MPLS

Instead of forwarding packets based on IP address, MPLS forwards packets based on MPLS labels.toc

=Unicast IP forwarding=

When choosing the interface with which to forward packets, MPLS will choose only routes listed in the unicast IP routing table. The end result is that MPLS packets would flow the same way as if MPLS was not used. This implementation of MPLS does not provide any significant advantages.

MPLS requires the use of control plane protocols, such as OSPF and LDP, to learn labels, correlate those labels to destination prefixes, and build the correct forwarding tables.

To enable MPLS for simple unicast forwarding, you must enable CEF, Enable MPLS globally, then enable MPLS on each desired interface.

//**#ip cef**// //**#mpls ip**//

Forwarding: Data Plane
Hosts do not receive labeled packets. MPLS relies on CEF forwarding logic, which skips the reference to the IP routing table and instead uses the FIB. The find is organized such that lookup times are reduced, resulting in a smaller forwarding delay and higher volume of PPS for a router. The FIB is used to forward incoming unlabeled packets. The LFIB is used for labeled packets.

MPLS assumes that hosts generate packets without a label, then the Provider-end (PE) router applies a label.




 * 1) Host generates a packet
 * 2) CE1 forward packet on with no labels, since it has no MPLS configuration
 * 3) PE1 applies a new label
 * 4) P1 Swaps original label for a new one
 * 5) PE2 pops the label and forwards to CE2
 * 6) CE2 forwards packet as normal



MPLS header and Label
A 4-byte header located directly before the IP header.

TTL Field and TTL Propagation
The main purpose of the TTL field is so that MPLS routers can completely ignore the IP header. LSRs will decrement the MPLS TTL but not the IP header TTL. To make this work, the following process is used:


 * 1) The ingress LSR decrements the IP TTL, then creates the MPLS header and copies in the IP TTL.
 * 2) A normal LSR will decrement the MPLS TTL and ignore the IP TTL
 * 3) The egress LSR decrements the MPLS TTL, then copies the MPLS TTL into the IP TTL field

Cisco routers can, and typically are, configured to disable TTL propagation. When disabled, the ingress LSR sets the MPLS header TTL to 255, and the egress LSR leaves the IP header TTL unchanged. As a result, the entire MPLS cloud appears to be a single router. TTL propagation can be disabled separately for local or customer packets with the command:


 * 1) no mpls ttl-propagation [local|forwarded]

Forwarding: Control Plane
MPLS will normally use LDP in conjunction with an IGP

LDP
IOS uses TDP by default. To use LDP, enable it with //**#mpls label protocol ldp**//. LDP advertises labels for each prefix in the IP routing table. LSRs send LDP messages to their neighbors listing a prefix and corresponding label. Basically this means "If you want to send packet to this prefix, send them with the advertised label attached".

The LDP advertisement is triggered by a new IP router appearing in the table. When learning a new router, the LSR allocates a local label. This label is specific to the LSR.

LDP establishes a TCP connection the neighbors, and decides who do to this with by Hellos. These are multicast to 224.0.0.2 UDP port 646. The hello lists the LDP ID (The IP and a 2 byte labe), and an optional transport address (If you want the TCP connection established to that address). If no IP is specified, the connection is established to the IP in the LDP ID. This means that LDP IDs must be reachable. Once the connection is established information is swapped.

Label switched paths (LSPs) are the combined labels used to reach a destination. These paths are unidirectional.



Label Information Base (LIB)
Labels and related information are stored inside a data structure called the LIB. Each LSR must choose the best LIB information and use that to populate the FIB and LFIB. As a result, the FIB tables will only contain the "best route".

The decision about a best route is based on the routing protocols choice. The logic works as follows:

For each route in the routing table, find the associated information in the LIB based on the outgoing interface and next-hop router and add that information to the FIB and LFIB.

The following shows that the ingress PE will impose a label of 24, and send the packet out to the next hop with a label of 22. This shows the next hops information

=MPLS VPN=

VPNs use unicast IP forwarding inside the SP network, with additional features at the edge between the customer and provider networks. MP-BGP is then used to deal with issues such as duplicate IP customer networks.

Duplicate customer networks


The goal is to allow customer a sites to talk to ONLY other customer A sites.

The solution here to to use multiple routing tables, called Virtual Routing and Forwarding (VRF) tables, which separate customer routes. Three terms must be defined:

Customer Edge: A router that does not participate in MPLS, but boarders a MPLS router in the provider network Provider Edge: A LSR that shares a link with a CE router. Provider: A LSR that is not connected to a CE

Both PE and P routers run an IGP and LDP to support unicast routing. However, the IGP advertises only routes coming from within the MPLS network; no customer routes are included. PEs do learn routes from customers however, and note from which customers that routes came by storing them in separate VRFs. The PEs will then use iBGP to exchange these routes with other PEs.

The MPLS VPN causes the ingress PE to place two labels on a packet. The other label allows the packet to be label switched to the egress PE. The inner label (S-Bit = 1) is a label identifies the egress VRF on which to base the forwarding decision

VRF Tables
Typically, routers will need 1 VRF for each customer. Complex designs might require more. Each VRF has three main components:


 * An IP routing table (RIB)
 * A CEF FIB, populated based on that VRF's RIB
 * A separate instance of the routing protocol used to exchange routes with the CE

MP-BGP and Route Distinguishers
Once the PE has learned customer routes, it must advertise those to other PEs. iBGP is used to forward all customer routes. When dealing with duplicate prefixes, MPLS adds an extra number in front of the BGP NLRI (Prefix) used to identify the customer. This value is called the address family.

Route distinguishes allow BGP to advertise and distinguish between duplicate IPv4 prefixes. It consists of


 * 64-bit RD
 * 32-bit prefix

The RD can follow one of 3 formats, with the first field identifying the format:


 * 2 ints:4 ints
 * 4 ints:2 ints
 * 4 dot decimal ints:2 ints

The first field should also be the ASN or an IP address. The second field can be anything.

Route Targets
MPLS uses route targets to determine into which VRF to place a iBGP learned route. PEs advertise route targets in BGP updates as a BGP extended community PA. They follow the same format as the RD, but while a route can only have 1 RD, it can have multiple RTs.



Each VRF needs to export and import at least 1 RT.

Overlapping VPNs
An overlapping VPN occurs when a CE site needs to reach a separate CE site and its own.



VPN Data Plane
The outer label is based on the LIB entry for the prefix that matchs the BGP next-hop address, not the destination IP address.

The inner label is based on the BGP table entry for the route in the VRF that matches the packets destination IP address.

Penultimate Hop Popping
The fact that there are two labels causes inefficiency when the egress PE has to do two lookups. To solve this, PHP allows the second to last router to pop the outer label and send the packet to the egress PE with only the VPN inner label.