Thursday, 19 April 2012
Saturday, 14 April 2012
Packet traveling through an MPLS VPN
It illustrates how labels are applied to a packet traveling through an MPLS VPN. At the ingress PE router, two labels are pushed onto a packet. First, a VPN label is applied that will determine which egress PE receives the packet. Then, another label is pushed on top of that label that determines which P router will be the next-hop in the normal MPLS labeled switch path (LSP). This top label is changed through each P router it passes through in the LSP and is finally popped by the router that is penultimate to the egress PE. With only the VPN label left, the packet is passed on to the egress PE router, the label is popped off and the packet is then routed via IP to the appropriate CE router. Any P routers that exist in the LSP (labeled switch path) should have no knowledge of the customer routes/VPN labels that are ‘tunneling’ through them between PE devices. This is important to understand because should some misconfiguration occur and a P router receives a labeled packet destined for a customer VPN, it won’t have any idea what do with it, and therefore it will be dropped.
BGP comes into play as the protocol used to exchange routes within a VPN. referred to as MP-BGP (Multiprotocol BGP)
The routes carried within MP-BGP are known as VPNv4 routes. As you’ll see, IPv4, VPNv4, IPv6, etc. are all referred to by BGP as address families. This is how BGP can distinguish what type of routes it’s seeing
These VPNv4 routes are essentially IPv4 routes, but with a value known as a Route Distinguisher (RD) tacked on to the front. The typical format of an RD is ASN:nn . The RD value is used to designate which Virtual Routing and Forwarding Instance (VRF) that an IPv4 route belongs to . Once a VPNv4 route is received by a participating PE, the RD is stripped and the original IPv4 route is placed into the VRF routing table.
the Route Target (RT). Why do we need another value, you ask, if we can already use the RD to distinguish between VPN customers? Well, the RT comes in handy when you want to create an extranet between VPN customers. The RT is a ‘tag’ value that designates which VPNv4 routes to import and export.if two customers want to access each other’s networks, they will both need to import the RT exported by the other customer.
Tuesday, 10 April 2012
WHAT ARE MPLS BENEFITS
MPLS BENEFITS:
1) faster switching than IP as IP Forwarding is based on IP routing table search each address is 4 octets length and can cause some time to calculate.
2) Core free from BGP as the MPLS is based on label switching there is no need any more for core routers to participate in the BGP network and only Edge routers need to be BGP aware. This is a huge memory and utilization saving.
3) MPLS TE Traffic Engineering is one of the major benefits as it is allowing you to have better path selections and load balancing.
4) MPLS VPN is another major benefit as it is reducing manageability and introducing simplicity to the client. before if the client wanted to create a VPN for his offices network he needed to either create tunnels between all his offices creating a lot of configuration and complex design
What is the MPLS Label and how is it used?
The MPLS label is a fixed 4 byte identifier added to the packet by the ingress router between the data-link layer (Layer2) and the network layer (Layer3) and is used by all middle routers to switch the packet to its destination without the need for any routing table (Layer3) look-ups. MPLS is considered a layer 2.5technology and the MPLS header is called the shim header.
Simply MPLS inserts a 32-bit Label field between the layer 2 frame header and layer 3 packet headers (frame Mode) for this reason it is considered layer 2.5 technology.
MPLS Label Structure
- Label: label value, 20 bits.
- EXP: Experimental bits, Name are currently changed to Traffic class, 3 bits.
- S: bottom of stack, 1 bit.
- TTL: Time to live, 8 bits.
Monday, 9 April 2012
HOW MPLS WORKS
MPLS uses the concept of Forwarding Equivalence Class (FEC). The FEC is of a set of packets forwarded in the same manner by the label switching routers (LSR). Each router assigns a label to a FEC and distributes this label to other routers using label distribution protocols forming label switched paths or LSPs.
When a packet is received by the ingress router it determines the next hop and inserts one or more labels to the packet . Then the labeled packets are passed to the next-hop router (downstream). When the packets reach the downstream router, the top most label is examined and used as a unique identifier to look into the label forwarding table to determine the next hop and label operation to be performed on each MPLS packet.
Finally the packet reaches the egress router, the label is removed and the packet is forwarded using an IP lookup or another label based on the MPLS application used.
As you can see the provider routers do not need to examine layer 3 information of the traversed packets, allowing for protocol independent packet forwarding.
When a packet is received by the ingress router it determines the next hop and inserts one or more labels to the packet . Then the labeled packets are passed to the next-hop router (downstream). When the packets reach the downstream router, the top most label is examined and used as a unique identifier to look into the label forwarding table to determine the next hop and label operation to be performed on each MPLS packet.
Finally the packet reaches the egress router, the label is removed and the packet is forwarded using an IP lookup or another label based on the MPLS application used.
As you can see the provider routers do not need to examine layer 3 information of the traversed packets, allowing for protocol independent packet forwarding.
- R1 advertises prefix 10.10.10.0/24 to the network using any IGP.
- Routing information about the subnet flows away from R1.
- An IP packet enters R4 (LER) with a destination of 10.10.10.0/24.
- R4 looks in its label forwarding information base, determines the next hop (R3) and pushes the label assigned by R3 (L4) for this FEC.
- R3 receives labeled packet from R4 with a label L4. R3 examines the LFIB and swaps L3 label to L2.
- R2 receives the MPLS packet, looks up the LFIB and pops the label (penultimate hop popping) before sending the packet to R1 as an IP packet.
- R1 forward the packet to its destination based on IP header information.
Is LDP required for VPNv4 & IPv4 Labels
In case of layer 3 VPN, two labels are normally carried by packet. But the differentiation between the labels is ipv4 and vpnv4.
Ipv4 label is used for IGP and vpnv4 label is used for customer route.
Normally a question comes in mind, “Is LDP responsible for both the labels”.
The answer is no because LDP is only responsible for the top most label is IGP label and MP-iBGP is responsible for vpnv4 label which is present under beneath of IGP label.
Even if the core network is not running LDP, but MP-iBGP is enabled from PE to PE, we can easily see the vpnv4 labels exchange. But the problem is that traffic forwarding will not happen because the core network doesn’t understand the labels.
Ipv4 label is used for IGP and vpnv4 label is used for customer route.
Normally a question comes in mind, “Is LDP responsible for both the labels”.
The answer is no because LDP is only responsible for the top most label is IGP label and MP-iBGP is responsible for vpnv4 label which is present under beneath of IGP label.
Even if the core network is not running LDP, but MP-iBGP is enabled from PE to PE, we can easily see the vpnv4 labels exchange. But the problem is that traffic forwarding will not happen because the core network doesn’t understand the labels.
LDP SESSION PROTECTION
ISP wants to protect their LDP sessions with a password. The LDP sessions do not have to be reset. They will use the MD5 protection as soons as it it configured.
mpls ldp neighbor x.x.x.x password *****
mpls ldp neighbor x.x.x.x password *****
MPLS VPN with BGP Customers
ISP does not want their P routers showing up in the customers trace routes
use this cmd:
" no mpls ip propagate-ttl forwarded"
so that the Customer cannot see the Provided router IP
use this cmd:
" no mpls ip propagate-ttl forwarded"
so that the Customer cannot see the Provided router IP
Subscribe to:
Posts (Atom)