My Query is about VPN Id. WE all know that VPN ID identifies the VPN on the Egress PE . Now following are my questions:-
1. Is the VPN Label that is there on a packet when it traverses thru the Mp-BGP Path and VPN ID the same thing.
2. Next we can manually configure the VPN ID . But if we don't do it manually then how is the VPN ID generated.
VPNID is the optional configuration on both the PE end... MP-BGP will carry your VPNv4 address and extanded community... so MP-BGP is carring Route-Target which will define your Intranet and Extranet VPN fundamental...
Raghav, VPN ID is not the same as VPN label. It only used to indentify membership to a given VPN. Here is a previous conversation on VPN ID which should be helpful.
Hi Swaroop ,
I got it that VPN Id is used for identifying the VPN membership at the Egress PE but then what is the VPN Label used for.??
VPN Label is used to deliver the MPLS VPN packet to its destination, and it is exchanged via MP-BGP between PEs, please review this thread:
So VPN ID is used to identify the VPN at the Egress PE's .
Second the VPN Label is used to deliver the VPn to its destination.It does this when the VPN is identified by the VPN ID at the Egress PE .
1.Now i have one more doubt ..how is the VPN ID and VPN Label generated??
2.Secondly if the VPN Label is generated at the ingress PE Router how does the Egress PE Router knows about that particulare VPN Label. and how does it identifies which VPN Label is for which VRF.
The Egress PE, generates the VPN label per each VRF route and the PEs exchange the VPN labels via MP-BGP, and thus all the PEs will be aware of which VPN label to associated with which VPNv4 route in order to reach the desired destination.
VPNID has got nothing to do at all with RD/RT or MPLS Label. Its as described a independent entity which can be used to uniquely identify incoming control or data packets(these packets should carry that ID in their header or payload as applicable).
You can take a look at RFC 2685 on VPNID for more details.
A remote access example as per VPNID used in Cisco IOS.
The remote user sends the Access-Request packet which contains the user name, encrypted password, NAS IP address, VPN ID, and port.
The format of the request also provides information on the type of session that the user wants to initiate.
The RADIUS server returns an Access-Accept response if it finds the user name and verifies the password. The response includes a list of attribute-value pairs that describe the parameters to be used for this session. The radius server here uses the VPNID in the access request to identify to which VPN the user should belong to.
This is one of the application of VPNID as used in the IOS, although VPNID is independent of MPLV VPN, or any other VPN. It basically is a standard which provides unique identification method for control or data packets.
Thnks for the wonderfull information. BUt my doubt is still there.
If as per mohammed the Egress PE generates the VPN Label then how does the ingress PE knows about that VPN Label.
Why i ma asking this is coz lets do it like this way:-
1.Now in this kinda example who will generate the VPN label.
2. If you say that the PE1 will generate the VPN label and i knwo that VPN label traverses only thru MP BGP in the VPNV4 Routes. But who will tell the PE2 about the same VPN Label that PE1 generated. HOw will PE2 knw that this VPN label is for coke if it has 2 or more customers.
Lets clear this out simply here:
When the PE (Egress PE) is advertising the vpnv4 prefix via MP-BGP to other PEs (Each PE is advertising the routes of the connected CE), it also signals the VPN label that is associated with the vpnv4 prefix.
I hope that i've been informative. Please let me know if you still have problems.
In the above scenario, for the routes originated by the CE connected to PE1, PE1 will generate the MPBGP update with the VPN label. This MPBGP update would be send to all the other MP-IBGP neighbors.
Now when the remote side PE's (in this case only PE2) receives the update, as per the RT it decides whether to install the route or not. Which ever VRF is configured to import that RT is installed with that route and the corresponding label to reach that route in that VRF's table (in this case vrf_coke).
So when a PE receives an MPBGP update it doesnt check for the name or anything else of the update, just the RT for accepting and installing the route with its label.
yes that is what RT does. NOW my query is before RT comes to knw into which VRF that routes are to be propagated in the vpn i.e--the VRF is checked for. NOw I am pretty much sure that the VPN is identified by the VPN Label.
NOw if that is so how does the second PE i.e--PE2 knows about that particular VPN label when it does not has any information about the VPN Label as it only receives it from the Ingress PE's via MP BGP .
Moreover if we have more that 1 VRF say about 5 Diff VRF on both the ends , how does the Second PE i.e---PE2 knws which VPN Label is for which VRF i.e--VPN, coz it never generated it nor it was ever told by any one about the VPN label for every specific VRF. It is only the Ingress PE i.e---the PE1 who generates the VPN label attaches them to the packet and is forwarded to the Egress PE's in the VPNV4 routes via MP-BGP.
I hope i am clearing what exactly I want to knw. And em really sorry for giving you so much trouble but I want to clear this doubt.
Well, if you see you have the question and the answer in the same post. But I believe you are missing
something in between which is leading to the confusion and doubt.
Lets consider this simple example:
The below PE2 receives the MPBGP update with the following information.
The below PE2 has multiple VRF's of which one VRF(vrf2) is also present on PE1.
Now when the PE2 receives the mpbgp updates for vrf1 and vrf2 from PE1, it checks the RT value, nobody on PE2 wants to import the RT=x so it drops all updates with the RT=x.
Now it sees that 2 VRF's want the updates with RT=y (vrf2 and vrf3). Here it deosnt check or see that vrf3 is different, it just checks the RT and It installs the route in the vrf routing table of both the vrf's (vrf2 and vrf3). the entry in both the vrf's routing table in PE2 would be like
for route 18.104.22.168 use the nexthop as 22.214.171.124
which in MPLS forwarding terms would be
for route 126.96.36.199 in VRF 2 and VRF3
use top label as the label for 188.8.131.52 and the second label as the label for 184.108.40.206 which is (20)
So for any data going from CE2 which connects to PE2 is tagged with IGPlabel on top (for220.127.116.11) and the second label as=20.
And for the return traffic PE2 would already have established a return path using the same procedure of sending MPBGP updates with labels for the return routes.