapping, 575-576 OAM Alert label, 51, 529 OIDs (Object Identifiers), 566 on-demand forwarding table, 148 opaque LSAs, 256 details, displaying, 260-261 TE LSA, 258 Ordered Control mode, 122 Ordered LSP Control mode, 39, 116 OSI reference model, 28 OSPF BGP...

Mpls Vpn Model

It is important to become familiar with the terminology concerning MPLS VPN. Look at Figure 7-1 for a schematic overview of the MPLS VPN model. A service provider is providing the common public infrastructure that customers use. Figure 7-1 MPLS VPN Schematic Overview A PE router is a provider edge (PE) router. It has a direct connection with the customer edge (CE) router at Layer 3. A provider (P) router is a router without the direct connection to the routers of the customer. In the MPLS VPN...

BGP Multiprotocol Extensions and Capabilities

BGP-4 is described in RFC 1771, but that RFC describes only the use of BGP to carry IPv4 prefixes. BGP can do much more than carry IPv4 prefixes. RFC 2858, Multiprotocol Extensions for BGP-4, was written to extend BGP as being able to carry other routing information than IPv4. For instance, BGP-4 can carry IPv6 prefixes and thus provide interdomain routing for IPv6. A BGP speaker lets its peers know that multiprotocol extensions for BGP-4 is supported by using capabilities advertisement. BGP...

Label Encoding

ATM switches that are running MPLS are still switching ATM cells. As such, they cannot forward labeled frames. Because the MPLS labels are mapped to VCs in the ATM cloud, the MPLS label value is mapped to the VPI VCI pair. If the labeled packet has a label stack with more than one label, only the value of the top label is mapped to the VPI VCI fields. Figure 5-4 shows the MPLS label mapped to the VPI VCI values. When the edge ATM LSR receives a frame, the frame is chopped up into cells. Only...

OSPF Extensions for TE

RFC 2370 describes an extension to the OSPF protocol whereby three new link-state advertisements (LSAs) are defined and are called opaque LSAs. These three new LSAs give OPSF a generalized mechanism to extend OSPF. They can carry information to be used by OSPF or directly by any application. These LSAs are exactly what MPLS TE needs to put its information into OSPF. OSPF can then flood this information throughout the network. Three types of opaque LSAs exist, differing only in the flooding...

Mpls Ldpigp Synchronization Configuration

MPLS LDP-IGP Synchronization is enabled for the IGP process. This means that it is configured for an IGP, and it applies to all the interfaces on which the IGP is running. The command to enable it for the IGP is mpls ldp sync, and it is configured under the router process. You can disable MPLS LDP-IGP Synchronization on one particular interface with the command no mpls ldp igp sync. By default, if synchronization is not achieved, the IGP waits indefinitely to bring up the adjacency. You can...

Packet Forwarding in an Mpls Vpn Network

As explained in the previous section, the packets cannot be forwarded as pure IP packets between sites. The P routers cannot forward them because they do not have the VRF information from each site. MPLS can solve this problem by labeling the packets. The P routers must then have only the correct forwarding information for the label to forward the packets. The most common way is to configure Label Distribution Protocol (LDP) between all P and PE routers so that all IP traffic is label-switched...

No mpls ip propagatettl

When the IP packet first becomes labeled on the ingress PE router, the following rule is observed When an IP packet is first labeled, the TTL field is copied from the IP header to the TTL fields of all the labels in the label stack after being decremented by 1. You can change that default behavior with the command no mpls ip propagate-ttl forwarded local . The command no mpls ip propagate-ttl stops the copying of the IP TTL to the TTL fields in the MPLS labels. In that case, the TTL fields in...

Tunneling Spanning Tree Protocol

By default, VFI does not forward the STP BPDUs on the PE routers. As such, the STP tree in the metro Ethernet site stops at the PE router. The data frames are forwarded across the MPLS network. The frames cannot loop, however, because of the Layer 2 split-horizon rule imposed by the PE routers, which do not forward frames onto the pseudowires if the frames were received from the pseudowires. Because of this split-horizon rule, all PE routers must be in a full mesh for each particular VPLS...

ISIS Extensions for TE

RFC 3784 describes the extensions made to IS-IS that enable it to carry the MPLS TE information. Two new IS-IS TLVs have been defined. They allow the MPLS TE information to be carried by IS-IS. However, at the same time, some other changes were made regarding these TLVs, such as extending the link metric from a maximum of 63 to a new maximum of 224-1, the usage of sub-TLVs, and the introduction of the down bit. The first new TLV is the extended IS Reachability TLV, or TLV type 22. It is the...

Operation of 6PE

In the 6PE solution, the PE routers are dual-stack, which means they run IPv4 and IPv6. The CE routers that are running IPv6 are connected to the PE router via a normal interface the interface is not part of a VRF for IPv6 even though the same interface might be in a VRF for IPv4. The IPv6 routing distribution between the PE routers is done via MP-iBGP. At the same time, MP-iBGP distributes the label to be used for the specific IPv6 prefixes. This BGP label identifies or tags the IPv6 packet at...

LDP for LCATM

This section covers some specifics on LDP when running on an LC-ATM interface. Per-interface label space is used for LC-ATM interfaces. As you can see in Example 5-12, it means that the peer LDP is not identified with router-id 0 as in the non-LC-ATM case. The number following the peer LDP router Identifier is now non-zero. If you have multiple links between a pair of ATM LSRs, multiple label spaces will exist between them. Look at Example 5-12 to see that the ATM LSRs washington-atm and...

IP Lookup Versus Label Lookup

When a router receives an IP packet, the lookup done is an IP lookup. In Cisco IOS, this means that the packet is looked up in the CEF table. When a router receives a labeled packet, the lookup is done in the LFIB of the router. The router knows that it receives a labeled packet or an IP packet by looking at the protocol field in the Layer 2 header. If a packet is forwarded by either Cisco Express Forwarding (CEF) (IP lookup) or by LFIB (label lookup), the packet can leave the router either...

The Discovery of LSRs That Are Running LDP

LSRs that are running LDP send LDP Hello messages on all links that are LDP enabled. These are all the interfaces with mpls ip configured on them. First, however, you must enable CEF with the global ip cef command. Then you must enable LDP globally with the mpls ip command. Example 4-1 shows you the basic global and interface commands to enable LDP. Example 4-1 Basic MPLS LDP Configuration interface Loopback0 ip address 10.200.254.2 255.255.255.255 ip address 10.200.210.2 255.255.255.0 mpls ip...

TE Tunnel with P Router as Tail End Router

When a P router is the tail end router of the tunnel instead of the provider edge (PE) router, you need to ensure that two things are present LDP is enabled on all links. An LDP session exists between the head end and tail end router of the TE tunnel LSP. The first requirement should be clear. If a TE tunnel terminates at a P router instead of the PE router, the packets still need to be label-switched up to the PE router. Otherwise, the packets become unlabeled and the IGP label and the VPN...

Load Balancing in CEF

CEF allows for load balancing or load sharing of traffic among multiple outgoing links. CEF needs multiple outgoing links as next hops in the routing table to perform load balancing. The command maximum-paths specifies how many paths or next hops are allowed per prefix in the routing table for the specific routing protocol. For instance, if you configure maximum-path 2 under the routing protocol Open Shortest Path First (OSPF), only two OSPF paths per prefix are allowed in the routing table....

LSP Verification

LSP verification (LSPV) is the Cisco IOS subsystem that is responsible for anything related to MPLS LSP ping and traceroute. The duties of LSPV include these Encoding and decoding of MPLS echo requests and MPLS echo replies Maintaining a database of outstanding MPLS echo requests Providing the command-line interface (CLI) for MPLS LSP ping and traceroute Interfacing with IP, MPLS, and AToM on the LSR to send and receive the echo requests and replies Handling packets with MPLS TTL expiring and...

Advertising of Label Mappings

Advertising label mappings or label bindings is the main purpose of LDP. Chapter 2 explains the three different modes in which the LSRs can behave advertisement, label retention, and LSP control mode. Each of the three modes has two possibilities, which leads to the following six modes Unsolicited Downstream (UD) versus Downstream-on-Demand (DoD) advertisement mode Liberal Label Retention (LLR) versus Conservative Label Retention (CLR) mode Independent LSP Control versus Ordered LSP Control...

BGP Route Selection

Bgp Maximum Paths

Different BGP speakers can advertise the vpnv4 route when, for instance, a customer site is dual homed to two PE routers. The receiving BGP speaker must then choose one BGP route as the best one. The process for selecting the best vpnv4 route is the same as the one for regular IPv4 BGP routes. The only difference is that now the BGP routes are not 32-bit IPv4 prefixes but 96-bit vpnv4 prefixes. Therefore, if a customer site is dual homed to two PE routers, the ingress PE router receives the...

Class Based Tunnel Selection

Class-based tunnel selection (CBTS) is a TE feature whereby you can forward different class of service (CoS) traffic onto different TE tunnels. These TE tunnels can be global pool tunnels or subpool tunnels, but all the TE tunnels must be between the same head end and tail end routers. Furthermore, when you want to route CoS traffic onto these tunnels for one destination, you must route all the traffic for this destination onto these tunnels. In other words, if you have traffic for a...

Peerto Peer VPN Model Versus Overlay VPN Model

A VPN is a network that emulates a private network over a common infrastructure. The private network requires all customer sites to be able to interconnect and be completely separate from other VPNs. The VPN usually belongs to one company and has several sites interconnected across the common service provider infrastructure. Service providers can deploy two major VPN models to provide VPN services to their customers In the overlay model, the service provider supplies a service of point-to-point...

TE Tunnel Path Calculation

The way that the TE tunnel is laid out through the network depends on several factors Attribute flags and affinity bits You can configure the path option on the tunnel configuration on the head end router. You can set up a tunnel in two ways explicitly or dynamically. In the explicit way, you must specify every router that the TE tunnel must be routed on, up to and including the tail end router. You can either specify the TE router ID or the link IP address of the intermediate routers. In the...

Load Balancing

The paths london-rome-sydney and london-madrid-sydney are made equal cost. When you are sending traffic with the same source and same destination IP address from new-york to sydney, all traffic takes the same path. At router london, all this traffic is forwarded out onto only one of the two possible paths. That is because of the load-balancing treatment of labeled packets in Cisco IOS. The default behavior in Cisco IOS is to look at the IP header underneath the label stack and use the same...

Signaling the Pseudowire

A targeted LDP session between the PE routers signals the pseudowires. In essence, the signaling protocol LDP sets up and maintains the pseudowires between the PE routers, as shown in Figure 10-4. LDP has been extended with new Type Length Value fields (TLVs) to perform this job. The main purpose of this LDP session between the PE routers is to advertise the VC label that is associated with the pseudowire. This label is advertised in a Label Mapping message using the downstream unsolicited...

Mpls Ldp Session Protection

A common problem in networks is flapping links. The flapping of links can have several causes, but it is not the goal of this book to look deeper into this. Flapping links do have an important impact on the convergence of the network. Because the IGP adjacency and the LDP session are running across the link, they go down when the link goes down. This is unfortunate, especially because the link is usually not down for long. The impact is pretty severe though, because the routing protocol and LDP...

Cost Calculation of IGP Routes over TE Tunnels

Knowing the metric for prefixes with TE tunnels as next hop might not be as straightforward as you think. This section explains how to calculate the cost of the prefixes with TE tunnels as the next hop, each time with autoroute announce enabled on the tunnel interface. When you are using autoroute announce, the cost of the TE tunnel as used by the IGP for the prefixes with the TE tunnel as next hop is always the lowest IGP total cost of the path. This cost is the path weight you see under...

Targeted LDP Session

Normally, LDP sessions are set up between directly connected LSRs. In a network in which the IGP routes need to be labeled, this is sufficient, because the label switching of packets is hop per hop. Therefore, if the label bindings are advertised hop per hop for the IGP routes, the LSPs are set up. However, in some cases, a remote or targeted LDP session is needed. This is an LDP session between LSRs that are not directly connected. Examples in which the targeted LDP session is needed are AToM...

Overview of Cisco IOS Switching Methods

The basic function of a router is to move packets through the network. For a router to forward packets, it needs to look up the destination address of the packet in a table and decide which route to use to switch or forward the packet. Each protocol that the router can forward packets for must have a separate forwarding table. Such protocols might include DECnet, Internetwork Packet Exchange IPX , AppleTalk, IP, and MPLS. Packets can be forwarded through the router in three basic ways process...

Controlling the Advertisement of Labels via LDP

LDP lets you control the advertisement of labels. You can configure LDP to advertise or not to advertise certain labels to certain LDP peers. You can then use the locally assigned labels that are advertised to the LDP peers as outgoing label on those LSRs. The syntax for this command is as follows mpls ldp advertise-labels vrf vpn-name interface interface for prefix-access-list to peer-access-list The prefix-access-list is a standard numbered access list 1-99 or named access list that lets you...

Verifying 6VPE Operation

Figure 9-10 depicts the distribution of a vpnv6 prefix and label by MP-iBGP in a 6VPE network. Figure 9-10 Distribution of vpnv6 Prefixes and Labels 2001 0DB8 1 2 1 128 RD Next-hop 10.200.254.4 Label 21 Figure 9-11 shows the same network depicting the packet forwarding of an IPv6 packet through the 6VPE network. Figure 9-11 Packet Forwarding Through the 6VPE Network Example 9-33 shows how to check which IPv6 VRFs are running on the PE router. Example 9-33 Verifying IPv6 VRFs VRF cust-one...

Control Word Functions

The control word has the following five functions Carry control bits of the Layer 2 header of the transported protocol Preserve the sequence of the transported frames Facilitate the correct load balancing of AToM packets in the MPLS backbone network Facilitate fragmentation and reassembly Sometimes the transmitted labeled AToM packet is smaller than the required minimum length for the specific encapsulation type. An example is Ethernet, where the required minimum length of the frame is 64...

MPLS Traceroute in Cisco IOS

Example 14-6 shows an MPLS traceroute example for the IPv4 prefix 10.200.254.4 32, which is three hops away from the router new-york. ipv4 Target specified as an IPv4 address traffic-eng Target specified as TE tunnel interface lt cr gt Example 14-6 MPLS LSP Traceroute Continued new-york traceroute mpls ipv4 A.B.C.D nn A.B.C.D Target FEC address with mask new-york traceroute mpls ipv4 10.200.254.4 32 Destination address or address range EXP bits in mpls header Flag options force-explicit-null...

Debug MPLS Packets

You can debug the forwarding of MPLS packets, just as you can debug the forwarding of IP packets. The command is debug mpls packets. However, if you turn on this debug command without further specifying anything, it returns debug output for all label switched packets. This is something that is probably fine in a lab environment, but not in a production network. Fortunately, you can specify an access list that limits the output to certain labeled packets. WARNING Debugging the forwarding of...