A

AAL (ATM Abstraction Layer), 107 abbreviating IPv6 addresses, 332 address families, configuring, 191-192 vpnv4, 196 addresses (IPv6), abbreviating, 332 adjacency table, 151, 351 adjusting LDP session keepalive timer, 73 metrics with autoroute announce, 319-320 administratively down links, preventing with LDP Session Protection, 100 advertising label bindings, 77-81 in UD mode, 78 label withdrawal, 81-83 Advisory Notifications (LDP), 83 AF (assured forwarding), 459 aggregate labels, 131 APS...

About the Cisco Press Website for This Book

Cisco Press provides additional content that you can access by registering your individual book at the Ciscopress.com website. To register this book, go to http www.ciscopress.com bookstore register.asp and enter the book ISBN, which is located on the back cover. You are then prompted to log in or join Ciscopress.com to continue registration. After you register this book, you see a link to this book listed on your My Registered Books page. Becoming a member and registering is free. The...

About the Technical Reviewers

Mohammad Miri is currently employed by Alcatel NA. He has more than 14 years of experience in design and implementation of IP networks for Telecom and Mobile providers involving broadband, narrowband, and MPLS and traffic engineering applications over IP. He received his computer science degree in 1989. Ivan Pepelnjak, CCIE No. 1354, is a 25-year veteran of the networking industry. He has more than 10 years of experience in designing, installing, troubleshooting, and operating large service...

Acknowledgments

I wish to acknowledge a few people who made this book possible. First, I wish to acknowledge my employer Cisco Systems for providing a great working and learning place. Second, I wish to express my gratitude to the technical reviewers, Mohammad Miri, Ivan Pepelnjak, and Hari Rakotoranto, for their feedback, guidance, suggestions, time, and effort in reviewing this book and ensuring its technical accuracy. Third, I'm grateful for the Cisco Press team Jim Schachterle, Raina Han, Dayna Isley, Mary...

Advanced MPLS Topics

Chapter 8 MPLS Traffic Engineering Chapter 10 Any Transport over MPLS Chapter 11 Virtual Private LAN Services Chapter 12 MPLS and Quality of Service Chapter 13 Troubleshooting MPLS Networks Chapter 14 MPLS Operation and Maintenance By the end of this chapter, you should know and be able to explain the following The role of Multiprotocol BGP in MPLS VPN networks The packet forwarding through the MPLS VPN network The operation of PE-CE routing protocols and their specifics for MPLS VPNs

Aggregate Labels

Aggregate labels can be the result of aggregation or summarization of IP prefixes in the network. You can aggregate multiple IPv4 prefixes into one prefix with a smaller mask capturing all the component prefixes with longer masks. You can do this in an MPLS network, but it might not be a good idea. When the labeled packets arrive at the aggregation router, it removes the label and performs an IP lookup, and then it labels them again and forwards them. Do not aggregate on ATM LSRs for that...

Any Transport over MPLS

Any Transport over MPLS (AToM) was developed years after the huge success of MPLS VPN. MPLS VPN is the virtual private network (VPN) solution to carry customer IP traffic over a shared MPLS service provider backbone. However, the leased lines, ATM links, and Frame Relay links still generate a lot of money for service providers. Many customers lease ATM or Frame Relay virtual circuits from a service provider and use them to carry their traffic between their sites, across the infrastructure...

Atm Aal5

Each received ATM AAL5 service data unit (SDU) (RFC 1483 2684) from the AC is labeled and sent onto the MPLS network. Before labeling, the header is removed and control information is copied into the control word. The egress PE router then looks up the VC label, strips it off, constructs the outgoing AAL5 SDU, and forwards the frame. The control information copied from the header is the Explicit Forward Congestion Indication (EFCI), the Cell Loss Priority (CLP), and possibly the Frame Relay C R...

ToM Architecture

In networks that use AToM, all the routers in the service provider network run MPLS, and the PE routers have an AC toward the CE router. The PE router receives Layer 2 frames on the AC and encapsulates them with labels before sending them onto the PSN tunnel toward the remote PE. At the remote PE, the label(s) are removed and the frames are sent toward the remote CE. In the case of AToM, the PSN tunnel is nothing other than a label switched path (LSP) between two PE routers. As such, the label...

ToM Fragmentation and Reassembly

Fragmentation is generally not good because it places a greater workload on the platform that is performing the fragmentation. Therefore, avoid it if possible. Path MTU Discovery and careful usage of the IP MTU and MPLS MTU commands generally get you far. Sometimes fragmentation is unavoidable, as in the case of Path MTU Discovery not working because of firewalls blocking the ICMP messages needed for Path MTU Discovery to work properly. If the payload is IP traffic, the ingress PE router can...

ToM Tunnel Selection

The AToM Tunnel Selection feature enables you to steer the AToM traffic through the MPLS network over a path that you specify. For this to work, you need to set up an MPLS TE tunnel from the PE to the PE router and then specify that the AToM traffic should take the TE tunnel instead of the default shortest labeled path. In addition, you can specify whether fallback to the default path is desirable when the TE tunnel fails. Figure 10-21 shows an MPLS network with MPLS VPN and AToM customers. The...

Autoroute Announce

Tunnel mpls traffic-eng autoroute announce is the command configured on the tunnel interface on the MPLS TE tunnel head end router so that the LSR can insert IP destinations into the routing table with the TE tunnel as next hop or outgoing interface. Basically, autoroute announce modifies the SPF algorithm so that the LSR can insert IP prefixes downstream of the closest TE tunnel tail end router into the routing table of the head end router with that TE tunnel as next hop. To understand what...

B

Baby giant frames, 60, 511 backdoor links, 225-226 backup tunnels, SRLG, 302 TE links, 256 benefits of MPLS, 6-8 BGP (Border Gateway Protocol) 6PE 6VPE, available features, 379 address families configuring, 191-192 vpnv4, configuring, 196 capabilities displaying, 190 label advertisement capability, 194-195 cost community, 223 extended communities for EIGRP, 221-222 for OSPF, 214-215 SOO, 235-237 extended community attributes, RT, 192 MPLS labels, advertising, 197 multiprotocol extensions,...

Benefits of MPLS

This section explains briefly the benefits of running MPLS in your network. These benefits include the following The use of one unified network infrastructure Better IP over ATM integration Border Gateway Protocol (BGP)-free core The peer-to-peer model for MPLS VPN Consider first a bogus reason to run MPLS. This is a reason that might look reasonable initially, but it is not a good reason to deploy MPLS.

Better IP over ATM Integration

In the previous decade, IP won the battle over all other networking Layer 3 protocols, such as AppleTalk, Internetwork Packet Exchange (IPX), and DECnet. IP is relatively simple and omnipresent. A much-hyped Layer 2 protocol at the time was ATM. Although ATM as an end-to-end protocol or desktop-to-desktop protocol as some predicted, never happened, ATM did have plenty of success, but the success was limited to its use as a WAN protocol in the core of service provider networks. Many of these...

BGP Carrying the Label

BGP advertises the vpnv4 prefixes in the MPLS VPN network. This is not enough to be able to forward the VPN traffic correctly. For the egress PE router to be able to forward the VPN traffic correctly to the CE router, it must forward the packet based on a label. The egress PE router can map such a label to the vpnv4 prefix, it is called the VPN label. The egress PE router must advertise the label along with the vpnv4 prefix to the possible ingress PE routers. The encoding of the label with the...

BGP Extended Community RT

The draft ietf-idr-bgp-ext-communities defines the extended community attribute. The community attribute is an optional transitive attribute that is described in RFC 1997. The extended community is also a transitive optional BGP attribute. It came into existence to extend the range of communities and has an enhanced structure over the BGP community attribute. Several BGP extended community attributes are defined, but only one is required for MPLS VPN the RT extended community. It indicates to...

BGPFree Core

When the IP network of a service provider must forward traffic, each router must look up the destination IP address of the packet. If the packets are sent to destinations that are external to the service provider network, those external IP prefixes must be present in the routing table of each router. BGP carries external prefixes, such as the customer prefixes or the Internet prefixes. This means that all routers in the service provider network must run BGP. MPLS, however, enables the...

Bogus Benefit

One of the early reasons for a label-swapping protocol was the need for speed. Switching IP packets on a CPU was considered to be slower than switching labeled packets by looking up just the label on top of a packet. A router forwards an IP packet by looking up the destination IP address in the IP header and finding the best match in the routing table. This lookup depends on the implementation of the specific vendor of that router. However, because IP addresses can be unicast or multicast and...

Brief Introduction to ATM

An ATM cell is 5 bytes of header and 48 bytes of data. Look at Figure 5-1 to see the ATM UNI cell format. The cell format depicted in Figure 5-1 is the User-Network Interface (UNI) cell. The Network-Node Interface (NNI) header is almost identical to this one, except for the GFC field, which has been omitted. Instead, the VPI field occupies the first 12 bits and is thus 4 bits longer, which allows the ATM switches to assign a larger number of virtual path identifiers (VPI). Table 5-1 shows the...

CEF Switching Packets in Hardware

To achieve high rate packet forwarding, the router can use ASICs on the boards or line cards. These ASICs are specially built chips that can forward packets at the highest rate. To have the ASICs forward the packets per the routing table, the router distills the CEF table into the ASIC so that it is correctly programmed to forward the packets. Example 6-5 shows the Packet Switching ASIC (PSA) on an engine 2 line card of the GSR 12000 series, programmed to switch packets. You see the forwarding...

CEFv6

Cisco Express Forwarding (CEF) is explained in Chapter 6, Cisco Express Forwarding. To recap, CEF provides a prebuilt forwarding table that is derived from the IPv4 routing table. This table is used to forward IP packets either on the central processor or on the line cards VIPs if the router has a distributed architecture. An adjacency table is used to perform the Layer 2 rewrite of the frame. For example, it can rewrite the outgoing source and destination MAC address when forwarding the...

Chapter Review Questions

What are the MPLS applications mentioned in this chapter 2. Name three advantages of running MPLS in a service provider network. 3. What are the advantages of the MPLS VPN solution for the service provider over all the other VPN solutions 4. Name the four technologies that can be used to carry IP over ATM. 5. Name two pre-MPLS protocols that use label switching. 6. What do the ATM switches need to run so that they can operate MPLS 7. How do you ensure optimal traffic flow between all the...

Circuit Emulation

There is still an enormous amount of time-division multiplexing (TDM) private lines and legacy equipment using these TDM services. Therefore, it makes sense to carry TDM over MPLS to support the legacy services using T1, E1, T3, E3, N x 64, and V.35. The advantage of carrying these types of services over MPLS is that one common network the MPLS network can carry the IP AToM traffic and the TDM traffic. With TDM Circuit Emulation, the TDM bit stream is carried across the MPLS cloud over an MPLS...

Command Syntax Conventions

The conventions used to present command syntax in this book are the same conventions used in the Cisco IOS Command Reference. The Command Reference describes these conventions as follows Boldface indicates commands and keywords that are entered literally as shown. In actual configuration examples and output (not general command syntax), boldface indicates commands that are manually input by the user (such as a show command). Italics indicate arguments for which you supply actual values....

Configuration of 6PE

The 6PE solution is simple and straightforward to configure. This section shows you that you only need to enable the iBGP neighbor under the IPv6 address family of BGP and add one extra keyword (iBGP neighbor command with the send-label keyword). Of course, you need to configure an IGP for IPv6 on the link between the PE and CE router. Alternatively, you can configure eBGP between the PE and CE or even static routing for IPv6. Only two 6PE-specific commands exist neighbor ip-address send-label...

Configuration of 6VPE

6VPE is similar in operation to MPLS VPN for IPv4, so similar commands are used, but now for IPv6 instead of IPv4. Following are the steps needed to configure 6VPE 1. Configure MPLS in the IPv4 core network (this means an IPv4 unicast routing protocol and a label distribution protocol) as for MPLS VPN for IPv4. 2. Configure an IPv6 VPN routing and forwarding (VRF) instance (with route-target import and export policies) on the PE router. 3. Associate the IPv6 VRF to an interface on the PE...

Connected Routes

Strictly speaking, the connected routes are not a routing protocol. However, to ensure connectivity, it is best practice to redistribute the connected routes on the PE router into BGP. That way, when the user launches a ping from a CE router to the remote CE router, the return packet is routed back. By default, if the user sends a ping and does not specify the source IP address, it takes as the source IP address the IP address of the outgoing interface, which in the case of a CE router is an IP...

D

Data Link Layer Protocol field, 27 data plane label stack depth, troubleshooting, 493-494 of AToM, 387-388 of VPLS, 439-440 debug ipv6 rip command, 336-337 debug mpls lspv tlv command, 548-549 debug mpls packet command, 54, 511-513 debugging MPLS LDP-IGP Synchronization, 99 MPLS packets, 511-513 deploying MPLS TE, requirements, 252 DF (Don't Fragment) bit, 63 DHCPv6, 334 differences between IPv4 and IPv6, 333-334 DiffServ (Differentiated Services), 457-458 forwarding classes, 459-461 recoloring...

Data Plane of AToM

As the ingress PE receives a frame from the CE, it forwards the frame across the MPLS backbone to the egress LSR with two labels the tunnel label and the VC label. In an AToM network, each pair of PE routers must run a targeted LDP session between them. The targeted LDP session signals characteristics of the pseudowire and most importantly advertises the VC label. The VC label is always the bottom label in the label stack. It identifies the egress AC on the egress PE. The tunnel label is the...

Default MPLS QoS Behavior in Cisco IOS

In Cisco IOS, the default behavior when imposing one or more labels on an IP packet is to copy the precedence value to the EXP bits of all imposed labels. This is called TOS reflection, because nothing regarding QoS changes by default. If, however, the six bits of the DSCP field are used, only the first three bits of DSCP are copied to the EXP bits of the labels. This leads to the first MPLS QoS rule. MPLS QoS Rule 1 By default, in Cisco IOS, the precedence bits or the first three bits of the...

Definition of a VPN

A VPN is a network that emulates a private network over a common infrastructure. The VPN might provide communication at OSI Layer 2 or 3. The VPN usually belongs to one company and has several sites interconnected across the common service provider infrastructure. The private network requires that all customer sites are able to interconnect and are completely separate from other VPNs. That is the minimum connectivity requirement. However, VPN models at the IP layer might require more than that....

Definition of MPLS

The MPLS labels are advertised between routers so that they can build a label-to-label mapping. These labels are attached to the IP packets, enabling the routers to forward the traffic by looking at the label and not the destination IP address. The packets are forwarded by label switching instead of by IP switching. The label switching technique is not new. Frame Relay and ATM use it to move frames or cells throughout a network. In Frame Relay, the frame can be any length, whereas in ATM, a...

Detection and Diagnosis of Control and Data Plane Defects

Common problems for MPLS networks are packets arriving at a label switching router (LSR) with a specific top label for which the LSR has no forwarding information or incorrect forwarding information. This problem can be detected by the control information that Label Distribution Protocol (LDP), Resource Reservation Protocol (RSVP), IP routing protocols, routing table, label information base (LIB), and label forwarding information base (LFIB) provide. However, the problem only becomes apparent...

Detection of a Defect in a Label Switched Path LSP

Another common problem is the failure of a label advertisement between two LSRs. For instance, the LDP peer neighborship might be down between two LSRs, which causes the packets to be dropped or forwarded without a label stack. For instance, if MPLS transports Layer 2 traffic that becomes unlabeled on a provider (P) router, it is dropped. Similarly, if IPv4 traffic becomes unlabeled, it might be forwarded according to the global routing table. If no route for the destination IP address exists,...

Diff Serv Tunneling Models

MPLS QoS Rule 4 causes an interesting behavior Regardless of what the MPLS EXP value was changed to at the ingress LSR or any other LSR, that value is not copied to the exposed IP packet at the egress LSR of the MPLS network. In effect, this enables the operator of the MPLS cloud to carry the QoS value of the IP packet transparently through the MPLS network. No matter how many times the EXP bits are changed, by default, the IP precedence or DSCP bits of the IP packet are preserved the value at...

Diff Serv with IP Packets

Refer to Figure 12-1 to refresh your memory about what the IP header looks like. Figure 12-1 IP Header Fields Figure 12-2 The TOS Byte of the IP Header Defining the Precedence Bits 111 - Network Control 110 - Internetwork Control 101 - CRITIC ECP 100 - Flash Override 011 - Flash 010 - Immediate 001 - Priority 000 - Routine 1000 - - Minimize Delay 0100 - - Maximize Throughput 0010 - - Maximize Reliability 0001 - - Minimize Monetary Cost 0000 - - Normal Service The usage of the precedence bits...

Diff Serv with MPLS Packets

Remember the syntax of a label from Chapter 2, MPLS Architecture Figure 12-4 is a refresher. Figure 12-4 Syntax of an MPLS Label As you can see, there are three EXP, or experimental, bits. They are called experimental, but they are really used only for QoS. You can use these bits in the same way that you use the three precedence bits in the IP header. If you use these three bits for QoS, you can call the label switched path (LSP) an E-LSP, indicating that the label switching router (LSR) will...

Distributed Cef Dcef

One of the main advantages of CEF is that it can be used in a distributed manner. Some Cisco routers use a central CPU without any form of decentralized or distributed intelligence. An example of such a router is the 7200 series router. CEF in this platform can only use the central CPU and as such can forward traffic by the CPU or in interrupt mode. Other hardware such as the 7500 or GSR 12000 series router has distributed intelligence and CPUs. Therefore, the router can distribute the burden...

Dual TE Metrics

By default, MPLS TE uses the TE metrics of the links to route the TE tunnels however, by default the TE link metrics are the same as the IGP link metrics. However, you can override this option when you set the TE metrics. You cannot have two TE metrics, though, to route TE tunnels. One solution, if you want to use two metrics, is to use the IGP metric and TE metric at the same time to route TE tunnels. Network administrators who want one metric for delay and one for bandwidth choose this...

EBGP

EBGP can be the PE-CE routing protocol. Under the address family ipv4 vrf of the router bgp process on the PE, you need to configure the CE router as the eBGP neighbor and activate it. In Example 7-35, the eBGP neighbor 10.20.2.1 (the CE router) in the autonomous system 65001 in VRF cust-one is configured. Example 7-35 Basic BGP Configuration as PE-CE Routing Protocol neighbor 10.200.254.5 remote-as 1 neighbor 10.200.254.5 update-source Loopback0 neighbor 10.200.254.5 send-community extended...

Explicit NULL Label

The use of implicit NULL adds efficiency when forwarding packets. However, it has one downside The packet is forwarded with one label less than it was received by the penultimate LSR or unlabeled if it was received with only one label. Besides the label value, the label also holds the Experimental (EXP) bits. When a label is removed, the EXP bits are also removed. Because the EXP bits are exclusively used for quality of service (QoS), the QoS part of the packet is lost when the top label is...

F

Facility backup, 292 fast switching, 148 FCS retention as potential IETF draft of BGP available on 6PE 6VPE, 379 features supported on 6VPE, 378 FEC (Forwarding Equivalence Class), 30, 32 bindings, 68 fields in IPv6 header, 331-332 filtering incoming LDP label bindings, 90-91 flapping links, enabling LDP Session Protection, 100-103 flooding TE information, 264, 266 Flow Label header field (IPv6), 332 flows, tracking, 563-564 forwarding adjacency, 306-309 forwarding classes, 459-461 forwarding...

FCS Retention

Currently, in AToM networks, the frame check sequence (FCS) of Ethernet, Frame Relay, HighLevel Data Link Control (HDLC), and PPP Layer 2 frames is removed before AToM sends the frames across the pseudowire. At the remote end of the pseudowire, the egress PE inserts the FCS by calculating it over the received Layer 2 frame. This behavior might lead to problems if intermediate LSRs introduce a problem whereby they change the payload of the MPLS packet. This problem can go undetected until the...

Feedback Information

At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book is crafted with care and precision, undergoing rigorous development that involves the unique expertise of members from the professional technical community. Readers' feedback is a natural continuation of this process. If you have any comments regarding how we could improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us through e-mail at...

Flooding by the IGP

The IGP floods the TE information in the following cases Changes in the reserved bandwidth After a tunnel setup failure As with regular IP routing, OSPF floods the LSA or IS-IS floods the LSP when the state (up or down) of the interface changes or when a manual configuration change alters the characteristics of the interface for the IGP. OSPF and IS-IS also have a periodic flooding mechanism. With OSPF, a periodic flooding occurs every 30 minutes. You can change this interval with the command...

Forwarding Adjacency

Forwarding adjacency is an MPLS TE feature whereby the IGP can see a TE LSP as a link. The IGP on the head end router of the TE tunnel advertises the TE LSP as a link with a certain IGP metric associated with it. Any router in the same area as the head end router then includes this link when it is running the SPF algorithm. As such, the IGP sees the total path that a TE tunnel spans as one link only. To correctly use forwarding adjacency, you must configure two TE tunnels between a pair of LSRs...

Forwarding Equivalence Class

A Forwarding Equivalence Class (FEC) is a group or flow of packets that are forwarded along the same path and are treated the same with regard to the forwarding treatment. All packets belonging to the same FEC have the same label. However, not all packets that have the same label belong to the same FEC, because their EXP values might differ the forwarding treatment could be different, and they could belong to a different FEC. The router that decides which packets belong to which FEC is the...

Forwarding Labeled Packets

Chapter 2, MPLS Architecture, focused on what an MPLS label is and how it is used. This chapter specifically focuses on how labeled packets are forwarded. Forwarding labeled packets is quite different from forwarding IP packets. Not only is the IP lookup replaced with a lookup of the label in the label forwarding information base (LFIB), but different label operations are also possible. These operations refer to the pop, push, and swap operations of MPLS labels in the label stack. When reading...

Fragmentation of MPLS Packets

If an LSR receives a labeled packet that is too big to be sent out on a data link, the packet should be fragmented. This is similar to fragmenting an IP packet. If a labeled packet is received and the LSR notices that the outgoing MTU is not big enough for this packet, the LSR strips off the label stack, fragments the IP packet, puts the label stack (after the pop, swap, or push operation) onto all fragments, and forwards the fragments. Only if the IP header has the Don't Fragment (DF) bit set...

Frame Mode ATM

You can also use ATM in Frame mode on the edge routers. In that case, a PVC is configured between the edge routers. The configuration on the router consists of an ATM subinterface with PVC. LDP is enabled on the subinterface with the command mpls ip. The ATM switches in this case are not MPLS-aware. The routers on the edge peer with each other both for OSPF and LDP instead of with the ATM switches. This is the overlay model. The label space used on the ATM subinterface is the platform-wide...

FriiPi Pi

In Figure 10-1, you see a PSN tunnel between the two service provider edge routers. The PSN can be either an IP or an MPLS-based network. Inside the PSN tunnel might be one or more pseudowires that connect the attachment circuits (ACs) on the PE routers to each other. The AC can be ATM, Frame Relay, HDLC, PPP, and so on. Frames that the PE receives on the AC are encapsulated and sent across the pseudowire to the remote PE router. The egress PE router receives the packets from the pseudowire and...

FRRLink Protection

With link protection, one particular link used for TE is protected. This means that all TE tunnels that are crossing this link are protected by one backup tunnel. This technique is also called facility backup because a complete link with all its TE LSPs is backed up. Figure 8-15 shows a simple network whereby the link R1-R2 is protected by a backup tunnel R1-R3-R2. This backup tunnel protects only the TE tunnels in the direction from R1 to R2. Therefore, to protect all tunnels crossing the link...

FRRNode Protection

With FRR for Node Protection, you are not trying to protect only one link, but rather a whole router. Node protection works by creating a next-next-hop (NNHOP) backup tunnel. An NNHOP backup tunnel is not a tunnel to the next-hop router of the PLR, but to the router that is one hop behind the protected router. Therefore, in the case of node protection, the NNHOP router is the MP router. When you configure the command tunnel mpls traffic-eng fast-reroute node-protect on the head end of the TE...

Fundamentals of MPLS

Chapter 1 The Evolution of MPLS Chapter 3 Forwarding Labeled Packets Chapter 4 Label Distribution Protocol Chapter 5 MPLS and ATM Architecture Chapter 6 Cisco Express Forwarding After completing this chapter, you will be able to do the following Explain the driving factors behind MPLS List the benefits of forwarding labeled packets instead of forwarding IP packets Explain the applications of MPLS that have received widespread acceptance

Giant and Baby Giant Frames

When a packet becomes labeled, the size increases slightly. If the IP packet was already at the maximum size possible for a certain data link (full MTU), it becomes too big to be sent on that data link because of the added labels. Therefore, the frame at Layer 2 becomes a giant frame. Because the frame is only slightly bigger than the maximum allowed, it is called a baby giant frame. Take the example of Ethernet The payload can be a maximum of 1500 bytes. However, if the packet is a maximum...

Giant Frames on Switches

You can also see giant and baby giant frames on Layer 2 switches because the maximum Ethernet frame has increased by as many bytes as are in the label stack. Configuration might be needed on the Ethernet switches to allow them to switch giant and baby giant frames. Example 3-11 shows examples on how to enable jumbo Ethernet frames on an Ethernet switch. Example 3-11 Allowing Jumbo Frames on Ethernet Switches Enter configuration commands, one per line. < 1500-9216> Jumbo mtu size in Bytes,...

Goals and Methods

The purpose of this book is to make a network engineer a qualified MPLS network engineer. To accomplish this goal, this book starts by explaining the fundamentals of MPLS. It covers the principles and theory of MPLS thoroughly. It continues by explaining the MPLS applications that made MPLS so popular, including MPLS VPN, MPLS traffic engineering (TE), Any Transport over MPLS (AToM), and Virtual Private LAN Service (VPLS). The theory is accompanied by configuration examples, detailing how to...

H

HDLC, transporting across MPLS networks, Hello interval (LDP messages), changing, 71 discovering LSRs running LDP, 69-73 LDP Hello interval, changing, 71 Hold time, changing, 71 history of MPLS, tag switching, 19-20 Hold time (LDP messages), 70 holding priority of MPLS TE tunnels, configuring, 273-274 hop count, enabling loop detection, 125-127 hub-and-spoke scenario, 233-235 H-VPLS (Hierarchical VPLS), 450 with MPLS in access layer, 452 with QinQ, 450-452 time exceeded messages, 57...

Hierarchical VPLS

With Hierarchical VPLS (H-VPLS), the PE routers are no longer directly attached to the customer equipment. Hierarchy is introduced by adding another layer in the access layer toward the customer equipment. H-VPLS has two forms H-VPLS with dot1q tunneling in the access layer H-VPLS with MPLS in the access layer Figure 11-7 shows H-VPLS. - Access Layer-- MPLS Core -- Access Layer - There are now N-PE and U-PE routers. The N-PE routers are network-facing PE routers, whereas the U-PE routers are...

Housekeeping by Means of Notification

Notification messages are needed for the housekeeping of LDP sessions. The notification messages signal significant events to the LDP peer. These events might be fatal errors (Error Notifications) or simple advisory information (Advisory Notifications). If a fatal error occurs, the sending LSR and receiving LSR should terminate the LDP session immediately. Advisory Notifications are used to send information about the LDP session or a message received from the peer. The following events can be...

How This Book Is Organized

This book has 15 chapters and one appendix and is organized in two parts. Also available are online supplemental materials that you can find on the website, including an appendix on static MPLS labels. Although each chapter has its own topic and stands alone, it is best to read this book in sequential order. Only if you are an MPLS-experienced reader will you be able to jump to any chapter from Part II without problem. Even if you fit into that category, you might want to browse through the...

How to Implement the Three Diff Serv Tunneling Models

The distinction between the three models is made only on the ingress and egress LSR. For the three models, no configuration is needed on the ingress LSR assuming that the service provider is willing to accept the DiffServ information set by the customer as the LSP DiffServ information in the MPLS core. The reason for that is MPLS QoS Rules 1 and 2. However, for the Uniform model, this is a requirement, whereas for the Pipe and Short Pipe models, the ingress LSR could set other values for the...

Huband Spoke

Virtual Experimentation Process

Often, customers do not want their sites to have full interconnectivity. This means they do not want or need the sites to be fully meshed. A typical scenario involves one main site at a company with many remote sites. The remote sites or spokes need connectivity to the main or hub site, but they do not need to communicate between them directly. Perhaps the connectivity is possible but not wanted for security reasons. This scenario is commonly referred to as the hub-and-spoke scenario. It can...

HVPLS with Dot1q Tunneling QinQ in the Access Layer

As in the case of EoMPLS, dot1q tunneling (QinQ) is possible with VPLS. This means that the customer VLANs can be encapsulated into another VLAN (the provider VLAN, or P-VLAN), allowing a multi-VLAN switched customer network to be transparently transported between multiple sites connected to an MPLS network. This P-VLAN is mapped to one VFI on the N-PE router. If the CE equipment is a router, you can configure the Ethernet interface toward the PE router as a trunk interface by configuring...

HVPLS with MPLS in the Access Layer

Look at Figure 11-9 to see H-VPLS with MPLS in the access layer. Figure 11-9 H-VPLS with MPLS in the Access Layer With MPLS in the access layer, point-to-point virtual circuits will exist between the N-PEs and U-PEs. You need to disable the default split-horizon behavior on the N-PEs because an N-PE must forward Layer 2 frames received on the pseudowires from another N-PE onto the pseudowires toward the U-PEs and vice versa. You can achieve this with the following command neighbor remote router...

1

Netflow can also track IP-to-label flows on the ingress LSR. It does not matter whether the incoming interface is a regular global IP or a VRF interface. At the egress LSR, Netflow can provide egress Netflow accounting for packets that enter the LSR as labeled packets and leave the LSR as IP packets this is the label-to-IP path. It is called egress Netflow because the packets are disposed of the label stack on their way out of the router. The egress interface on the LSR can be a regular global...

I I

The Ingress PE sets the MPLS EXP bits to 3 A P router can recolor the packet EXP bits become 0 Recoloring at P router the packet becomes out-of-rate Figure 12-12 Recoloring a Packet in an MPLS VPN Network for the Uniform Model Copy must happen for all three models Copy must only happen for uniform model Copy must happen for all three models Copy must only happen for uniform model The Ingress PE sets the MPLS EXP bits to 3 A P router can recolor the packet EXP bits become 0 Recoloring at P...

Implementing the Diff Serv Tunneling Models in Cisco IOS

This section gives an overview of implementing the different MPLS DiffServ Tunneling models in Cisco IOS. The sample network used here is an MPLS VPN network, because this is the MPLS application used most often today. The configuration shown pertains to only one or two values of the MPLS experimental bits or the IP precedence bits to keep the configuration small. In a real-world network, this configuration might need to be expanded to cover all EXP and precedence bits (DSCP levels). Example...

Implicit NULL Label

The implicit NULL label is the label that has a value of 3. An egress LSR assigns the implicit NULL label to a FEC if it does not want to assign a label to that FEC, thus requesting the upstream LSR to perform a pop operation. In the case of a plain IPv4-over-MPLS network, such as an IPv4 network in which LDP distributes labels between the LSRs, the egress LSR running Cisco IOS assigns the implicit NULL label to its connected and summarized prefixes. The benefit of this is that if the egress...

Internet Access

Internet routing is usually done via the BGP table of the MPLS VPN network of the service provider. This BGP table is in the global routing space, not in the VRF context. By default, the VRF sites can communicate only with other VRF sites in the same VPN, not with anything in the global routing space. Therefore, something must be done to provide Internet access (global context) to the CE routers (VRF context). The following sections detail how to provide Internet access to VRF sites. Obviously,...

Internet Access Through a Central VRF Site

Instead of traffic from each VPN site being forwarded directly to the Internet gateway router, it is possible to forward all the Internet traffic from the VRF sites to the CE router(s) of a central VRF site in a VPN. The advantage is that security features such as firewall services or other services such as Network Address Translation (NAT) are implemented only once and centrally in the central VRF site. The Internet traffic between the VRF sites and the VRF central site is then forwarded...

Internet Access Through the Global Routing Table

An easy way to provide Internet access to CE routers is to have an interface from the PE to the CE router that is in the global routing space. The PE router has a VRF interface toward the CE router, but you can have a second interface that is not in a VRF toward the CE router. The routing on the CE router should then take care of sending the VPN traffic to the VRF interface and the Internet traffic to the interface in the global routing space on the PE router. The obvious disadvantage is that...

Internet Access Through the Global Routing Table with Static Routes

You can provide Internet access to the VPN customers by forwarding their traffic to the Internet gateway of the service provider. The Internet gateway is known to all P routers in the MPLS VPN network because the gateway IP address is known in the global routing table of the service provider. It surely is running eBGP with a router of an Internet provider. The PE routers are already running BGP, so they can provide MPLS VPN services. The PE routers can also run an iBGP peering session for IPv4...

Internet in a VPN

One solution that might seem the simplest is actually the worst. The service provider could place the complete Internet routing table in the VRF. However, that would mean that an enormous number of routes would be placed in the VPN. The provider could do this once and put all customers requiring Internet access in this VRF. However, then the point of each customer having his own private network would be completely lost. Another solution could involve the service provider putting the Internet...

Pv6 Internet Access Through 6VPE

RFC 4364 specifies how to access the Internet from within a VPN. These methods for accessing the Internet from CE routers belonging to a VPN that is built from the MPLS VPN for IPv4 architecture are described in detail in Chapter 7. You can use the same three methods that are discussed in Chapter 7 to provide Internet access for VPNs that are built from the 6VPE architecture. These three methods are as follows Static and static VRF routes providing Internet access In the first method, the...

Pv6 over MPLS

You might think that it should be IPv5, but that one ended up as an experiment only and was dropped. IPv6 is the next-generation IP protocol. It is similar to IPv4 in many respects, but it is also different in many ways. One of the most eye-catching differences is the bigger IP addresses in IPv6 versus IPv4. That feature is the main driving force for people to move away from IPv4 and start implementing IPv6. Bigger addresses mean that you have many of them...

Isis

Another possible PE-CE routing protocol is IS-IS, which is a link state routing protocol like OSPF. Unlike OSPF, however, IS-IS runs directly over Layer 2, not over IP. Having IS-IS run across the PE-CE link requires ISIS to be VRF aware on the PE routers. You can configure ISIS for a VRF by using the command vrf vrf-name under the IS-IS process. IS-IS processes on a router are differentiated from each other by the tag as configured with the command router isis process-tag. You have to...

L

L2TPv3, transporting Layer 2 frames across PSN, 384-385 L2VPN Inter-Autonomous Networking, 431 L2VPN Pseudowire Switching, 432 label advertisement, 111-114 control modes, 122-123 DoD, 116 label advertisement capability (BGP), advertising, 77, 79-81 in UD mode, 78 label withdrawal, 81, 83 incoming LDP, filtering, 90-91 inuse, 80 piggybacking, 33 running separate protocol, 34-35 with LDP, 35-36 label distribution modes (LSRs), 38 label encoding, 110 label lookup versus IP lookup, 44, 46-49 label...

Label Advertisement

The IGP and LDP on the ATM LSRs cannot run directly over the ATM interface and establish a neighborship. A control VC is needed for the IGP and LDP to run on between two adjacent ATM LSRs. When the IGP adjacency is built, the IGP can exchange IP prefixes which are put in the routing table. After LDP forms a session across the control VC, it can exchange label bindings. This in turn enables the ATM LSRs to populate the LIB with bindings. As you recall, a binding is a prefix and an associated...

Label Distribution

The first label is imposed on the ingress LSR and the label belongs to one LSP. The path of the packet through the MPLS network is bound to that one LSP. All that changes is that the top label in the label stack is swapped at each hop. The ingress LSR imposes one or more labels on the packet. The intermediate LSRs swap the top label (the incoming label) of the received labeled packet with another label (the outgoing label) and transmit the packet on the outgoing link. The egress LSR of the LSP...

Label Distribution Modes

The MPLS architecture has two modes to distribute label bindings Downstream-on-Demand (DoD) label distribution mode Unsolicited Downstream (UD) label distribution mode In the DoD mode, each LSR requests its next-hop (that is, downstream) LSR on an LSP, a label binding for that FEC. Each LSR receives one binding per FEC only from its downstream LSR on that FEC. The downstream LSR is the next-hop router indicated by the IP routing table. In the UD mode, each LSR distributes a binding to its...

Label Distribution Protocol

The fundamental story on MPLS is that packets are labeled, and each label switching router (LSR) must perform label swapping to forward the packet. This means that in all cases, labels need to be distributed. You can achieve this in two ways piggyback the labels on an existing routing protocol, or develop a new protocol to do just that. If you want to adjust the Interior Gateway Protocol (IGP) such as Open Shortest Path First (OSPF), Intermediate System-to-Intermediate System (IS-IS), Enhanced...

Label Distribution with LDP

For every IGP IP prefix in its IP routing table, each LSR creates a local binding that is, it binds a label to the IPv4 prefix. The LSR then distributes this binding to all its LDP neighbors. These received bindings become remote bindings. The neighbors then store these remote and local bindings in a special table, the label information base (LIB). Each LSR has only one local binding per prefix, at least when the label space is per platform. If the label space is per interface, one local label...

Label Forwarding Instance Base

The LFIB is the table used to forward labeled packets. It is populated with the incoming and outgoing labels for the LSPs. The incoming label is the label from the local binding on the particular LSR. The outgoing label is the label from the remote binding chosen by the LSR from all possible remote bindings. All these remote bindings are found in the LIB. The LFIB chooses only one of the possible outgoing labels from all the possible remote bindings in the LIB and installs it in the LFIB. The...

Label Operation

The possible label operations are swap, push, and pop. Look at Figure 3-1 to see the possible operations on labels. By looking at the top label of the received labeled packet and the corresponding entry in the LFIB, the LSR knows how to forward the packet. The LSR determines what label operation needs to be performed swap, push, or pop and what the next hop is to which the packet needs to be forwarded. The swap operation means that the top label in the label stack is replaced with another, and...

Label Retention Modes

Two label retention modes are possible Liberal Label Retention (LLR) mode Conservative Label Retention (CLR) mode In LLR mode, an LSR keeps all received remote bindings in the LIB. One of these bindings is the remote binding received from the downstream or next hop for that FEC. The label from that remote binding is used in the LFIB, but none of the labels from the other remote bindings are put in the LFIB therefore, not all are used to forward packets. Why keep the labels around that are not...

Label Stack Depth

To detect problems with labeled packets in the data plane, you need to know how many labels are present in the label stack of the packets at each point in the network. Only then can you figure out if the labeled packets have the right number of labels and if it is the correct label in the right place in the label stack. Therefore, you need to know for your network how many labels a labeled packet has at each link. The number of labels present in the label stack depends on the MPLS network...

Label Stacking

MPLS-capable routers might need more than one label on top of the packet to route that packet through the MPLS network. This is done by packing the labels into a stack. The first label in the stack is called the top label, and the last label is called the bottom label. In between, you can have any number of labels. Figure 2-2 shows you the structure of the label stack. Notice that the label stack in Figure 2-2 shows that the BoS bit is 0 for all the labels, except the bottom label. For the...

Label Switch Controller

The label switch controller (LSC) is a piece of hardware designed to perform the control plane functions needed to make the ATM switch an ATM LSR. The Cisco BPX is an ATM switch that needs an LSC to become an ATM LSR. The LSC takes care of the control plane functions like the IGP, the routing table, and LDP. The PBX still performs the switching of the ATM cells in the data plane. In the case of the BPX, the LSC is a Cisco 7200 router. The LSC controls the BPX through an ATM interface over which...

Label Switch Router

A label switch router (LSR) is a router that supports MPLS. It is capable of understanding MPLS labels and of receiving and transmitting a labeled packet on a data link. Three kinds of LSRs exist in an MPLS network Ingress LSRs Ingress LSRs receive a packet that is not labeled yet, insert a label (stack) in front of the packet, and send it on a data link. Egress LSRs Egress LSRs receive labeled packets, remove the label(s), and send them on a data link. Ingress and egress LSRs are edge LSRs....

Label Switched Path

A label switched path (LSP) is a sequence of LSRs that switch a labeled packet through an MPLS network or part of an MPLS network. Basically, the LSP is the path through the MPLS network or a part of it that packets take. The first LSR of an LSP is the ingress LSR for that LSP, whereas the last LSR of the LSP is the egress LSR. All the LSRs in between the ingress and egress LSRs are the intermediate LSRs. In Figure 2-5, the arrow at the top indicates the direction, because an LSP is...

LDP Autoconfiguration

LDP is enabled on an interface by configuring the interface command mpls ip. On an LSR, LDP is usually enabled on all the interfaces on which the IGP is enabled. Much easier than configuring mpls ip on every interface separately is enabling LDP Autoconfiguration for the IGP. Every interface on which the IGP is running then has LDP enabled. The OSPF router command to enable LDP Autoconfiguration is this As you can see, it can be enabled for just a specific OSPF area. You can also disable it from...

LDP Overview

To get packets across a label switched path (LSP) through the MPLS network, all LSRs must run a label distribution protocol and exchange label bindings. When all the LSRs have the labels for a particular Forwarding Equivalence Class (FEC), the packets can be forwarded on the LSP by means of label switching the packets at each LSR. The label operation (swap, push, pop) is known to each LSR by looking into the LFIB. The LFIB which is the table that forwards labeled packets is fed by the label...

Limiting MAC Addresses

If the metro Ethernet sites have many hosts switches, you need to prevent the PE routers from learning too many MAC addresses from the customers. You also need to protect the PE router from possible denial-of-service (DoS) attacks involving MAC address learning. You can limit the maximum number of MAC entries per VLAN on the PE router by entering the following command mac-address-table limit vlan vlan maximum num action warning limit shutdown The options are to warn when the maximum number of...

Link Manager

The link manager is a piece of the Cisco IOS TE code that does some necessary housekeeping on every TE-enabled router. It mainly does link admission control, which involves keeping track of the bandwidth reserved by RSVP on the links and allowing RSVP to reserve more bandwidth on the link for new tunnel setup requests. It is also the piece of software that determines which TE tunnel LSP can preempt another (by looking at the tunnel priorities) on the links. Finally, it is what triggers the IGP...

Link TE Attributes

Every link in the MPLS network enabled for TE can have characteristics that need to be flooded so that the head end router can figure out whether the TE tunnel can use a particular link. A link that is enabled for TE can have the following characteristics configured for TE Maximum reservable bandwidth Maximum reservable sub-pool bandwidth You configure the maximum reservable bandwidth on the interface by configuring ip rsvp bandwidth interface-kbps. It is configured in kpbs. This is the maximum...

Load Balancing

When multiple TE tunnels have the same cost, traffic can be load-balanced across them. Traffic can also be load-balanced between the native IP path and TE tunnels if the cost of the routing is the same. This situation has some restrictions, however see the earlier section Cost Calculation of IGP Routes over TE Tunnels. When you are load balancing over TE tunnels, the load balancing can even be unequal cost load balancing. The load balancing of traffic is weighted proportionally to the bandwidth...

LSP Control Modes

LSRs can create a local binding for a FEC in two ways Independent LSP Control mode The LSR can create a local binding for a FEC independently from the other LSRs. This is called Independent LSP Control mode. In this control mode, each LSR creates a local binding for a particular FEC as soon as it recognizes the FEC. Usually, this means that the prefix for the FEC is in its routing table. In Ordered LSP Control mode, an LSR only creates a local binding for a FEC if it recognizes that it is the...

LSP Ping Operation

The MPLS echo request for an MPLS ping holds the following information The echo reply holds the following information An Error Code TLV (optional) The Target FEC Stack TLV from the echo request (optional) The MPLS echo request for an MPLS ping is forced into the right FEC at the sender. The LSR does not do this via a simple lookup of the IP address in the CEF table. The destination IP address is from the range 127.0.0.0 8 anyway, so this is not even possible. The destination of the packet is...