- MPLS
- LDP
- Multicast LDP
- Labels
- IP aggregarion
- Graceful restart
- TTL expiration
- MPLS payload
- Maximum receive unit (MRU)
- Filtering
- QoS
- MPLS CEF LB
- 6PE
- Carrier’s Carrier (CsC)
- Inter-AS VPN Option B
- Inter-AS VPN Option C (multihop MP-BGP)
- 2547oDMVPN
- Load-balancing
MPLS
- switching packets based on label value
- Ethertype = 0x8847 (unicast)
- based on unicast RIB, label per prefix (for BGP – label per next-hop ⇒ next-hop-self required)
- IGP + LDP
- TTL:
- IP header TTL does not change across LSP
- ingress E-LSR copies IP TTL to MPLS TTL, every router decreases MPLS TTL, egress E-LSR copies MPLS TTL to IP TTL
- decreased on label swap
- not copied if MPLS TTL > IP TTL (loop safeguard)
- TTL proparation has to be disabled either on all or none routers
- PHP:
- penultimate hop popping = before ultimate hop
- removes label before sending to E-LSR
- 1 lookup instead of 2 (no label lookup in LFIB)
- implicit null ≡ pop label
- only for connected and aggregated (they 100% require IP lookup for forwarding)
- load-balancing only across MPLS links, unlabeled IP path not used (otherwise drop, e.g. AToM)
- LIB stores all labels, LFIB – only active
- FEC – forwarding equivalence class (~ IP dst, mcast group, …) – packets for the same class are sent across the same LSP
- mode:
- frame mode
- cell mode (ATM)
- label mode:
- liberal:
- stores labels from active neighbours even if not used (not next-hop)
- speeds up convergence
- not LC-ATM
- conservative:
- stores only active labels
- less RAM utilization
- LC-ATM
- liberal:
- LSP control mode:
- independent: labels are generated after receiving FEC
- ordered: labels are generated after receiving FEC and next-hop label
- ATM switches only
- IP precedence is copied to EXP on PE; optionally EXP can be copied to IP precedence
- no outgoing label = pop labels + FIB IP
- label unknown → drop
MPLS LSP
Labels are swapped when crossing LSR
PE1 → PE2 – label switched path (LSP)
LSP = 22;39
LSP – unidirectional
Using PHP removes LFIB lookup on PE2
MPLS EXP & TTL
MPLS shim
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Label | EXP |S| TTL |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Label: 0-15 reserved
EXP: undefined (deprecated RFC), QoS (active RFC)
S = 1: bottom of stack, for first label after IP header
LSR – label switching router (push/pop label, switch)
E-LSR – edge LSR: ingress E-LSR (push), egress E-LSR (pop)
LDP
- label distribution protocol
- default (not TDP – deprecated)
- MPLS TE – RSVP, MPLS VPN – MP-BGP, mcast – PIM or mLDP
- announces labels for each prefix in uRIB; exception – BGP: per next-hop generation, generated by next-hop only on putting itself as NEXT_HOP
- trigger for allocation: new route in RIB
- LIB: MPLS label information base
- messages:
- Hello:
- 224.0.0.2, UDP 646
- LDP ID, label space (= 0), holdtime
- announces IP address for TCP connection (ID or explicit transport address)
- Update:
- unicast, TCP
- announces mapping label-FEC
- Initialization:
- TCP
- label distribution method, keepalive time, TLV, timers for TCP
- Notification:
- TCP
- error (e.g. parameters not compatible)
- Keepalive:
- TCP
- refreshes TCP session
- acknowledge receiving Initialization
- Address / Withdraw address:
- TCP
- announces bound address
- Label / Label withdraw:
- TCP
- announces labels
- Hello:
- PHP (pop label): connected and aggregated only; for other prefixes – egress LSR generates labels
- label distribution:
- downstream on demand (DoD):
- label only from next-hop
- LC-ATM
- unsolicited downstream:
- label from all adjacent neighbours
- not LC-ATM
- downstream on demand (DoD):
- does not allocate labels for BGP prefixes (IOS)
- TCP session is started by highest LDP IP:
- manual configuration
- highest loopback
- highest physical
- if there are several links between LSR within same label space, they have to use the same transport address; otherwise only 1 TCP to the neighbour, no load-balancing (1 interface in discovery sources = only 1 link for LDP neighbouship)
- IOS: label allocation is asynchronous, does not depend on others
- targeted Hello: sent unicast if neighbour is not directly connected (TE tunnel)
- timers:
- hello: 5s, 3 times lower than holdtime in use
- keepalive: 60s
- holdtime:
- 180s for TCP
- 15s for UDP
- if neighbours have different values, lower value is used
Session negotiation
Label space:
- 2 LSB bytes of LDP ID
- 0 ≡ per-platform, otherwise space number
LDP PDU
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Version | PDU length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| LSR ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Label space ID | \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ TLV/message /
\ \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+LDP TLV
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|U|F| Type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
\ \
/ Value /
\ \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+U: unknown bit; 0 ≡ on recognising as unknown – send notification; 1 ≡ ignore if unknown
F: forward unknown bit; 1 ≡ forward if the message is to be forwarded
LDP message
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|U| Message type | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Message ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
\ \
/ Mandatory parameters /
\ \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
\ \
/ Optional parameters /
\ \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+Types:
- Notification: 0x0001
- Hello: 0x0100
- Init: 0x0200
- Keepalive: 0x0201
- Address: 0x0300
- Address Withdraw: 0x0301
- Label Mapping: 0x0400
- Label Request: 0x0401
- Label Abort: 0x0404
- Label Withdraw: 0x0402
- Label release: 0x0403
- Vendor private: 0x3E00 – 0x3EFF
- MAC flush: 0x0406
FEC TLV
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0|0| 0x0100 | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| FEC type | AFI | Prefix length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
\ \
/ Prefix /
\ \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ FEC type:
- 1: wildcard (no payload)
- 2: prefix
- mcast:
- 6: P2MP
- 7: MP2MP-up
- 8: MP2MP-down
- prefix = root address
- at the end of FEC element – opaque length + value
Generic label TLV
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0|0| 0x0200 | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Label |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Address list TLV
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0|0| 0x1001 | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| AFI | \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Addresses /
\ \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+Hop count TLV
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0|0| 0x1003 | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Hop count |
+-+-+-+-+-+-+-+-+Path vector TLV
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0|0| 0x0104 | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| LSR ID 1 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| ... |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| LSR ID n |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+Status TLV
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|U|F| 0x0300 | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|E|F| Status data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Message ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Message type |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+U: 0 ≡ in Notification, 1 ≡ in other messages
E: 1 ≡ fatal error, 0 ≡ advisory notification
F: forward bit, 1 ≡ forward message
Message type / ID determine message-trigger (0 ≡ generated as is, not as a response for message)
Common hello parameters TLV
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0|0| 0x0400 | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Hold time (seconds) |T|R| Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ T: 1 ≡ targeted hello
R: 1 ≡ request targeted Hello
Common session parameters TLV
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0|0| 0x0500 | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Version | Keepalive timer (seconds) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|A|D| Reserved | PVLim | Max PDU length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| LSR ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Label space ID |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+A: 0 ≡ DU, 1 ≡ DoD
D: loop detection (0 ≡ disabled)
PVLim: path vector limit (0 if D=0)
LDP TLVs
- 0x0401: IPv4 transport address
- 0x0402: configuration sequence number (4 bytes)
- 0x0403: IPv6 transport address
- 0x0202: FR label
- 0x0201: ATM label
- 0x0501: ATM session parameters
- 0x0502: FR session parameters
CLI
; ingress E-LSR does not copy from IP TTL, using 255 instead
; egress E-LSR does not copy into IP TTL
; masquerade form traceroute
(config)# no mpls ip propagate-ttl [forwarded|local]
(config)# ip cef
(config)# mpls ip
; by default MPLS does not allcoate label for 0.0.0.0/0; enables for IGP routes
(config)# mpls ip default-route
; force makes router change RID immediately
(config)# mpls ldp router-id <intf> [force]
; TCP
(config)# mpls ldp holdtime <sec>
; ACL – prefixes, PEER – ACL for neighbours based on RID, interface – as a local route, /32 prefix from interface prefix
(config)# mpls ldp advertise-labels [interface <intf>] [for <ACL>] [to <PEER>]
; UDP
(config)# mpls ldp discovery hello holdtime|interval <sec>
; instead of IP in LDP ID
(config)# mpls ldp discovery transport-address <intf>|<IP>
; init, max – in seconds, exponentially increases timeout for TCP session reestablishment within [init; max]
(config)# mpls ldp backoff <init> <max>
(config)# mpls label protocol ldp
; label pool, 16-1000000 by default
(config)# mpls label range <min> <max>
; disables sending Label Withdraw before Label with new tag
(config)# mpls ldp neighbor <IP> implicit-withdraw
(config)# mpls ldp neighbor <IP> password <PASSWD>
; explicit-null in lieu of implicit-null
(config)# mpls ldp explicit-null [for <PREFIX>] [to <PEER>](config-if)# mpls ip
; size of packet with labels (IP MTU + n*4)
(config-if)#mpls mtu <MTU># show mpls forwarding-table [<prefix> <length>]
# show mpls interfaces
# show mpls ldp bindings <prefix> <length>
# show mpls ldp neighbor
; OOR: out-of-resource
# show mpls ldp parameters
# show mpls ldp interfaces
# show mpls label range# debug mpls packet
# debug mpls ldp advertisementsLDP session protection
- stores info about neighbour labels if link goes down; MPLS can converge as soon as IP converges
- 24h default
- on link down targeted Hello are sent; at least 9 Hello are sent before tearing down TCP and neighbourship
- difference from targeted Hello: unicast neighbourship is limited in time
- useful for link flaps
; ACL – standard, prefixes that are protected
(config)# mpls ldp session protection [for <ACL>] [duration <sec>]
; enabling targeted Hello (without protection, e.g. for TE), both sides, ~ static neighbour
(config)# mpls ldp neighbor <IP> targeted ldp
; enables answering targeted Hello from several neighbours
(config)# mpls ldp discovery targeted-hello accept [from <ACL>]
(config)# mpls ldp discovery targeted-hello holdtime <sec>
(config)# mpls ldp discovery targeted-hello interval <sec>LDP autoconfiguration
- autoenabling LDP, MPLS on IGP-enabled interface
- supports OSPF, IS-IS
- interface belongs to IGP
- must be enabled for single IGP only
(config-router)# mpls ldp autoconfig [area <n>](config-if)# no mpls ldp igp autoconfigLDP IGP sync
- IGP announces proper info about the link only after LDP converges (sends worst cost for the link before that)
- MPLS traffic can be dropped if sync not enabled (IGP built the path but labels are not negotiated)
- convergence:
- at least 1 binding sent
- at least 1 binding received
- path through unsynchronized link is used only when it is the only path
- supports OSPF (cost = 0xFFFF), IS-IS (cost = 0xFFFFFE)
- if OSPF did not form adjacency unless LDP was up, there would be a deadlock (tranport address not reachable)
; enables sync on all IGP interfaces
(config-router)# mpls ldp sync(config-if)# no mpls ldp igp sync; how long to wait for LDP sync; infinity by default, when expires – announce proper cost
(config)# mpls ldp igp sync holddown <ms># show mpls ldp igp sync
# show ip ospf mpls ldp interface <intf># debug mpls ldp sync [interface <intf>] [peer-acl <ACL>]Multicast LDP
- LDP extension
- LSP:
- P2MP:
- TLV 0x0508
- data MDT, PE – root, only PE sends downstream
- MP2MP:
- TLV 0x0509
- default MDT, MDT number = 0, PEs send and receive from RPT
- P2MP:
- MP-LSP are created once receiver is available (pull model)
- DoD label allocation, conservative mode, no PHP (~ VPN label)
- MP-LSP – tree with root in MPLS core
- FEC:
- type: P2P, BD
- AF
- address length
- root address
- opaque:
- IPv4/v6 SSM transit
- mcast VPN
- direct MDT – VPN without default MDT
- PIM overlay: PE see each other as PIM neighbors through LSP-VIF
(config)# ip pim mpls source <lo>
; can use mLDP on top of TE
(config)# mpls mldp path traffic-eng
; use route through non-TE for RPF (mcast is forwarded natively)
(config)# mpls traffic-eng multicast-intact; ID ≈ group address default MDT in draft Rosen (GRE); RD can be used
(config-vrf)# vpn id <ID>; set IP MP-LSP root
(config-vrf-af)# mdt default mpls mldp <root>
; num = labels in pool for data MDT
(config-vrf-af)# mdt data mpls mldp <num>
; default = infinity
(config-vrf-af)# mdt threshold <kbps># show mpls mldp neighbors
; default MDT root
# show mpls mldp root
; MP2MP labels
# show mpls mldp bindings
; data MDT labels
# show mpls mldp database [summary]Labels
- 0:
- explicit-null IPv4
- for preserving DSCP, instead of implicit-null
- just poped, not involved in forwarding (can be announced for different FEC)
- 1:
- router alert
- always top label
- makes router process payload
- 2:
- explicit-null IPv6
- 3:
- implicit-null
- not used as an actual label (PHP only)
- 7:
- entropy label indication
- TTL = 0
- used for load-balancing, next label – entropy label
- 13:
- GAL: generic associated channel label
- before GACH, bottom of stack
- 14:
- OAM alert
- RFC 3429
- distinguishes OAM packets from regular ones
- not used by IOS
IP aggregarion
LSP is split into 2 pieces at aggregation point
B does not know about /24 so it does not use corresponding label. As a result, B and C perform extra lookup
Undesirable for end-to-end LSP: VPN, AToM, TE
Graceful restart
- control plane recover without disrupting data plane
- timers:
- reconnect;
- 120s default
- how long to wait for neighbour to reestablish the session, otherwise – reset
- holdtime:
- 120s default
- stores info from neighbour till rewrite/reset
- reconnect;
; enable before establishing LDP session
(config)# mpls ldp graceful-restart
; storing info about dataplane after control plane failure
(config)# mpls ldp graceful-restart timers forwarding-holding <sec>
; holdtime, after reconnect success
(config)# mpls ldp graceful-restart timers max-recovery <sec>
; reconnect
(config)# mpls ldp graceful-restart timers neighbor-liveness <sec>TTL expiration
- ICMP responses are sent further along LSP so that PE/CE sends them back (P does not know address)
- TTL propagation has to be disabled along the whole LSP (otherwise drop on P)
- ICMP time exceeded is generated only for IPv4/IPv6; for AToM – drop in general
MPLS payload
- intermediate LSR does not use payload, just swaps labels
- egress E-LSR knows about payload when it allocates label ⇒ can determine payload type by labe;
- egress E-LSR copies IP precedence into EXP of all labels by default
Maximum receive unit (MRU)
- per FEC
- 2 labels along LSP:
- for P-router MRU = 1508 = MTU
- for egress E-LSR MRU = 1512 (MTU = 1508, PHP)
- for ingress E-LSR MRU = 1504 (label would be pushed later)
(config)# system mtu <MTU>
(config)# system jumbomtu <MTU>Filtering
; disables advertising labels to everyone (by default)
(config)# no mpls ldp advertise-labels
; allocate label for IP/32 form the interface if such a prefix not in RIB
(config)# mpls ldp advertise-labels interface <intf>
; ACLs – standard, PREFIX does not use prefix mask (1.0.0.0/8 includes 1.0.0.0/25 as well, mask just for binary match), PEER – LSR ID
(config)# mpls ldp advertise-labels for <PREFIX> to <PEER>
; standard ACL, for prefixes, does not check for mask
(config)# mpls ldp neighbor <IP> label accept <ACL>
(config)# mpls ldp label
(config-ldp-lbl)# allocate global host-routes
(config-ldp-lbl)# allocate global prefix-list <PLIST>QoS
- modes:
- uniform: DSCP → EXP; PHB based on C-labels in P-core (managed CE scenario)
- short-pipe: DSCP ≠> EXP; PHB based on SP labels, on PE – on DSCP
- pipe: DSCP ≠> EXP; PHB on SP labels only (PE – on EXP in VPN label)
- by default EXP is set from IPP/EXP on imposition/swap (disposition does not change lower EXP/IPP)
- long pipe ≡ pipe in CsC
MPLS CEF LB
- payload = IPv4/v6: hash(src,dst)
- payload ≠ IPv4/v6: bottom label value
# show mpls forwarding-table labels <num> exact-path ipv4 <src> <dst>6PE
- labels for CE prefixes: MP-BGP, 1 label per IPv6 prefix
- BGP next-hop: IPv4-mapped IPv6; enough because PE forwards packet based on label through MPLS IPv4 intf
- two labels in stack: IPv6 + BGP next-hop (IPv6 is required because of PHP)
; allocates labels for IPv6 prefixes, same for IPv4, disabled by default for IPv4/v6, enabled for VPNv4/v6 by default, has to match on both neighbors
(config-router-af)# neighbor <IP> send-label; IPv6 src for locally generated packets
(config)# mpls ipv6 source-interface <intf>Carrier’s Carrier (CsC)
- P routers do not know clients’ prefixes, only PE addresses
- BGP session between CE
- LDP between CE-PE
- CE is placed into VRF on PE
- inter-AS:
- back-to-back: ASBR = CE in VRF for another ASBR
- eBGP: ASBR generates its own VPN label for eBGP neighbor (ASBR – end of LSP, next-hop)
- multihop MP-eBGP with VPN:
- ASBR are not connected directly
- ASBR do not know VPNv4 prefixes – only next-hops
- multihop MP-eBGP between RR in each AS:
- traffic does not pass through RR
- ASBR do not know VPNv4 prefixes, only next-hops
- link between ASBR – LDP or MPLS BGP forwarding (otherwise packets with VPN label are dropped)
- BGP allocates and advertises own label only if it is next-hop ⇒ iBGP does not allocate label by default
R3, R5 known only the addresses of R1, R7
R1, R7 exchange prefixes via BGP
Inter-AS VPN Option B
If ASBR1 uses “redistribute connected” to announce BGP next-hop, PE1 cannot load-balance (will use MPLS through ASBR2 or ASBR3) since RD would be the same.
If ASBR1 uses “next-hop-self”, ASBR1 would be able to load-balance.
AddPath can also be used (IOS XR)
Inter-AS VPN Option C (multihop MP-BGP)
If ASBR sends update via eBGP, it inserts own label because it’s next-hop for the prefix. iBGP does not cause insertion ⇒ next-hop-self required
Label insertion trigger – inserting self as next-hop
Label allocation trigger through BGP when prefix not present in IGP RIB – route-map
; disable RT filtering on ASBR (drop unused RT by default)
(config-router)# no bgp default route-target filter
; on RR for RR in another AS, removes RR from LSP
(config-router)# neighbor <IP> next-hop-unchanged
; for iBGP to insert own label into Update (via becoming next-hop)
(config-router)# neighbor <IP> next-hop-self [all]; allocates label for BGP prefix (!) and sends it in Update if next-hop
(config-route-map)# set mpls-label
; checks whether prefix has label assigned
(config-route-map)# match mpls-label; enables MPLS, labels received via BGP
(config-if)# mpls bgp forwarding2547oDMVPN
- uses BGP to exchange labels instead of LDP
- DMVPN phase 2
- spoke-to-spoke GRE + MPLS inside
- mcast – through hub only
If eBGP is configured between physical interfaces + “send-label”, then
- interfaces are configured automatically with “mpls bgp forwarding”
- connected /32 for IP address of neighbor is added to unicast RIB
- MPLS label is allocated
Load-balancing
- find BoS label
- if nibble = 4|6 – load-balance based on inner packet
- otherwise load-balance based on BoS label (VC label)
Networking and IT 