VPN Label Propagation

Question: How will the ingress PE router get the second label in the label stack from the egress PE router?

Answer: Labels are propagated in MP-BGP VPNv4 routing updates.

W 2003, Cisco System«, Inc. All right« reserved.

The previous figures showed that an MPLS label stack with the second label is required for proper MPLS VPN operation. This label was allocated by the egress PE router. This label has to be propagated from the egress PD router to the ingress PE routers to enable proper packet forwarding. MP-BGP was chosen as the propagation mechanism. Every MP-BGP update thus carries a label assigned by the egress PE router together with the 96-bit VPNv4 prefix.

Step 1: A VPN label is assigned to every VPN route by the egress PE router.

Step 2: The VPN label is advertised to all other PE routers in an MP-BGP update.

Step 3: A label stack is built in the VFR table.

Step 1: A VPN label is assigned to every VPN route by the egress PE router.

Step 2: The VPN label is advertised to all other PE routers in an MP-BGP update.

Step 3: A label stack is built in the VFR table.

W 2003, Cltco Syttent, Inc. All right* reterved

The figure illustrates VPN label propagation between PE routers.

Step 1 The egress PE router assigns a label to every VPN route received from attached CE routers and to every summary route summarized inside the PE router. This label is then used as the second label in the MPLS label stack by the ingress PE routers when labeling VPN packets.

The VPN labels assigned locally by the PE router can be inspected with the show mpls forwarding vrf xxx command (where "xxx" is the name of the VRF).

Step 2 VPN labels assigned by the egress PE routers are advertised to all other PE routers together with the VPNv4 prefix in MP-BGP updates.

The labels can be inspected with the show ip bgp vpnv4 all tags command on the ingress PE router.

The routes that have an input label but no output label are the routes received from CE routers (and the input label was assigned by the local PE router). The routes with an output label but no input label are the routes received from the other PE routers (and the output label was assigned by the remote PE router).

For example, the VPN label for destination 192.188.10.0 is 38 and was assigned by the egress PE router).

Note Like many Cisco IOS software show commands, the show ip bgp vpnv4 all tags command uses the old terminology labels called "tags."

Step 3 The ingress PE router has two labels associated with a remote VPN route: a label for the BGP next hop assigned by the next-hop P router via LDP (and taken from the local label information base, or LIB) as well as the label assigned by the remote PE router and propagated via MP-BGP update. Both labels are combined in a label stack and installed in the VRF table.

The label stack in the VRF table can be inspected using the show ip cef vrf detail command. The tags imposed part of the printout displays the MPLS label stack. The first label in the MPLS label stack is the LDP label forwarded toward the egress PE router, and the second label is the VPN label advertised by the egress PE router.

Was this article helpful?

+1 0

Post a comment