Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
697
Views
10
Helpful
5
Replies

L3VPN over satellite network

HielkeHagendoorn
Level 1
Level 1

‎05-06-2008 05:14 AM

Hi There,

I'm trying to implement a L3VPN on top of a satellite network. This medium brings some very specific characteristics.

A router transmits using one frequency and receives on all other frequencies. Every frequency, means a separate modem and so a separate interface.

Problem with this setup is :

I can only send on one interface (anything send on the other interfaces is lost) and I receive ALL other traffic, even traffic not addressed to the local router!

So I was thinking of using the LDP label as a discriminator. The Idea is that all unknown labels are dropped so the local router only accepts traffic which is really addressed to the local router.

However because all routers are 'connected' to the same multi-access network PHP drops the LDP label. Because the VPN labels might (and are) not unique over the different routers in the satcom group I'm experiencing some very weird looping behavior.

My questions are :

- Is there some way to prevent the use of impl.null labels?

- Will sourcing the mBGP and LDP sessions from a loopback interface do the trick?

- Is there a way to make sure the VPN labels are unique over the entire group?

- Does anyone have an example about how to use static labels?

- Any other suggestions?

Thx in advance

Hielke

Labels:
0 Helpful
5 Replies 5

mheusing
Cisco Employee
Cisco Employee

‎05-06-2008 06:54 AM

Hi,

You present a very interesting challenge. Let me try to answer your questions.

- Is there some way to prevent the use of impl.null labels?

Yes, with the command "mpls ip encapsulate explicit-null" a router will advertise an explicit-null label instead of implicit null. BUT: this will not solve the issue presented, as an explicit-null will also lead to a lookup by every router.

- Will sourcing the mBGP and LDP sessions from a loopback interface do the trick?

No, every connected network will lead to implicit-null (or exp-null) label being assigned. BUT: you should use Loopbacks in any case for stability reasons (if there is more than one path).

- Is there a way to make sure the VPN labels are unique over the entire group?

Yes, there is. With the command "mpls label range " you can configure a separate, disjunct label space for each router not only for VPN labels, for all locally assigned labels (R1 gets 10000 19999, R2 20000 29999, etc.). BUT: be aware this can only be put into production with a reload and if a router runs out of labels connectivity will be broken.

- Does anyone have an example about how to use static labels?

Yes, but the "label range" approach is for sure more scalable. Btw, static label space is also configured with the "MPLS label range" command.

- Any other suggestions?

Well, more a question than a suggestion: Why does OSI layer 2 not sort out the "unwanted" traffic to a particular router? If f.e. Ethernet destination MAC addresses are not matching the receiving routers address then traffic should be dropped. What layer 2 protocol are you using?

Hope this helps! Please use the rating system.

Regards, Martin

jander2008
Level 1
Level 1
In response to mheusing

‎05-06-2008 08:41 AM

Hello Martin:

Would you mind if you can elaborate on the 1st command: "mpls ip encap explicit-null"?

I looked it up on cco and it says that if you have mpls enabled on a router and you enter this command, an error msg. occurs.

I tried it on my 7200 and this is what I am getting:

Rack2R8(config)#no mpls ip

Rack2R8(config)#mpls ip e?

% Unrecognized command

Rack2R8(config)#int f1/0/0

Rack2R8(config-if)#mpls ip en?

% Unrecognized command

Rack2R8(config-if)#mpls ip en

% Incomplete command.

Rack2R8(config-if)#do sh ver | i IOS

Cisco IOS Software, RSP Software (RSP-K91PV-M), Version 12.2(25)S9, RELEASE SOFT

WARE (fc1)

I just need to understand a little more as to when to use this command and how it works.

Thank you.

Best Regards.

JD

0 Helpful

mheusing
Cisco Employee
Cisco Employee
In response to jander2008

‎05-06-2008 11:03 PM

Hi JD,

the correct command for 12.2S and 12.4 is "mpls ldp explicit-null". sorry for causing confusion.

The use of the explicit null label instead of the implicit null label is mainly used to transport the 3 experimental bits for QoS related reasons in special cases.

Consider the following scenario: a customer wants to use different markings for his QoS classes than his MPLS service provider.

There are two options to implement this, namely either remark customer settings like IP precedence at the edge of the SP network or transparently transport the customer markings by using different markings in the experimental bits. The issue created by PHP in an ISP network would be that the egress PE will receive unlabeled packets and thus the egress PE would have to "understand" customer settings. By using explicit null the SP QoS markings are transported to the egress PE.

Long story to explain the useful usage of exp-null over imp-null.

Regards, Martin

0 Helpful

HielkeHagendoorn
Level 1
Level 1
In response to mheusing

‎05-06-2008 10:29 PM

Hi Martin,

Thx for your quick answer.

All interfaces are serial. Right now I'm using frame-relay for layer 2. I choose FR because the links are unidirectional, return traffic might come in on a different interface. I'm not sure if HDLC can handle this, also the smaller the protocol overhead the better.

I tried configuring L3VPN on the main interface using IOS 12.2SRC. Unfortunately the CEF Adjacency didn't came up (See TAC case SR 608360593). A workaround is using a point-to-point sub interface with the 'frame-relay interface-dlci' command. By using the same DLCI number on all interfaces every routers sees everyone at layer 2. I used ACL's to filter traffic on layer 3.

The alternative, using the (multipoint) main interface with a whole bunch of FR mappings did give me the IP connectivity but no CEF adjacency and so no L3VPN.

From the “Implementing Cisco MPLS Volume 1” Student guide page 365 I got the following quote:

"The second label in the stack points toward an outgoing interface whenever the CE router is the next hop of the VPN route. The second label in the stack points to the VRF table for aggregate VPN routes, VPN routes pointing to a null interface, and routes for directly connected VPN interfaces."

My questions are:

1. Does every prefix using the same CE router as next hop get a different label. Or does every attached CE device gets a label, thereby sharing the same label with multiple prefixes advertised by the same CE router? In the second case only a limited number of labels are needed.

2. Can static labels be used to overrule the PHP thing? Scalability isn't really an issue here because the entire group would not contain more than 16 devices.

Regards

Hielke

0 Helpful

mheusing
Cisco Employee
Cisco Employee
In response to HielkeHagendoorn

‎05-08-2008 12:47 AM

Hi,

1. Does every prefix using the same CE router as next hop get a different label. Or does every attached CE device gets a label, thereby sharing the same label with multiple prefixes advertised by the same CE router? In the second case only a limited number of labels are needed.

The default is to allocate a unique label per VRF prefix inserted into MP-BGP. Only in IOS XR this can be configured to be "per-ce".

2. Can static labels be used to overrule the PHP thing? Scalability isn't really an issue here because the entire group would not contain more than 16 devices.

No, unfortunately not.

Regards, Martin

Customers Also Viewed These Support Documents