Skip to main content

MPLS - Key concepts

 MPLS Overview

MPLS (Multiprotocol Label Switching) is a transport technology that efficiently forwards packets using labels rather than traditional IP-based routing. MPLS is integral to modern VPNs and service provider networks, enabling more efficient routing and scalability.

MPLS VPNs

MPLS VPNs use PE (Provider Edge) routers to manage customer routes and VRFs (Virtual Routing and Forwarding) to store customer routing tables. Each customer’s routes are isolated in separate VRFs to handle overlapping IP prefixes.

  • PE routers exchange routes with CE (Customer Edge) routers using external protocols like BGP, RIP, OSPF, or EIGRP.
  • Label Stack: MPLS packets carry two labels:
    • Outer label directs the packet to the egress PE.
    • Inner label directs the packet to the correct VRF.

Technical Tip: Use the mpls ip command to enable MPLS label forwarding on interfaces.

VPN Types

MPLS VPN supports several types of VPNs:

  1. Remote Access VPN: Connects a single endpoint to a remote network.
  2. Site-to-Site VPN: Connects two or more networks together.

MPLS Label Stack, LSR, and LDP

Label Switch Routers (LSRs) are responsible for forwarding packets based on MPLS labels. LSRs rely on LDP (Label Distribution Protocol) to exchange labels and form Label-Switched Paths (LSPs) for packet forwarding.

Penultimate Hop Popping (PHP):

  • PHP removes the outer MPLS label at the second-to-last hop (penultimate router) to allow the final router to perform a single IP lookup, optimizing forwarding.

Label Information Base (LIB) and LFIB

LSRs store all possible labels in the LIB (Label Information Base). The LFIB (Label Forwarding Information Base) only holds the best labels for forwarding packets. The LFIB and FIB are populated based on routing protocol decisions.

Technical Tip: MPLS relies on CEF (Cisco Express Forwarding) to forward IP packets along MPLS paths. Ensure that CEF is enabled globally and on each interface.

MPLS Ping and Traceroute

MPLS supports TTL Propagation to hide internal MPLS hops from customer networks during traceroutes. By disabling TTL propagation, the MPLS network appears as a single hop to the customer, enhancing security.

Technical Tip: Use the no mpls ip propagate-ttl command to disable TTL propagation for customer packets.

LDP (Label Distribution Protocol)

LDP is essential for MPLS label distribution. LSRs use LDP to send IP prefix and label mappings to neighbors. LDP sessions are established using hello messages sent over UDP port 646, and TCP sessions are used to exchange label information.

  • Types of LDP Neighbor Discovery:
    1. Basic: Discovers directly connected neighbors.
    2. Extended: Discovers non-directly connected neighbors using targeted hellos.

Technical Tip: Use the mpls ldp router-id command to set a stable LDP router ID, ensuring stable label distribution across LSRs.

L3VPN and MP-BGP

MPLS L3VPNs use MP-BGP (Multiprotocol BGP) to carry VPN routes between PE routers. Each customer’s routes are made unique with Route Distinguishers (RDs), which ensure that overlapping prefixes from different customers remain separate.

  • Route Targets (RTs) control which routes are imported and exported between VRFs. RTs act like BGP communities, enabling more granular control over VPN topology.

Technical Tip: RDs and RTs are critical for managing customer routes in MPLS VPNs, ensuring that routes are imported into the correct VRF and exported to the appropriate remote sites.

Label Switch Path (LSP) Establishment

An LSP is established by advertising labels using LDP. The LSP creates a path from the ingress PE to the egress PE, allowing packets to be forwarded based on labels rather than IP addresses.

MPLS Configuration and Verification

  • Enable MPLS: MPLS must be enabled globally (mpls ip) and on individual interfaces.
  • Configure LDP: Set up LDP to distribute labels, ensuring neighbors are discovered and labels are exchanged.

Technical Tip: Use commands like show mpls ip binding and show mpls forwarding-table to verify MPLS label bindings and forwarding decisions.

PE-CE Routing

In MPLS L3VPN, PE routers establish routing sessions with CE routers using various routing protocols (e.g., BGP, OSPF). Each VRF on the PE corresponds to a different customer and maintains a separate routing table.

  • Redistribution: PE routers may need to redistribute routes between the CE and the MPLS core.

Technical Tip: Be cautious with redistribution between VRFs and global routing tables to avoid routing loops. Always redistribute in one direction and verify before redistributing in the opposite direction.

MPLS Route Targets and VRFs

VRFs isolate customer routes, and RTs control route imports and exports between VRFs. VRFs are akin to Layer 3 VLANs, segregating customer routes while enabling overlapping prefixes.

  • Route Targets enable advanced VPN topologies, such as overlapping VPNs, where some sites may belong to multiple VPNs.

Technical Tip: Think of VRFs as Layer 3 VLANs, where routes are isolated but can be selectively shared using RTs.

MPLS LDP and Label Space

LDP uses different types of label spaces:

  1. Platform-wide label space: Labels are unique across the entire platform.
  2. Per-interface label space: Labels are unique per interface.

Technical Tip: Always configure LDP RIDs to ensure stable LDP sessions. Labels begin at 16 and can go up to 1048575.

MP-BGP VPNv4 and VPNv6

MPLS supports VPNv4 and VPNv6 address families using MP-BGP. The RD makes customer routes unique, while RTs control which VRF the routes are injected into. The 64-bit RD is split into 32-bit ASNs and customer identifiers.

Technical Tip: When configuring MPLS VPNs, ensure that RDs and RTs are correctly configured for each customer to avoid route overlap and misdirection.

Route Leaking and Extranet

MPLS supports route leaking between VRFs, enabling certain routes to be shared between isolated VRFs. This is useful for extranets where different companies or departments share some network resources.

Conclusion

MPLS is a powerful technology that simplifies packet forwarding and enables scalable VPN solutions for service providers. Key components like LDP, MP-BGP, RDs, and RTs allow networks to support complex topologies while maintaining route isolation.

Technical Tip: Regularly verify MPLS labels and paths using show mpls ip binding and show mpls forwarding-table.

 

Labels:

Comments

Post a Comment

Popular posts from this blog

Basic MPLS BGP and L3VPN Lab Setup

In this lab, we’ve set up a basic MPLS, BGP, and L3VPN environment, which is a great foundation for understanding how service providers build scalable networks. The lab uses the EVE-NG simulator along with Router IOS C7200-ADVENTERPRISEK9-M, Version 15.2(4)M8 to emulate a realistic MPLS environment. Below is a summary of the key components and roles of each router in the lab. MPLS Core Routers : The MPLS core consists of the routers responsible for label switching and forwarding customer traffic through the network: PE1 (Provider Edge 1) : Connects customer networks to the MPLS core and handles both MPLS and BGP routing. It also hosts VRF (Virtual Routing and Forwarding) instances for customers. PE2 (Provider Edge 2) : Functions similarly to PE1, connecting another customer network to the MPLS core. P1 (Core Router 1) and P2 (Core Router 2) : These routers serve as MPLS core routers and handle label switching but do not store or process customer routes directly. They simply f
Post a Comment
Read more

OSPF Adjacency Stuck in EXSTART on Cisco IOS XR – Issue and Solution

In a recent lab setup using Cisco IOS XR on EVE-NG, I faced a common but frustrating issue with OSPF adjacencies getting stuck in the EXSTART state. After spending considerable time troubleshooting interface MTUs and configurations, I discovered that the root cause was related to the virtual network interface type being used. This post outlines the issue, troubleshooting steps, and the eventual solution that got everything working. Issue: While configuring OSPF between two routers running Cisco IOS XR in my lab, OSPF adjacencies were getting stuck in the EXSTART state. I verified that interface configurations, MTU settings, and OSPF parameters were correct, but the problem persisted. I tried adjusting the MTU size, using the mtu-ignore command, and even checked for ACLs, but nothing seemed to resolve the issue. Troubleshooting Steps: MTU Settings: I started by verifying that both sides of the OSPF adjacency had matching MTUs. I used the default MTU and even tried different values wit
Post a Comment
Read more

How to Properly Clone an EVE-NG Lab with Configurations

Cloning labs in EVE-NG is a great way to duplicate setups and expand or experiment on a new copy without affecting the original lab. However, if not done correctly, the cloned lab may only copy the topology without configurations. In this guide, I’ll show you how to properly clone a lab in EVE-NG with all configurations using the EVE-NG GUI . Follow these steps to ensure that both the topology and router configurations are retained when cloning your lab. Steps to Clone an EVE-NG Lab with Configurations Save Running Configuration on All Devices In your original lab, make sure all devices have their configurations saved to NVRAM. Go into the CLI of each router and run the command: copy running-config startup-config Export All Configurations (CFGs) On the left sidebar in the EVE-NG Web UI , click on the "More Actions" option. Then select "Export all CFGs" . This step exports the configurations of all devices in the lab. Shutdown All Devices After exporting the confi
Post a Comment
Read more