Packet Forwarding

This section, illustrated with a specific example, looks at the life of an IP packet as it traverses the MPLS VPN backbone from one customer site to another. The basic building blocks of MPLS VPN need to be in place first. Multiprotocol iBGP needs to run between the PE routers that are distributing the vpnv4 routes and their associated VPN label. A label distribution protocol needs to exist between all the PE and P routers. This example assumes that the label distribution protocol is LDP. Between the PE and the CE routers, a routing protocol needs to run and put the customer routes into the VRF routing table on the PE routers. Finally, those routes need to be distributed into MP-iBGP and vice versa. Look at Figures 7-17 and 7-18 to better understand the explanation that follows. Figure 7-17 shows the route advertisement of the vpnv4 route and label from egress PE to ingress PE and the advertisement of the IGP route—representing the BGP next hop of the egress PE—and label to the ingress PE. The BGP next-hop address on the egress PE is 10.200.254.2/32, which an IGP advertises to the ingress PE. The label for that IGP route is advertised hop by hop by LDP. The customer IPv4 route 10.10.100.1/32 is advertised by a PE-CE routing protocol from the CE to the egress PE. The egress PE adds the RD 1:1, turns it into vpnv4 route 1:1:10.10.100.1/32, and sends it to the ingress PE with label 30, via Multiprotocol iBGP.

Figure 7-17 Life of an IPv4 Packet Across the MPLS VPN Backbone: Route and Label Advertisement

MP-iBGP Update VPNv4 Route 1:1:10.10.100.1/32 Label 30

Figure 7-17 Life of an IPv4 Packet Across the MPLS VPN Backbone: Route and Label Advertisement

MP-iBGP Update VPNv4 Route 1:1:10.10.100.1/32 Label 30

Loopback 0 Label Implicit-null For 10.200.254.2/32 10.200.254.2/32

Label 33 For 10.200.254.2/32

Label 16 For 10.200.254.2/32

VRF cust-one RD 1:1

10.10.100.1/32 VRF cust-one

Loopback 0 Label Implicit-null For 10.200.254.2/32 10.200.254.2/32

Label 33 For 10.200.254.2/32

Label 16 For 10.200.254.2/32

10.10.100.1/32 VRF cust-one

VRF cust-one

Route Update 10.10.100.1/32

Route Update 10.200.254.2/32

Route Update 10.200.254.2/32

Route Update 10.200.254.2/32

Route Update 10.10.100.1/32

Figure 7-18 shows a packet with destination IP address 10.10.100.1 being forwarded with the two labels as advertised in Figure 7-17.

VRF cust-one

Route Update 10.10.100.1/32

Route Update 10.200.254.2/32

Route Update 10.200.254.2/32

Route Update 10.200.254.2/32

Route Update 10.10.100.1/32

Figure 7-18 shows a packet with destination IP address 10.10.100.1 being forwarded with the two labels as advertised in Figure 7-17.

Figure 7-18 Life of an IPv4 Packet Across the MPLS VPN Backbone: Packet Forwarding

IPv4 Packet

Label 30

IPv4 Packet

Label 33

Label 30

IPv4 Packet

Label 16

Label 30

IPv4 Packet

IPv4 Packet

IPv4 Packet

IPv4 Packet

IPv4 Packet

IPv4 Packet

IPv4 Packet t

VRF cust-one t

VRF cust-one

When an IP packet enters the ingress PE router from the CE, the ingress PE router looks up the destination IP address in the VRF cust-one CEF table. The ingress PE router finds the correct VRF by looking at which interface the packet entered the PE router, and with which VRF table this interface is associated. The specific entry in the VRF CEF table usually indicates that two labels need to be added.

NOTE When the ingress and egress PE routers are directly connected, the packets will have only one label—the VPN label. This is true because of penultimate hop popping (PHP).

First, the ingress PE router pushes VPN label 30—as advertised by BGP for the vpnv4 route. This becomes the bottom label. Then, the ingress PE router pushes the IGP label as the top label. This label is the label that is associated with the /32 IGP route for the BGP next-hop IP address. This is usually the IP address of the loopback interface on the egress PE. This label is advertised hop by hop between the P routers until it reaches the ingress PE router. Each hop changes the value of the label. The IGP label that the ingress PE pushes is label 16.

The IPv4 packet leaves the ingress PE router with two labels on top of it. The top label—the IGP label for the egress PE router—is swapped at each hop in the path. This label gets the IPv4 VPN packet to the correct egress PE router. Usually—because it is the default behavior in Cisco IOS— PHP behavior takes place between the last P and the egress PE router. Therefore, the IGP label is popped off on the last P router and the packet enters the egress PE router with only the VPN label in the label stack. The egress PE router looks up this VPN label in the LFIB and makes a forwarding decision. Because the outgoing label is No Label, the remaining label stack is removed and the packet is forwarded as an IP packet to the CE router. The egress PE router does not have to perform an IP lookup of the destination IP address in the IP header if the outgoing label is No Label. The correct next-hop information is found by looking up the VPN label in the LFIB. Only when the outgoing label is Aggregate does the egress PE router have to perform an IP lookup in the VRF CEF table after the label lookup in the LFIB.

Look at Examples 7-18 through 7-20 to see the labels advertised by LDP and MP-iBGP and their use in the VRF CEF table and LFIB. These labels correspond with the labels in Figures 7-17 and 7-18.

Example 7-18 VRF CEF Table Cust-One on Ingress PE

Ingress-PE#show ip cef vrf cust-one 10.10.100.1 255.255.255.255 detail

recursive via 10.200.254.2 label 30 nexthop 10.200.214.1 POS0/1/0 label 16

Example 7-19 Vpnv4 Route on Ingress PE

Ingress-PE#show ip bgp vpnv4 rd 1:1 10.10.100.1

BGP routing table entry for 1:1:10.10.100.1/32, version 81 Paths: (1 available, best #1, table cust-one) Not advertised to any peer Local

10.200.254.2 (metric 3) from 10.200.254.2 (10.200.254.2)

Origin incomplete, metric 1, localpref 100, valid, internal, best Extended Community: RT:1:1, mpls labels in/out nolabel/30

Example 7-20 LFIB Entry on Egress PE

Egress

PE#show mpls forwarding

table labels 30

Local

Outgoing

Prefix

Bytes Label

Outgoing Next Hop

Label

Label or VC

or Tunnel

Id Switched

interface

30

No Label

10.10.100

1/32[V] 0

Et0/1/2 10.10.2.1

Micro Expression Master

Micro Expression Master

If You Could Read Everyone Life A Book You Can Have Better Career, Great Relationships And Become Successful. This Book Is One Of The Most Valuable Resources In The World When It Comes To Reading the smallest and tiniest body Language and know what people are thinking about.

Get My Free Ebook


Post a comment