Categories R&S

VPN Technologies – MPLS – Label Distribution Protocol

Time to tackle the VPN technologies part and this start with MPLS.

In this first post, we will build a MPLS network using Label Distribution Protocol.

 

VPN Technologies – MPLS – Label Distribution Protocol – Theory:

 

Here are the link to the Cisco documentation regarding MPLS:

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_basic/configuration/15-mt/mp-basic-15-mt-book.html

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_ldp/configuration/15-mt/mp-ldp-15-mt-book.html

 

VPN Technologies – MPLS – Label Distribution Protocol – Requirements:

 

In order to build an MPLS network, we must first run an IGP.

I choose to use OSPF.

 

10.1.1.0 /24 will be use for the loopback of the P and PE routers.

 

10.10.10.0 /24 I will divide this network in /31 in order to configure the directly connected interfaces between the P routers.

10.10.20.0 /24 I will subnet this network in /31 in order to configure the directly connected interfaces between the P and PE routers.

 

Below is the network diagram that we will use.

VPN Technologies - MPLS – Label Distribution Protocol

 

VPN Technologies – MPLS – Label Distribution Protocol – Configuration:

 

Now that the router are ready and that we have IGP reachability between them, let’s configure LDP.

We can enable LDP on a per interface basis or via auto config.

 

On R1 I use auto config.

R1(config)#router ospf 10
R1(config-router)#mpls ldp autoconfig

 

Let’s verify the interfaces where it is enable on.

R1#sh mpls interfaces
Interface              IP            Tunnel   BGP Static Operational
Ethernet0/0            Yes (ldp)     No       No  No     Yes
Ethernet0/1            Yes (ldp)     No       No  No     Yes
Ethernet0/2            Yes (ldp)     No       No  No     Yes
Ethernet1/0            Yes (ldp)     No       No  No     Yes

 

See that it match the OSPF interfaces except for the loopback.

R1#sh ip ospf int brie
Interface    PID   Area            IP Address/Mask    Cost  State Nbrs F/C
Lo0          10    0               10.1.1.1/32        1     LOOP  0/0
Et0/2        10    0               10.10.10.0/31      10    BDR   1/1
Et0/1        10    0               10.10.10.2/31      10    BDR   1/1
Et0/0        10    0               10.10.10.4/31      10    BDR   1/1
Et1/0        10    1               10.10.20.0/31      10    BDR   1/1

 

On R5, we use manual configuration.

R5(config)#int Ethernet0/0
R5(config-if)#mpls ip
R5(config-if)#int Ethernet0/1
R5(config-if)#mpls ip

 

After enabling MPLS on R5 interface to R1, we receive a log message indicating the LDP session is UP.

%LDP-5-NBRCHG: LDP Neighbor 10.1.1.1:0 (1) is UP

 

We can verify this.

R5#sh mpls ldp neighbor
    Peer LDP Ident: 10.1.1.1:0; Local LDP Ident 10.1.1.5:0
        TCP connection: 10.1.1.1.646 - 10.1.1.5.30648
        State: Oper; Msgs sent/rcvd: 23/23; Downstream
        Up time: 00:01:19
        LDP discovery sources:
          Ethernet0/0, Src IP addr: 10.10.20.0
        Addresses bound to peer LDP Ident:
          10.10.10.4      10.10.10.2      10.10.10.0      10.10.20.0
          10.1.1.1

 

I enabled MPLS on all our 7 routers using the same type of configuration.

Now on R1 we have 4 LDP neighbors.

R1#sh mpls ldp neigh
    Peer LDP Ident: 10.1.1.5:0; Local LDP Ident 10.1.1.1:0
        TCP connection: 10.1.1.5.30648 - 10.1.1.1.646
        State: Oper; Msgs sent/rcvd: 27/28; Downstream
        Up time: 00:05:11
        LDP discovery sources:
          Ethernet1/0, Src IP addr: 10.10.20.1
        Addresses bound to peer LDP Ident:
          10.10.20.1      10.10.20.3      10.1.1.5
    Peer LDP Ident: 10.1.1.2:0; Local LDP Ident 10.1.1.1:0
        TCP connection: 10.1.1.2.63671 - 10.1.1.1.646
        State: Oper; Msgs sent/rcvd: 25/25; Downstream
        Up time: 00:02:46
        LDP discovery sources:
          Ethernet0/2, Src IP addr: 10.10.10.1
        Addresses bound to peer LDP Ident:
          10.10.10.8      10.10.10.6      10.10.10.1      10.10.20.2
          10.1.1.2
    Peer LDP Ident: 10.1.1.3:0; Local LDP Ident 10.1.1.1:0
        TCP connection: 10.1.1.3.31085 - 10.1.1.1.646
        State: Oper; Msgs sent/rcvd: 24/24; Downstream
        Up time: 00:02:37
        LDP discovery sources:
          Ethernet0/0, Src IP addr: 10.10.10.5
        Addresses bound to peer LDP Ident:
          10.10.10.5      10.10.10.7      10.10.10.10     10.10.20.6
          10.10.20.4      10.1.1.3
    Peer LDP Ident: 10.1.1.4:0; Local LDP Ident 10.1.1.1:0
        TCP connection: 10.1.1.4.28837 - 10.1.1.1.646
        State: Oper; Msgs sent/rcvd: 24/24; Downstream
        Up time: 00:02:23
        LDP discovery sources:
          Ethernet0/1, Src IP addr: 10.10.10.3
        Addresses bound to peer LDP Ident:
          10.10.10.9      10.10.10.3      10.10.10.11     10.10.20.8
          10.10.20.10     10.1.1.4

 

Let’s now have a closer look at the MPLS forwarding table (LFIB).

We will follow the traffic from R5 to R6 loopback 10.1.1.6

 

On R5, next hop can be either R1 or R2, the outgoing label number is 20.

R5#sh mpls forwarding-table 10.1.1.6
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop
Label      Label      or Tunnel Id     Switched      interface
20         20         10.1.1.6/32      0             Et0/0      10.10.20.0
           20         10.1.1.6/32      0             Et0/1      10.10.20.2

 

On R1, next hop is R4, outgoing label is 20.

R1#sh mpls forwarding-table 10.1.1.6
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop
Label      Label      or Tunnel Id     Switched      interface
20         20         10.1.1.6/32      0             Et0/1      10.10.10.3

 

On R4, next hop is R6, outgoing label shows ‘Pop Label’, which means, it will strip off the MPLS label and forward the packet to R6.

R4#sh mpls forwarding-table 10.1.1.6
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop
Label      Label      or Tunnel Id     Switched      interface
20         Pop Label  10.1.1.6/32      308           Et1/0      10.10.20.9

 

If we run a traceroute form R5, here is the output.

R5#traceroute 10.1.1.6
Type escape sequence to abort.
Tracing the route to 10.1.1.6
VRF info: (vrf in name/id, vrf out name/id)
  1 10.10.20.0 [MPLS: Label 20 Exp 0] 5 msec
  2 10.10.10.3 [MPLS: Label 20 Exp 0] 0 msec
  3 10.10.20.9 6 msec *  2 msec

 

VPN Technologies – MPLS – Label filtering:

 

MPLS label filtering can be useful in order to control the amount of memory used for the label bindings.

On R5, here is what we get for label binding for R1 interface to R3.

R5#sh mpls ldp bindings 10.10.10.4 31
  lib entry: 10.10.10.4/31, rev 20
        local binding:  label: 24
        remote binding: lsr: 10.1.1.1:0, label: imp-null
        remote binding: lsr: 10.1.1.2:0, label: 23

 

We can use label filtering to only receive label between PE devices (R5, R6 and R7).

On R5, we will remove the label coming from the P router network (10.10.10.0 /24)

R5(config)#ip access-list standard 10
R5(config-std-nacl)#permit 10.1.1.0 0.0.0.255
R5(config-std-nacl)#permit 10.10.20.0 0.0.0.255

R5(config)#mpls ldp neighbor 10.1.1.1 labels accept 10
R5(config)#mpls ldp neighbor 10.1.1.2 labels accept 10

 

Here we can see that we use label filtering.

R5#sh mpls ldp neighbor 10.1.1.1 det
    Peer LDP Ident: 10.1.1.1:0; Local LDP Ident 10.1.1.5:0
        TCP connection: 10.1.1.1.646 - 10.1.1.5.30648
        Password: not required, none, in use
        State: Oper; Msgs sent/rcvd: 69/88; Downstream; Last TIB rev sent 38
        Up time: 00:41:16; UID: 1; Peer Id 0;
        LDP discovery sources:
          Ethernet0/0; Src IP addr: 10.10.20.0
            holdtime: 15000 ms, hello interval: 5000 ms
        Addresses bound to peer LDP Ident:
          10.10.10.4      10.10.10.2      10.10.10.0      10.10.20.0
          10.1.1.1
        Peer holdtime: 180000 ms; KA interval: 60000 ms; Peer state: estab
        LDP inbound filtering accept acl: 10

 

Now, on R5 we only see the local binding.

R5#sh mpls ldp bindings 10.10.10.4 31
  lib entry: 10.10.10.4/31, rev 34
        local binding:  label: 24

 

 

That’s it for basic MPLS configuration.

In the next post, we will start our MPLS-VPN network.

 

Thank you for reading.

 

 

VPN Technologies – MPLS – Label Distribution Protocol

Leave a Reply

Your email address will not be published.