Sunday, April 15, 2007

MPLS study notes

MPLS: Multi Protocol Label Switching
Packet forwarding is done based on Labels.
Labels are assigned when the packet enters into the network.
Labels are on top of the packet.
MPLS is functioning in frame-mode or cell-mode.
LSPs are unidirectional
Label Header:= Header 4 bytes, Label 20 bits.
Label Header can be used over Ethernet, 802.3, or PPP links
A label switch router (LSR) is a device that forwards based on labels.
An edge LSR labels and removes labels from packets.
LSRs distribute labels to the upstream neighbors
Forwarding tables (FIB) are built based on IP routing tables with no labeling information
MPLS convergence occurs immediately after the routing protocol convergence, based on labels already stored in LIB
LDP and TDP use a similar process to establish a session:
Hello messages are periodically sent on all interfaces enabled for MPLS.
UDP is used for hello messages. It is targeted at "all routers on this subnet" multicast address (
TCP is used to establish the session.
Both TCP and UDP use well-known LDP port number 646 (711 for TDP).
Penultimate hop popping optimizes MPLS performace (one less LFIB lookup).
PHP optimizes MPLS performance by reducing the number of table lookups on the egress router.
PHP is not supported on ATM devices because a label is part of the ATM cell payload and cannot be removed by the ATM switching hardware
Pop or implicit null label uses value 3 when being advertised to a neighbor.
Provider Network (P-Network): The backbone under control of a Service Provider
Customer Network (C-Network):Network under customer control
CE router:Customer Edge router. Part of the C-network and interfaces to a PE router
Site is connected to the VPN backbone through one or more PE/CE links
PE router Provider Edge router. Part of the P-Network and interfaces to CE routers
P router Provider (core) router, without knowledge of VPN
Route-Target 64 bits identifying routers that should receive the route
Route Distinguisher Attributes of each route used to uniquely identify prefixes among VPNs (64 bits) VRF based (not VPN based)
VPN-IPv4 addresses Address including the 64 bits Route Distinguisher and the 32 bits IP address
VRF VPN Routing and Forwarding Instance Routing table and FIB table Populated by routing protocol contexts
VPN-Aware network, A provider backbone where MPLS-VPN is deployed
Intranet VPN: Intranet VPNs connect sites within an organization. Security mechanisms are usually not deployed in an intranet, because all sites belong to the same organization.
Extranet VPN: Extranet VPNs connect different organizations. Extranets usually rely on security mechanisms to ensure the protection of participating individual organizations. Security mechanisms are usually the responsibility of individual participating organizations.
Access VPN: Access VPNs are virtual private dial-up networks (VPDNs) that provide dialup access into a customer network.
PE routers are faced to CE routers and distribute VPN information through MP-BGP to other PE routers
P routers do not run BGP and do not have any VPN knowledge
PE and CE routers exchange routing information through: EBGP, OSPF , RIPv2, Static routing
Site of Origin (SOO): identifies the originating site
Route-target (RT): identifies the set of sites the route has to be advertised to
RTs are attributes that are attached to a VPNv4 BGP route to indicate its VPN membership. The extended BGP communities of a routing update is used to carry the RT of that update, thus identifying which VPN the update belongs to.
RD is configured in the PE for each VRF
The RD is used only to transform nonunique 32-bit customer IP version 4 (IPv4) addresses into unique 96-bit VPNv4 addresses (also called VPN IPv4 addresses).
RD may or may not be related to a site or a VPN
<16bits type>::<32 bit number>Registered AS number
<16bits type>::<16 bit number>Registered IP address
VRF: VPN Routing and Forwarding Instance( VRF Routing Protocol Context, VRF Routing Tables,VRF CEF Forwarding Tables)
One central site has full routing knowledge of all other sites (of same VPN) = Hub-Site
Other sites will send traffic to Hub-Site for any destination = Spoke-Sites

show commands
show ip route vrf ...
show ip protocol vrf
show ip cef
show tag-switching tdp parameters
show tag-switching interface
show mpls interface
show tag-switching tdp discovery
show tag-switching tdp neighbor
show tag-switching tdp neighbor detail
show tag-switching tdp bindings
show tag-switching forwarding-table
show mpls forwarding-table
show ip cef detail

Sample PE Router Configuration
conf t
ip cef
ip vrf Cust
rd 1:100
route-target both 1:100

interface Serial0/0
ip vrf forwarding Cust
ip address

router eigrp 1
address-family ipv4 vrf Cust
redistribute bgp 1 metric 1000 100 255 1 1500
no auto-summary
autonomous-system 101

router bgp 1
no synchronization
no auto-summary
address-family vpnv4
address-family ipv4 vrf Cust
neighbor remote-as 1
neighbor activate
neighbor update-source Loopback0
redistribute eigrp 201

To verify configuration
show ip eigrp vrf Cust neighbors
show ip bgp vpnv4 vrf ...
show ip route eigrp
sh ip vrf route

No comments: