Skip to main content

MPLS - Key concepts

 MPLS Overview

MPLS (Multiprotocol Label Switching) is a transport technology that efficiently forwards packets using labels rather than traditional IP-based routing. MPLS is integral to modern VPNs and service provider networks, enabling more efficient routing and scalability.

MPLS VPNs

MPLS VPNs use PE (Provider Edge) routers to manage customer routes and VRFs (Virtual Routing and Forwarding) to store customer routing tables. Each customer’s routes are isolated in separate VRFs to handle overlapping IP prefixes.

  • PE routers exchange routes with CE (Customer Edge) routers using external protocols like BGP, RIP, OSPF, or EIGRP.
  • Label Stack: MPLS packets carry two labels:
    • Outer label directs the packet to the egress PE.
    • Inner label directs the packet to the correct VRF.

Technical Tip: Use the mpls ip command to enable MPLS label forwarding on interfaces.

VPN Types

MPLS VPN supports several types of VPNs:

  1. Remote Access VPN: Connects a single endpoint to a remote network.
  2. Site-to-Site VPN: Connects two or more networks together.

MPLS Label Stack, LSR, and LDP

Label Switch Routers (LSRs) are responsible for forwarding packets based on MPLS labels. LSRs rely on LDP (Label Distribution Protocol) to exchange labels and form Label-Switched Paths (LSPs) for packet forwarding.

Penultimate Hop Popping (PHP):

  • PHP removes the outer MPLS label at the second-to-last hop (penultimate router) to allow the final router to perform a single IP lookup, optimizing forwarding.

Label Information Base (LIB) and LFIB

LSRs store all possible labels in the LIB (Label Information Base). The LFIB (Label Forwarding Information Base) only holds the best labels for forwarding packets. The LFIB and FIB are populated based on routing protocol decisions.

Technical Tip: MPLS relies on CEF (Cisco Express Forwarding) to forward IP packets along MPLS paths. Ensure that CEF is enabled globally and on each interface.

MPLS Ping and Traceroute

MPLS supports TTL Propagation to hide internal MPLS hops from customer networks during traceroutes. By disabling TTL propagation, the MPLS network appears as a single hop to the customer, enhancing security.

Technical Tip: Use the no mpls ip propagate-ttl command to disable TTL propagation for customer packets.

LDP (Label Distribution Protocol)

LDP is essential for MPLS label distribution. LSRs use LDP to send IP prefix and label mappings to neighbors. LDP sessions are established using hello messages sent over UDP port 646, and TCP sessions are used to exchange label information.

  • Types of LDP Neighbor Discovery:
    1. Basic: Discovers directly connected neighbors.
    2. Extended: Discovers non-directly connected neighbors using targeted hellos.

Technical Tip: Use the mpls ldp router-id command to set a stable LDP router ID, ensuring stable label distribution across LSRs.

L3VPN and MP-BGP

MPLS L3VPNs use MP-BGP (Multiprotocol BGP) to carry VPN routes between PE routers. Each customer’s routes are made unique with Route Distinguishers (RDs), which ensure that overlapping prefixes from different customers remain separate.

  • Route Targets (RTs) control which routes are imported and exported between VRFs. RTs act like BGP communities, enabling more granular control over VPN topology.

Technical Tip: RDs and RTs are critical for managing customer routes in MPLS VPNs, ensuring that routes are imported into the correct VRF and exported to the appropriate remote sites.

Label Switch Path (LSP) Establishment

An LSP is established by advertising labels using LDP. The LSP creates a path from the ingress PE to the egress PE, allowing packets to be forwarded based on labels rather than IP addresses.

MPLS Configuration and Verification

  • Enable MPLS: MPLS must be enabled globally (mpls ip) and on individual interfaces.
  • Configure LDP: Set up LDP to distribute labels, ensuring neighbors are discovered and labels are exchanged.

Technical Tip: Use commands like show mpls ip binding and show mpls forwarding-table to verify MPLS label bindings and forwarding decisions.

PE-CE Routing

In MPLS L3VPN, PE routers establish routing sessions with CE routers using various routing protocols (e.g., BGP, OSPF). Each VRF on the PE corresponds to a different customer and maintains a separate routing table.

  • Redistribution: PE routers may need to redistribute routes between the CE and the MPLS core.

Technical Tip: Be cautious with redistribution between VRFs and global routing tables to avoid routing loops. Always redistribute in one direction and verify before redistributing in the opposite direction.

MPLS Route Targets and VRFs

VRFs isolate customer routes, and RTs control route imports and exports between VRFs. VRFs are akin to Layer 3 VLANs, segregating customer routes while enabling overlapping prefixes.

  • Route Targets enable advanced VPN topologies, such as overlapping VPNs, where some sites may belong to multiple VPNs.

Technical Tip: Think of VRFs as Layer 3 VLANs, where routes are isolated but can be selectively shared using RTs.

MPLS LDP and Label Space

LDP uses different types of label spaces:

  1. Platform-wide label space: Labels are unique across the entire platform.
  2. Per-interface label space: Labels are unique per interface.

Technical Tip: Always configure LDP RIDs to ensure stable LDP sessions. Labels begin at 16 and can go up to 1048575.

MP-BGP VPNv4 and VPNv6

MPLS supports VPNv4 and VPNv6 address families using MP-BGP. The RD makes customer routes unique, while RTs control which VRF the routes are injected into. The 64-bit RD is split into 32-bit ASNs and customer identifiers.

Technical Tip: When configuring MPLS VPNs, ensure that RDs and RTs are correctly configured for each customer to avoid route overlap and misdirection.

Route Leaking and Extranet

MPLS supports route leaking between VRFs, enabling certain routes to be shared between isolated VRFs. This is useful for extranets where different companies or departments share some network resources.

Conclusion

MPLS is a powerful technology that simplifies packet forwarding and enables scalable VPN solutions for service providers. Key components like LDP, MP-BGP, RDs, and RTs allow networks to support complex topologies while maintaining route isolation.

Technical Tip: Regularly verify MPLS labels and paths using show mpls ip binding and show mpls forwarding-table.

 

Labels:

Comments

Post a Comment

Popular posts from this blog

How to import Putty Saved Connections to mRemoteNG

Just started using mRemoteNG and its being very cool to connect to different remote connection with different protocols e.g Window Remote Desktop, VNC to Linux, SSH, HTTP connection etc. from a single application. As new user I configured some remote desktop connection which was quite easy to figure out. But when I wanted to add SSH connections, it came in my mind to import all of the saved connections in the putty. But I couldn't figure it out how can it be done, though it was quite easy and here are the steps. Open your mRemoteNG Create a folder if you want segregation of multiple networks Create a new connection Enter the IP address of remote server under connection in Config pane Under the config pane, select protocol " SSH version 2 ".  Once you select protocol to SSH version 2 you are given option to import putty sessions, as shown in the snap below. In the above snap, I have imported CSR-AWS session from my saved sessions in Putty.
1 comment
Read more

BGP Soft Reconfiguration vs. Route Refresh: Key Differences and Best Practices

In BGP (Border Gateway Protocol), managing route updates and reapplying new policies can sometimes be challenging, especially if you want to avoid resetting the BGP session. Two methods allow you to update routing policies without tearing down the session: BGP Soft Reconfiguration and BGP Route Refresh . While both methods serve the same purpose, they work differently and have distinct impacts on your router's resources. This post explains the key differences between Soft Reconfiguration and Route Refresh , when to use each, and why Route Refresh is preferred in most modern networks. 1. What is BGP Soft Reconfiguration? BGP Soft Reconfiguration is an older method of applying new policies (like route maps, filters, or prefix lists) without resetting the BGP session. It works by storing a local copy of all the routes received from a BGP neighbor before applying inbound policies. This local route copy allows the router to reprocess the routes when a policy change occurs. How So...
Post a Comment
Read more

BGP Local Preference Controlling Outbound Traffic in BGP

In BGP, Local Preference is used to control the outbound traffic path. It helps you decide which egress point (exit point) should be used when you have multiple connections to external networks, such as ISPs. Local Preference is an attribute that is local to your AS and is shared with all iBGP peers but not with eBGP neighbors. Higher Local Preference = More preferred outbound path. Example Scenario : You have two external links: ISP1 (via CE1) and ISP2 (via CE2). You want traffic to prefer ISP1 for all outbound traffic. Network Topology : CE1 (connected to ISP1): 10.0.1.1/30 CE2 (connected to ISP2): 10.0.2.1/30 iBGP Router (Internal) connected to both CE1 (10.0.1.2/30) and CE2 (10.0.2.2/30). Configuration on CE1 (Higher Local Preference) : Create a route map to set the local preference to 200 for routes learned from CE1: route-map SET_LOCAL_PREF permit 10 set local-preference 200 In the BGP configuration for CE1, apply this route map to the neighbor: router bgp 65001 ne...
Post a Comment
Read more