Saturday, June 20, 2015

MPLS Part1

VRF-lite:

VRFs create an instance of the routing table.
VRF, when used inside a single router or without MPLS is VRF-Lite

We can create VRFs in two ways

Legacy method—supports only ipv4
R6(config)#ip vrf VPN_A
R6(config)#int fa0/0
R6(config)#ip vrf forwarding  VPN_A
When applied, this will remove only the ipv4 address attached to the interface. The ipv6 address of the interface will be part of global routing table and ipv4 address will be part of corresponding VRF table

Newer method—supports ipv4 and ipv6, we need to mention with address family commands under vrf
R6(config)#vrf definition VPN_B
R6(config-vrf)#address-family ipv4
R6(config-vrf)#address-family ipv6
R6(config)#int fa0/0
R6(config)# vrf forwarding  VPN_B
When applied, this will remove both the ipv4 and ipv6 addresses attached to the interface.

Each VRF instance has its own RIB and FIB.
An interface in VRF instance A1 cannot ping an interface in VRF instance A2.

To facilitate inter VRF reachability,
·         Ip route VRF VRF_Name prefix mask [interface] [next-hop]àThe interface can be in any VRF
·         The other option is to use the “global” keyword on the end of the route statement to instruct the router to look up the next hop from the global routing table



Some useful show commands,
Show vrf
Show run vrf
LDP:
LDP advertises its router-id as the transport address in the hello discovery messages.
So make sure the router-id is reachable. There must be an exact match for the router-id in the routing table.

The hello messages are sent to 224.0.0.2 on the UDP port 646.
After discovering a neighbor, the tcp connection will be established on 646 and labels are exchanged.

We can change the transport address
R1(config)#int fa0/0
R1(config-if)#mpls ldp discovery transport-address interface

The tcp session will be reestablished on giving the above command.
The TCP connection can be authenticated using an MD5 hash option.
 The hashing key is defined per-neighbor by using the command mpls ldp neighbor <IP> password <password>.
The IP address here is the neighbor’s LDP Router ID. To make the use of passwords mandatory, we need the global command mpls ldp password required.

When an LDP session is established, the hold time used for the session is lower of the values configured on the two routers.
R1(config)#mpls ldp holdtime 45

To change the neighbor discovery interval and hold time
R1(config)#mpls ldp discovery hello interval 15
R1(config)#mpls ldp discovery hello holdtime 45

To change the router-id
R1(config)#mpls ldp router-id lo0 forceàIf force is not used, the router must be reloaded to get the change into effect
‘Force’ will reset the tcp session


Normally, LDP advertises ‘implicit-null’(i.e. Label 3) for connected routes. So PHP router will pop the label before sending the packet.
Say if the packet contains Qos markings and we don’t want the PHP to pop the top label, we can configure the router to advertise ‘explicit-null’ for connected routes.
In such a case, the router will receive packets with ‘label 0’ for connected routes.

R1(config)#mpls ldp expliticit-null for <prefixes> to <ldpPeers>

Normal trace route from a customer router to other customer site
BB1#traceroute 1.1.1.1
  1 10.1.67.6 72 msec 80 msec 60 msec
  2 10.1.56.5 [MPLS: Label 16 Exp 0] 156 msec 148 msec 152 msec
  3 10.1.35.3 [MPLS: Label 16 Exp 0] 152 msec 148 msec 128 msec
  4 10.1.23.2 [MPLS: Label 27 Exp 0] 104 msec 108 msec 104 msec
  5 10.1.12.1 160 msec 132 msec 132 msec

The network is
R1=====R2-----R3-----R5-----R6=====BB1


In the above output, customer is able to see the routers and transit links in the provider’s network.
If we want to hide these details from the customer, we should configure the following command on the Edge router (not required on all P routers)
R6(config)#mpls ip propagate-ttl
R6(config)#no mpls ip propagate-ttl forwardedàThis will cause not to copy the TTL from IP into MPLS label for forwarded traffic only ,for locally generated traffic it works normal.
So the traceroute from PE routers will show all the transit links and for CE they will be hidden.


Then the trace route output from CE and PE routers will looks as
BB1#traceroute 1.1.1.1
  1 10.1.67.6 84 msec 72 msec 72 msec
  2 10.1.23.2 [MPLS: Label 27 Exp 0] 124 msec 120 msec 124 msec
  3 10.1.12.1 152 msec 132 msec 124 msec

R6(config)#do traceroute 1.1.1.1
  1 10.1.56.5 [MPLS: Label 16 Exp 0] 120 msec 168 msec 140 msec
  2 10.1.35.3 [MPLS: Label 16 Exp 0] 104 msec 112 msec 112 msec
  3 10.1.23.2 [MPLS: Label 27 Exp 0] 80 msec 92 msec 84 msec
  4 10.1.12.1 120 msec 108 msec 104 msec

R6(config)#mpls ip propagate-ttl
R6(config)#no mpls ip propagate-ttl local àThis will cause not to copy the TTL from IP into MPLS label for locally generated  traffic only ,for forwarded traffic it works normal.
So the traceroute from CE routers will show all the transit links and for PE router they will be hidden

R6(config)#do traceroute 1.1.1.1
  1 10.1.23.2 [MPLS: Label 27 Exp 0] 120 msec 84 msec 140 msec
  2 10.1.12.1 132 msec 160 msec 108 msec
R6(config)#

BB1#traceroute 1.1.1.1
  1 10.1.67.6 60 msec 56 msec 56 msec
  2 10.1.56.5 [MPLS: Label 16 Exp 0] 172 msec 156 msec 152 msec
  3 10.1.35.3 [MPLS: Label 16 Exp 0] 280 msec 148 msec 124 msec
  4 10.1.23.2 [MPLS: Label 27 Exp 0] 140 msec 112 msec 104 msec
  5 10.1.12.1 124 msec 128 msec 128 msec



LDP targeted hellos:
·         To establish ldp adjacency with devices that are not directly connected
·         Hellos will be unicasted
·         Normally used in TE for LDP session between tunnel endpoints
·         When enabled between directly connected devices, may improve the convergence by retaining the labels even when the link to neighbor is down.


By default, LDP will generate and advertise labels for every prefix found in the local routing table.
If we want to change this behavior and generate labels only for specific prefixes, we can use access-list to select the prefixes eligible for label generation.
R4(config)#no mpls ldp advertise-labelsàThis command must be entered to see the change
R4(config)#mpls ldp advertise-labels for 10 


 A sample traceroute in a network with LDP not turned on completely
R1#traceroute 10.1.67.7
  1 10.1.12.2 [MPLS: Label 26 Exp 0] 72 msec 52 msec 52 msec
  2 10.1.23.3 48 msec 56 msec 68 msec
  3 10.1.35.5 [MPLS: Label 25 Exp 0] 100 msec 100 msec 44 msec
  4 10.1.56.6 104 msec 120 msec 68 msec
  5 10.1.67.7 120 msec 132 msec 128 msec

Some useful show commands
Sh mpls ldp binding 10.1.67.0 24 àto check the LIB
Sh mpls forwarding-table 10.1.67.0 24 àto check the LFIB
Sh mpls ldp discovery detail
Sh mpls ldp  neighbor
Sh mpls ldp parameter


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)