Multi Protocol Label Switching

Basic MPLS – Multi Protocol Label Switching Config

Some Common Terms to Know

LDP – Label Distribution Protocol
LSR – Label Switch Router
LSP – Label Switched Path
LFIB – Label Forwarding Information Base = show mpls forwarding-table
LIB – Label Information Base = show mpls ldp bindings
FIB – Forwarding Information Base = show ip route
RIB – Forwarding Information Base = show ip ospf 1 rib
CEF – Cisco Express Forwarding = show ip cef
a. To begin an MPLS Config, make sure the IGP routing is good and CEF is enabled
– IP CEF is enabled by default

b. In a Lab environment it is good to restrict the labels that an LSR assigns to routes in the routing table (FIB). This is a good way to be able to easily recognize labels from a specific LSR.

config# mpls label range 100 199

[the numbers represent the lower and upper limits the LSR should assign]

c. Always make sure to assign a LDP router-id as this is the interface an LSR will use to form neighborship

config# mpls ldp router-id lo 0 force

[We will use the address on the lo 0 interface as our LDP router-id, the “force” keyword attached means it should take effect immediately]
Router-id can automatically be assigned (if not already configured) in the same way as routing protocols in this order:

i. highest loopback
ii. highest ip address on the router

d.

i. To form adjacency, the router with the highest router-id (active router) initiates the LDP process by sending hellos to it’s neighbor (passive) on source UDP port 646 to destination UDP port 646.

ii. After the hellos have being exchanged, the LDP session occurs on a random source TCP port number but the destination is TCP port 646
iii. A router will not form an LDP neighborship if the router-id is not in it’s routing table or has been learned from multiple networks
iv. For a tunnel interface use the follow commands
MPSL on a Tunnel

• MPLS requires CEF

• You must configure the routers at both ends of the tunnel to be active or enable one router to be passive with the:

mpls ldp discovery targeted-hello accept command

v. For neighbor authentication use
config# mpls ldp neighbor 2.2.2.2 password CISCO123

NB. The neighbor address is the ldp router-id
A SAMPLE CONFIG.

Remember You Have to Enable it globally and per an interface level
1. enable
2. configure terminal
3. mpls ip
4. mpls label protocol {ldp | tdp | both}
5. interface type fa0/1
6. mpls ip or mpls ldp discovery targeted-hello accept [for passive router]
7. mpls ldp neighbor 2.2.2.2 password CISCO123 [for authentication]
8. mpls ldp router-id lo 0 force [use the specified int as ldp router-id]
9. show mpls interfaces [interface] [detail]
10. show mpls ldp discovery [all | vrf vpnname][detail]
11. show mpls ldp neighbor [[vrf vpnname] [address | interface] [detail] | [all]]
12. interface fa0/1
mpls ldp discovery transport-address interface [enable interface a transport-address]

 

Some good show commands
a. The following: “show mpls interfaces” command verifies that interfaces Ethernet 1/0 and 1/1 have been configured to use LDP:

Router# show mpls interfaces

Interface IP Tunnel BGP Static Operational
Ethernet3/0 Yes(ldp) No No No Yes
Ethernet3/1 Yes No No No Yes
b. The following: “show mpls ldp discovery” command verifies that the interface is up and is sending LDP Discovery Hello messages (as opposed to TDP Hello messages):
Router# show mpls ldp discovery detail

Local LDP Identifier:
172.16.12.1:0
Discovery Sources:
Interfaces:
Ethernet3/0 (ldp): xmit

c. The following: “show mpls ldp bindings” or “show mpls ldp bindings 5.5.5.5 32” for a granular output of lib (label information base). The LSP path selection process combs through the routing table of the router to build this table:

Below is a sample output from the command:
lib entry: 1.1.1.1/32, rev 18
local binding: label: 206
remote binding: lsr: 1.1.1.1:0, label: imp-null
remote binding: lsr: 3.3.3.3:0, label: 306
lib entry: 2.2.2.2/32, rev 8
local binding: label: imp-null
remote binding: lsr: 3.3.3.3:0, label: 302
remote binding: lsr: 1.1.1.1:0, label: 104
lib entry: 3.3.3.3/32, rev 10
local binding: label: 202
remote binding: lsr: 3.3.3.3:0, label: imp-null
remote binding: lsr: 1.1.1.1:0, label: 103
lib entry: 4.4.4.4/32, rev 16
local binding: label: 205
remote binding: lsr: 1.1.1.1:0, label: 102
remote binding: lsr: 3.3.3.3:0, label: 305
lib entry: 5.5.5.5/32, rev 14
local binding: label: 204
remote binding: lsr: 1.1.1.1:0, label: 101
remote binding: lsr: 3.3.3.3:0, label: 304
NB: A router will assign an “implicit-null” label to a prefix or network that is on a router with a direct connection to it. Remember that the “imp-null” label is imposed in a process called the PHP – “Penultimate Hop Pop”. Implicit-null is label number 3 from the reserve mpls labels of 1 – 15.

d. The following: “show mpls forwarding-table” or “show mpls forwarding-table 5.5.5.5” for a granular output of lfib (label forwarding Information Base). This command shows how packets are label switched on the router. It shows the local label, outgoing label, Prefix or Network, Bytes that have been label switched, Outgoing interface and Next hop.
Below is a sample output from the command:
R2#sho mpls for
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
202 Pop Label 3.3.3.3/32 0 Et0/3 10.23.0.3
203 Pop Label 10.34.0.0/24 0 Et0/3 10.23.0.3
204 304 5.5.5.5/32 0 Et0/3 10.23.0.3
205 305 4.4.4.4/32 0 Et0/3 10.23.0.3
206 Pop Label 1.1.1.1/32 0 Et0/2 10.12.0.1
207 307 10.45.0.0/24 0 Et0/3 10.23.0.3
MPLS-VPN

– In MPLS L3VPNs, how do the customers and provider share routes?

Through VRFs

– What is “private” about a VPNv4 (IPv4) Route?

The separation of routes for different customers using vrf

– Why does a PE have a VRF for each customer?

To identify each customer and be able to run different routing protocols

– Which protocol is used between PE’s to advertise VPNv4 routes?

mBGP – Multiprotocol BGP

— VRF – Virtual Routing and Forwarding: It is a virtual routing instance on a
router

— mBGP – Multiprotocol BGP: BGP that supports all both IPv4 and IPv6
— What command is used to enter the “VPNv4 Section”

address-family vpnv4

— Extended community allows the sending of “route-target”

— Why would you activate VPNv4 capability with an iBGP peer?
Route Target: Control where vpnv4 routes
— show control-plane host open-ports

— show ip bgp neighbors | section capabilties

— ping mpls ipv4 1.1.1.1/32 exp 5 repeat 2 verbose
[used when troubleshooting an mpls with multiple lsp]

SAMPLE CONFIG FOR mBGP and MPLS-vpn

router bgp 65536
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 65536
neighbor 1.1.1.1 update-source Loopback0
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
exit-address-family
VRF

— What ext-community value determines if an import should be done or not?

— What keeps your customers routes unique from each other in mBGP?

— How do you assign a PE interface to a VRF?

 

Creating a VRF for MPLS

a. VRF name
b. Route Distinguishers
c. Route Target
d. vrf forwading command
e. ip address

VRF Name R1-PE R5-PE

ACME 101:ACME 101:ACME
CBT 102:CBT 102:CBT
Route Distinguisher:

ACME 1.1.1.1:1 5.5.5.5:1
CBT 1.1.1.1:2 5.5.5.5:2
Route Targets:

ACME

ACME Export 1.1.1.1:101 5.5.5.5:101
ACME Import 5.5.5.5:101 1.1.1.1:101

CBT

CBT Export 1.1.1.1:102 5.5.5.5:102
CBT Import 5.5.5.5:102 1.1.1.1:102

Allocated Interfaces

ACME eth 0/0 eth 0/0
CBT eth 0/1 eth 0/1

How to create a VRF:

a.

First Method (Supports only ipv4)

ip vrf 101:ACME
Second Method (Supports ipv4 or ipv6)

vrf definition 101:ACME

b.

Create the Route Distinguisher to separate routes from different VRFs

rd 1.1.1.1:1

c.

Now create Route Targets to specify where routes would be imported and exported

address-family ipv4
route-target export 1.1.1.1:101
route-target import 5.5.5.5:101

d.

You can now associate the VRF to the interfaces you want

VRF ACME

interface eth0/0
mac-address 0000.1111.1111
vrf forwarding 101:ACME
ip address 172.16.101.1 255.255.255.252
no shut

interface eth0/0
mac-address 0000.1111.5555
vrf forwarding 101:ACME
ip address 192.168.202.1 255.255.255.0
no shut

VRF CBT

interface eth0/1
mac-address 0000.2222.1111
vrf forwarding 102:CBT
ip address 172.16.101.1 255.255.255.252
no shut
interface eth0/1
mac-address 0000.2222.5555
vrf forwarding 102:CBT
ip address 192.168.202.1 255.255.255.252
no shut
Show commands to view the VRFs on the router

— show vrf

Now an OutPut

R1(config-if)#do show vrf
Name Default RD Protocols Interfaces
101:ACME 1.1.1.1:1 ipv4 Et0/0
102:CBT 1.1.1.1:2 ipv4 Et0/1
To see the routing table of a VRF

— show ip route vrf 101:ACME

Now an OutPut

R1(config-if)#do sho ip route vrf 101:ACME

Routing Table: 101:ACME
Codes: L – local, C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route, H – NHRP, l – LISP
+ – replicated route, % – next hop override

Gateway of last resort is not set

172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.101.0/30 is directly connected, Ethernet0/0
L 172.16.101.1/32 is directly connected, Ethernet0/0
Enabling Routing From the PE to CE Routers

EIGRP

router eigrp 1
!
address-family ipv4 vrf 102:CBT autonomous-system 102
network 172.16.101.0 0.0.0.3
exit-address-family
OSPF

router ospf 101 vrf 101:ACME
network 172.16.101.0 0.0.0.3 area 0
RIP
router rip
version 2
!
address-family ipv4 vrf 101:ACME
network 192.168.202.0
no auto-summary
exit-address-family
BGP
address-family ipv4 vrf 102:CBT
neighbor 192.168.202.2 remote-as 65535
neighbor 192.168.202.2 activate
exit-address-family

NB.

Under the iBGP vpnv4 config you need the “next-hop-self” command to enable
the iBGP instance to replace the ip address of updates it has learned
externally.

address-family vpnv4
neighbor 1.1.1.1 next-hop-self
Enabling Routing From the CE to RE Routers

You would connect to the PE routers just normally

MUTUAL REDISTRIBUTION FROM CE to PE
— Why is redistribution needed in MPLS L3VPNs?

— When is Router Distinguisher, Route Target and VPN Label added to
a route?

— How could you avoid having to do redistributon?

— In BGP configurtion are you causing an Import or Export?
OSPF INTO BGP

router bgp 65536
address-family ipv4 vrf 101:ACME
redistribute ospf 101
exit-address-family

SHOW COMMANDS FOR VIEWING vpnv4, ip cef vrf and mpls forwarding-table
A.

To Check if the Redistribution took place, use:

show ip bgp vpnv4 rd 1.1.1.1:1 labels
Now an Output
R1# show ip bgp vpnv4 rd 1.1.1.1:1 labels
Network Next Hop In label/Out label
Route Distinguisher: 1.1.1.1:1 (101:ACME)
172.16.101.0/30 0.0.0.0 100/nolabel(101:ACME)
172.16.111.1/32 172.16.101.2 108/nolabel

OR

Show bgp vpnv4 unicast rd 1.1.1.1:1 labels

R1# Show bgp vpnv4 unicast rd 1.1.1.1:1 labels
Network Next Hop In label/Out label
Route Distinguisher: 1.1.1.1:1 (101:ACME)
172.16.101.0/30 0.0.0.0 100/nolabel(101:ACME)
172.16.111.1/32 172.16.101.2 108/nolabel

OR

show bgp vpnv4 unicast vrf 101:ACME labels

R1#show bgp vpnv4 unicast vrf 101:ACME labels
Network Next Hop In label/Out label
Route Distinguisher: 1.1.1.1:1 (101:ACME)
172.16.101.0/30 0.0.0.0 100/nolabel(101:ACME)
172.16.111.1/32 172.16.101.2 108/nolabel

B.
To View the mpls forwarding-table of vrf 101:ACME

show mpls forwarding-table vrf 101:ACME
R1#show mpls forwarding-table vrf 101:ACME
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
100 No Label 172.16.101.0/30[V] \
0 aggregate/101:ACME
108 No Label 172.16.111.1/32[V] \
0 Et0/0 172.16.101.2

OR

To view the global mpls forwarding-table
R1#sho mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
100 No Label 172.16.101.0/30[V] \
0 aggregate/101:ACME
101 Pop Label 2.2.2.2/32 0 Et0/2 10.12.0.2
102 Pop Label 10.23.0.0/24 0 Et0/2 10.12.0.2
103 205 5.5.5.5/32 0 Et0/2 10.12.0.2
104 206 4.4.4.4/32 0 Et0/2 10.12.0.2
105 202 3.3.3.3/32 0 Et0/2 10.12.0.2
106 207 10.45.0.0/24 0 Et0/2 10.12.0.2
107 204 10.34.0.0/24 0 Et0/2 10.12.0.2
108 No Label 172.16.111.1/32[V] \
0 Et0/0 172.16.101.2
C.

To view the ip cef table of the vrf 101:ACME

sho ip cef vrf 101:ACME 172.16.111.2/32

Output

show ip cef vrf 101:ACME 172.16.111.1/32
172.16.111.1/32
nexthop 172.16.101.2 Ethernet0/0

To view the global vrf table use:

sho ip cef vrf 101:ACME

Prefix Next Hop Interface
0.0.0.0/0 no route
0.0.0.0/8 drop
0.0.0.0/32 receive
127.0.0.0/8 drop
172.16.101.0/30 attached Ethernet0/0
172.16.101.0/32 receive Ethernet0/0
172.16.101.1/32 receive Ethernet0/0
172.16.101.2/32 attached Ethernet0/0
172.16.101.3/32 receive Ethernet0/0
172.16.111.1/32 172.16.101.2 Ethernet0/0
224.0.0.0/4 drop
224.0.0.0/24 receive
240.0.0.0/4 drop
255.255.255.255/32 receive

BGP INTO OSPF

router ospf 101 vrf 101:ACME
redistribute bgp 65536 subnets
network 172.16.101.0 0.0.0.3 area 0

EIGRP INTO BGP

router eigrp 1
!
address-family ipv4 vrf 102:CBT autonomous-system 102
redistribute bgp 65536 metric 1 1 1 1 1
network 172.16.101.0 0.0.0.3
exit-address-family

BGP INTO EIGRP
router bgp 65536
address-family ipv4 vrf 102:CBT
redistribute eigrp 102
exit-address-family
RIP INTO BGP

router rip
version 2
!
address-family ipv4 vrf 101:ACME
redistribute bgp 65536 metric 5
no auto-summary
exit-address-family

BGP INTO RIP

address-family ipv4 vrf 101:ACME
redistribute rip
exit-address-family
Control Plane and Data Plane Verification

— Who initially creates a VPN label?

It is created on the first PE router in the LSP path.

— What is a TRANSIT vs VPN label?

It is the top label that will be label switched by the P-routers

— Which command can reveal all labels in a path?

show bgp vpnv4 unicast vrf 101:ACME labels

— How does a device know if there are more labels in a path?

It looks at the top and buttom labels
MPLS L3VPN End to End Connectivity
— From Control Plane
— IPv4 route sent from CE to PE 1
— Received by PE 1 on VRF
— Exported to mBGP as VPNv4 route with RD/RT & MPLS VPN Label
— VPNv4 Route Sent From PE 1 to PE 2
— Imported into VRF on PE 2 based on import RT
— IPv4 route sent from PE to CE
TO TROUBLESHOOT AN MPLS PREFIX USE

show bgp vpnv4 unicast vrf 101:ACME labelS

show mpls forwarding-table 5.5.5.5

show ip cef vrf 101:ACME 192.168.111.2

TO SHOW DETAILED ROUTE INFORMATION

— SHO IP ROUTE VRF 101:ACME TAg 0

SAMPLE OUTPUT

I like how this command shows you which routing protocol, interface, and mpls
labels it originated from.

— SHO IP ROUTE VRF 101:ACME TAg 0

Routing Table: 101:ACME
Routing entry for 101.0.0.101/32
Known via “ospf 101”, distance 110, metric 11, type intra area
Redistributing via bgp 65536
Advertised by bgp 65536
Last update from 172.16.101.2 on Ethernet0/0, 03:36:37 ago
Routing Descriptor Blocks:
* 172.16.101.2, from 6.6.6.6, 03:36:37 ago, via Ethernet0/0
Route metric is 11, traffic share count is 1

Routing Table: 101:ACME
Routing entry for 172.16.101.0/30
Known via “connected”, distance 0, metric 0 (connected, via interface)
Redistributing via bgp 65536
Advertised by bgp 65536
Routing Descriptor Blocks:
* directly connected, via Ethernet0/0
Route metric is 0, traffic share count is 1

Routing Table: 101:ACME
Routing entry for 172.16.101.1/32
Known via “connected”, distance 0, metric 0 (connected)
Routing Descriptor Blocks:
* directly connected, via Ethernet0/0
Route metric is 0, traffic share count is 1

Routing Table: 101:ACME
Routing entry for 172.16.111.1/32
Known via “ospf 101”, distance 110, metric 11, type intra area
Redistributing via bgp 65536
Advertised by bgp 65536
Last update from 172.16.101.2 on Ethernet0/0, 03:36:37 ago
Routing Descriptor Blocks:
* 172.16.101.2, from 6.6.6.6, 03:36:37 ago, via Ethernet0/0
Route metric is 11, traffic share count is 1

Routing Table: 101:ACME
Routing entry for 192.168.111.1/32
Known via “bgp 65536”, distance 200, metric 1, type internal
Redistributing via ospf 101
Advertised by ospf 101 subnets
Last update from 5.5.5.5 03:36:30 ago
Routing Descriptor Blocks:
* 5.5.5.5 (default), from 5.5.5.5, 03:36:30 ago
Route metric is 1, traffic share count is 1
AS Hops 0
MPLS label: 509
MPLS Flags: MPLS Required

Routing Table: 101:ACME
Routing entry for 192.168.202.0/30
Known via “bgp 65536”, distance 200, metric 0, type internal
Redistributing via ospf 101
Advertised by ospf 101 subnets
Last update from 5.5.5.5 03:36:30 ago
Routing Descriptor Blocks:
* 5.5.5.5 (default), from 5.5.5.5, 03:36:30 ago
Route metric is 0, traffic share count is 1
AS Hops 0
MPLS label: 510
MPLS Flags: MPLS Required

traceroute VRF 101:ACME IP 172.16.111.1
TO DISABLE THE SHOWING OF INTERNAL LABLES ON A TRACEROUTE USE

no mpls ip propagate-ttl (This is entered on all mpls enabled routers)
— How do you ping within a VRF on a PE?

TO PING AND TRACEROUTE TO A VRF FROM THE PE ROUTER – Target Network 172.16.111.1

PING VRF 101:ACME IP 172.16.111.1
— What command allows Telnet to work within a VRF?

telnet 10.1.1.1 /vrf VRFname

— What is a FEC?

Forwarding Equivalence Class is a group of routes forwarded in the same manner
over the same path or LSP and with the same treatment.

— How do you add a static route to a VRF?
TO CREATE A STATIC ROUTE FOR THE VRF ROUTING TABLE

ip route vrf 101:ACME 10.10.10.1 255.255.255.255
TO DETERMINE IF A PING IS USING NORMAL ROUTING OR THE LSP USE:
traceroute mpls ipv4 5.5.5.5 255.255.255.255