Today, we will examine MPLS and we will build simple MPLS network. MPLS means Multi Protocol Label Switching. It has several RFCs but I suggest you to read RFC3031 and RFC3032 to understand its architecture.You can use many applications with the aid of MPLS like layer 3 MPLS VPN which are used for many enterprise branches or Layer 2 VPNs like EVPN.
MPLS is an labeling mechanism that packets are labeled in interface which mpls feature is enabled. What is label? Label is simple tagging to packet and it has an header as soon as it enters mpls enabled interface. This header inserted between IP header and ethernet header of packet. Now first we see the MPLS header below. This header is 4 bytes and it occurs from 20 bits label field, 3 bits exp field for QoS, 1 bit stack field, 8 bits TTL field.
Now, we have basically learned that IP packets are labeled in MPLS topology. What is behavior of labeled packet in router? What a router does if see labeled packet? We will examine it by using two different scenario. Scenario 1 is simply communication of two different site. Scenario 2 is two branches of one customer in a VRF. We will use below topology for both scenarios.
Before configuration, we will give some definitions that you will encounter during MPLS study.
Label Switch Router ( LSR): This router pushes label to packet,pop label from packet and swap the label on packet.
Edge LSR: Edge routers of the MPLS network which handle both labeled and unlabeled packets.
Ingress E-LSR: This is edge router that pushes label onto unlabeled packets.
Egress E-LSR: This is edge router that pop label from labeled packets and forward them as unlabeled packets.
Label Switch Path (LSP): This is the path that labeled packets are forwarded. LSP is unidirectional path.
Now let’s continue with Scenario 1 which is communication of Istanbul and Ankara routers whose have 10.9.9.0/30 and 10.7.7.0/30 subnets.
When you look the topology you will see 4 routers whose name are PE and P routers. PE-1 router,which is left one, is facing to customer CE router. It receive unlabeled packets from CE router and push any free label to send P routers. P routers only know labels. They do not care IP headers. They will decide according to their labels forwarding tables.(LFIB). Their actions include push,swap and pop. Lastly, PE-2 router, which is righ one, is facing to customer CE router. It receive labeled packets from PE routers and send it to customer CE as unlabeled. Actually, forwarding mechanism is such simple. But, we should know which protocols are used to create label and forward them. There are most common label protocols. LDP and RSVP. Here will start with Label Distribution Protocol (LDP). LDP is simpler but RSVP has more features, like reservation of bandwidth,traffic engineering, fast re-route.
As we told, we will communicate Istanbul and Ankara router. I am experienced on Juniper and Cisco routers for MPLS but I will explain cisco here.In cisco, you should first enable “ip cef” if it disabled for creation of FIB. After that, we will configure “mpls ip” under interfaces which we want forwarding labeled packets.In our topology, between PE-P,P-P,P-PE routers interfaces have “mpls ip” command in order to label the packets. Now, any packets will be labeled as soon as passing through those interfaces. So, those routes creares their LIB and LFIB tables, which are label information base, label forwarding information base. All decisions will be made according those tables.
Now, remember that, if you enable mpls ip command under interfaces, this interfaces make enable LDP. This means that this interfaces will create label for each subnet which are in their route table. In Juniper, this is slightly different, you should enable protocol ldp and you configure interfaces under protocol LDP. Consider that, we will connect Ankara router to PE-2 router. As soon as we connect it, PE-2 router will have 10.7.7.0/30 subnet in its routing table. Then, PE-2 router will advertise this subnet assigned any free label of router to its LDP neighbours which P1-P2 routers. PE-2 will say ” hey my LDP neighbors, if you come to 10.7.7.0/30, please add lable 30″. After P routers receive this advertisement, P routers advertise this subnet to their LDP neighbors with free label in their label space. With this, all routers create their own LIB and LFIB.
For scenario 1, we will build simple eigrp 100 to advertise loopback address of routers and subnets. IGP is important for your network requirement. I chose here EIGRP. When we look PE-1 route table, we will see that we can reach 10.7.7.0/20 (Ankara) via two paths. Also, we have two labels for each interface for this subnet as below picture. Remember that our LSP is PE1-P1-PE2 for all scenarios. If fa1/0 interface of PE-1 or fa0/0 interfaces of PE-2 fail, traffic will continue through PE1-P2-PE2.
We will use “delay” command for route selection of EIGRP and traffic will go to fa1/0 in PE-1.Now, you can see that PE-1 router will add 16 label to reach 10.7.7.0/30 and forward it to fast ethernet 1/0. So, P-1 router 1 will receive this labeled packet.
Here example of PE-1 router when we ping toward 10.7.7.1. Clearly, you can see that MPLS header is inserted between ethernet and IP headers. Also, you will see that bottom of stack is 1 and label 21 is tagged to forward fa1/0 inserted as it is supposted to be.
Now, we will mention here penultimate hop popping. This hop is previous hop from last MPLS hop that pops the label instead of swap. This reduces in large network some process. Also, there is implicit null and explicit null concept in PHP routers. If PHP receives implicit null advertisement from last router, PHP router pops inteaf of swapping. If PHP receives explicit null, then label remains on the packet in order to apply Class of Service. In this example, P-1 is PHP and it receives implicit null for 10.7.7.0/30. So router pops and forwards the packet.
We have tried to explain MPLS labeling mechanism up to now. But MPLS has many applications in internet service providers network or large enterprise network. One of the most important is MPLS VPN. This is important because many large companies that have many branches use this technology and they connect their network via MPLS as if they are in LAN.How MPLS is used for this?
In our topology, there are two PCs in different sites. We aim to ping 10.3.3.100 from 10.4.4.100. MPLS VPN has some control plane protocols to carry the subnets of customer for each location. You know customer A has 10.3.3.0/24 and 10.4.4.0/24 subnets. But, Customer B can also have same subnets. So, Service provicer should be able to communicate this traffic not being mixed. To provide all of this, new concepts are involved our topology such that VRF, BGP,Redistribution, Bottom of Stack, Route Distinguisher and Route target. We will try to explain them via our topology below.
First, we will start configuring IGP between CE-PE routers to receive routes of customer into PE routers. But, PE routers create VRF for each customer. This is critical to prevent overlapping subnets of customer A and B. Here we simply provide customer A communication. In VRF, we configure route distinguisher and route target. Route distinguisher identifies the owner of route for each customer. It simply uses benefit of BGP by adding a number after as number. Any prefixes are advertised by adding RD and this is called VPN V4. RD can be written as ASN:ID or IP:ID and it is 8 bytes. Let’s continue step by step for configuration MPLS VPN.
- CE-PE routers will use communicate with /30 network. Respectively 10.11.11.0/30 and 10.10.10.0/30 for CE1-PE1 and CE2-PE2.
- Create VRF in PE-1 and PE-2 as CUSTOMER-A and assign the interfaces of CEs which are facing to PEs under those VRF. This subnets will be shown in vrf route table.
- Now we will use RD and RT. We have already mentioned about RD that provides which VRF has that route. RT provides exporting to remote sites correctly, importing from remote sites to local sites correctly per VRF. As you guess, when we distinguish the route, router should be able to know which vrf should get this route on remote sites. So, RT provide putting the routes correct VRFs.Remember, our RT and RD format is ASN:ID, ID can be random but equal for each sites. We will show the configuration below.
- Create EIGRP between CE-PE routers to receive routes from customer.EIGRP 250 will be left side and EIGRP 150 will be right side.
- Redistribute EIGRP routes to BGP in order to send remote sites and receive from remote sites.Here, MP-BGP involves between PE1-PE2 to advertisement by using RT. So, redistribution to BGP is important to use MP-BGP.
- Build IBGP between PE1-PE2 via loopbacks and check MPLS connectivity.
Here is configuration example for simple MPLS VPN. I only share left side of topology.
Here also you will see route table of PE1 and Customer routes are inserted in VRF A.
Lastly, we will ping 10.3.3.100 from 10.4.4.100 and show the labeled packet. Packet has two labels that inner and outer. Inner label has bottom of stack bit as 1, outer label has bottom of stack bit as 0. So, as soon as PE-1 forwards two labeled packet, P1 receives and understand that there are two labels and behaves according its LFIB by popping. Then, P1 forwards it to PE2 with S-bit 1 and PE2 pops the label and sends it to VRF-A. Packet capture is below.
I hope this post will help you to understand fundementals of labeling mechanism in core network. There is another label protocol also that is RSVP to provide traffic engineering in large network. It is a little more complex.