cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3517
Views
5
Helpful
5
Replies

MPLS VPN Label control plane or forwarding plane ?

Hello,

Can anyone tell me MPLS VPN label is used as control plane or forwarding plane.

From wireshark it seems vpn label information shared in mp-bgp updates, so I assume it to be control plane.

 

Thanks,

Mrityunjay

1 Accepted Solution

Accepted Solutions

Ok let’s define data-plane as a streamlined tables that a router uses to forward packets, but how does that work on a PE?

PE can have several of these forwarding tables –it actually has one for each VRF and one for global routing table.

So how does it work when CE1 is connected to PE1 and sends packet that is destined to CE2 and reachable behind PE2 (Data: CE1->PE1->P->PE2-CE2)?

When packet with destination IP of CE2 hits PE1 this is what happens solely in data-plane:

0)based on destination MAC address PE1 accepts the packet and strips this L2 information from it

1)based on incoming interface PE1 choses which forwarding-table to use to try finding CE2's IP

2)PE1 walks the selected forwarding table until it finds longest match for IP address of CE2

3)the entry (route) that PE1 just found for CE2 prefix points to, well let’s call it, indirect-next-hop

4)then in turn this indirect-next-hop points to an entry in L2 overwrites table

5)this entry in L2 overwrites table holds the VPN label that PE2 advertised via BGP, transport label that P1 advertised via LDP and MAC address of P1 that was learned via ARP and egress interface towards P1.

6)based on this lookup PE attaches this new L2 overwrite information (VPN-label+LDP-label+MAC) onto the data-packet and sends it via P1 towards PE2.

 

So to your questions:

> IF VPN label is data plane , why it is going within MP_REACH attribute?

Well this is because out of all those “things” carried in the MP_REACH it’s only the subnet/mask and VPN label that will make it into the data-plane.

So in our example it’s just the VPN label (+LDP label) that will be attached to the data-packet that PE1 sends towards PE2 (there will be no RT or RD or other BGP attributes attached to the packet just the labels).

So the data-plane info (previously exchanged by control-plane protocols BGP and LDP ), VPN label and transport label in this case, will be actually attached to the data-packet.

 

>only want to understand why data plane info, is getting shared with control plane ,

Well using control-plane protocols like BGP or LDP or OSPF is just a convenient way of transporting information across the network –so that this information can then be used by routers to setup their data-plane (forwarding-tables and L2-overwrite-tables) accordingly.

 

In fact the new notion in the networking industry is to actually not use control-plane protocols to carry data-plane information at all, but instead to program data-plane on all routers in the network directly from a centralized server application –called controller –this approach is called SDN (Software Defined Networking).

With this approach you don’t need MP-BGP or LDP or even OSPF –as all PEs or P routers in the network talk only to the centralized controller application and since this application knows about the whole network topology and all VPNs it programs directly the data-plane that is forwarding-tables and L2 overwrite table one each PE and P router in the network.

 

>whereas fundamentally first control plane should be shared, based on that host evaluate the data plane info.

But yes in standard routing you first need the control-plane (packets/messages) to be echanged in order to distribute information to every router in the network and this information (routes/labels/etc) can then be used to program data-plane on each router.

Then when data-packets arrive at a router it knows how to forward them based on the data-plane tables.

 

 

adam

netconsultings.com

::carrier-class solutions for the telecommunications industry::

 

adam

View solution in original post

5 Replies 5

Harold Ritter
Cisco Employee
Cisco Employee

Hi Mrityunjay,

 

MPLS VPN (also known as L3VPN) is both control plane and data plane. As you mentioned, the labels are exchanged using MP-BGP (address-family vpnv4 or vpnv6) and these labels are used in the data plane to segrate traffic between different VPNs.

 

Regards, 

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Adam Vitkovsky
Level 3
Level 3

Well, all the information in networking is relayed through control-plane but only some of it is actually used by control-plane in order to make decisions.

Control-plane is there to disseminate the “routing/filtering” information across the network and then to decide whether the received or locally defined routing/filtering information is worth installing into the data-plane or worth relaying further.

Now some attributes of the information carried across control-plane can be used to facilitate the above decisions (whether to install locally or advertise to neighbours).

Like in case of an L3VPN prefix it’s the route-target or local-preference attributes that dictates whether the prefix along with its VPN label end up being installed in the data-plane.

So to answer your question, no, VPN label is not consumed by control-plane (to help CP make any decisions) and its used solely by data-plane to either resolve egress interface or to resolve FIB to make forwarding lookup in (depending on how the VPN label is used on the egress PE –i.e. per VRF label, per prefix label, per next-hop label).

 

adam  

 

netconsultings.com

::carrier-class solutions for the telecommunications industry::

 

adam

Hello Adam,

If VPN label is data plane, then why vpn label(stack label) info. getting shared with MP_REACH_NLRI phase.

As we see RT,RD,next_hope routes are all part of control plane which get shared within MP_REACH attributed before sending the actual data , whereas label(outer) is used as data plane to reach the defined next hop prefix of ingress PE.

 

Summary:

1) IF VPN label is data plane , why it is going within MP_REACH attribute.I know the purpose of VPN label, only want to understand why data plane info, is getting shared with control plane , whereas fundamentally first control plane should be shared, based on that host evaluate the data plane info.

 

Thanks,

Mri.

Mri,

 

> IF VPN label is data plane , why it is going within MP_REACH attribute.I know the purpose of VPN label

 

BGP is used to advertize what VPN label should be used by the other PEs to get to a specific prefix. This label is then used in the data plane (in the MPLS packet header) by the ingress PE, along with the IGP to get to the right egress PE and the to the right CE (or connected subnet).

 

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Ok let’s define data-plane as a streamlined tables that a router uses to forward packets, but how does that work on a PE?

PE can have several of these forwarding tables –it actually has one for each VRF and one for global routing table.

So how does it work when CE1 is connected to PE1 and sends packet that is destined to CE2 and reachable behind PE2 (Data: CE1->PE1->P->PE2-CE2)?

When packet with destination IP of CE2 hits PE1 this is what happens solely in data-plane:

0)based on destination MAC address PE1 accepts the packet and strips this L2 information from it

1)based on incoming interface PE1 choses which forwarding-table to use to try finding CE2's IP

2)PE1 walks the selected forwarding table until it finds longest match for IP address of CE2

3)the entry (route) that PE1 just found for CE2 prefix points to, well let’s call it, indirect-next-hop

4)then in turn this indirect-next-hop points to an entry in L2 overwrites table

5)this entry in L2 overwrites table holds the VPN label that PE2 advertised via BGP, transport label that P1 advertised via LDP and MAC address of P1 that was learned via ARP and egress interface towards P1.

6)based on this lookup PE attaches this new L2 overwrite information (VPN-label+LDP-label+MAC) onto the data-packet and sends it via P1 towards PE2.

 

So to your questions:

> IF VPN label is data plane , why it is going within MP_REACH attribute?

Well this is because out of all those “things” carried in the MP_REACH it’s only the subnet/mask and VPN label that will make it into the data-plane.

So in our example it’s just the VPN label (+LDP label) that will be attached to the data-packet that PE1 sends towards PE2 (there will be no RT or RD or other BGP attributes attached to the packet just the labels).

So the data-plane info (previously exchanged by control-plane protocols BGP and LDP ), VPN label and transport label in this case, will be actually attached to the data-packet.

 

>only want to understand why data plane info, is getting shared with control plane ,

Well using control-plane protocols like BGP or LDP or OSPF is just a convenient way of transporting information across the network –so that this information can then be used by routers to setup their data-plane (forwarding-tables and L2-overwrite-tables) accordingly.

 

In fact the new notion in the networking industry is to actually not use control-plane protocols to carry data-plane information at all, but instead to program data-plane on all routers in the network directly from a centralized server application –called controller –this approach is called SDN (Software Defined Networking).

With this approach you don’t need MP-BGP or LDP or even OSPF –as all PEs or P routers in the network talk only to the centralized controller application and since this application knows about the whole network topology and all VPNs it programs directly the data-plane that is forwarding-tables and L2 overwrite table one each PE and P router in the network.

 

>whereas fundamentally first control plane should be shared, based on that host evaluate the data plane info.

But yes in standard routing you first need the control-plane (packets/messages) to be echanged in order to distribute information to every router in the network and this information (routes/labels/etc) can then be used to program data-plane on each router.

Then when data-packets arrive at a router it knows how to forward them based on the data-plane tables.

 

 

adam

netconsultings.com

::carrier-class solutions for the telecommunications industry::

 

adam
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: