3 MPLS labels at RFC 4364

Unanswered Question
Sep 17th, 2007

Hello,

shown on 33 page of RFC4364, for inter-AS Mpls VPN, if the /32 host routes are unknown by the ASes, it need 3 labels, who can give an example to explain how the 3 labels works.

thanks in advance

If the /32 routes for the PE routers are made known to the P

routers of each AS, everything works normally. If the /32

routes for the PE routers are NOT made known to the P routers

(other than the ASBRs), then this procedure requires a packet's

ingress PE to put a three-label stack on it. The bottom label

is assigned by the egress PE, corresponding to the packet's

destination address in a particular VRF. The middle label is

assigned by the ASBR, corresponding to the /32 route to the

egress PE. The top label is assigned by the ingress PE's IGP

Next Hop, corresponding to the /32 route to the ASBR.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.8 (6 ratings)
Loading.
swaroop.potdar Mon, 09/17/2007 - 10:58

in an Inter-As VPN scenario, VPN route and PE routes in both AS's have to be advertised and reachable in both AS's for Inter-AS to work.

In the mentioned RFC 4364, the method talks of Multihop MPEBGP between the RR's for VPN routes exchange,

with the next-hops remaining the same ( the original PE's in each AS who own those VPN routes).

Now the VPN route exchange is taken care of, but the part which remains is the IGP reachbility of the PE in the other AS.

(When you received the advertisement through MP-EBGP the nexthop for those VPN routes would be still the PE in the other AS.

Since these 2 are different AS's the IGP routes for PE's in each AS are local to each AS. So there is a need to advertise this route to the other AS.

This is carried out using BGP SAFI encoding and exchanging the IGP route for the PE with a label value at the ASBR's to other AS.

So essentially to reach a VPN route in another AS, a ingress PE sees the route as the nexthop for it from the PE in the remote AS, the route for this PE is learnt through the ASBR with a label. and the route for the ASBR with its IGP label is present locally already using IGP and LDP.

So there are 3 labels to be used, bottom label for the VPN route (as learnt in MP-EBGP) middle label for the next-hop route as given by the ASBR(this next-hop was known in the MP-EBGP update, but the actual route and label for it was advertised by the ASBR using BGP SAFI. and the top label for the ASBR itself (which is present locally and is a IBGP neighbor of the local PE.

So the top label gets popped by the time the packet reaches the ASBR, the ASBR receives the packet with only 2 labels (top label assigned by itself and the lower VPN label). So as per the top label the ASBR swaps and pushes the packet to the other ASBR in the remote AS. upon receipt the local ASBR in the remote AS swaps the top most label to the corresponding local IGP label in his AS and sends the packet to the egress PE in his AS.

Hope I have been able to explain this.

Here is a link which explains Inter-AS with illustrations, this should be helpful too, although it doesnt depict option C, still should be of some help.

www.cisco.com/warp/public/732/Tech/mpls/docs/interasadvanced.ppt

HTH-Cheers,

Swaroop

study_voip Tue, 09/18/2007 - 19:27

water in head when I read the RFC and your input. LOL

my understand is

let us use AS#1, PE1, ASBR1 and AS#2, ASBR2, PE2

if PE1 received the PE2 loopback IP as IGP, and vice verse, 2 labels are needed. the 3rd label is not required.

by the RFC, looks like if PEs doesn't know each other's route by IGP, so no label assigned for that loopback/route, so as my understanding, 3rd label is needed somewhere, could you please explain where the 3rd label from, and how to use it?

thanks

mheusing Wed, 09/19/2007 - 00:39

Hi,

Let me try to approach the explanation in a different way:

Scenario:

PE-AS1 - P-AS1 - ASBR-AS1 - ASBR-AS2 - P-AS2 - PE-AS2

with

AS1 IP addresses: 10.1.0.0/16

AS2 IP addresses: 10.2.0.0/16

ASBR-AS1 10.1.1.1/32

P-AS1 10.1.3.3/30

PE-AS2 10.2.2.2/32

PE-AS1 will have in it?s global routing table f.e.

B 10.2.2.2/32 via 10.1.1.1 (ASBR-AS1) label L2

O 10.1.1.1/32 via 10.1.3.3 (P-AS1) label L1

And in a VRF routing table

B 10.2.100.0/24 via 10.2.2.2 (PE-AS2) Label L3

The packets sent from PE-AS1 to a VRF on PE-AS2 will have the label stack as follows:

bottom label: VPN label L3 assigned by PE-AS2 learned through MP-BGP

middle label: Label L2 assigned by ASBR-AS1 for the BGP next hop of the VRF routes, learned through iBGP

top label: Label L1 assigned by P-AS1 for the iBGP next hop (10.1.1.1) ASBR-AS1, learned through LDP.

The motivation for such a scenario is not to have routes in the IGP, which belong to another AS. Golden rule for some ISPs: everything from other ASes has to be in BGP.

Thus ASBR-AS1 will not insert the PE-AS2 Loopback into the IGP, but rather announce it through iBGP to the PE-AS1.

Hope this helps! Please rate all posts.

Regards, Martin

dara111983 Wed, 09/19/2007 - 02:43

Good !!!

Really making the things clear.

Thanx to both Martin & Swaroop!!!

study_voip Wed, 09/19/2007 - 09:05

Martin,

when the PE-AS1 learned the route of 10.2.2.2/32 as BGP route, do you think LDP will assign a label-L2 to the BGP route?

I am going to simulate without redistribute the other AS route into local AS IGP.

and I must rate it as 6 it there is one.

thanks a lot

study_voip Wed, 09/19/2007 - 13:02

Martin,

I am with my lab, and the route learned by BGP will not have label assigned.

how can I assign a label to a BGP route without redistributing into IGP?

mheusing Wed, 09/19/2007 - 13:30

Hi,

Unfortunately I do not have a lab at hand to test it. But did you configure IPv4 eBGP+label (neighbor x.x.x.x send-label) between both ASBRs?

Can you let us know your config?

Regards, Martin

study_voip Thu, 09/20/2007 - 10:19

send-label command is there, and I think this command is only "sending" label, not "assigning" label.

for route-map with set mpls label or match mpls label, I don't think it is needed, it is needed when redistribute the BGP into IGP

and by default, routes learned by BGP will not have label assigned, so I am looking for how to assign a label to a BGP route

etienne.basset Thu, 09/20/2007 - 11:00

hummm....

send-label should assign labels.

if you have an outgoing route-map, you MUST set mpls-label; when you configure an outgoing route-map by default routes are sent unlabelled

you dont need to set mpls-label when redistributing IGP into BGP

match mpls-label is used in a route-map to redistribute BGP into your IGP to redistribute only bgp route that have a label

could you post config?

Etienne

study_voip Thu, 09/20/2007 - 16:56

the configuration is too many lines, i will try to configure again and provide update.

for the outbound route-map with "set mpls label", what else I need include in the route-map? all loopback IP of AS#1 MPLS routers down the LSP or only the ASBR loopback?

thanks

etienne.basset Thu, 09/20/2007 - 00:15

hello

in the bgp router :

neighbor xxxxx send-label

(and additionnaly, if you're using a outgoing route-map, you should 'set mpls-label' for the route that need a label)

bye

Etienne

swaroop.potdar Thu, 09/20/2007 - 18:47

Only send-label is enough to advertise the route with a label. If you want only a 2 stack inter-as you can distrbute the bgp into IGP (selectively with a route-map forming a end-to-end lsp).

What I think is you probably are uisng the "show mpls forwarding" to verify the label assignment. If that is the case then use "show ip bgp labels" and you will see that all the labels have been assigned to BGP prefixes received on the IBGP session with the ASBR.

HTH-Cheers,

Swaroop

swaroop.potdar Thu, 09/20/2007 - 19:26

Just to add once you verify that the labels are being assigned as above, you can verify the 3 label stack using the command " show ip cef vrf detail"

You will see all the 3 labels assigned.

It will look something like this:

R1#show ip cef vrf A 100.1.1.1 detail

100.1.1.1/32, epoch 0

recursive via 5.5.5.5 label 25

recursive via 10.1.1.10 label 21

recursive via 3.3.3.3 label 22

nexthop 10.1.1.2 FastEthernet0/0 label 18

R1#

And the "show ip bgp labels" would look something like this.

R1#show ip bgp labels

Network Next Hop In label/Out label

1.1.1.1/32 10.1.1.5 nolabel/nolabel

2.2.2.2/32 10.1.1.5 nolabel/nolabel

3.3.3.3/32 3.3.3.3 nolabel/imp-null

4.4.4.4/32 10.1.1.10 nolabel/imp-null

5.5.5.5/32 10.1.1.10 nolabel/21

10.1.1.0/30 10.1.1.5 nolabel/nolabel

10.1.1.4/30 3.3.3.3 nolabel/imp-null

10.1.1.8/30 3.3.3.3 21(from LDP)/imp-null

10.1.1.9/32 10.1.1.10 nolabel/22

10.1.1.10/32 3.3.3.3 nolabel/22

10.1.1.12/30 10.1.1.10 nolabel/imp-null

20.1.1.1/32 10.1.1.5

30.1.1.1/32 10.1.1.10 nolabel/26

HTH-Cheers,

Swaroop

study_voip Fri, 09/21/2007 - 05:11

Thanks Swaroop,

I am simulating it now, but still can not figure out. here is my topology

PE1--P1--ASBR1----ASBR2--P2--PE2

on PE1 and PE2, I have a loopback associated with a VRF.

AS1 3 routers learn AS2 3 routers loopback IP by BGP, not IGP, and as you know, when I "shown mpls forwarding", the 3 BGP routes no label assigned

so I try to configure 2*ASBR to assign the 3rd label to the BGP learned routes with route-map&set mpls label, but failed

by trying different configuration, e.g, next-hop-self between 2*ASBR vpn4 peer, or next-hop-self between ASBR/PE peer, it will succeed, however, only 2 labels appear.

I want to simulate the RFC 4364, 3 labels stack, and I expect to see the 3 labels by "show ip cef vrf xxx x.x.x.x", and if i can see the 3 labels, I can analyze the forward panel hop by hop

could you please give some advice how to configure those routers to make sure 3 labels are there?

thanks again.

swaroop.potdar Fri, 09/21/2007 - 10:41

You dont need to do the set mpls label.

And you will not find the labels assigned when you use the "show mpls forwarding".

Use the command "show ip bgp labels" to see the route and the labels in AS1 assigned by BGP received from the AS2 on your PE1_AS1.

You should have 3 label stack easily simulated if you simply follow the steps as below.

1) configure each AS properly to function as a single AS MPLS VPN.

2) At each ASBR redistribute the IGP (loopback) routes into BGP.

3) At both the ASBR's mention send label towards each other.

4) At both ASBR's have a IBGP session with send label to the PE's in their own AS.

5) form a multihop VPNV4 MPBGP session between the PE's in both AS's( for eg PE1_AS1 <-Multihop MPEBGP-> PE1_AS2.

Thats all about it. If you have the VRF configured and exchanged using the RT;s at both ends and follow the steps above you will have a 3 label stack.

HTH-Cheers,

Swaroop

study_voip Fri, 09/21/2007 - 12:08

ohoo

sh ip cef vrf a 1.1.1.1

1.1.1.1/32, version 13, epoch 0, cached adjacency to Serial3/3

0 packets, 0 bytes

tag information set

local tag: VPN-route-head

fast tag rewrite with Se3/3, point2point, tags imposed: {501 807 604}

via 6.6.6.6, 0 dependencies, recursive

next hop 89.89.89.88, Serial3/3 via 6.6.6.6/32

valid cached adjacency

tag rewrite with Se3/3, point2point, tags imposed: {501 807 604}

sh ip cef vrf a 5.5.5.5

5.5.5.5/32, version 12, epoch 0, cached adjacency 67.67.67.7

0 packets, 0 bytes

tag information set

local tag: VPN-route-head

fast tag rewrite with Fa0/0, 67.67.67.7, tags imposed: {701 207 904}

via 9.9.9.9, 0 dependencies, recursive

next hop 67.67.67.7, FastEthernet0/0 via 9.9.9.9/32

valid cached adjacency

tag rewrite with Fa0/0, 67.67.67.7, tags imposed: {701 207 904}

sh ip bgp labels

Network Next Hop In Label/Out Label

2.2.2.2/32 2.2.2.2 600/imp-null

6.6.6.6/32 0.0.0.0 imp-null/nolabel

8.8.8.8/32 2.2.2.2 nolabel/206

9.9.9.9/32 2.2.2.2 nolabel/207

router bgp 1

no bgp default ipv4-unicast

bgp log-neighbor-changes

neighbor 2.2.2.2 remote-as 1

neighbor 2.2.2.2 update-source Loopback0

neighbor 9.9.9.9 remote-as 2

neighbor 9.9.9.9 ebgp-multihop 255

neighbor 9.9.9.9 update-source Loopback0

!

address-family ipv4

neighbor 2.2.2.2 activate

neighbor 2.2.2.2 next-hop-self

neighbor 2.2.2.2 send-label

no auto-summary

no synchronization

network 6.6.6.6 mask 255.255.255.255

exit-address-family

!

address-family vpnv4

neighbor 2.2.2.2 activate

neighbor 2.2.2.2 send-community extended

neighbor 9.9.9.9 activate

neighbor 9.9.9.9 send-community extended

exit-address-family

now i need to understand it along the LSP, i think the tricky part is i need send-label between the ASBR1 and PE1 in AS#1 and same with AS2

thanks a lot, your way works.

Actions

This Discussion