Hi I'm studying for the Secure Converged networks exam, I have a question about how LSR's handle summarised routes.
ie.A packet from network 10.10.10.0/24 arrives at the LSR, the LSR is then configured to summarise to 10.0.0.0/8 will there be LFIB entries for both networks and will any networks be dropped?
The router which summarizes will assign label for for both the entries /24 as well as /8 ( implicit null for the /8 network - as locally originated).
But the router downstream would not have the /24 network in its FIB and will only propagate(assign new) the /8 entry label.
So there will be 2 different LSPs 1 for /24(from source to the summarizing router) and 2nd lsp for /8 route from summary router till the destination.
So there wont be an end to end lsp for /24 route and this will cause broken LSP ( the worst problem)
So your ping/data inside the core would work (ip lookup at the summary router to change the LSP)
But the application traffic (like vpn traffic with another inner label) would be dropped at the point of summarization as the router cannot remove the outer label to look at the ip address and route through ip routing.
hope this is clear
quote "The router which summarizes will assign label for for both the entries /24 as well as /8 ( implicit null for the /8 network - as locally originated).
But the router downstream would not have the /24 network in its FIB and will only propagate(assign new) the /8 entry label."
This is not correct, assuming we are not talking about ATM cell mode MPLS, Cisco router uses down-stream unsolicit label distribution, aka, a router only advertises prefix-FEC label mapping upstream . Cisco router uses independent label control, which means, a label mapping will be advertised upstream regardless the router has a label for the prefix downstream or not.
Quote " So there will be 2 different LSPs 1 for /24(from source to the summarizing router) and 2nd lsp for /8 route from summary router till the destination. "
Not really, there will only be one LSP to /8 from source to the summarizing router if summarizing router does not leak component /24 routes. And there will be no /8 route from summary router till the destination.
I might have got a bit confused in upstream and downstream. Sorry about that. But what I am saying is absolutely correct. The router who is aggregating the route will have both the /8 and /24 routes in the routing table. so it would advertise the label for both the routes. Why wouldnt it, when it is independ control. so you saying that the aggrigating router wouldnot assign a label for /8 route is wrong. It will assign a label of implicit null(3).
And the upstream router will not have the /24 entry in its routing table and it will not assign any label for /24.
And yes... It will result in broken LSP. i.e 2 pieces of LSP as I have explained in my earlier post.
I donot have and document explaining this right now except for a Cisco slide which I am attaching. Please go through the slide and It will clearify what I am saying. After I get my hands on a document explaining this, I will post it on the forum.
What did you not get? Let me try to put it in better words. consider the topology :
Aggregation point to X/8.
Now consider that routers R1 to R6 form a part of mpls cloud and all have the network converged.
Now routers R5,R4 and R3 have the network X/24 in their routing tables and so assign labels for /24.
R5 sends a label(implicit-null) for X/24 to R4 and R4 sends another label and so does R3. But since R4 doesnot have an entry for X/24 in its routing table, the X/24 network doesnot appear in its LIB / LFIB.
Now R3 assigns a label (implicit-null) for the x/8 network as it is a network present locally in its routing table. Also X/8 network appears in routing tables of R2 and R1 and they assign the labels.
So now you are having 2 pieces of LSP-
LSP#1 - for x/8 from R1 to R3.
LSP#2 - for X/24 from R3 to R4.
So now what R5 wants to send the traffic for say a host in network X ( say 10.10.10.1 where net x is 10.10.10.0)
on ingress,(R1) the traffic will match X/8 and will be sent on LSP1.
The LSP#1 terminates on R3 where the ip lookup is done in the FIB to find that the destination is 10.10.10.1 which has a longest match of X/24 and the LSP#2 is used to send the traffic to the destination.
This works only if ip lookup can be done on R3. There is no automatic switching between LSP1 and LSP2. so when using L3-VPN, L2 VPN, the ip address of the actual datapacket is a internal address adn doesnot make sense. so the packets are dropped as there is another inner label and ip lookup can't be performed.
The attached slide should have given a clearer picture... but anyways...
I hope it is still not "clear as mud" to u. :)
I guess you can also see this in troubleshooting -mpls vpn book.