Hi...when connection customer to customer in vpn mpls there is a label in mpls packet that identify customer. how and the label is generated. is the mbgp process that create them? or the ldp? please correct me... is the label unidirectional too? means that from need 2 unique vpn label to support 2 way direction? tx u friend..
hmm...how about rd? what is it used for? how is relate to vpn label? is both routing update and general packet(ping,http) also need vpn label? i get confusion to understand all of them. i need detail step-by-step how vpn label/routing update/rd,vrf work in harmony. would you please let me know how to understand them in easy way? tx u very much...
By default, a different label is allocated for each prefix advertised via BGP VPNv4. These labels are sometimes referred to as VPN labels. The VPN label is inserted in the BGP update, whic is distributed to the other PEs, either directly or via a route reflector). Note that a second label is required for the traffic to get from the ingress to the egress PE. This second label can be learnt via LDP, RSVP or can just be statically configured. Once the traffic gets to the egress PE, the VPN label is used to forward the packets to the proper VRF interface.
As for your second question, the VPN label is assigned by destination prefix (FEC) and is therefore unidirectional.
Hope this helps,
tx for answer but i am still unclear about what makes or the mechanism inside pe router so that label X must be assosicated with someone vrf. do you have documentation that explain kind question like mine? please helps. tx very much
If you can acquire "MPLS Fundamentals by Luc De Ghein, CCIE No. 1897" book it would be great.
In brief RD (Route Distinguisher) is a 64bits added to the IPv4 address of the VPN customer to create the VPNv4 address (VPN IPv4 address) as a globally unique address to permit address space overlapping between VPN customers.
On the other hand the MPLS VPN label is 32bits associated with each customer route in order to be used to forward the packet to its desired destination. And yes the label is unidirectional.
About how the label is distributed, for MPLS VPN there is something called a label stack which means that the packet has a stack of at least 2 labels, the Top Label is the egress PE label (exchanged via LDP) while the other label is the VPN label (exchanged via MBGP). --> The logic implies that you need to reach the egress PE and further the desired VPN destination.
HTH, please rate if it does
thanks mohammamed, your answer is really helps but in what case does the vpn label need to be assigned/tagged on the data/frame? i am sure if the case is when regular data flow between customer. the question is does it apply too when in routing update? so rip/ospf packet will have vpn label? tx in advanced.. cheers.
A VPN label (propagated via MBGP) is the second label in stack if we are talking about MPLS VPN, the TOP label is for the Egress PE router, any packet that need to be forwarded between the customer VPN sites needs to be tagged via the whole stack (Top label + VPN label), any other packets forwarded between the provider routers (has nothing to do with the customer VPN) will only have the Top label (which is exchanged via LDP).
HTH, please rate if it does,
Hi Mohammedmahmoud..how are you? regarding to what you said last time "On the other hand the MPLS VPN label is 32bits associated with each customer route in order to be used to forward the packet to its desired destination. And yes the label is unidirectional." I still wonder why there is many vpn label even inside the customer? why dont vpn label is same for all route in the same customer? am i wrong? My question is does the vpn label value on the PE is same for vrf? or does the vpn label value on the PE is different for every routing/routing entry even in the same vrf/customer? For Example on PE router A has 2 vrf, vrf customerA and vrf customerB. how many vpn label for vrf customer A? is it one? or many? tx and have a nice day ;)
Been a long time, how are you doing, i hope fine :)
Just to recap, MPLS VPN packets uses a label stack with the top label (LDP label pointing to the egress PE router) and the VPN label as the bottom label.
The VPN label must be put on by the ingress PE router to indicate to the egress PE router which VRF the packet belongs to. The MP-iBGP is used to advertise the VPN label (also referred to as the BGP label) that is associated with the vpnv4 prefix.
A VPN label usually indicates the next hop that the packet should be forwarded onto on the egress PE router which means the CE router as the next hop of the packet, and thus each VRF table will have as many VPN labels as number of the CE routers or next-hops.
I hope that i've been informative, and have a nice day yourself.
HTH, please do rate all helpful replies,
A little off the topic, but when the egress PE strips the VPN label and the next hop is actually back into the MPLS network , what does the PE do with the packet? does it re-apply the new VPN and LSP labels? or does it drop the packet?
I am trying to understand wheither a VRF 'hairpin' situation could occur.
No on the egress PE, the VPN label is striped and the packet is forwarded out the VRF outgoing interface, the packet used this VPN label in the first place as it indicates the desired destination, thus the scenario you are talking about can't exist with MPLS VPN.
Thanks for boiling it down so clearly. I do have a question about the resulting MTU. I show 2 labels in a PE to PE trace like so:
rtr-1#traceroute vrf CustomerA 10.16.0.1
Type escape sequence to abort.
Tracing the route to 10.16.0.1
1 192.168.0.6 [MPLS: Labels 17/20 Exp 0] 12 msec 16 msec 12 msec
Does this indicate that in order to get a PathMTU of 1500 i need an MPLS mtu of 1512 (64 bits VPN IPv4 address plus 32 bits MPLS VPN label)? TIA
MPLS will add extra 4 bytes for each label in the label stack to the pure IP packet, which means that MPLS applications (MPLS VPN, AToM, MPLS TE, MPLS QoS) will add stacks of labels to IP packet, each is 4 bytes. To have a path MTU of 1500, you need to add the 4 bytes per label according to your MPLS applications on the PE interface connecting it to your MPLS backbone (if you face an issue with setting the interface MTU, example FE interface that doesn't support setting the interface MTU, you can rather set the MPLS MTU), and also keep in mind your interconnecting Layer 2 switches, you need to make sure that they support baby giants or further on jumbo frames.
Thanks for your reply. I've created a new thread on this topic at http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=WAN%2C%20Routing%20and%20Switching&topicID=.ee71a06&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc06659 . Perhaps you could take a look? Thanks again.
En este momento estoy observando variaciones en ciertos enlaces, dichas intermitencias son de micro segundos, asi mismo visualizo que no se esta estableciendo adhjacencia entre ellos, ya que la variaciones son en un lapso de tiempo muy corto.
Cabe destacar que no se estan presentando errores de CRC en los routers
Nota: Pienso yo que deberia un problema de comunicacion es decir un enlace de radio que deberia estar variando
Pido su ayuda para tener una idea de la situacion
Gracias y saludos
Luis, de que estas hablando, hombre??
Esta conversacion es sobre MPLS y VPN. Si Ud. necesita ayuda, tienes que empezar una conversacion nueva y presentar su situacion con detalles.
De todos maneras, se habla en Ingles en este message board, patron.