I’m in final preparation for my second attempt and I have been doing a lot of troubleshooting scenarios lately. I created a MPLS topology in GNS3 and sent it to my friend Darren for testing. He is taking his lab very soon and he performed well on this lab. The lab contains multiple faults but I won’t say how many since that would spoil some of the surprise.
The assignment is to make sure CE1 can ping CE2 loopback 22.214.171.124.
Post in comments what you did to make it work or if you need a hint to get you going in the right direction. You need to edit the .net file to use your own working dir and IOS image. You need IOS images for 3725 and 7200. Start with the configurations provided by importing the configs or simply pasting them in whatever you prefer but you should not look at the startup config before starting.
Download the .net and config files here.
This is what the topology looks like.
- First defined in RFC 2547
- Originally called tag switching and was Cisco proprietary
- MPLS is the open standard
- Operates at layer 2.5 between switching and routing
Terms used in MPLS:
LER = Label Edge Router – MPLS capable, placed at edge of network.
LSR = Label Switch Router – MPLS capable, note that a LER is also a LSR.
CE = Customer Edge device, demarcation between service provider and customer, CE is often managed by provider.
PE = Provider Edge device, This is the router that the CE connects to.
P = Provider router, used in the core of the provider network.
LSP = Label Switched Path, the path taken between the edge devices, unidirectional path.
Push – The ingress LSR pushes a label onto the packet.
Swap – Swap incoming label with outgoing label.
Pop – The egress PE pops the label and forwards it according to IP routing table.
BGP free core – The core routers do not need to know routes for MPLS VPN connectivity, just need to know next-hop.
Types of VPN
Overlay VPN - Layer one or two network with point-to-point links or virtual circuits which separate customer traffic. Customer does not need to peer with ISP, customer is responsible for own routing. Generic Routing Encapsulation (GRE) can also be used to tunnel traffic.
Peer-to-peer VPN - Provider carries customer traffic but also peers with customer providing routing. Earlier to provide traffic separation, traffic filtering and access-lists had to be used, this is now solved in a much more scalable way with MPLS.
Reasons to use MPLS
- One infrastructure carrying multiple services and protocols
- BGP-free core
- Scalable VPN solutions
- Traffic engineering
- Less configuration needed in a fully meshed network than with overlay VPNs
Running MPLS to gain speed is a bogus reason, traffic is forwarded by Application Specific Integrated Circuits (ASICs) and the difference in looking up a route or a label is minimal if any with MPLS.
Normally a service provider needs to run BGP on all transit routers to know how to reach external prefixes. With MPLS BGP is not needed in the core since they only need to know how to reach the BGP next-hop. This is all great in theory but is this really implemented? This would require that only MPLS is used as transport even for regular IP traffic (non VPN).
The MPLS header is four bytes or 32 bits for every label, more than one label can be added to a packet if MPLS VPNS and/or traffic engineering is used. This can add up to three labels with 12 bytes of extra information. This needs to be accounted for on MPLS-enabled interfaces. Of the 32 bits in the header 20 bits are used for the label itself, this means that roughly one million labels are available. Labels 0-15 are reserved. There are also three experimental bits (EXP). These bits are used for Quality of Service (QoS) and aren’t really experimental at this stage. One bit is used to indicated Bottom of Stack (BoS). If this is set to one it means that this label is the final one in the stack. There is also Time To Live which uses eight bits, just as in an IP header.
Forward Equivalence Class (FEC) is a group of packets that are forwarded along the same path and that get the same treatment. All packets belonging to a FEC use the same label, however not all packets with the same label belong to the same FEC.
Examples of FEC
- Packets with layer three destination adress matching a certain prefix
- Multicast packets that belong to the same group
- Packets that have equal Diffserv markings
Label distribution modes
Downstream on Demand – LSR requests label from downstream neighbor (IP next hop) and receives one label for FEC.
Unsolicited Downstream – Each LSR distributes a remote label to its adjacent LSRs without them requesting it. DoD will produce only one label in LIB but UD can produce several. UD is default in Cisco IOS except for ATM interfaces.
Label retention modes
Liberal Label Retention (LLR) keeps all labels in LIB even those that will not end up in LFIB. The best goes to LFIB and others are kept in LIB in case of routing event which forces
reconvergence. Label for other next-hop will already be in LIB which means faster convergence.
Conservative Label Retention (CLR) keeps only label for next-hop in LIB. Default for ATM.
LSP control modes
Independent LSP control mode creates a local binding for FEC independent of other LSRS. It
will do this as soon as it recognizes a FEC meaning it is in the routing table. This will happen even if it is not egress LSR.
Ordered LSP control mode creates local binding if it is the egress LSR for the FEC or if it
has received a label from the next hop for the FEC.
0 – Explicit null – Instead of popping label at PHP, the second last router sets top label to zero, this means EXP bits are preserved.
1 – Router alert – Alerts LSR that packet needs a closer look. Can’t be forwarded in hardware, software needed.
2 – Explicit null for IPv6
3 – Implicit null – Used for PHP, penultimate router pops label and egress LSR only needs to do IP lookup (advertised for directly connected and summaries)
14 – OAM alert
Hello packets sent to multicast address 126.96.36.199 over UDP. TCP used to setup session. Uses TCP port 646. Hello is sent every five seconds, holdtime is 15 seconds by default. Timers above are used for discovery. When session is established a keepalive packet is sent every 60 seconds and the holdtime is 180 seconds. LDP packets will reset the holdtime. Assigns local label for every IGP prefix and is stored in LIB. All prefixes in IGP will get locally assigned label and all these prefixes are advertised to neighbors, even if neighbor owns prefix (no split horizon).
Neighbor ip-address as-override – Used to allow same AS as configured locally in AS-path, replaces the AS nr with the service providers AS.
allowas-in – Loosens loop check by allowing updates with own AS number in AS path.
SOO – Site Of Origin, used to prevent loops in MPLS VPN, every site has unique SOO which is an extended community.
Outer label also called IGP label used for finding next-hop in provider network. Inner label is VPN label used to find the right VRF for egress PE. IGP label is sent via LDP, based on routing table. VPN label and VPNv4 prefixes are sent via MP-BGP.