A

AAL (ATM Abstraction Layer), 107 abbreviating IPv6 addresses, 332 address families, configuring, 191-192 vpnv4, 196 addresses (IPv6), abbreviating, 332 adjacency table, 151, 351 adjusting LDP session keepalive timer, 73 metrics with autoroute announce, 319-320 administratively down links, preventing with LDP Session Protection, 100 advertising label bindings, 77-81 in UD mode, 78 label withdrawal, 81-83 Advisory Notifications (LDP), 83 AF (assured forwarding), 459 aggregate labels, 131 APS...

About the Cisco Press Website for This Book

Cisco Press provides additional content that you can access by registering your individual book at the Ciscopress.com website. To register this book, go to http www.ciscopress.com bookstore register.asp and enter the book ISBN, which is located on the back cover. You are then prompted to log in or join Ciscopress.com to continue registration. After you register this book, you see a link to this book listed on your My Registered Books page. Becoming a member and registering is free. The...

About the Technical Reviewers

Mohammad Miri is currently employed by Alcatel NA. He has more than 14 years of experience in design and implementation of IP networks for Telecom and Mobile providers involving broadband, narrowband, and MPLS and traffic engineering applications over IP. He received his computer science degree in 1989. Ivan Pepelnjak, CCIE No. 1354, is a 25-year veteran of the networking industry. He has more than 10 years of experience in designing, installing, troubleshooting, and operating large service...

Advanced MPLS Topics

Chapter 8 MPLS Traffic Engineering Chapter 10 Any Transport over MPLS Chapter 11 Virtual Private LAN Services Chapter 12 MPLS and Quality of Service Chapter 13 Troubleshooting MPLS Networks Chapter 14 MPLS Operation and Maintenance By the end of this chapter, you should know and be able to explain the following The role of Multiprotocol BGP in MPLS VPN networks The packet forwarding through the MPLS VPN network The operation of PE-CE routing protocols and their specifics for MPLS VPNs

Atm Aal5

Each received ATM AAL5 service data unit (SDU) (RFC 1483 2684) from the AC is labeled and sent onto the MPLS network. Before labeling, the header is removed and control information is copied into the control word. The egress PE router then looks up the VC label, strips it off, constructs the outgoing AAL5 SDU, and forwards the frame. The control information copied from the header is the Explicit Forward Congestion Indication (EFCI), the Cell Loss Priority (CLP), and possibly the Frame Relay C R...

ToM Architecture

In networks that use AToM, all the routers in the service provider network run MPLS, and the PE routers have an AC toward the CE router. The PE router receives Layer 2 frames on the AC and encapsulates them with labels before sending them onto the PSN tunnel toward the remote PE. At the remote PE, the label(s) are removed and the frames are sent toward the remote CE. In the case of AToM, the PSN tunnel is nothing other than a label switched path (LSP) between two PE routers. As such, the label...

ToM Fragmentation and Reassembly

Fragmentation is generally not good because it places a greater workload on the platform that is performing the fragmentation. Therefore, avoid it if possible. Path MTU Discovery and careful usage of the IP MTU and MPLS MTU commands generally get you far. Sometimes fragmentation is unavoidable, as in the case of Path MTU Discovery not working because of firewalls blocking the ICMP messages needed for Path MTU Discovery to work properly. If the payload is IP traffic, the ingress PE router can...

ToM Tunnel Selection

The AToM Tunnel Selection feature enables you to steer the AToM traffic through the MPLS network over a path that you specify. For this to work, you need to set up an MPLS TE tunnel from the PE to the PE router and then specify that the AToM traffic should take the TE tunnel instead of the default shortest labeled path. In addition, you can specify whether fallback to the default path is desirable when the TE tunnel fails. Figure 10-21 shows an MPLS network with MPLS VPN and AToM customers. The...

B

Baby giant frames, 60, 511 backdoor links, 225-226 backup tunnels, SRLG, 302 TE links, 256 benefits of MPLS, 6-8 BGP (Border Gateway Protocol) 6PE 6VPE, available features, 379 address families configuring, 191-192 vpnv4, configuring, 196 capabilities displaying, 190 label advertisement capability, 194-195 cost community, 223 extended communities for EIGRP, 221-222 for OSPF, 214-215 SOO, 235-237 extended community attributes, RT, 192 MPLS labels, advertising, 197 multiprotocol extensions,...

Better IP over ATM Integration

In the previous decade, IP won the battle over all other networking Layer 3 protocols, such as AppleTalk, Internetwork Packet Exchange (IPX), and DECnet. IP is relatively simple and omnipresent. A much-hyped Layer 2 protocol at the time was ATM. Although ATM as an end-to-end protocol or desktop-to-desktop protocol as some predicted, never happened, ATM did have plenty of success, but the success was limited to its use as a WAN protocol in the core of service provider networks. Many of these...

BGP Carrying the Label

BGP advertises the vpnv4 prefixes in the MPLS VPN network. This is not enough to be able to forward the VPN traffic correctly. For the egress PE router to be able to forward the VPN traffic correctly to the CE router, it must forward the packet based on a label. The egress PE router can map such a label to the vpnv4 prefix, it is called the VPN label. The egress PE router must advertise the label along with the vpnv4 prefix to the possible ingress PE routers. The encoding of the label with the...

BGP Extended Community RT

The draft ietf-idr-bgp-ext-communities defines the extended community attribute. The community attribute is an optional transitive attribute that is described in RFC 1997. The extended community is also a transitive optional BGP attribute. It came into existence to extend the range of communities and has an enhanced structure over the BGP community attribute. Several BGP extended community attributes are defined, but only one is required for MPLS VPN the RT extended community. It indicates to...

Bogus Benefit

One of the early reasons for a label-swapping protocol was the need for speed. Switching IP packets on a CPU was considered to be slower than switching labeled packets by looking up just the label on top of a packet. A router forwards an IP packet by looking up the destination IP address in the IP header and finding the best match in the routing table. This lookup depends on the implementation of the specific vendor of that router. However, because IP addresses can be unicast or multicast and...

Brief Introduction to ATM

An ATM cell is 5 bytes of header and 48 bytes of data. Look at Figure 5-1 to see the ATM UNI cell format. The cell format depicted in Figure 5-1 is the User-Network Interface (UNI) cell. The Network-Node Interface (NNI) header is almost identical to this one, except for the GFC field, which has been omitted. Instead, the VPI field occupies the first 12 bits and is thus 4 bits longer, which allows the ATM switches to assign a larger number of virtual path identifiers (VPI). Table 5-1 shows the...

Chapter Review Questions

What are the MPLS applications mentioned in this chapter 2. Name three advantages of running MPLS in a service provider network. 3. What are the advantages of the MPLS VPN solution for the service provider over all the other VPN solutions 4. Name the four technologies that can be used to carry IP over ATM. 5. Name two pre-MPLS protocols that use label switching. 6. What do the ATM switches need to run so that they can operate MPLS 7. How do you ensure optimal traffic flow between all the...

Configuration of 6PE

The 6PE solution is simple and straightforward to configure. This section shows you that you only need to enable the iBGP neighbor under the IPv6 address family of BGP and add one extra keyword (iBGP neighbor command with the send-label keyword). Of course, you need to configure an IGP for IPv6 on the link between the PE and CE router. Alternatively, you can configure eBGP between the PE and CE or even static routing for IPv6. Only two 6PE-specific commands exist neighbor ip-address send-label...

Configuration of 6VPE

6VPE is similar in operation to MPLS VPN for IPv4, so similar commands are used, but now for IPv6 instead of IPv4. Following are the steps needed to configure 6VPE 1. Configure MPLS in the IPv4 core network (this means an IPv4 unicast routing protocol and a label distribution protocol) as for MPLS VPN for IPv4. 2. Configure an IPv6 VPN routing and forwarding (VRF) instance (with route-target import and export policies) on the PE router. 3. Associate the IPv6 VRF to an interface on the PE...

D

Data Link Layer Protocol field, 27 data plane label stack depth, troubleshooting, 493-494 of AToM, 387-388 of VPLS, 439-440 debug ipv6 rip command, 336-337 debug mpls lspv tlv command, 548-549 debug mpls packet command, 54, 511-513 debugging MPLS LDP-IGP Synchronization, 99 MPLS packets, 511-513 deploying MPLS TE, requirements, 252 DF (Don't Fragment) bit, 63 DHCPv6, 334 differences between IPv4 and IPv6, 333-334 DiffServ (Differentiated Services), 457-458 forwarding classes, 459-461 recoloring...

Data Plane of AToM

As the ingress PE receives a frame from the CE, it forwards the frame across the MPLS backbone to the egress LSR with two labels the tunnel label and the VC label. In an AToM network, each pair of PE routers must run a targeted LDP session between them. The targeted LDP session signals characteristics of the pseudowire and most importantly advertises the VC label. The VC label is always the bottom label in the label stack. It identifies the egress AC on the egress PE. The tunnel label is the...

Default MPLS QoS Behavior in Cisco IOS

In Cisco IOS, the default behavior when imposing one or more labels on an IP packet is to copy the precedence value to the EXP bits of all imposed labels. This is called TOS reflection, because nothing regarding QoS changes by default. If, however, the six bits of the DSCP field are used, only the first three bits of DSCP are copied to the EXP bits of the labels. This leads to the first MPLS QoS rule. MPLS QoS Rule 1 By default, in Cisco IOS, the precedence bits or the first three bits of the...

Definition of MPLS

The MPLS labels are advertised between routers so that they can build a label-to-label mapping. These labels are attached to the IP packets, enabling the routers to forward the traffic by looking at the label and not the destination IP address. The packets are forwarded by label switching instead of by IP switching. The label switching technique is not new. Frame Relay and ATM use it to move frames or cells throughout a network. In Frame Relay, the frame can be any length, whereas in ATM, a...

Detection and Diagnosis of Control and Data Plane Defects

Common problems for MPLS networks are packets arriving at a label switching router (LSR) with a specific top label for which the LSR has no forwarding information or incorrect forwarding information. This problem can be detected by the control information that Label Distribution Protocol (LDP), Resource Reservation Protocol (RSVP), IP routing protocols, routing table, label information base (LIB), and label forwarding information base (LFIB) provide. However, the problem only becomes apparent...

Diff Serv Tunneling Models

MPLS QoS Rule 4 causes an interesting behavior Regardless of what the MPLS EXP value was changed to at the ingress LSR or any other LSR, that value is not copied to the exposed IP packet at the egress LSR of the MPLS network. In effect, this enables the operator of the MPLS cloud to carry the QoS value of the IP packet transparently through the MPLS network. No matter how many times the EXP bits are changed, by default, the IP precedence or DSCP bits of the IP packet are preserved the value at...

Diff Serv with IP Packets

Refer to Figure 12-1 to refresh your memory about what the IP header looks like. Figure 12-1 IP Header Fields Figure 12-2 The TOS Byte of the IP Header Defining the Precedence Bits 111 - Network Control 110 - Internetwork Control 101 - CRITIC ECP 100 - Flash Override 011 - Flash 010 - Immediate 001 - Priority 000 - Routine 1000 - - Minimize Delay 0100 - - Maximize Throughput 0010 - - Maximize Reliability 0001 - - Minimize Monetary Cost 0000 - - Normal Service The usage of the precedence bits...

Diff Serv with MPLS Packets

Remember the syntax of a label from Chapter 2, MPLS Architecture Figure 12-4 is a refresher. Figure 12-4 Syntax of an MPLS Label As you can see, there are three EXP, or experimental, bits. They are called experimental, but they are really used only for QoS. You can use these bits in the same way that you use the three precedence bits in the IP header. If you use these three bits for QoS, you can call the label switched path (LSP) an E-LSP, indicating that the label switching router (LSR) will...

Distributed Cef Dcef

One of the main advantages of CEF is that it can be used in a distributed manner. Some Cisco routers use a central CPU without any form of decentralized or distributed intelligence. An example of such a router is the 7200 series router. CEF in this platform can only use the central CPU and as such can forward traffic by the CPU or in interrupt mode. Other hardware such as the 7500 or GSR 12000 series router has distributed intelligence and CPUs. Therefore, the router can distribute the burden...

Dual TE Metrics

By default, MPLS TE uses the TE metrics of the links to route the TE tunnels however, by default the TE link metrics are the same as the IGP link metrics. However, you can override this option when you set the TE metrics. You cannot have two TE metrics, though, to route TE tunnels. One solution, if you want to use two metrics, is to use the IGP metric and TE metric at the same time to route TE tunnels. Network administrators who want one metric for delay and one for bandwidth choose this...

E

Autonomous system override, 230-232 eBGP Multipath, 200 echo requests with Router Alert label, 551 MPLS LSP traceroute, 545 sending receiving with Cisco IOS Software, 546-551 MPLS ping information, 539-540 IP address ranges, specifying, 552-554 MPLS traceroute, IP address ranges, specifying, 554 EF (expedited forwarding), 459 egress LSRs, 29 egress NetFlow, 563 eiBGP Multipath, 200 EIGRP, 220 backdoor links, 225-226 BGP extended communities, 221-222 configuring, 222 configuring for IPv6,...

EBGP

EBGP can be the PE-CE routing protocol. Under the address family ipv4 vrf of the router bgp process on the PE, you need to configure the CE router as the eBGP neighbor and activate it. In Example 7-35, the eBGP neighbor 10.20.2.1 (the CE router) in the autonomous system 65001 in VRF cust-one is configured. Example 7-35 Basic BGP Configuration as PE-CE Routing Protocol neighbor 10.200.254.5 remote-as 1 neighbor 10.200.254.5 update-source Loopback0 neighbor 10.200.254.5 send-community extended...

Explicit NULL Label

The use of implicit NULL adds efficiency when forwarding packets. However, it has one downside The packet is forwarded with one label less than it was received by the penultimate LSR or unlabeled if it was received with only one label. Besides the label value, the label also holds the Experimental (EXP) bits. When a label is removed, the EXP bits are also removed. Because the EXP bits are exclusively used for quality of service (QoS), the QoS part of the packet is lost when the top label is...

F

Facility backup, 292 fast switching, 148 FCS retention as potential IETF draft of BGP available on 6PE 6VPE, 379 features supported on 6VPE, 378 FEC (Forwarding Equivalence Class), 30, 32 bindings, 68 fields in IPv6 header, 331-332 filtering incoming LDP label bindings, 90-91 flapping links, enabling LDP Session Protection, 100-103 flooding TE information, 264, 266 Flow Label header field (IPv6), 332 flows, tracking, 563-564 forwarding adjacency, 306-309 forwarding classes, 459-461 forwarding...

FCS Retention

Currently, in AToM networks, the frame check sequence (FCS) of Ethernet, Frame Relay, HighLevel Data Link Control (HDLC), and PPP Layer 2 frames is removed before AToM sends the frames across the pseudowire. At the remote end of the pseudowire, the egress PE inserts the FCS by calculating it over the received Layer 2 frame. This behavior might lead to problems if intermediate LSRs introduce a problem whereby they change the payload of the MPLS packet. This problem can go undetected until the...

Flooding by the IGP

The IGP floods the TE information in the following cases Changes in the reserved bandwidth After a tunnel setup failure As with regular IP routing, OSPF floods the LSA or IS-IS floods the LSP when the state (up or down) of the interface changes or when a manual configuration change alters the characteristics of the interface for the IGP. OSPF and IS-IS also have a periodic flooding mechanism. With OSPF, a periodic flooding occurs every 30 minutes. You can change this interval with the command...

Forwarding Adjacency

Forwarding adjacency is an MPLS TE feature whereby the IGP can see a TE LSP as a link. The IGP on the head end router of the TE tunnel advertises the TE LSP as a link with a certain IGP metric associated with it. Any router in the same area as the head end router then includes this link when it is running the SPF algorithm. As such, the IGP sees the total path that a TE tunnel spans as one link only. To correctly use forwarding adjacency, you must configure two TE tunnels between a pair of LSRs...

Forwarding Equivalence Class

A Forwarding Equivalence Class (FEC) is a group or flow of packets that are forwarded along the same path and are treated the same with regard to the forwarding treatment. All packets belonging to the same FEC have the same label. However, not all packets that have the same label belong to the same FEC, because their EXP values might differ the forwarding treatment could be different, and they could belong to a different FEC. The router that decides which packets belong to which FEC is the...

Frame Mode ATM

You can also use ATM in Frame mode on the edge routers. In that case, a PVC is configured between the edge routers. The configuration on the router consists of an ATM subinterface with PVC. LDP is enabled on the subinterface with the command mpls ip. The ATM switches in this case are not MPLS-aware. The routers on the edge peer with each other both for OSPF and LDP instead of with the ATM switches. This is the overlay model. The label space used on the ATM subinterface is the platform-wide...

FRRLink Protection

With link protection, one particular link used for TE is protected. This means that all TE tunnels that are crossing this link are protected by one backup tunnel. This technique is also called facility backup because a complete link with all its TE LSPs is backed up. Figure 8-15 shows a simple network whereby the link R1-R2 is protected by a backup tunnel R1-R3-R2. This backup tunnel protects only the TE tunnels in the direction from R1 to R2. Therefore, to protect all tunnels crossing the link...

FRRNode Protection

With FRR for Node Protection, you are not trying to protect only one link, but rather a whole router. Node protection works by creating a next-next-hop (NNHOP) backup tunnel. An NNHOP backup tunnel is not a tunnel to the next-hop router of the PLR, but to the router that is one hop behind the protected router. Therefore, in the case of node protection, the NNHOP router is the MP router. When you configure the command tunnel mpls traffic-eng fast-reroute node-protect on the head end of the TE...

Fundamentals of MPLS

Chapter 1 The Evolution of MPLS Chapter 3 Forwarding Labeled Packets Chapter 4 Label Distribution Protocol Chapter 5 MPLS and ATM Architecture Chapter 6 Cisco Express Forwarding After completing this chapter, you will be able to do the following Explain the driving factors behind MPLS List the benefits of forwarding labeled packets instead of forwarding IP packets Explain the applications of MPLS that have received widespread acceptance

Giant and Baby Giant Frames

When a packet becomes labeled, the size increases slightly. If the IP packet was already at the maximum size possible for a certain data link (full MTU), it becomes too big to be sent on that data link because of the added labels. Therefore, the frame at Layer 2 becomes a giant frame. Because the frame is only slightly bigger than the maximum allowed, it is called a baby giant frame. Take the example of Ethernet The payload can be a maximum of 1500 bytes. However, if the packet is a maximum...

Giant Frames on Switches

You can also see giant and baby giant frames on Layer 2 switches because the maximum Ethernet frame has increased by as many bytes as are in the label stack. Configuration might be needed on the Ethernet switches to allow them to switch giant and baby giant frames. Example 3-11 shows examples on how to enable jumbo Ethernet frames on an Ethernet switch. Example 3-11 Allowing Jumbo Frames on Ethernet Switches Enter configuration commands, one per line. < 1500-9216> Jumbo mtu size in Bytes,...

H

HDLC, transporting across MPLS networks, Hello interval (LDP messages), changing, 71 discovering LSRs running LDP, 69-73 LDP Hello interval, changing, 71 Hold time, changing, 71 history of MPLS, tag switching, 19-20 Hold time (LDP messages), 70 holding priority of MPLS TE tunnels, configuring, 273-274 hop count, enabling loop detection, 125-127 hub-and-spoke scenario, 233-235 H-VPLS (Hierarchical VPLS), 450 with MPLS in access layer, 452 with QinQ, 450-452 time exceeded messages, 57...

Hierarchical VPLS

With Hierarchical VPLS (H-VPLS), the PE routers are no longer directly attached to the customer equipment. Hierarchy is introduced by adding another layer in the access layer toward the customer equipment. H-VPLS has two forms H-VPLS with dot1q tunneling in the access layer H-VPLS with MPLS in the access layer Figure 11-7 shows H-VPLS. - Access Layer-- MPLS Core -- Access Layer - There are now N-PE and U-PE routers. The N-PE routers are network-facing PE routers, whereas the U-PE routers are...

Housekeeping by Means of Notification

Notification messages are needed for the housekeeping of LDP sessions. The notification messages signal significant events to the LDP peer. These events might be fatal errors (Error Notifications) or simple advisory information (Advisory Notifications). If a fatal error occurs, the sending LSR and receiving LSR should terminate the LDP session immediately. Advisory Notifications are used to send information about the LDP session or a message received from the peer. The following events can be...

How This Book Is Organized

This book has 15 chapters and one appendix and is organized in two parts. Also available are online supplemental materials that you can find on the website, including an appendix on static MPLS labels. Although each chapter has its own topic and stands alone, it is best to read this book in sequential order. Only if you are an MPLS-experienced reader will you be able to jump to any chapter from Part II without problem. Even if you fit into that category, you might want to browse through the...

How to Implement the Three Diff Serv Tunneling Models

The distinction between the three models is made only on the ingress and egress LSR. For the three models, no configuration is needed on the ingress LSR assuming that the service provider is willing to accept the DiffServ information set by the customer as the LSP DiffServ information in the MPLS core. The reason for that is MPLS QoS Rules 1 and 2. However, for the Uniform model, this is a requirement, whereas for the Pipe and Short Pipe models, the ingress LSR could set other values for the...

Huband Spoke

Virtual Experimentation Process

Often, customers do not want their sites to have full interconnectivity. This means they do not want or need the sites to be fully meshed. A typical scenario involves one main site at a company with many remote sites. The remote sites or spokes need connectivity to the main or hub site, but they do not need to communicate between them directly. Perhaps the connectivity is possible but not wanted for security reasons. This scenario is commonly referred to as the hub-and-spoke scenario. It can...

HVPLS with Dot1q Tunneling QinQ in the Access Layer

As in the case of EoMPLS, dot1q tunneling (QinQ) is possible with VPLS. This means that the customer VLANs can be encapsulated into another VLAN (the provider VLAN, or P-VLAN), allowing a multi-VLAN switched customer network to be transparently transported between multiple sites connected to an MPLS network. This P-VLAN is mapped to one VFI on the N-PE router. If the CE equipment is a router, you can configure the Ethernet interface toward the PE router as a trunk interface by configuring...

HVPLS with MPLS in the Access Layer

Look at Figure 11-9 to see H-VPLS with MPLS in the access layer. Figure 11-9 H-VPLS with MPLS in the Access Layer With MPLS in the access layer, point-to-point virtual circuits will exist between the N-PEs and U-PEs. You need to disable the default split-horizon behavior on the N-PEs because an N-PE must forward Layer 2 frames received on the pseudowires from another N-PE onto the pseudowires toward the U-PEs and vice versa. You can achieve this with the following command neighbor remote router...

I I

The Ingress PE sets the MPLS EXP bits to 3 A P router can recolor the packet EXP bits become 0 Recoloring at P router the packet becomes out-of-rate Figure 12-12 Recoloring a Packet in an MPLS VPN Network for the Uniform Model Copy must happen for all three models Copy must only happen for uniform model Copy must happen for all three models Copy must only happen for uniform model The Ingress PE sets the MPLS EXP bits to 3 A P router can recolor the packet EXP bits become 0 Recoloring at P...

Implementing the Diff Serv Tunneling Models in Cisco IOS

This section gives an overview of implementing the different MPLS DiffServ Tunneling models in Cisco IOS. The sample network used here is an MPLS VPN network, because this is the MPLS application used most often today. The configuration shown pertains to only one or two values of the MPLS experimental bits or the IP precedence bits to keep the configuration small. In a real-world network, this configuration might need to be expanded to cover all EXP and precedence bits (DSCP levels). Example...

Implicit NULL Label

The implicit NULL label is the label that has a value of 3. An egress LSR assigns the implicit NULL label to a FEC if it does not want to assign a label to that FEC, thus requesting the upstream LSR to perform a pop operation. In the case of a plain IPv4-over-MPLS network, such as an IPv4 network in which LDP distributes labels between the LSRs, the egress LSR running Cisco IOS assigns the implicit NULL label to its connected and summarized prefixes. The benefit of this is that if the egress...

Internet Access Through a Central VRF Site

Vpls Through Firewall

Instead of traffic from each VPN site being forwarded directly to the Internet gateway router, it is possible to forward all the Internet traffic from the VRF sites to the CE router(s) of a central VRF site in a VPN. The advantage is that security features such as firewall services or other services such as Network Address Translation (NAT) are implemented only once and centrally in the central VRF site. The Internet traffic between the VRF sites and the VRF central site is then forwarded...

Internet Access Through the Global Routing Table

An easy way to provide Internet access to CE routers is to have an interface from the PE to the CE router that is in the global routing space. The PE router has a VRF interface toward the CE router, but you can have a second interface that is not in a VRF toward the CE router. The routing on the CE router should then take care of sending the VPN traffic to the VRF interface and the Internet traffic to the interface in the global routing space on the PE router. The obvious disadvantage is that...

Pv6 Internet Access Through 6VPE

RFC 4364 specifies how to access the Internet from within a VPN. These methods for accessing the Internet from CE routers belonging to a VPN that is built from the MPLS VPN for IPv4 architecture are described in detail in Chapter 7. You can use the same three methods that are discussed in Chapter 7 to provide Internet access for VPNs that are built from the 6VPE architecture. These three methods are as follows Static and static VRF routes providing Internet access In the first method, the...

Isis

Another possible PE-CE routing protocol is IS-IS, which is a link state routing protocol like OSPF. Unlike OSPF, however, IS-IS runs directly over Layer 2, not over IP. Having IS-IS run across the PE-CE link requires ISIS to be VRF aware on the PE routers. You can configure ISIS for a VRF by using the command vrf vrf-name under the IS-IS process. IS-IS processes on a router are differentiated from each other by the tag as configured with the command router isis process-tag. You have to...

L

L2TPv3, transporting Layer 2 frames across PSN, 384-385 L2VPN Inter-Autonomous Networking, 431 L2VPN Pseudowire Switching, 432 label advertisement, 111-114 control modes, 122-123 DoD, 116 label advertisement capability (BGP), advertising, 77, 79-81 in UD mode, 78 label withdrawal, 81, 83 incoming LDP, filtering, 90-91 inuse, 80 piggybacking, 33 running separate protocol, 34-35 with LDP, 35-36 label distribution modes (LSRs), 38 label encoding, 110 label lookup versus IP lookup, 44, 46-49 label...

Label Advertisement

The IGP and LDP on the ATM LSRs cannot run directly over the ATM interface and establish a neighborship. A control VC is needed for the IGP and LDP to run on between two adjacent ATM LSRs. When the IGP adjacency is built, the IGP can exchange IP prefixes which are put in the routing table. After LDP forms a session across the control VC, it can exchange label bindings. This in turn enables the ATM LSRs to populate the LIB with bindings. As you recall, a binding is a prefix and an associated...

Label Distribution Protocol

The fundamental story on MPLS is that packets are labeled, and each label switching router (LSR) must perform label swapping to forward the packet. This means that in all cases, labels need to be distributed. You can achieve this in two ways piggyback the labels on an existing routing protocol, or develop a new protocol to do just that. If you want to adjust the Interior Gateway Protocol (IGP) such as Open Shortest Path First (OSPF), Intermediate System-to-Intermediate System (IS-IS), Enhanced...

Label Distribution with LDP

For every IGP IP prefix in its IP routing table, each LSR creates a local binding that is, it binds a label to the IPv4 prefix. The LSR then distributes this binding to all its LDP neighbors. These received bindings become remote bindings. The neighbors then store these remote and local bindings in a special table, the label information base (LIB). Each LSR has only one local binding per prefix, at least when the label space is per platform. If the label space is per interface, one local label...

Label Operation

The possible label operations are swap, push, and pop. Look at Figure 3-1 to see the possible operations on labels. By looking at the top label of the received labeled packet and the corresponding entry in the LFIB, the LSR knows how to forward the packet. The LSR determines what label operation needs to be performed swap, push, or pop and what the next hop is to which the packet needs to be forwarded. The swap operation means that the top label in the label stack is replaced with another, and...

Label Retention Modes

Two label retention modes are possible Liberal Label Retention (LLR) mode Conservative Label Retention (CLR) mode In LLR mode, an LSR keeps all received remote bindings in the LIB. One of these bindings is the remote binding received from the downstream or next hop for that FEC. The label from that remote binding is used in the LFIB, but none of the labels from the other remote bindings are put in the LFIB therefore, not all are used to forward packets. Why keep the labels around that are not...

LDP Autoconfiguration

LDP is enabled on an interface by configuring the interface command mpls ip. On an LSR, LDP is usually enabled on all the interfaces on which the IGP is enabled. Much easier than configuring mpls ip on every interface separately is enabling LDP Autoconfiguration for the IGP. Every interface on which the IGP is running then has LDP enabled. The OSPF router command to enable LDP Autoconfiguration is this As you can see, it can be enabled for just a specific OSPF area. You can also disable it from...

Limiting MAC Addresses

If the metro Ethernet sites have many hosts switches, you need to prevent the PE routers from learning too many MAC addresses from the customers. You also need to protect the PE router from possible denial-of-service (DoS) attacks involving MAC address learning. You can limit the maximum number of MAC entries per VLAN on the PE router by entering the following command mac-address-table limit vlan vlan maximum num action warning limit shutdown The options are to warn when the maximum number of...

Link Manager

The link manager is a piece of the Cisco IOS TE code that does some necessary housekeeping on every TE-enabled router. It mainly does link admission control, which involves keeping track of the bandwidth reserved by RSVP on the links and allowing RSVP to reserve more bandwidth on the link for new tunnel setup requests. It is also the piece of software that determines which TE tunnel LSP can preempt another (by looking at the tunnel priorities) on the links. Finally, it is what triggers the IGP...

Link TE Attributes

Every link in the MPLS network enabled for TE can have characteristics that need to be flooded so that the head end router can figure out whether the TE tunnel can use a particular link. A link that is enabled for TE can have the following characteristics configured for TE Maximum reservable bandwidth Maximum reservable sub-pool bandwidth You configure the maximum reservable bandwidth on the interface by configuring ip rsvp bandwidth interface-kbps. It is configured in kpbs. This is the maximum...

LSP Ping Operation

The MPLS echo request for an MPLS ping holds the following information The echo reply holds the following information An Error Code TLV (optional) The Target FEC Stack TLV from the echo request (optional) The MPLS echo request for an MPLS ping is forced into the right FEC at the sender. The LSR does not do this via a simple lookup of the IP address in the CEF table. The destination IP address is from the range 127.0.0.0 8 anyway, so this is not even possible. The destination of the packet is...

M

MAC addresses, limiting in VPLS, 454 maintaining LDP sessions, 73-74, 76 management access on CE routers, 243-245 manipulating TTL values, 127 manual reoptimization of MPLS TE tunnels, configuring, 275 mapping CoS classes to LVCs, 142 MD5 authentication, configuring on LDP sessions, 86 measuring performance with IP SLA, 319-320 OSPF, propagating, 213 TE, 256 dual-TE metrics, configuring on MPLS TE, 275-278 MIBs, 564-570 LVCs, VPI VCI range, 116 MPLS MTU parameters, 60 moving MPLS QoS from PE to...

MPLS and ATM Architecture

ATM is a connection-oriented protocol that the ITU-T developed. It is connection-oriented because virtual circuits are signaled that carry the ATM traffic. The ATM traffic consists of fixed-sized cells of 53 bytes. Of those 53 bytes, 5 are the cell header and 48 are the cell data. The success of ATM was predominantly in the WAN network. Many vendors built ATM switches that could set up virtual circuits in the WAN network. The advantages of ATM are the following A fixed packet size, resulting in...

MPLS and Quality of Service

Quality of service (QoS) has become popular the past few years. Few networks have unlimited bandwidth, so congestion is always a possibility in the network. QoS is a means to prioritize important traffic over less important traffic and make sure it is delivered. The Internet Engineering Task Force (IETF) has designated two ways to implement QoS in an IP network Integrated Services (IntServ) and Differentiated Services (DiffServ). IntServ uses the signaling protocol Resource Reservation Protocol...

MPLS Control Word

The control word (the MPLS header) is used today in AToM networks to carry protocol control information across the MPLS network to support the correct operation of pseudowires. Networks can also use the MPLS control word for the fragmentation of AToM traffic. Another use of the control word is as Pseudowire Associated Channel Header. This stems from the fact that MPLS has no protocol identifier field to indicate the payload type. The Pseudowire Associated Channel Header indicates that the MPLS...

Mpls ip ttlexpiration pop Command

One command can improve the use of the traceroute tool, at least in some cases. The command mpls ip ttl-expiration pop labels can make a difference. The value of labels is between 1 and 6. This command lets you control the behavior when an ICMP TTL expired message is generated. The default behaviour is to forward the ICMP message along the original LSP. With this command, you can specify the behavior when the TTL of a labeled packet expires, according to the number of labels in the label stack....

MPLS Label Spaces

In Figure 2-10, LSR A can advertise label L1 for FEC 1 to LSR B and label L1 for FEC 2 to LSR C, but only if LSR A can later distinguish from which LSR the packet with label L1 was received. In the case that LSR B and LSR C are directly connected to LSR A via point-to-point links, this can easily be achieved by the MPLS implementation on the LSR. The fact that the label L1 is only unique per interface lends its name to this label scope per-interface label space. If per-interface label space is...

Mpls Lsp Ping

MPLS LSP ping is the name for an MPLS echo request and MPLS echo reply. Ping is a well-known troubleshooting tool for IP networks that is used to figure out if the object is there. If it is, you see an echo. It is like using SONAR on a submarine. Ping uses ICMP, which was designed to augment the IP protocol because it can signal error conditions (destination unreachable, time exceeded, and so on) and send informational advertisements (redirect, address mask, and so on). Ping uses ICMP to carry...

Mpls Lsp Traceroute

The goal of traceroute is to test the path, whereas the goal of ping is to test the connectivity. The goal of MPLS LSP traceroute is to test the path of the LSP and verify the control and data plane on every LSR along the path of the LSP. An MPLS LSP traceroute is nothing more than an MPLS echo request. The difference with MPLS LSP ping is that MPLS LSP traceroute sends several MPLS echo request packets with increasing MPLS TTL. The first MPLS LSP traceroute probe has MPLS TTL 1, and for every...

Mpls Mtu Command

The interface MTU command in Cisco IOS specifies how big a Layer 3 packet can be without having to fragment it when sending it on a data link. For the Ethernet encapsulation, for example, MTU is by default set to 1500. However, when n labels are added, n * 4 bytes are added to an already maximum sized IP packet of 1500 bytes. This would lead to the need to fragment the packet. Cisco IOS has the mpls mtu command that lets you specify how big a labeled packet can be on a data link. If, for...

MPLS Traffic Engineering

Traffic engineering (TE), or the ability to steer traffic through a network, has been around for a while, but it was mainly present in ATM or Frame Relay networks. The role of TE is to get the traffic from edge to edge in the network in the most optimal way. In these networks, virtual circuits were laid out to carry traffic from one edge point in the network to another over ATM or Frame Relay switches. The site-to-site traffic was carefully planned and mapped to these virtual circuits. This is...

Mpls Vpn Mibs

The MIB that is specifically used to set or get objects related to MPLS VPN is MPLS-VPN MIB. The MPLS-VPN MIB has objects related to the VRFs on the PE router. Such objects are related to the VRF, the VRF interfaces, the VRF routing table, and BGP information. For instance, the object mplsVpnVrfRouteTable with OID 1.3.6.1.3.118.1.4.1 allows the network management station from the service provider to get the VRF routing tables from the PE routers. This information includes the prefix, route...

Mpls Vpn Network Using IPv6 over IPv4 Tunnels on the CE Routers

MPLS VPN for IPv4 has seen a great success. Many service providers run it in their network. If you want to carry IPv6 over the MPLS VPN backbone, the CE routers are running IPv6 already. If the CE routers run dual-stack meaning they also run IPv4 next to IPv6 you can implement tunnels between the CE routes to carry the IPv6 traffic. As such, the possibility of carrying IPv6 over the MPLS VPN network might seem an interesting one, because no changes need to be made on the MPLS network. The PE...

Multiple Backup Tunnels

Multiple backup tunnels can protect the same link or node, and they can terminate at different tail end routers. These backup tunnels can be a mix of NHOP and NNHOP. The PLR prefers an NNHOP over an NHOP backup tunnel when assigning a protected TE LSP to a backup tunnel. When the failure happens, it is possible for the TE LSPs on the protected link to switch over to several backup tunnels. Furthermore, one backup tunnel can be used to protect multiple links. This increases the scalability...

Multi Virtual Circuit Tagged Bit Rate

With Multi-Virtual Circuit Tagged Bit Rate (Multi-VC TBR), multiple VCs are set up for the same destination to provide different class of service (CoS). Up to four parallel LVCs can go toward the same destination. The switches can then treat the cells differently based on which LVC they are on. The incoming IP packets are mapped with their IP precedence DiffServ bits to the corresponding outgoing LVC. The labeled packets are mapped based on the EXP bits value of the top label onto the...

MultiVRF CE

The Multi-VRF CE feature also known as VRF-Lite is a feature whereby the VPN functionality is extended to the CE router in a cheap way. Assume that you have a company with a large main site and some smaller sites that are interconnected across an MPLS VPN network. The main site of the company is rather large and has several departments that need to be separated from each other for privacy reasons. These departments (finance, human resources, engineering, and so on) then connect to their...

New MPLS Applications

MPLS VPN is by far the most popular and mature MPLS application. MPLS TE has also matured greatly, because it has been around even longer than MPLS VPN, at least in Cisco IOS. Other MPLS applications such as AToM, Virtual Private LAN Service (VPLS), and MPLS Operation and Maintenance (OAM) will improve and see more deployments. AToM might end up with more supported encapsulations and more control information applied. VPLS has just started to take off. The introduction of hierarchy in VPLS will...

Non MPLSAware ATM Switches

In the example network, the ATM LSR denver-atm is now non-MPLS-aware. Figure 5-14 shows the VP tunnel across the LSR denver-atm. Figure 5-14 VP Tunnels Across denver-atm Figure 5-14 VP Tunnels Across denver-atm A VP tunnel is created from the LSR washington-atm to the LSR brussels-atm that carries the LVCs across the non-MPLS-aware ATM switch. Look at Example 5-21 to see the configuration needed on the LSRs. An ATM subinterface is created for the VP tunnel. Example 5-21 Configuration for MPLS...

OAM Alert Label

In Chapter 3, Forwarding Labeled Packets, you saw a specific MPLS label called the Operation and Maintenance Alert label that has a value of 14. This label is specified by the ITU-T Recommendation Y.1711 and RFC 3429. You insert this OAM Alert label in the label stack just below the label(s) of the LSP under test. Cisco IOS does not use this special MPLS label anywhere. That is because the introduction of a special label in the label stack can influence the treatment of the packet when being...

OAM Protocols

BFD is a new, lightweight, media independent protocol that detects faults in the data plane between two devices. It has been specifically developed to be routing protocol and media independent and to quickly detect data communication failures. The quickly stands for subsecond detection. SONET has alarms that can detect and notify problems quickly. Most media, however, have no such fast detection mechanisms. BFD quickly detects all failures between routers instead of relying on the hello...

Operation of 6VPE

The operation of MPLS VPN for IPv6 or 6VPE is similar to the operation of MPLS VPN for IPv4. 6VPE has the following key features It has an MPLS core network running an IPv4 routing protocol (IGP) and a label distribution protocol (LDP or RSVP for TE). The edge LSRs or PE routers are capable of running IPv6. The edge LSRs or PE routers have VRFs that designate the VPNs toward the customer or CE routers. A full mesh of MP-iBGP sessions exists between the edge LSRs or PE routers and serves to...

Operation of CEF

When a packet enters the router, the router strips off the Layer 2 information. The router looks up the destination IP address in the CEF table (FIB), and it makes a forwarding decision. The result of this forwarding decision points to one adjacency entry in the adjacency table. The information retrieved from the adjacency table is the Layer 2 rewrite string, which enables the router to put a new Layer 2 header onto the frame, just before switching the packet out onto the outgoing interface...

Ospf

OSPF can be the routing protocol on the PE-CE link. To propagate the customer routes from PE to PE, OSPF is redistributed into iBGP and vice versa on the PE routers. The down side of this is that all OSPF routes become external routes on the remote PE when the routes are redistributed back into OSPF. The result of this would be that all OSPF routes that transverse the MPLS VPN backbone would be less preferable than the routes that did not transverse the backbone but were sent via an intersite...

Ospf Vrflite Command

If the Multi-VRF CE router runs OSPF, you need to configure the command capability vrf-lite under the OSPF VRF process to make OSPF behave correctly. As discussed in the section Down Bit and Domain Tag, the PE router uses two checks to ensure that routing loops do not form. With Multi-VRF CE, the CE router acts as a PE router and performs these two checks. The first check involves investigating whether the down bit is set on summary LSAs. If it is, the route is discarded and not advertised...

Overview of IPv6 Unicast Routing in Cisco IOS

So that you can better understand how to transport IPv6 over MPLS, this section offers a brief overview of the IPv6 unicast routing protocols. Not that much has changed. The IP routing protocols have just been adapted to work for IPv6. Open Shortest Path First (OSPF) for IPv6 (OSPFv3) has changed more than any of the other protocols, but it is still similar to OSPFv2. The most significant change in configuring the IPv6 routing protocols in Cisco IOS is the change to enabling the routing...

Overview of the Operation of Mpls Te

Following is what MPLS TE needs to make it work. These are the building blocks of MPLS TE Link constraints (how much traffic each link can support and which TE tunnel can use the link) Overview of the Operation of MPLS TE 253 TE information distribution (by the MPLS TE-enabled link-state routing protocol) An algorithm (path calculation PCALC ) to calculate the best path from the head end LSR to the tail end LSR A signaling protocol (Resource Reservation Protocol RSVP ) to signal the TE tunnel...

P

Packed cell relay (ATM), transporting across MPLS networks, 414-416 packet forwarding, 204-206 as MPLS VPN requirement, 187-188 packets Path MTU Discovery, 334, 510 avoiding fragmentation, 63 path setup option of MPLS TE tunnels, configuring, 269-273 Path Vector TLV, enabling loop detection, 129-130 PathErr messages (RSVP), 289 PathTear messages (RSVP), 289 payload load balancing labeled packets, 49-50 MTU baby giant frames, 60 giant frames, 61 MRU, 62-63 PCALC (path calculation) algorithm,...

Packet Forwarding

This section, illustrated with a specific example, looks at the life of an IP packet as it traverses the MPLS VPN backbone from one customer site to another. The basic building blocks of MPLS VPN need to be in place first. Multiprotocol iBGP needs to run between the PE routers that are distributing the vpnv4 routes and their associated VPN label. A label distribution protocol needs to exist between all the PE and P routers. This example assumes that the label distribution protocol is LDP....

Path MTU Discovery

One method to avoid fragmentation is Path MTU Discovery, which most modern IP hosts perform automatically. In that case, the IP packets sent out have the Don't Fragment (DF) bit set. When a packet encounters a router that cannot forward the packet without fragmenting it, the router notices that the DF bit is set, drops the packet, and sends an ICMP error message Fragmentation needed and do not fragment bit set (ICMP type 3, code 4) to the originator of the IP packet. The originator of the IP...

Piggyback the Labels on an Existing IP Routing Protocol

The first method has the advantage that a new protocol is not needed to run on the LSRs, but every existing IP routing protocol needs to be extended to carry the labels. This is not always an easy thing to do. The big advantage of having the routing protocol carry the labels is that the routing and label distribution are always in sync, which means that you cannot have a label if the prefix is missing or vice versa. It also eliminates the need of another protocol running on the LSR to do the...

Problems with Tracerouting in MPLS Networks

Tracerouting in an MPLS network is similar to tracerouting in an IP network. However, the path that the ICMP messages take is not the same in an MPLS network as in an IP network. All ICMP messages are forwarded to the egress router on the LSP. The result of this behavior is that tracerouting becomes less efficient. Take the example of the link between the two P routers in the previous network, when it is no longer forwarding labeled packets. For example, LDP is failing between the two P...

Putting It All Together

Figure 8-13 shows a network with three routers, all enabled for MPLS TE. Figure 8-13 RSVP PATH and RESV Advertisements Session Object Request Label Sender_Tspec Session Attribute ERO Session Object Request Label Sender_Tspec Session Attribute ERO 10.200.210.1 10.200.210.2 10.200.211.1 10.200.211.2 paris ,_ brussels ._ rome Session Object Label Object Sender_Tspec RRO (optional) Session Object Label Object Sender_Tspec RRO (optional) The head end router paris is configured as in Example 8-15....

Quality of Service

As with AToM, you can use quality of service (QoS) with VPLS. By default, the 802.1Q priority bits are copied to the Experimental (EXP) bits of the MPLS labels. If the service provider wants to change the QoS, he can deploy Modular QOS Command Line Interface (MQC). On the VLAN interface, the service provider can configure MQC to color and police the traffic. You can directly set the EXP of the imposed MPLS labels to a certain value and shape the traffic to a certain average rate. This is...

Rd

Cer Mica Campaniforme

The VPN prefixes are propagated across the MPLS VPN network by Multiprotocol BGP (MP-BGP). The problem is that when BGP carries these IPv4 prefixes across the service provider network, they must be unique. If the customers had overlapping IP addressing, the routing would be wrong. To solve this problem, the concept of RDs was conceived to make IPv4 prefixes unique. The basic idea is that each prefix from each customer receives a unique identifier (the RD) to distinguish the same prefix from...