Destination based load balancing in MPLS L3VPNs can be categorized into two scenarios:
1) multiple pathes between two PE routers
2) multiple access links to a single CE or site
Your question as I understand it was about the first scenario. So let me first quickly review how customer traffic is forwarded between VRFs on two different PE routers.
The VRF routing table will have BGP entries for the routes learned from the remote PE usually with next hop addresses being the remote PE loopback IP used for PE-to-PE BGP peering.
The traffic will be forwarded across P routers using the label for the BGP next hop.
Thus the load balancing accross the MPLS core in a first step is decided by the IGP, which has to insert several equal cost pathes into the global routing table for the BGP next hop networks (PE loopbacks).
Side note: MPLS traffic engineering in the core would allow for unequal cost load balancing.
The decision, which labeled packet to send across which path in the core is done by CEF using a hash algorithm. To achieve the same load balancing as with unlabeled IP traffic, a Cisco MPLS enabled router will look for the bottom label - the one with bottom-of-stack bit set to 1 - and try to determine, if the transported packet behind the bottom label is IP. If so, the hash is calculated for the customer IP header like for normal IP traffic. This ensures all traffic for a certain customer destination will always go through the same path. No unwanted packet reordering will occur.
Be aware, that the customer IP packet header will only be used for CEF hash calculation, no IP lookup will be performed, as core routers in MPLS L3VPNs do not have any knowledge about customer addresses.
As a side note: if the traffic transported is not IP (e.g. Ethernet over MPLS), the bottom label will be used for the CEF load balancing (e.g. the VC label).
For the second scenario - CE load balancing with multihomed CE/sites - it is first required to have two equal cost entries in the VRF routing tables. The difference will be the two different PE BGP next hop addresses. The first load balancing decision is the performed by CEF based on the IP packet received by the CE and the VRF routing table entries. Once CEF decided, which VRF entry to use, the required BGP next hop label (and the VPN label) is applied and the packet is transported across the MPLS core. load balancing there is done as described above.
Thanks for your reply, it did clear some doubts and raised some more. We are focusing on first scenario as per your reply.
As you said "if the transported packet behind the bottom label is IP. If so, the hash is calculated for the customer IP header like for normal IP traffic"
is it true for every VPN packet traversing MPLS core with P router having multiple paths for egress PE, does it create a hash for every VPN source-destination and does it look beyond label into ip header of the VPN packet on the P router where as P router is unaware of VPN source-destination.
The hash is only used to determine one out of several equal cost pathes. Simplified, in case you have two equal cost pathes one could simply send all packets with an even number of one bits (source, dest) through path 1 and those with an odd number of one bits through path two. At this level no knowledge about networks is required in a P router. There is no IP lookup in a FIB, as this would make no sense on a P router for VPN customer packets anyhow.
Thanks a ton. This is so very informative and interesting, just one more question and that will clear all my doubts. As there is no FIB lookup on the P router for a VPN packet and that is very right also but for hash algorithm does it still look into the VPN IP packet header to figure out Even or odd source/destinations as there is no such info in MPLS label stack or if you can refer me a document which has detailed information on this.
The Cisco EPN system incorporates a network architecture designed to consolidate multiples services on a single Multiprotocol Label Switching (MPLS) transport network. This network is designed primarily based on Application Engineered...
Internet security is important with the increasing attacks that are happening every day. Many internet and browsing security solutions exist, but some are not very easy to use or maybe the question is how can I enable them?
Cisco Software Manager Server
This document describes the programmatic interfaces, RESTful APIs, which are supported by Cisco Software Manager Server (CSM Server).
CSM Server supports a set of finite RESTful APIs. The fir...