MPLS VPN Topic Notes

 MPLS Overview Summary

 

Function/Feature	Description
Protocol Type	Distance Vector Label Switching
RFC / Proprietary	RFC3306
Best path selection	Relies on IGP to calculate best path
Transport protocol	UDP/646 for Phase 1TCP 646 for Phase 2
Label Distribution Hello interval
Update destination
Update interval
Full of partial updates
Triggered updates
Authentication

 

• Not a routing protocol
  • Assigns labels to prefixes redistributed with an IGP
  • Labels are locally significant only to that device
• Requires IP CEF for MPLS to work
• Creates MPLS VPN tunnel between PE routers to forward packets
  • Known as Label Switched Path (LSP)

 

• Unified MPLS
  • Provides scaling for multi-area OSPF
  • Also know as Seamless MPLS
  • More information from Cisco’s website here

 

MPLS Device Roles

 

Device Role	Device Abbreviation	Description
Customer Edge Device	CE	Doesn't know about MPLS Runs normal routing processes and protocols Last hop in customer network before connecting to carrier
Provider Edge Device	PE	Label Edge Router Last hop in carrier network before connecting to customer Performs routing to the customer and label switching internally to the carrier network Performs Label imposition / deposition VRF Aware Requires end to end connectivity between PEs (Label Switched Path) PE to PE need to peer (MP-BGP) on Loopback addresses Creates Label Switching Paths towards carrier network
Provider Device	P	Label Switching RouterCore devices in carriers network Performs label Swap function Switches packets based on MPLS labels Creates Label Switched Paths

 

 

[_/su_spoiler]

MPLS Packet Format

 

• 4 Byte header added with MPLS label
• 8 Byte header added when using MP-BGP VPNv4 MPLS
  • 4 Bytes for customer MPLS label
  • 4 bytes for VPN transport label

 

 

 

Length (bits)	Field	Details
20	Label value	Identifies label number attached to packet
3	EXP (Experimental)	QoS (CoS) marking field
1	S (Bottom-of-Stack)	When packets hold multiple MPLS headers, this bit indicates if this is the last label in the stack assigned to a packet
8	TTL (Time-to-Live)	Used for same purpose as IPv4 TTL value

 

[_/su_spoiler]

Label Information Base (LIB)

• Equivalent to the IP Routing Table for MPLS
• Keeps a record of all prefixes and their label bindings
  • Both local labels and remote labels for directly connected neighbors
• Command:
  • #show mpls label binding

 

[__/su_spoiler]

Label Forwarding Information Base (LFIB)

• Equivalent to the CEF Table
• Used to make forwarding decisions to prefixes based on label tags
• Command:
  • #show mpls forwarding-table

 

• Label descriptions:
  • Unlabelled
    • Indicates misconfiguration of MPLS
  • POP Label
    • Implicit NULL Label
    • Neighbors directly connected
    • Penultimate-Hop-Popping (PHP) process

 

[__/su_spoiler]

[_/su_spoiler]

MPLS TTL

• MPLS TTL value decremented by each LSR the packet passes through
• LSRs (Label Switching Routers) ignore the IP header
  • IP TTL not decremented when passing through MPLS network
• Final MPLS edge router synchronises the IP header with the MPLS header

 

 

 

• Provider devices can be configured to disable TTL propagation
• This makes the entire MPLS network appear as a single hop keeping original TTL value
• By default TTL propagation is enabled
• Command to manually disable:
  • (config)#no mpls ip propagate-ttl

 

[_/su_spoiler]

MPLS Label Distribution

• Used to match prefixes to local labels and advertise to neighbors

 

• Labels are advertised using
  • Label Distribution Protocol (LDP)
    • Advertises labels for IGP learned routes
    • Must be learned through IGP before can advertise labels
  • Tag Distribution Protocol (TDP)
    • Cisco proprietary legacy method
  • MP-BGP (Multi-Protocol BGP)
    • Advertises labels for BGP learned routes
  • RSVP
    • Used for MPLS Traffic Engineering

 

Label Distribution Protocol

• Ubiquitous method of MPLS label distribution
• Requires CEF for MPLS to work
• Can be enabled globally or on a per interface basis (could cause routing issues)
  • Command:
    • (config)#mpls ip
    • (config-if)#mpls ip

 

 

LDP Messages

• Phase 1
  • LDP uses Hello protocol to discover neighbors
  • Multicast address 224.0.0.2 (All routers)
  • Protocol UDP port 646
  • Payload includes:
    • Local Router ID
    • LDP Session Transport ID
    • Hello and Hold timer values
      • 5 seconds default Hello
      • 15 seconds default Hold time
    • Authentication (MD5)
    • All IP prefixes from the Global Routing Table (GRT)

 

• Hold timer can be configured manually
  • Hello timer will automatically adjust to three times less than Hold time
  • Command:
    • (config)#mpls ldp holdtime <interval>

 

• Phase 2
  • LDP Transport session once Phase 1 complete
  • Unicast over TCP 646
  • Uses Router IDs to create transport session
  • Sends Label to Prefix mappings

 

 

Only Transport session uses authentication through TCP session

Configured on a per neighbor basis

Command

mpls ldp neighbor <peer ip> password <password>

Requires a restart to the neighbor adjacency

clear mpls ldp neighbor *

 

If not password set for a specific neighbor can use a global fallback password for neighbors that require is

mpls ldp password fallback <password>

 

Can force LDP neighbors to establish authenticated adjacency

Local device will not bring up any unauthenticated adjacencies

mpls ldp password required

 

show mpls ldp neighbor <peer> detail

 

To change router id on MPLS router

mpls ldp router-id <interface> force

 

 

 

 

 

[___/su_spoiler]

LDP Addresses

• LDP Router-ID
  • Used by default as the transport address
  • Same decision process as OSPF Router-ID:
    • Manually Set
      • Command:
        • (config)#mpls ldp router-id [vrf <vrf-name>] <IF>
    • Highest IP address on any non-shutdown Loopback interface
    • Highest IP address on any non-shutdown non-Loopback interface

 

• Transport Session ID
  • LDP packets are sourced from transport address
    • Avoids a possible break in the chain if a specific interface went down, and address was tied to interface
  • Peers must have reachability to this address
  • Can be configured manually per interface
    • Command
      • (config-if)#mpls ldp discovery-address <IP address | interface <IF>>
  • Must be a /32 prefix to use as tunnel endpoint otherwise forwarding will not work
    • Can not label switch to a non /32 destination

 

[___/su_spoiler]

LDP Label Distribution Process

• Forwarding Equivalency Class (FEC)
  • Association between Prefixes and Labels
  • Groups of IP packets with the same characteristics that can be forwarded in the same way
• Labels are dynamically chosen by each local LSR
  • Can be configured to use a specific range manually
    • Command:
      • (config)#mpls label range <16-1048575>

 

• Label distribution methods:
  • Unsolicited Downstream
    • Implicitly sending all labels to devices without being asked
  • Downstream on Demand
    • Send only explicitly requested labels
  • Cisco default is to advertise for all RIB prefixes

 

 

 

• Label Distribution Process:
  • 1. IGP update flooded throughout MPLS domain
  • 2 LSR PE2 receives new prefix in RIB and allocates local label 8 to the new learned prefix, after checking that label 8 isn't being used, and advertises IP prefix and label mapping to local neighbors through LDP.
  • 3. LSR P1 receives LDP advertisement and installs in MFIB.  Assigns local label 15 to new prefix and advertises the IP Prefix and label mapping to all local LDP neighbors through LDP.
  • 4. LSR P2 receives LDP advertisement and installs in MFIB.  Assigns local label 31 to new prefix and advertises the IP Prefix and label mapping to all local LDP neighbors through LDP.
  • 5. LSR PE1 receives LDP advertisement and installs in MFIB.  Assigns local label 45 to new prefix and advertises the IP Prefix and label mapping to all local LDP neighbors through LDP.

 

• Process repeats for adjacent LDP neighbor until flooded throughout MPLS domain

 

• MPLS scales along with IGP table
•  If MPLS is broken, it stops IGP from using the interface
  • Sets metric to max value

 

[___/su_spoiler]

LDP Label Filtering

• By default LDP advertises labels for every prefix in the local RIB
• Can use filtering to only generate and advertise labels for LDP prefixes
• Use standard Access-Lists to identify local prefixes to generate labels for
  • Command:
    • (config)#access-list 10 permit x.x.x.x x.x.x.x
• Limit the labels advertised to only prefixes specified in access list
  • Disable advertising all labels
    • Command:
      • (config)#no mpls ldp advertise-labels
  • Advertise labels only for access list 10
    • Command:
      • (config)#mpls ldp advertise-labels for 10

 

[___/su_spoiler]

 

• Can set authentication of LDP neighbors
  • Requires  TCP option 19 for authentication of LDP sessions
• Command:
  • (config)#mpls ldp neighbor <neighbor IP> password <password>

 

 

[___/su_spoiler]

LDP Configuration

• Decide on IGP to run alongside MPLS
• Enable LDP
  • IGP global process:
    • Command:
      • (config)#router <ospf | eigrp> <#>
      • (config-router)#mpls ldp autoconfig
      • (config-router)#mpls ldp sync
  • Interface level:
    • Command:
      • (config-if)#mpls ip

 

• Specify MPLS label distribution protocol
  • Command:
    • (config)#mpls label protocol ldp

 

• Can manually disable Penultimate Hop Popping
  • Keeps the QoS marking between each CE
• Command:
  • (config)#mpls label explicit-null

 

• LDP can be configured statically
  • Same inherent issues as static routes
    • Doesn't scale
    • Performed on a hop-by-hop basis
  • Commands:
    • (config)#mpls label range <min label> <max label> static <lower static> <upper static>
    • (config)#mpls static binding ipv4 <prefix> <prefix-mask> input <label>
    • (config)#mpls static binding ipv4 <prefix> <prefix-mask> output <destination next-hop> <label value | explicit-null | implicit-null>
      • Explicit-null turns off Penultimate Hop Popping (PHP)

 

[___/su_spoiler]

[__/su_spoiler]

[_/su_spoiler]

Virtual Routing and Forwarding (VRF)

• Standalone feature that can be used with MPLS
• Creates a virtual instance of the Routing Table
  • Interfaces assigned to a specific VRF
  • Interfaces not assigned to a VRF are in default or global routing table
  • Can have overlapping addresses in different VRFs
  • VRFs can't talk to each other unless explicitly instructed to
• Each VRF has a FIB, that assigns prefixes from the VRF RIB to

 

• Routing options available in a VRF
  • Static
  • Dymanic
    • RIP
    • EIGRP
    • OSPF
    • IS-IS
    • MP-BGP
  • Policy Routing

 

VRF Configuration

• Create VRF
  • IPv4 only:
    • Legacy
    • (config)#ip vrf <vrf-name>
  • IPv4 and IPv6:
    • Preferred method
    • (config)#vrf definition <vrf name>

 

• Apply VRF to interfaces
  • Removes IP address from interface
  • Legacy method
    • (config-if)#ip vrf forwarding <vrf-name>
  • Preferred method
    • (config-if)#vrf forwarding <vrf-name>

 

• Can upgrade CLI from old method to new method
  • Command:
    • #vrf upgrade-cli multi-af-mode

 

[__/su_spoiler]

VRF Troubleshooting

• #show ip route vrf <vrf-name> <prefix>
• #show ipv6 route vrf <vrf-name> <prefix>
• #ping ip vrf <vrf-name> <IP address>
• #traceroute vrf <vrf-name> <IP address>
• #show ip vrf [detail] - Can check if the prefix imported/exported to the vrf instance

 

[__/su_spoiler]

[_/su_spoiler]

MPLS Layer 3 VPNs

 

 

 

•  Only PE routers need to know customer routes
  • Uses VPNv4 BGP
    • BGP with VRF
• Only P routers need to know how to get to BGP next-hop
  • Allows a BGP-free core

 

• Process steps:
  • Establish a LSP (Label Switched Path) between PE routers
    • IGP and LDP domain
    • LSPs are unidirectional
  • Exchange routes with customer
    • CE to PE eBGP or IGP
  • Exchange customer routes with PE devices
    • iBGP + MPLS VPN label
  • Label switch between PE routers
    • Data follows IGP + LDP transport label

 

Route Distinguisher (RD)

• Allows BGP to distinguish between duplicate IPv4 prefixes
• Makes a prefix globally unique
• A prefix can only have a single RD
• Allows different customers to have the same IPv4 address space over the same MPLS core
  • Example:
    • Customer A
      • Prefix 192.168.0.0/24
      • RD 111:111
      • Globally unique prefix becomes 111:111:192.168.0.0/24
    • Customer B
      • Prefix 192.168.0.0/24
      • RD 222:222
      • Globally unique prefix becomes 222:222:192.168.0.0/24

 

• 8 Bytes of information
  • First 2 bytes determine which of the 3 formats the RD is using
    • automatically entered by the OS
  • Last 6 bytes are the RD value
  • Format:
    • 2 byte integer:4 byte integer
    • 4 byte integer:2 byte integer
    • 4 byte dotted decimal:2 byte integer
    • First value should be ASN or IPv4 address

 

• Uses BGP Extended Communities to carry Route Distinguisher (RD) prefix information
  • Commands:
    • (config)#router bgp <asn>
    • (config-router)#address-family vpnv4
    • (config-router-af)#neighbor <neighbor IP> send-community extended
• RD is configured under the VRF template
  • Commands:
    • (config)#vrf definition VRF-A
    • (config-vrf)#rd <asn:nn>

 

[__/su_spoiler]

Route Target (RT)

• Controls prefix's VPN membership
  • Determines what VRF the PE device places iBGP learned routes
  • VPNv4 speakers only accept VPNv4 routes with a Route-Target matching local VRF
• Can be multiple Route Targets (RT) per VPNv4 route
• 8 byte field
  • Format similar to RD
    • ASN:nn or IP-Address:nn

 

 

 

• Process:
  • 1: Prefix forwarded from each Customer's CE to PE arriving on different VRF interfaces
  • 2: The VRF adds the RD to the NLRI to make the route Globally unique. The VRF adds the RT to the prefix/BGP table
  • 3: VRF redistributes the prefix(s) into the BGP process
  • 4: iBGP between the 2 PE devices
  • 5: BGP compares the RD values of learned prefixes to determine which VRF each prefix belongs. Compares the prefix RT values to the configured import values on each VRF to determine what to import to the VRF
  • 6: Imported prefixes are passed from PE out the respective VRF interface to Customer's CE device.

 

• Export route-target
  • Exports prefixes from a VRF into BGP
  • Similar to redistributing from VRF into BGP
• Import route-target
  • Imports prefixes to a VRF from BGP
  • Similar to redistributing from BGP into VRF

 

• Uses BGP extended community path attributes to control what enters or exits the VRF table
  • Commands:
    • (config)#router bgp <asn>
    • (config-router)#address-family vpnv4
    • (config-router-af)#neighbor <neighbor IP> send-community extended

 

• RT is configured under the VRF template
  • Commands:
    • (config)#vrf definition VRF-A
    • (config-vrf)#route-target import <asn:nn>
    • (config-vrf)#route-target export <asn:nn>
    • (config-vrf)#route-target both <asn:nn>

 

[__/su_spoiler]

Transport and VPN Label

• MPLS L3 VPN label require at least 2 labels to deliver traffic
  • Can be more with MPLS-TE or FRR (Fast Re-Route)

 

 

 

• Transport MPLS Label
  • Tells LSRs which PE router traffic is destined to
  • LDP Label
    • Applied on hop-by-hop basis through LDP domain
  • Sometimes called IGP label
• VPN MPLS Label
  • Tells PE router which CE traffic is destine to
  • VRF/VPNv4 Label
    • Stays static from PE to PE device

 

[__/su_spoiler]

Multiprotocol BGP (MP-BGP)

• Method PE routers use to exchange VRF information
• MP-BGP is BGP + VRF

 

• VPNv4 NLRI attributes include
  • 8 Byte Route Distinguisher (RD)
    • Unique per VPN or VPN per site
    • ASN:nn or IP-Address:nn
  • IPv4 prefix and length
  • Next-hop
  • MPLS VPN label
• Other BGP attributes stay the same

 

[__/su_spoiler]

IPv6 over MPLS

• Tunnels IPv6 traffic over IPv4 MPLS core
• Same configuration and structure as MPLS for IPv4
• LDPv6 doesn't yet exist

 

• Implements 2 names of devices
  • 6PE
    • IPv6 Provider Edge Router
    • Tunnels traffic in GLOBAL IPv6 table over MPLS core
      • No VRFs, therefore only single instance or customer allowed
    • Creates IPv6 BGP PE-to-CE peer in GLOBAL table
    • BGP + LDP Labels peer from PE-to-PE in global
      • Need to send labels to each peer
      • Command
        • (config-router)#address-family ipv6 unicast
        • (config-router-af)#neighbor <neighbor ip> send-label
    • Core traffic follows IPv4 LSP
  • 6VPE
    • IPv6 VPN Provider Edge Router
    • Tunnels traffic from different VRFs over MPLS core
      • Uses VRFs to separate customers traffic
      • Similar to MPLS L3 VPN
    • IPv6 BGP PE-to-CE peer in VRF on PE
    • VPNv6 BGP PE-to-PE peer
      • Next hop becomes IPv4 encoded address ::FFFF:<ipv4 address>
        • Change with route-map
    • Core traffic follows IPv4 LSP

 

[__/su_spoiler]

[_/su_spoiler]

MPLS CE to PE RIPv2 Routing

 

• CE routing
  • Enable as normal on CE equipment
• PE routing
  • Configure the VRF under the RIP global process address-family.
  • Commands:
    • (config)#router rip
    • (config-router)#address-family ipv4 vrf <vrf name>
  • All RIP configuration goes under the RIP AF VRF process
  • Redistribute BGP into RIP and carry the metric through from other peer
    • Copies RIP metric into BGP MED, and takes metric from BGP MED and uses as seed metric
      • Used if there is a backdoor route that doesn't go over the MPLS network between the 2 CE routers
        • Common use case where MPLS isn't primary circuit, using Internet as a bearer
    • Command:
      • (config-router-af)#redistribute bgp <ASN> metric transparent

 

 

[_/su_spoiler]

MPLS CE to PE EIGRP Routing

• CE routing
  • Enable as normal on CE equipment
• PE routing
  • Configure the VRF under the address-family attached with the AS number
  • Commands:
    • (config)#router eigrp <AS>
    • (config-router)#address-family ipv4 vrf <vrf-name> autonomous-system <ASN>*
  • *The ASN number on the Address Family doesn't need to match the EIGRP process ASN
  • Same configuration in EIGRP Classic mode or Named mode
  • Sends the metrics for EIGRP prefixes in the BGP Extended Community attribute as separate communities for each EIGRP vector
    • Displayed as 0x8800, 0x8801, 0x88802, 0x8803, 0x8806, etc
    • Allows you to run the Feasibility Condition on prefixes learned over the MPLS network

 

 

 

 

EIGRP Site of Origin

• Legacy Loop prevention mechanism (along with VPN Extended Communities)
  • Replaced by EIGRP Cost Community
• EIGRP SoO is use to prevent transient loops in the network if there are "backdoor" links or multi-homed connections
• Caused by mutual redistribution between BGP sites
  • Normally resolved by using tagging on prefixes from original protocol and preventing them, based on tag, from re-redistributing back into the original protocol
• EIGRP SoO uses Extended Communities for BGP and EIGRP (TLV allows additional information) to carry the extra prefix information
  • If the update received has the same SoO as what is being set, it is dropped

 

 

 

 

• Process In the example above:
  • PE1 redistributed a prefix into MP-BGP and sends to PE2 with the SoO set to 100:2
  • PE2 will receive prefix and send to CE2
  • CE2 will send to CE1
  • CE1 will stop the process by using SoO filtering so the prefix will never be sent back to PE1

 

• Configuration:
• Create a route-map setting the extended community SoO to the VPN RD
  • Command:
    • (config)#route-map <route-map-name> permit 10
    • (config-route-map)#set extcommunity soo <ASN:NN>
• Applied on the PE LSR interface facing the CE LSR
  • Command:
    • (config-if)#ip vrf sitemap <route-map-name>

 

[__/su_spoiler]

[_/su_spoiler]

MPLS CE to PE OSPF Routing

• RFC4577 - Section 4.2.5 - Loop Prevention
  • Uses method similar to route tagging
  • The DN (Down) bit
    • If router receives Summary LSA with DN bit set in header, it will drop the LSA
    • Used for Multi-Homed sites
    • Could cause issue if CE router has VRFs configured
      • To disable the loop-prevention mechanism use the vrf-lite command
      • Command:
        • (config-router)#capability vrf-lite

 

• CE routing
  • Same configuration on CE equipment
  • Redistributed OSPF prefixes between CE routers will be Inter-Area LSAs even if same area each end of MPLS link
• PE routing
  • Create OSPF session that is different from the LDP config
    • MPLS domain know as "SuperBackbone" to OSPF
    • PE becomes ABR to re-inject Type 3 routes between CE devices
    • "Superbackbone" sits above Area 0
    • MPLS doesn't have area configured to it, hence treated in heirarchy above area 0
    • Area 0 has to be connected to MPLS SuperBackbone. Other area connections are not supported
      • Option 1: Run OSPF Area 0 with the provider
      • Option 2: Run entire site as a non-transit area
    • Running BGP between the PE to CE. OSPF on each side of the MPLS will then count as separate instances/domains
  • PE to PE prefix redistribution becomes inter-area (IA) routes
  • PE devices become ABRs
  • OSPF attributes carried in the BGP extended community:
    • OSPF Domain Identifier
      • Generally tied to the Process ID of OSPF
        • Differentiate between OSPF instances each side of the MPLS network
          • If same number, OSPF sees as Type 3 LSA - Inter-area route
          • If different number, OSPF sees as Type 5 LSA - External route
        • Can be configured manually if using different process numbers each side of MPLS network
          • Command:
            • (config-router)#domain-id <domain-id>
      • To verify Domain ID used for OSPF:
        • Command of PE router:
          • #show ip ospf <process id>
        • Displayed as Hex value of process number.
    • OSPF Route Type
      • Displayed as OSPF RT: X.X.X.X:Y:Z
        • X = Area of the route
        • Y = Route type
          • 2 = Intra-area (LSA Type 1 and 2)
          • 3 = Inter-area (LSA Type 3)
          • 5 = External (LSA Type 5)
          • 7 = NSSA (LSA Type 7)
        • Z = Metric Type if Y=5 or 7
          • 0 = E1/N1
          • 1 = E2/N2
    • OSPF Router ID
      • OSPF originator of the prefix

 

 

 

 

MPLS OSPF PE Routing Design Options

• MPLS OSPF PE Routing Design Option 1:

 

 

• MPLS OSPF PE Routing Design Option 2:

 

 

• MPLS OSPF PE Routing Design Option 3:

 

 

[__/su_spoiler]

OSPF Sham Links

• PE to PE Virtual link over MPLS network
• Used if there is a "backdoor" connection between CE routers
  • OPSF will always prefer "backdoor" path due to LSA type preference, even if lower bandwidth
    • OSPF through MPLS is Inter-Area by default
    • Backdoor link will be Intra-Area
• Creates an OSPF tunnel between PE routers over Customer OSPF Area number
  • No longer need to re-distribute BGP VPNv4 to OSPF as OSPF runs end-to-end
    • OSPF route still need to be redistributed as need to have MPLS labels assigned
  • Used to prefer MPLS core rather than "backdoor" links
  • Similar to OSPF Virtual Links but over MPLS SuperBackbone
  • Sham link has a default cost of 1
    • Can be manually configured
      • Command:
        • (config-router)#area <area> sham-link <sham-link-source> <sham-link-destination> cost <cost>
• CE equipment has no visibility of sham-link
• Disadvantage is if one site recalculates OSPF, the other site would also recalculate

 

 

 

 

• Configuration
  • On PE create a new loopback and put in customer VRF
  • Advertise new loopback address into VPNv4 BGP
  • Customer shouldn't see sham link endpoints
    • Use route-map to prevent redistribution into customer network
    • Can cause transient routing-loop
  • Command:
    • (config-router)#area <area-id> sham-link <sham-link-source-ip> <sham-link-destination-ip>

 

• Loop prevention for Sham-links
  • The Downward-Bit (DN)
  • Displayed under LSA information as Options field
    • Command:
      • #show ip ospf database network <link id>
  • When LSA Type 3 LSA sent from PE to CE, the DN bit must be set in the header.
    • If CE sends LSA to a PE router, the PE router will not redistribute further
    • If DN bit set, don't set the routing-bit (P) and ignore the LSA in path selection
  • Only displays if running the VRF process
  • Can disable this behaviour but will cause a loop
    • Gives ability to set routing bit (P)on LSA
  • Command under OSPF process
    • (config-router)#capability vrf-lite

 

[__/su_spoiler]

[_/su_spoiler]

MPLS CE to PE BGP Routing

• BGP only required for EGP from CE to PE
  • CE to internal customer network can be any IGP
    • IGP doesn't have to match at each site
• Loop Prevention mechanism of eBGP:
  • Don't allow NLRI with own AS number in path
    • Can be changed with Allow AS in on each CE device
    • Command:
      • (config-router)#neighbor <neighbor IP> allowas-in <1-10 number of times AS in path>
  • Need to implement a different loop prevention mechanism
  • Becomes an issue when multihoming to the same provider
  • Can be resolved with BGP Site of Origin (SOO)

 

BGP Site of Origin

• Performs similar function to redistribution filtering with tagged prefixes and route-maps
• Uses Tags to identify prefixes automatically
  • CE -> PE tag prefixes with 1:1
  • PE -> PE pass prefixes
  • PE -> CE if tags match dont redistribute to CE
• Carried in updates as a BGP extended community.
• SOO configured on PE devices in inbound direction
• Can be configured via the following 3 methods:
  • Under the neighbor configuration
    • (config-router)#neighbor <neighbor IP> soo <asn:id>
  • Template assigned to neighbor
    • (config-router)#template peer-policy <template-name>
    • (config-router)#soo <asn:id>
    • (config-router)#neighbor <neighbor ip> inherit peer-policy <template-name>
  • Route-map assigned to neighbor on inbound direction
    • Allows SoO tagging on a per-prefix basis
    • (config-route-map)#match ip address <acl>
    • (config-route-map)#set extcommunity soo <asn:nn>
    • (config-router)#neighbor <neighbor IP> route-map <route-map-name> in

 

• Can also ask provider to modify AS number so isn't the same number when reaches a different site
• Uses AS-override to modify the AS number in the outbound direction with the providers own AS number
  • Command:
    • (config-router)#neighbor <neighbor IP> as-override

 

[__/su_spoiler]

BGP Multipath

• Not enabled for BGP by default
  • Enabled by default for IGPs
• All prefix attributes need to be the same to install multiple paths
  • RD makes a route unique when advertised into the VPNv4 table
  • RT makes a decision whether to import it to VRF table
• Configured under the VPNv4 address family of PE
  • Command:
    • (config-router-af)#maximum-paths eibgp <1-32>

 

• VPNv4 Route Reflector
  • Configuration done on neighbor under the AFI (Address Family Interface)
  • Breaks the multipath capability
  • BGP process groups prefixes with Route Distinguisher in BGP Table
  • If different RD's on each PE
    • RR will calculate individual best path selection based on RD:Prefix/Len for each node
    • If you want to do BGP multi-pathing with RR, have to use separate RD per PE

 

[__/su_spoiler]

[_/su_spoiler]

MPLS Troubleshooting Commands

• #show mpls ldp neighbor – check if adjacency has formed
• #show mpls label binding – Displays LRIB Table, equivalent to Routing Table
• #show mpls forwarding – Displays LFIB Table, equivalent to Forwarding Table
• #show mpls interfaces – shows if mpls enabled on interface
• #show mpls ldp igp sync – displays if sync achieved on interface
• #debug mpls ldp transport events – Troubleshoot adjacencies
• #show bgp vpnv4 unicast all summary
• #show bgp vpnv4 unicast all neighbor advertised-routes – VPNv4 routes being sent/received
• #show bgp vpnv4 unicast all – VPNv4 routes being sent/received

• #debug bgp vpnv4 unicast updates
• #debug bgp vpnv4 unicast updates – confirm extended communities are being sent and received

 

• Troubleshooting Routing
  • #show ip rip vrf <vrf-name> database