Introduction to MPLS

Technologies

1
What Is MPLS?

• Multi Protocol Label Switching is a technology for

delivery of IP services
• MPLS technology switches IP packets instead of
routing packets to transport the data
• MPLS packets can run on other Layer 2 technologies
such as ATM, FR, PPP, POS, Ethernet
• Other Layer 2 technologies can be run over an
MPLS network
 MPLS as a Foundation for
Value-Added Services

Provider Traffic IP+ATM IP+Optical Any

Provisioned Engineering GMPLS Transport
VPNs over MPLS

MPLS

Network Infrastructure

3
Technology Basics

4
 MPLS Component Overview
• CE routers owned by customer
• PE routers owned by SP
• P routers owned by SP
• Customer “peers” to “PE” via IP
Customer Customer
• Exchanges routing with SP via routing protocol (or CE SP Demarcation
static route)* Site 1
• SP advertises CE routes to other CEs Provider CE
Site 3
• IGP: Core Routing Protocol
Site 2 PE PE
• Forwarding Equivalence Class P
CE
• MPLS Applications related protocols: MP-BGP, IP Routing Peer (BGP, Static, IGP)
RSVP…etc.
* Labels are not exchanged with the SP
MPLS Multi Protocol Label Switching (forwarding
method, based on labels) LSR Label Switching Router
(router that can forward based on labels)

• Label 20 bit label in a 32 bit header, added at layer

2.5
• LDP Label Distribution Protocol (like an IGP for
label advertisements)
• LFIB Label Forwarding Information Base (like CEF
for labels)
 MPLS Network Overview
MPLS Core and Edge, Remote Customer Sites
2. In the Core:
Label swapping or switching
1. At Ingress Edge:
Forward using labels (not IP
Label imposition addr). Label indicates service
Classify & Label PE P
class and destination
packets
PE
3. At Egress Edge:
P
Label disposition
Edge Label Switch
Remove labels and forward
Router OR
packets
Provider Edge- PE
Label Switch Router (LSR)
PE
or P (Provider) router
PE Router + label switch
Customer Customer controller
A B

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Label – 20bits COS S TTL-8bits

COS/EXP = Class of Service: 3 Bits; S = Bottom of Stack; TTL = Time to Live

MPLS Components
Forwarding Equivalence Class
FEC is Used by Label Switching Routers to Determine How
Packets Are Mapped to Label Switching Paths (LSP):

• IP prefix/host address
• Layer 2 circuits (ATM, FR, PPP, HDLC, Ethernet)
• Groups of addresses/sites—VPN x
• A bridge/switch instance—VSI
• Tunnel interface—traffic engineering

7
Label Distribution in
MPLS Networks
 MPLS Operation Overview
4. Edge LSR at
1a. Existing Routing Protocols (e.g. OSPF, IS-IS)
Egress Removes
Establish Reachability to Destination Networks
Label and Delivers
1b. Label Distribution Protocol (LDP) Packet
Establishes Label to Destination
Network Mappings

To Enable mpls:
ip cef
mpls label protocol ldp
!
2. Ingress Edge LSR Receives Packet, Interface ether0/0
mpls ip
Performs Layer 3 Value-Added
Services, and “Labels” Packets 3. LSR Switches Packets
Using Label Swapping
9
 Label Advertisement Modes
• Downstream unsolicited: Downstream
node just advertises labels for
prefixes/FEC reachable via that device
• Downstream on-demand: Upstream
node requests a label for a learnt prefix
via the downstream node
 Generating local labels
• IPv4 Network 4.4.4.4 /32 (connected to R4) will be the example
 Advertising our labels
• Each router advertises its local label (for net 4.4.4.4) to its LDP neighbors
 IP Routing

IGP vs. BGP

• Exchange of IP routes for Forwarding Table Forwarding Table Forwarding Table
Loopback Reachability In Address
Label Prefix
Out Out
I’face Label
In Address
Label Prefix
Out Out
I’face Label
In Address
Label Prefix
Out Out
I’face Label
• OSPF, IS-IS, EIGRP, etc. 10.2.1.1F0/0 10.2.1.1NA 10.2.1.1 F0/0
…… ……
… …
• iBGP neighbor peering over IGP … … ……

transport
F0/0 10.2.1.1

• Route towards BGP Next-Hop F0/0 PE2

F0/0

PE1 BGP Update:

P You Can Reach 10.2.1.1 Thru Me
You Can Reach 2.2.2.2 Through Me By routing towards 2.2.2.2

Routing Updates You Can Reach 2.2.2.2 Thru Me

(OSPF)
 IP Packet Forwarding Example
Address I/F
Prefix
Address I/F Address I/F
Prefix Prefix 128.89 0

128.89 1 128.89 0 171.69 1

171.69 1 171.69 1 …

… …

128.89

0
0 128.89.25.4 Data
1 128.89.25.4 Data
1
128.89.25.4 Data 128.89.25.4 Data

171.69
Packets Forwarded
Based on IP Address
 MPLS with Downstream Unsolicited Mode
Step I: Core Routing Convergence
Label Address
In Out Out Label Address
In Out Out Label Address
In Out Out
Prefix I’fac e l Prefix I’fac e l Prefix I’fac e l
Labe Labe Labe
128.89 1 128.89 0 128.89 0
171.69 1 171.69 1
… … … … … …

0 128.89
0
1

You Can Reach 128.89 Thru Me

You Can Reach 128.89 and 1
171.69 Thru Me

Routing Updates
You Can Reach 171.69 Thru Me
(OSPF, EIGRP, …) 171.69
 MPLS with Downstream Unsolicited Mode
Step II: Assigning Local Labels
Label Address
In Out Out Label Address
In Out Out Label Address
In Out Out
Prefix I’fac e l Prefix I’fac e l Prefix I’fac e l
Labe Labe Labe
- 128.89 1 4 128.89 0 9 128.89 0 -
- 171.69 1 5 171.69 1
… … … … … … … … … … … …

0 128.89
0
1

171.69
 MPLS with Downstream Unsolicited Mode
Step II: Assigning Remote Labels
Label Address
In Out Out Label Address
In Out Out Label Address
In Out Out
Prefix I’fac e l Prefix I’fac e l Prefix I’fac e l
Labe Labe Labe
- 128.89 1 4 4 128.89 0 9 9 128.89 0 -
- 171.69 1 5 5 171.69 1 7
… … … … … … … … … … … …

0 128.89
0
1

Use Label 9 for 128.89

Use Label 4 for 128.89 and 1
Use Label 5 for 171.69

Label Distribution
Use Label 7 for 171.69 171.69
Protocol (LDP)
(Downstream Allocation)
 MPLS with Downstream Unsolicited Mode
Step III: Forwarding Packets
Label Address
In Out Out Label Address
In Out Out Label Address
In Out Out
Prefix I’fac e l Prefix I’fac e l Prefix I’fac e l
Labe Labe Labe
- 128.89 1 4 4 128.89 0 9 9 128.89 0 -
- 171.69 1 5 5 171.69 1 7
… … … … … … … … … … … …

0 128.89
0
128.89.25.4 Data
1
9128.89.25.4 Data

128.89.25.4 Data 4128.89.25.4 Data 1

Label Switch Forwards

171.69
Based on Label
How LSRs Use Labels
• POP – remove a label

• PUSH – add a label

• SWAP – which is a pop/push combo

Label Imposition (Push) Label Swap Label Swap Label Disposition (PoP)

L1 L1 L2 L2 L3 L3

L2/L3 Packet

P P
CE PE PE CE

CE CE

PE P P PE
PHP
• PHP – Penultimate Hop Pop
• Next to last LSR, removes top label, so that egress LSR
(PE) doesn’t have to
Label Pushes, Pops and Swaps
 Who do we turn to for lookups?

• IP Routing protocols populate the Routing Information Base (RIB) –control plane
• RIB populates CEF and its Forwarding Information Base (FIB) – data plane
• IP only packets: Use CEF

• Label Distribution Protocol (LDP) populates the Label Information Base (LIB) –
control plane
• LDP and RIB populate the Label Forwarding Information Base (LFIB) – data
plane
• MPLS labeled packets: Use LFIB

• CEF also stores label information

LIB and LFIB
 MPLS Label Switched Path (LSP) Setup with LDP
Assignment of Remote Labels
• Local label mappings are sent to Forwarding Table Forwarding Table Forwarding Table
In Address Out Out In Address Out Out In Address Out Out
connected nodes Labe Prefix I’fac Labe Labe Prefix I’fac Labe Labe Prefix I’fac Labe
e e e
l l l l l l
• - 2.2.2.2
… F0/0
… 20 … 20
… 2.2.2.2
… F0/0
… 30
… 30 10.2.1.1 F0/0 -
Receiving nodes update forwarding -
… … … … … … … … … … … …
table
• Out label F0/0 10.2.1.1
F0/0 VRF
• LDP label advertisement happens in F0/0 PE2
parallel (downstream unsolicited) PE1
P

Use Label 20 for 2.2.2.2

Use Label 30 for 2.2.2.2

Label Distribution
BGP Update:
Protocol (LDP) You Can Reach 10.2.1.1 Thru Me
(Downstream By routing towards 2.2.2.2
Allocation)
 MPLS Traffic Forwarding with LDP

Hop-by-hop Traffic Forwarding Using Labels

• Ingress PE node adds label to Forwarding Table Forwarding Table Forwarding Table
In Address Out Out In Address Out Out In Address Out Out
packet (push) Labe Prefix I’fac Labe
e
Labe Prefix I’fac Labe Labe Prefix
e
I’fac Labe
e
l - 2.2.2.2 F0/0 l 20 l 20 2.2.2.2 F0/0 l 30 l 30 10.2.1.1 F0/0 l -
• Via MPLS forwarding table
- … … … - … … …
… … … … … … … … … … … …
• Downstream P node uses label
for forwarding decision (swap) F0/0 10.2.1.1
• Outgoing interface F0/0
PE2 VRF
F0/0
• Out label PE1
P
• Egress PE removes label and 10.2.1.1 Data 20 2.2.2.2 Data 30 2.2.2.2 Data 10.2.1.1 Data

forwards original packet (pop)

Forwarding based on Label towards BGP
Next-Hop (Loopback of far end router) BGP Update:
You Can Reach 10.2.1.1 Thru Me
By routing towards 2.2.2.2
 MPLS Control and Forwarding Planes
• Control plane used to distribute labels—BGP, LDP, RSVP
• Forwarding plane consists of label imposition, swapping and
disposition—no matter what the control plane
• Key: there is a separation of control plane and forwarding plane
 Basic MPLS: destination-based unicast
 Labels divorce forwarding from IP address
 Many additional options for assigning labels
 Labels define destination and service

Resource Multicast Explicit Virtual

Destination-Based IP Class
Reservation Routing and Static Private
Unicast Routing of Service
(e.g., RSVP) (PIM v2) Routes Networks

Label Information Base (LIB)

Per-Label Forwarding, Queuing, and Multicast Mechanisms

Control and Forward Plane Separation
Route
RIB Routing Updates/
Process Adjacency

Label Bind
LIB MPLS Updates/
Process Adjacency

MFI FIB

MPLS Traffic IP Traffic

27
 Control and Data Planes
• Control Plane (learned routes/labels) using routing protocols and LDP.

• Packets are forwarded on the Data Plane.

• IP and MPLS, based on CEF and LFIB (Label Forwarding Information Base) respectively.
Label Stacking
• There may be more than one label in an MPLS packet
• As we know labels correspond to forwarding equivalence classes
 Example—there can be one label for routing the packet to an egress point
and another that separates a customer A packet from customer B
 Inner labels can be used to designate services/FECs, etc.
– e.g. VPNs, fast reroute
Outer Label
• Outer label used to route/switch the MPLS TE Label
packets in the network LDP Label
• Last label in the stack is marked with EOS bit VPN Label
IP Header
• Allows building services such as Inner Label
 MPLS VPNs
 Traffic engineering and fast re-route
 VPNs over traffic engineered core
 Any transport over MPLS
 Encapsulation
0 1
Examples 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Label COS S TTL

DataLink Header Outer Label Inner Label Layer 3 Header

Ethernet II MultiProtocol Label Switching Header

Destination: xx:xx:xx:xx:xx:xx (Outer) Internet Protocol
Source: yy:yy:yy:yy:yy:yy MPLS Label: 16 Version: 4
eType: MPLS Unicast (0x8847) MPLS Experimental Bits: 0 Header length: 20 bytes
MPLS Bottom Of Label Stack: 0 [snip]
WAN MPLS TTL: 255 Time to live: 255
HDLC, Frame Relay, ATM AAL5, etc MultiProtocol Label Switching Header Protocol: ICMP (0x01)
(Inner) Header checksum: 0xa3fd (correct)
MPLS Label: 100 Source: 10.1.1.2 (10.1.1.2)
MPLS Experimental Bits: 3 Destination: 172.16.255.2 (172.16.255.2)
MPLS Bottom Of Label Stack: 1
MPLS TTL: 2
 The Order of Things
• IP IGP routing protocols build the IP tables

• LSRs assign a local label for each route

• LSRs share their labels with other LSRs using LDP

• LSRs build their forwarding tables

 Won’t You Be My Neighbor?

• Two step process

• Hello messages
• LDP link hello uses destination UDP port 646 and is sent to 224.0.0.2
• Hello may include the IP address desired for peering, different than the source IP in the
header.
• Indicates if the label space is system wide, or per interface.
• Setup LDP session with neighbor who says hello.
• Session is TCP based on destination port 646
• Router with highest LDP router ID will initiate this TCP session ( called the active LSR ).
Keepalives are sent every 60 seconds.
 Why LDP Won’t Neighbor Up
• LDP router ID is highest IP on loopback, but we can force it.
• (config)# mpls ldp router- id loopback0

• IGP Routing may disagree with LDP processes – RID must be reachable over connected
interface, unless we use:
• (config- if)# mpls ldp discovery transport- address interface
 Other LDP Features
• Security – Computes MD5 Signatures
• (config)# mpls ldp neighbor (ip#) password (pw)

• Label filters – inbound from neighbor

• (config)# mpls ldp neighbor (ip#) labels accept (#)
• (ip#) = IP address of LDP neighbor
• (#) = number of access- list of network prefixes
MPLS & IP Header TTL
 Hide the MPLS core from the client
• Traceroute uses TTL manipulation to trigger feedback.

• Disabling the TTL propagation will not copy the initial IP TTL to the MPLS TTL, and MPLS will
start at 255.
• Results: MPLS LSRs become the invisible network to the eyes of traceroute.
No mpls ip propagate- ttl (on All LSRs)
Monitoring MPLS
• show mpls ldp parameters
• show mpls interface
• show mpls ldp discovery
• show mpls ldp neighbor [detail]
• show mpls ldp bindings (the LIB)
• show mpls forwarding table (the LFIB)
• show ip route a.b.c.d (the RIB)
• show ip cef a.b.c.d [detail] (the FIB)
• show cef interface
• debug mpls ldp
• debug mpls lfib
• debug mpls packets
 Troubleshooting MPLS
• LDP neighborship failed
• MPLS not enabled, LDP ports filtered, no L3 route to LDP neighbor LSR router- id, highest loopback address.

• Labels not assigned

• CEF not enabled

• Labels not shared

• Compatible LDP between neighbors

• Slow convergence
• Get rid of RIP  IGP is biggest factor in convergence delay

• Large packets dropped

• MTU not supported by switches. Multiple labels may be present pushing the MTU to a size not supported by
the infrastructure.
Useful MPLS Troubleshooting Commands
• Verify routing protocol is running properly
• Show ip route 10.10.10.0

• Verify CEF Switching

• Show ip cef 10.10.10.0 detail

• Verify MPLS Operations

• Show mpls interface

• Verify Label Distribution

• Show mpls ldp discovery
• Verify Label Binding
• Show mpls ip binding

• Ping/Traceroute
Multiprotocol BGP (MP-BGP)
Bringing It All Together
Multiprotocol BGP (MP-BGP)
10.1.1.0/24 VPNv4 iBGP Relationship 10.2.1.0/24
Site 1 Next-Hop=CE1 Next-Hop=CE2 Site 2
10.1.1.0/24 10.2.1.0/24
CE1 CE2

10.2.1.0/24 VRF VRF

P1 P2 10.1.1.0/24
Next-Hop=PE1 PE1 Next-Hop=PE2
PE2

P3 P4
OSPF Area 0
Redistribute Redistribute
IGP/Static Into BGP IGP/Static Into BGP

1. PE receives an IPv4 update on a VRF interface (eBGP/OSPF/RIP/EIGRP)

2. PE translates it into VPNv4 address (96-bit address) (64-bit RD + 32 bit IPv4 address)
– Assigns an RT per VRF configuration
– Rewrites next-hop attribute to itself
– Assigns a label based on VRF and/or interface

3. PE sends MP-iBGP update to other PE routers

 Why an RD and VPNv4 Address?
Use Case VPNv4 iBGP Relationship

111:1:10.1.1.0/24
Cust A Site 1 10.1.1.0/24 10.2.1.0/24 Cust A Site 2
111:1:10.2.1.0/24
10.1.1.0/24 10.2.1.0/24
CE1 CE2

VRF A P1 P2 VRF A
PE1 PE2
Cust B Site 1 VRF B VRF B Cust B Site 2
10.1.1.0/24 P3 P4 10.2.1.0/24
CE1 OSPF Area 0 222:1:10.1.1.0/24 CE2
10.1.1.0/24 10.2.1.0/24
222:1:10.2.1.0/24

1. PE routers service multiple customers

2. Once PE redistributes customer routes into MP-BGP, they must be unique
3. RD is prepended to each prefix to make routes unique

VPNv4 prefixes are the combination of a 64-bit RD and a 32-bit IPv4 prefix. VPNv4 prefixes are 96-bits in length
 Why are Route Targets Important?
Use Case VPNv4 iBGP Relationship
VRF A
VRF B
Cust A Site 1 Import 222:1
Import 111:1
Cust A Site 2
Import 333:1
10.1.1.0/24 Export 222:1 10.1.2.0/24
CE1 Import 444:1 CE1
Export 111:1
VRF A P1 P2 VRF B
PE1 PE2
Cust A Site 3 VRF C VRF D Cust A Site 4
VRF C P3 P4
10.1.3.0/24 VRF D 10.1.4.0/24
CE1 Import 111:1 OSPF Area 0 CE1
Import 111:1
Export 333:1
Export 444:1

1. Route Targets dictate which VRF will receive what routes

2. Can be used to allow specific sites access to centralized services
3. Cust A Site 2, Site 3 and Site 4 will not be able to exchange routes with each other

Route Targets are a 64-bit value and are carried in BGP as an extended community
 MPLS VPN and MP-BGP
Command Line Interface (CLI) Review

Customer 1 CE
VRF VRF-1 P P VRF VRF-1
PE PE CE
EIGRP, OSPF, RIPv2, BGP, Static
VPN Backbone IGP
CE P CE
Customer 2 VRF VRF-2
P
VRF VRF-2
VRF Configuration (PE)
! PE Router – Multiple VRFs MP-iBGP – VPNv4
ip vrf VRF-1
MP-iBGP Configuration (PE) Label Exchange
! PE router
rd 65100:10
router bgp 65102
route-target import 65102:10
no bgp default ipv4-unicast
route-target export 65102:10
ip vrf VRF-2 neighbor 2.2.2.2 remote-as 65102
rd 65100:20 !
route-target import 65102:20 address-family vpnv4
route-target export 65102:20 neighbor 2.2.2.2 activate
! neighbor 2.2.2.2 send-community extended
Interface FastEthernet0/1.10 exit-address-family
ip vrf forwarding VRF-1 !
Interface FastEthernet0/1.20 address-family ipv4 vrf VRF-1
ip vrf forwarding VRF-2 redistribute rip
exit-address-family
 MPLS VPN Technology Summary
MPLS VPN Connection Model
Global Address Space
CE
VPN 2 VRF Green P P
PE
PE
EIGRP, OSPF, RIPv2, BGP, Static
VPN Backbone IGP
VPN 1 P P
VRF Blue
CE

MP-iBGP – VPNv4 Label Exchange

CE Routers PE Routers P Routers
 VRF Associates to one or more • P routers are in the core of
• MPLS Edge routers
interfaces on PE
the MPLS cloud
 Has its own routing table and • MPLS forwarding to P routers
forwarding table (CEF) • P routers do not need to run BGP
• IGP/BGP – IP to CE routers
 VRF has its own instance for the • Do not have knowledge of VPNs
routing protocol • Distributes VPN information through MP-
(static, RIP, BGP, EIGRP, OSPF) BGP to other PE routers with VPNv4 • Switch packets based on labels
addresses, extended community, VPN (swap/pop) not IP
labels

• Push labels onto incoming IP packets

Closing Thoughts

• Break MPLS into smaller, more manageable chunks to accelerate learning

• Leverage current routing protocol knowledge learning PE-CE VRF routing
• MP-BGP and traditional IPv4 BGP configuration is very similar
• If routes are not present on CE routers check route-target import/export,
communities and redistribution between IPv4 VRF address-families under IGP
and BGP
• If routes are present but you are having problems with reachability, check MPLS
configuration
• Remember on PE devices you are living in a VRF world (Ping, Traceroute etc.)
• HAVE FUN !!!!! Remember, it’s a journey not a destination!
MPLS Management
MPLS Embedded Management
• MPLS management capabilities integrated into routers
• IETF standards based + vendor-specific value adds
• MPLS embedded management feature areas
– MPLS SNMP MIBs (Draft, RFC-based + vendor extensions)
– MPLS OAM (Draft, RFC-based + Vendor-specific automation)
– MPLS-aware Net Flow

• MPLS SNMP MIBs

– MPLS LSR, LDP, TE, FRR, and L3VPN MIB
– VRF-aware MIB support

• MPLS OAM
– LSP Ping, Trace, and Multipath (ECMP) Tree Trace
– IP SLA – LSP Health Monitor
LSP Ping

• Feature Functionality
– Enables detailed MPLS data path validation between PE
routers

• Benefits
– Finds MPLS-specific forwarding errors not detected
by regular IP ping operations
– Enables detailed MPLS forwarding trouble shooting not
available by other existing IP connectivity validations tools

• Key CLI Commands

– ping mpls { ipv4 destination-address destination-mask | pseudowire ipv4-address vc-
id vc-id | traffic-eng tunnel-interface tunnel-number }
LSP Trace
• Feature Functionality
– Enables hop-by-hop trouble shooting (fault isolation) along
PE-PE LSP path in MPLS network
• Benefits
– Finds MPLS-specific forwarding failures along PE-PE LSP
path, which can not be detected by regular IP traceroute
operations
• Key CLI Commands
– trace mpls {ipv4 destination-address destination-mask | traffic-
eng tunnel-interface tunnel-number}
LSP Multi-Path (ECMP) Trace
• Feature Functionality
– Enables discovery and hop-by-hop trouble shooting of all
available MPLS (LSP) paths between two PE routers
• Benefits
– Detailed discovery of all MPLS (LSP) paths between PE
routers which can not be detected by regular IP traceroute
operations
• Key CLI Commands
– trace mpls multipath ipv4 destination-address/destination-mask-length
IP SLA – LSP Health Monitor
• Feature Functionality
– Enables automation of LSP ping operation and generation/logging of SNMP
Traps after consecutive MPLS LSP connectivity failures have been detected

• Benefits
– Detailed control over LSP ping probe frequency (primary and secondary
frequency) and event control (e.g., Traps, logging) after MPLS LSP
connectivity failure has been detected
– Automated discovery of remote PE target routers via BGP VPN
next-hop discovery

• Key CLI Commands

– mpls discovery vpn next-hop
– auto ip sla mpls-lsp-monitor [operation-number]
– type echo | pathEcho
– show ip sla mpls-lsp-monitor configuration [operation-number]
– auto ip sla mpls-lsp-monitor schedule
Automated MPLS OAM

IP SLA

CE

IP SLA PE2

MPLS
Network
CE PE1

IP SLA
IP SLA
IP SLA agent
PE50
PE3
Automated LSP pings sent by PE1

Automated LSP pings sent by PE2

CE
Automated LSP pings sent by PE3