Study and Review Notes Presented By Duane Bodle Keys2Texas, Inc. Friday, August, 26, 2011
MPLS Virtual Private Networks Technology MPLS Fundamentals MPLS Operation Frame-Mode/Cell-Mode MPLS Implementation, Configuration and Troubleshooting MPLS Virtual Private Networks Technology MPLS VPN Implementation, Configuration and Troubleshooting Complex MPLS VPNs Internet Access from a MPLS VPN Friday, August, 26, 2011
Exam Description The MPLS exam is a qualifying exam for the CCIP certification (Cisco Certified Internetwork Professional). The 642-611 MPLS exam will test materials covered under the Implementing Cisco MPLS course. The exam will certify that the successful candidate has knowledge and skills necessary to gather information from the technology basics to some of the more updated features and functions such as Traffic Engineering, Fast Reroute and any Transport over MPLS (AToM). The exam covers topics on MPLS Concepts, MPLS Label Assignment and Distribution, Frame-Mode/Cell-Mode MPLS Implementation on Cisco IOS Platforms, MPLS Virtual Private Networks Technology, MPLS VPN Implementation, Complex MPLS VPNs, and Internet Access from a MPLS VPN. Friday, August, 26, 2011
Explain basic core MPLS technology and concepts Explain the function of MPLS Labels and Label Stack Identify MPLS Applications Friday, August, 26, 2011
The S field: Used for stacking labels. The MPLS label is the foundation for label switching. The MPLS label has four octets, or 32 bits, that make up four fields. The fields are: The label field: Composed of 20 bits which allows for the creation of over one million labels (220 - 1, or 1,048,575 to be precise). The EXP field: Maps directly to IP Precedence TOS bits to provide class of service (COS) markings for an MPLS label. This field is three bits in length. The S field: Used for stacking labels. This is important and is used to indicate that last n the label stack. The S field is one bit in length. The TTL field: Used to decrement the time-to-live counter. It is eight bits in length. Each of these fields plays an important role in the delivery of MPLS technologies such as the creation and forwarding of traffic along a label-switched path, QoS guarantees and transport of one carrier's MPLS over another's backbone. Be familiar with the field names and their purpose and length. The MPLS label stack is inserted into ordinary packets between the IP header and the Layer 2 header (frame relay, Ethernet or ATM). This allows routers to switch the packet based on the MPLS label rather than the Layer 3 or Layer 2 information. This is why the MPLS label stack is sometimes referred to as the "shim header," as it is shimmed in between the Layer 2 and Layer 3 headers. Friday, August, 26, 2011
Explain Convergence in Frame-mode MPLS Describe the characteristics and behaviors of Label Distribution in Frame-mode MPLS Explain Convergence in Frame-mode MPLS Describe the characteristics and behaviors of Label Distribution over LC-ATM Interfaces and VC Merge Describe the features of MPLS Label Allocation, Distribution, and Retention Modes Explain the process of LDP Neighbor Discovery Friday, August, 26, 2011
Forward Equivalence Class MPLS Control Plane MPLS Forwarding Plane Label Distribution Protocol Friday, August, 26, 2011
MPLS router makes a forwarding decision for labeled packets in the same manner that it does for an IP packet. It will look at the label on the incoming packet, then consult the forwarding table to identify the interface to forward the labeled packet out of, then it will forward the packet. Key to making MPLS work is that routers must build the necessary label forwarding tables upon which MPLS rests. Just as routing protocols build forwarding tables by exchanging information between themselves using dynamic routing protocols such as OSPF and BGP, so also must routers build label forwarding tables. This involves the MPLS control plane, which binds labels to the networking routes in the IP routing table, and which manages the distribution of those bindings to other MPLS routers. To make this happen, the control plane uses the label distribution protocol to exchange labels between MPLS routes. Each MPLS router assigns a local label and an outgoing label for such routes that it advertises to its neighbors. MPLS uses the concept of a forward equivalency class (FEC) to designate a group of IP packets to which a specific label is bound. The group of IP packets is a loose term as this really means an IP prefix or a route. The FEC can be more granular than just a network prefix as it can also specify an IP prefix with other criteria such as IP TOS bits. Friday, August, 26, 2011
So the router identifies an FEC out of the IP routing table and assigns a label to it. Then the router advertises to its peers that the FEC has this label assigned to it. The list of FECs with labels assigned to them is called the label information base (LIB). The router makes forwarding decisions based on the information in the LIB. The labels that are actually in use for forwarding are placed in the label forwarding information base (LFIB). This is the MPLS forwarding plane. So let's put it all together. The control plane assigns labels to IP routes/prefixes in the IP routing table. The MPLS forwarding plane builds the label forwarding table that indicates which interface to forward the labeled packet out of and the label distribution exchanges label information. The next step that the router performs is to build the labeled switch path through the network. This is a virtual path across which traffic will be forwarded from one end of the network to the other. This is the main premise of MPLS label switching in terms of label distribution and the building of the label forwarding tables. Be sure to understand these concepts well. In the next article we will discuss the actual label distribution between the MPLS peers and traffic flow using labeled packets across the network. Friday, August, 26, 2011
How MPLS routers update and exchange labels. The different ways that labels are bound to routes must be understood. Be sure to understand the following mechanisms: Unsolicited downstream: This occurs when a downstream label switch router (LSR) advertises its label bindings to its neighbors automatically. Downstream on demand: This occurs when an upstream LSR requests a label binding from its downstream neighbor. Ordered control: This occurs in ATM-LSRs. The upstream LSR must wait on the downstream LSR to receive the label. Independent control: This occurs when a new route (or FEC) shows up in the LSR routing table. The LSR will bind a label to the FEC and advertise it to its neighbors at any time. Friday, August, 26, 2011
R1 -------- R2 ----------R3 -----------R4 A tremendous amount of confusion is associated with "upstream" and "downstream" in terms of label distribution. If you think about it, there is a two-way flow of information that makes up routing. When a packet is transmitted, it flows from an upstream sender to a downstream receiver. In other words, the direction from source to destination is downstream. Independent control is the common mechanism for most label bindings using unsolicited downstream distribution. So if you have four routers in a row as follows... R1 -------- R2 ----------R3 -----------R4 Friday, August, 26, 2011
This is called label-FEC binding. The path the packet takes across the LSRs is referred to as the label-switched path. Labels are assigned to IP routes or forward equivalency classes (FECs) in the routing table, and the LSRs build a label forwarding information base (LFIB) based on the label distribution that is facilitated by the label distribution protocol. This is called label-FEC binding. Important concept to understand is how the labels are assigned. Let's use the following example: (i# = interface number) R1 (i1)-- (i2)R2(i3) --(i4)R3(i5) --(i6)R4(i7) --(i8)R5(i9) --(i10)R6 R1 = customer edge (CE) R2 = providor edge (PE) R3 = providor only (P) R4 = P R5 = PE R6 = CE R3 and R4 are not participating in any edge client routing. The only way they can forward packets is via labels. Let's assume that R1's origination is the route 10.10.10.0/24. When R2 (the PE router) learns the route, it will assign a label to the packet. This is called "label imposition" or "label push.“ Friday, August, 26, 2011
Label distribution scheme which is one of the following: PE router will advertise this label to its neighbors using the label distribution protocol. Label distribution scheme which is one of the following: Unsolicited downstream: This occurs when a downstream label switch router (LSR) advertises its label bindings to its neighbors automatically. Downstream on demand: This occurs when an upstream LSR requests a label binding from its downstream neighbor. Independent control: This occurs when a new route (or FEC) shows up in the LSR routing table. The LSR will bind a label to the FEC and advertise it to its neighbors at any time. Ordered control: ATM only. The most common distribution method is unsolicited downstream with independent control. Friday, August, 26, 2011
The table below shows the label bindings for the example: R1 (i1)-- (i2)R2(i3) --(i4)R3(i5) --(i6)R4(i7) --(i8)R5(i9) --(i10)R6 Router Ingress Interface Ingress Label FEC Egress Interface Egress Label Each router along the path will assign a label to the FEC/route and assign an interface to forward it along. The interface is determined by the IP routing protocols. This allows the P routers in the middle (R3 and R4) to forward IP packets from private networks across a public backbone. The next article, Lesson 5: Configuring MPLS, will discuss how MPLS routers support VPNs, as well as the commands for configuring VPNs. Friday, August, 26, 2011
Describe the characteristics and functions of Virtual Private Networks Describe Overlay and Peer-to-Peer VPNs Explain Major VPN Categorization Describe MPLS VPN Architecture Describe the MPLS VPN Routing Model Explain the process of MPLS VPN Packet Forwarding Friday, August, 26, 2011
The Cisco components of the VRF are as follows: Focus on the creation and configuration of the Virtual Routing and Forwarding (VRF) delivered by Layer 3 MPLS VPNs. The concept of virtual routing is an important aspect of MPLS. It enables PE routers to appear to be many routers to the customer edge (CE) routers. The provider edge (PE) router will maintain separate and distinct routing tables for each customer. Each PE builds these unique routing tables with their own routing table mechanisms for each customer that is connected to the PE. This unique separation of routing tables allows PE routers to store routes and forward packets even if the customers are using identical addressing. The Cisco components of the VRF are as follows: A routing table specific to each VRF The associated customer interfaces for each VRF A CEF table Routing protocols for exchange of routing information per customer Friday, August, 26, 2011
16-bit:32-bit (recommended) or 32-bit:16-bit The key components of the VRF configuration are the VRF name and the route distinguisher. Remember that the route distinguisher is used to distinguish between overlapping addresses in the VRF. The route distinguisher can be of two forms: 16-bit:32-bit (recommended) or 32-bit:16-bit MPLS backbone, it is very important to have a well thought-out VPN naming scheme and route distinguisher numbering. A good way to do the route distinguisher name is to utilize Autonomous System Numbers (ASN) for the 16 bit address and the second 32 bits something specific to customers (customer ASN numbers will work if they are using BGP). Think of the operational support teams when assigning names and route distinguishers. Friday, August, 26, 2011
Let's assume the customers have the following network addressing scheme: The following commands will illustrate how to create the VRF on the PE routers for two customers, "Customer A" and "Customer B." P1# config t P1(config)# ip vrf VPN_1 P1(config-vrf)# rd 1:1 P1(config-vrf)# exit P1(config)# ip vrf VPN_2 P1(config-vrf)# rd 1:2 The VRF commands must be configured on each PE that interconnects Customer 1 and Customer 2 CE routers. Friday, August, 26, 2011
The configuration can apply to customer edge (CE) routers, provider edge (PE) routers or provider (P) routers. Each of these must be configured in order for MPLS to work within an enterprise's architecture. Although the responsibility for configuration of each router may vary based on where they sit in the architecture (e.g. customer premises or provider network), the exam expects you to understand the configuration of all elements. Cisco originally developed MPLS type technology and called it tag switching. This technology evolved into MPLS labeled switching. The CCIP exam requires an understanding of both the Cisco tag switching commands as well as the MPLS commands. Both tag switching and MPLS configurations will be presented. Friday, August, 26, 2011
Explain the process of MPLS VPN Packet Forwarding There are multiple components to configuring the MPLS routers to deliver MPLS services. Standard routing protocols must be configured in order for the PE and P routers to be able to communicate with each other. BGP is used exclusively between the PE routers in order to exchange customer routing information. In addition to IP routing the routers must exchange labels and build label switched paths and segment customer routing information into virtual routing and forwarding tables (VRFs). Please pay close attention to the syntax as the exam will require you to enter or recognize IOS commands. Describe the MPLS VPN Routing Model Explain the process of MPLS VPN Packet Forwarding Friday, August, 26, 2011
Turn on Tag or Label Switching In order to turn on tag switching, you must configure Cisco Express Forwarding (CEF) and tell the router to advertise tags. In addition, each interface must be enabled with tag switching. Commands entered on the router are in bold. Tag Switching Configuration P1(config)# ip cef P1(config)# tag-switching advertise-tag P1(config)# interface serial 0 P1(config-if)# tag-switching ip MPLS Configuration P1(config)# mpls ip P1(config-if)# mpls ip That is all that is required for the routers to begin exchanging labels and building the label switched paths Friday, August, 26, 2011
Neighbor Verification After configuring /// verify that the process has completed successfully are as follows: Neighbor Verification TAG P1# show tag-switching tdp-neighbor MPLS P1# show mpls ldp neighbor The output of these commands will show the neighbor identity (in the form of an IP address) and state of the neighbor. Key inputs to look for are peer identity and the state of the peer. The peer state should be OPER (for operational). Other Important Commands Verification that MPLS is enabled on the appropriate interfaces P1# show tag-switching interfaces MPLS Verification P1# show mpls Interface Verify that the appropriate interfaces display Friday, August, 26, 2011
Verify that IP routes have labels bound to them After configuring /// Verification of Tag/Label Distribution & Bindings TAG P1# show tag-switching tdp discovery P1# show tag-switching tdp bindings MPLS Verification P1# show mpls ldp discovery P1# show mpls ldp bindings Verify that TDP or LDP label discovery sources (e.g. where were labels learned) Verify that IP routes have labels bound to them The next focus on the commands required to configure virtual routing and forwarding tables in order to provide MPLS VPN services. Friday, August, 26, 2011
Explain MPLS VPN Mechanisms supported on Cisco Platforms Configure VRF tables Configure MP-BGP Session between PE routers Configure Small Scale Routing Protocols Monitor MPLS VPN Operation Configure OSPF as the Routing Protocol Configure BGP as the Routing Protocol Troubleshoot basic MPLS VPN configuration errors Friday, August, 26, 2011
Explain VPN Internet Access Topologies Describe VPN Internet Access Implementation Methods Describe the methods to Separate Internet Access from VPN Service Internet Access Backbone as a Separate VPN Friday, August, 26, 2011
Describe the advanced VRF Import/Export Features Explain the characteristics of Overlapping VPNs Explain the features of Central Services VPNs Describe Managed CE Router Service Friday, August, 26, 2011