Curso MPLS Intro

© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1

Multi Protocol Label Switching - MPLS


Agenda•MPLS Concepts

•Labels Assignments and Distribution

•Frame-mode and Cell-mode MPLS

•MPLS L3VPN

•Any Transport over MPLS

•Traffic Engineering

•Inter AS / CsC


Why MPLS?

• Needed a single infrastructure that supports multitude of applications in a secure manner

• Provide a highly scalable mechanism that was topology driven rather than flow driven

• Load balance traffic to utilize network bandwidth efficiently

• Allow core routers/networking devices to switch packets based on some simplified header

• Leverage hardware so that simple forwarding paradigm can be used


Examine MPLS and Layer 3 Routing Limitations


ObjectivesUpon completion of this section, you will be able to perform the following tasks:

?Examine MPLS and L3 routing limitations:– L3 routing limitations– MPLS architecture– Control plane and data plane– Label headers– Frame mode– Label switched router types– The process of MPLS forwarding


L3 Routing Limitations

Traditional IP Forwarding


L3 Routing Limitations (Cont.)

IP Over ATM


L3 Routing Limitations (Cont.)

Traffic Engineering Using Traditional IP Forwarding


MPLS Architecture

What Is MPLS?


Control Plane and Data Plane

MPLS Functionality


Frame-Mode

MPLS Modes of Operation


Label Headers

MPLS Label Format


Label Switched Router Types

Label Switched Routers


The Process of MPLS Forwarding

MPLS Forwarding


The Process of MPLS Forwarding (Cont.)

Cell-mode MPLS Forwarding


Topic Summary

?Service providers and enterprises can benefit from MPLS:Enables many new servicesOptimizes resource utilizationSimplifies backbone routingMakes networks more resilient to failures

?Simple labels are used to forward frames (or cells).

?Complex control-plane mechanisms are used to implement various MPLS services.


Identify Applications that Use MPLS


Identify MPLS as an Application-driven Technology

MPLS Applications


Identify MPLS as an Application-driven Technology (Cont.)

Unicast IP Routing



MPLS Traffic Engineering



MPLS TE Example

• Some traffic from the upper (overutilized) path should be moved to the lower path.



Quality of Service



Virtual Private Networks



VPN Example



Layer 2 MPLS VPN



Layer 2 MPLS VPN Example


Summary

Many types of applications make use of MPLS’s label switching technology:

•Each MPLS application may use a different routing protocol and a different label exchange protocol.

•All of the applications use one single label-forwarding engine.


Establish Label-Switched Paths (LSPs)



?You will describe how Label-switched Paths (LSPs) are established:

– LDP/TDP Role in MPLS– Label-switched Paths in MPLS– LDP/TDP Neighbor Discovery– Differences Between LDP and TDP– The Process of Establishing Label-switched Paths


LDP/TDP Role in MPLS

Label Distribution Protocol (LDP) and Tag Distribution Protocol (TDP)

•LDP binds labels to networks learned via a routing protocol.•TDP and LDP are functionally equivalent but not compatible.


Label-switched Paths in MPLS

Multiprotocol Label Switching (MPLS) Unicast IP Routing Architecture


Label-switched Paths in MPLS (Cont.)

MPLS Unicast IP Routing Architecture Example


Label-switched Paths in MPLS (Cont.)

MPLS Unicast IP Routing Architecture Example (Cont.)


LDP/TDP Neighbor Discovery

LDP Hello Messages

• Hello messages are targeted at all routers reachable through an interface.

• LDP uses well-known User Datagram Protocol (UDP) and TCP port number 646 (711 fot TDP) .

• Source address used for LDP session can be set by adding the Transport Address Type-Length-Value (TLV) to the Hello message.

• 6-byte LDP Identifier TLV identifies the router (first four bytes) and label space (last two bytes).


LDP/TDP Neighbor Discovery (Cont.)

Label Space

• LDP session is established from the router with a higher IP address.



LDP Session Negotiation

?Peers first exchange initialization messages.

?The session is ready to exchange label mappings after receiving the first keepalive.



Label Space

?One LDP session is established for each announced LDP identifier (router ID + label space).

?The number of LDP sessions is determined by the number of different label spaces.


Differences Between LDP and TDP

TDP and LDP Compatibility

?TDP uses UDP and TCP port number 711, and LDP uses UDP and TCP port number 646.

?TDP is used by default on Cisco devices - it may be necessary to enable LDP for non-Cisco peering routers.


The Process of Establishing Label-switched Paths

LSP Establishment


Topic Summary

LDP• LDP is the standard protocol used between MPLS-

enabled routers to negotiate labels.

LSP• LSPs must be established through the exchange of

routing information and labels between adjacent routers.


Topic Summary

• TDP and LDP will automatically try to find neighbors by multicasting Hello messages and will establish a TCP session with discovered neighbors.

• Functionally, TDP and LDP are almost equivalent but not compatible.•LDP supports several features, such as explicit null label

and Path Vector TLV, which are not supported in TDP.

• LDP and TDP are introduced into MPLS-enabled networks to exchange labels assigned to IP destination networks.


Configure Frame-mode MPLS



?Configure Frame-mode MPLS– Label Allocation, Distribution and Retention– Penultimate Hop Popping– Convergence in Frame-mode MPLS– Using CEF for MPLS Label Switching– How to Configure Frame-mode MPLS


Label Allocation, Distribution, and Retention

Building the IP Routing Table

? IP routing protocols are used to build IP routing tables on all label switched routers (LSRs).

?Forwarding tables (FIB) are initially built based on IP routing tables with no labeling information.


Label Allocation, Distribution, and Retention (Cont.)

?Every LSR locally allocates a label for every destination in the IP routing table.

?Label allocations are asynchronous.

?LIB and LFIB structures have to be initialized on the LSR allocating the label.

Allocating Labels



Per-platform Label Allocation

?Benefits: Smaller LIB, LFIB and Quicker label exchange.

?Drawbacks: Insecure – any neighbor LSR can send packets with any label in LFIB.



Label Distribution (unsolicited downstream)

?The allocated label is advertised to all neighbor LSRs, regardless of whether the neighbors are upstream or downstream LSRs for the destination.

?Independent Control. (don’t have to wait to get de next-hop label from their downstream neighbor)



Interim Packet Propagation

?Forwarded IP packets are labeled only on the path segments where the labels have already been assigned.



Further Label Allocation

?Every LSR will eventually assign a label for every destination.



Receiving Label Advertisements

?Router B has already assigned label to X and created an entry inLFIB.?The outgoing label is inserted in LFIB after the label is received

from the next-hop LSR.?Liberal retention mode (frame-mode): every LSR keeps all labels

received from LDP peers even if they are not from their DW peers. This improves convergence speed in case of link failure


Penultimate Hop Popping

Double Lookup Scenario

?Double lookup is not an optimal way of forwarding labeled packets.?A label can be removed one hop earlier.


Penultimate Hop Popping (Cont.)

Penultimate Hop Popping

?A label is removed on the router before the last hop within an MPLS domain.


Convergence in Frame-Mode MPLS

Frame-Mode Convergence

?Routing protocol neighbors and LDP neighbors are lost after a link failure.?LFIB and labeling information in FIB are rebuilt immediately after the routing protocol convergence, based on labels stored in LIB (liberal retention mode).


Convergence in Frame-Mode MPLS

Frame-Mode Link Recovery

?Link recovery requires that an LDP session be reestablished and new labels be exchanged, which adds to the convergence time of LDP. ?End-to-End LSP is temporarily broken, which might cause malfunctioning of certain MPLS applications.


•Process switching:

•Full lookup at every packet

•Cache driven switching:

•Fast switching

•Optimum switching

•Topology driven switching:

•Prebuilds the forwarding table

Using CEF for MPLS Label Switching

IOS Switching Mechanisms



Cache Driven Switching (Fast Switching)



CEF Switching


How to Configure Frame-Mode MPLS

Procedure Reference



Enable CEF Switching

• This command starts CEF switching and creates FIB.• All CEF-capable interfaces are enabled for CEF switching.• Distributed keyword configures distributed CEF (running on VIP

or linecards).

• This command disables or re-enables CEF switching on an interface.

• CEF must be first globally enabled.



Configuring Label Switching

• Enables label switching on a frame-mode interface• Starts TDP on the interface

• Enables label switching on a frame-mode interface• Starts TDP on the interface

• Starts selected label distribution protocol on the specified interface



MPLS Configuration Example

Enable MPLS on all core interfaces in your network.



Configuration in Mixed TDP/LDP Environment


Topic SummaryLabel allocation and distribution in a packet-mode MPLS environment includes:

•IP routing protocols build the IP routing table.

•Each LSR assigns a label to every destination in the IP routing table independently.

•LSRs announce their assigned labels to all other LSRs.

•Every LSR builds its LIB, LFIB and FIB data structures based on received labels.

Benefits include:•Smaller LFIB •Quicker label exchange

Drawbacks include:•Insecure – any neighbor LSR can send packets with any label

in LFIB.


Topic Summary (Cont.)Penultimate hop popping slightly optimizes MPLS performance by eliminating one LFIB lookup.

Cisco IOS Switching Mechanisms include:

• Process switching:

•Full lookup at every packet

• Cache driven switching:

•Fast switching

•Optimum switching

• Topology driven switching (CEF):

•Prebuilds the forwarding table


Configure Cell-mode MPLS



?Configure Cell-mode MPLS– Specifics of Cell-mode MPLS– Label allocation, distribution, and retention– Cell interleaving and VC merging– Control VC– MPLS over pre-established ATM Virtual Paths– How to configure cell-mode MPLS


Specifics of Cell-mode MPLS

• MPLS label is encoded as the Virtual Path Identifier/Virtual Channel Identifier (VPI/VCI) value in cell-mode MPLS environments.

• Each VPI/VCI combination represents a VC in ATM.

• The number of VCs supported by router and switch hardware is limited.

• Therefore, labels in cell-mode MPLS are a scarce resource.


Label Allocation, Distribution, and Retention

Building the IP Routing Table

• IP routing protocols are used to build IP routing tables on all Label Switch Routers (LSRs).

• The routing tables are built as if the ATM switches were regular routers.



Downstream on Demand Label Request



Downstream on Demand Label Allocation



Processing Label Allocation Reply

Ingress ATM edge LSR requesting a label inserts the received label in its LIB, FIB and (optionally) LFIB.



ATM edge LSR has to request a label

over every interface.

• LFIB on an ATM switch (ATM switching matrix) always contains the incoming interface.

• The same label can be reused (with a different meaning) on different interfaces.

Per-interface Label Allocation



Per-interface Label Allocation Security

• Per-interface label allocation is secure – labeled packets (or ATM cells) are only accepted from the interface where the label was actually assigned.


If an ATM LSR reuses a downstream label, cells from several upstream LSRs might become interleaved.

Cell Interleaving and VC MergingCell Interleave Issue


ATM LSR requests a new label from downstream LSRs for every

upstream request.

ATM egress router has to allocate a unique label for every ATM ingress

router for every destination.

Additional Label Allocation

Cell Interleaving and VC Merging (Cont.)


Cell Interleaving and VC Merging (Cont.)VC Merge

?VC Merge is a solution in which incoming cells are not forwarded until the last cell in a frame arrives.

?All buffered cells are then forwarded to the next-hop ATM LSR.


Cell Interleaving and VC Merging (Cont.)Disabling VC Merge

• VC Merge is enabled by default on all ATM switches that support VC Merge functionality.

• This command disables VC Merge.


Control VC

• Configures control VC between LC-ATM peers• Default value is 0/32• The setting has to match between LC-ATM peers

• Configures the Virtual Path values that can be used for label allocation - default value for VPI is 1-1

LDP Sessions Between ATM LSRs


MPLS Over Pre-established ATM Virtual Paths

ATM Virtual PathsATM Virtual Path was designed to establish switch-to-switch connectivity between parts of a private ATM network over a public ATM network.

ATM Virtual Path usages:•Connecting two LC-ATM domains across a public

network•Network migration toward IP + ATM

The following combinations are supported:•ATM switch to ATM switch•ATM switch to a router•Router to router (not advisable; use frame-mode

MPLS over ATM PVC instead)


MPLS Over Pre-established ATM Virtual Paths (Cont.)

ATM Virtual Paths (Cont.)


How to Configure Cell-mode MPLSProcedure Reference


How to Configure Cell-mode MPLS (Cont.)

• Creates an LC-ATM subinterface• By default, this subinterface uses VC 0/32 for label control

protocols and VP=1 for label allocation

• Enables MPLS on an LC-ATM subinterface• Starts LDP or TDP on an LC-ATM subinterface

Creating and Enabling Subinterfaces



Routing Loop Prevention

•Enables the LDP optional Router-ID based loop detectionmechanism

•Not supported by TDP

•Enables the optional hop-count based loop detection mechanism for LDP/TDP



Configure LC-ATM Interface on a Catalyst ATM Switch

•Enables LC-ATM control on an ATM interface•Starts LDP or TDP on the interface•Default control VC=0/32, label allocation uses VP=1



Basic LC-ATM Configuration



ATM Virtual Paths Switch-to-Switch Configuration Example



ATM Virtual Paths Switch-to-Router Configuration Example


Topic Summary

•In cell-mode MPLS, IP routing protocols are used to build the IP routing tables on all LSRs.

•VC merging can be used to minimize the number of required labels.

•ATM LSRs establish an LDP/ TDP session through the use of a control Virtual Circuit.

•ATM Virtual Path was designed to establish switch-to-switch connectivity between parts of a private ATM network over a public ATM network.


Migrate a Traditional BGP Network into an MPLS-enabled BGP Network



?Migrate a Traditional BGP Network into an MPLS-enabled BGP Network

– LSP Paths in BGP Networks– Selective Label Distribution– How to Migrate a Traditional BGP Network into an MPLS

BGP Network


LSP Paths in BGP Networks

Label Allocation in Unicast IP

• Labels are assigned to Forwarding Equivalence Classes (FEC).

• FEC in unicast IP routing is equal to a destination prefix found in an IP routing table.

• This is true only for Internal Gateway Protocol (IGP)-derived prefixes.

• BGP-derived prefixes are assigned the label that is used for the BGP next-hop address.

• The result is that all prefixes learned from an external BGP neighbor use a single label.


LSP Paths in BGP Networks (Cont.)

Traditional BGP Transit AS Design Requirements

?All core routers are required to run BGP.?All core routers require full Internet routing information

(more than 140,000 networks) to be able to forward IP packets between ISP1 and ISP2.



Traditional BGP Transit AS Design Requirements

?Only border routers are required to run BGP.

?Core routers run an IGP to learn about BGP next-hop addresses.

?Core routers run label/tag distribution protocol (LDP/TDP) to learn about labels for next-hop addresses.



?All routers are capable of forwarding packets to external destinations:

?Border (edge) routers label and forward IP packets.

?Core routers forward labeled packets.

Label Propagation in MPLS–based Transit AS



Packet Forwarding in MPLS–based Transit AS


Selective Label Distribution

Configuring Selective Label Distribution

• By default, labels for all destinations are announced to all LDP/TDP neighbors.

• This command enables you to selectively advertise some labels to selected LDP/TDP neighbors.

• Conditional label advertising can be configured per VPN.

• Conditional label advertisment only works over frame-mode interfaces.


Selective Label Distribution (Cont.)

Selective Label Distribution Example

• The core is already running IP infrastructure.

• MPLS is only needed to support MPLS/VPN services:Labels should only be generated for loopback interfaces

(BGP next-hops) of all routers.All loopback interfaces are in one contiguous address

block (192.168.254.0/24).


Selective Label Distribution (Cont.)

Selective Label Distribution Example (Cont.)Step #1— Enable CEF and label switching. Step #2— Enable conditional label advertisment.

Note that the tag-switching advertise-tags version of the command is actually entered into the configuration for backward compatibility.


How to Migrate a Traditional BGP Network into an MPLS BGP Network

Procedure Reference


Topic Summary

•Unicast IP forwarding in MPLS networks:

• It assigns a unique label to every entry found in the main routing table.

•Selective label distribution:

• A router selectively advertises labels to neighboring routers.


Monitor and Fine-tune Loop Detection


Objectives

Upon completion of this section, you will be able to perform the following tasks:

Monitor and Fine-tune Loop Detection:• Loop Detection in MPLS


Loop Detection in MPLS

Loop Detection in Frame-mode MPLS

• LDP/TDP relies on loop-detection mechanisms built into IGPs and optional LDP/TDP loop-detection.

• If, however, a loop is generated (that is, misconfiguration with static routes), the TTL field in the label header is used to prevent indefinite looping of packets.

• TTL functionality in the label header is equivalent to TTL in the IP headers.

• TTL is usually copied from the IP headers to the label headers (TTL propagation).


Loop Detection in MPLS (Cont.)

Loop Detection in Packet-mode MPLS (cont.)

• Cisco routers have TTL propagation enabled by default.• On ingress: TTL is copied from IP header to label header.• On egress: TTL is copied from label header to IP header.



Loop Detection in Packet-mode MPLS (Cont.)

• Labeled packets are dropped when the TTL is decremented to zero.



Disabling TTL Propagation

• By default, IP TTL is copied into label header at label imposition and label TTL is copied into IP TTL at label removal.

• This command disables IP TTL and label TTL propagation:• TTL value of 255 is inserted in the label header.

• The TTL propagation has to be disabled on ingress and egress edge Label Switch Router (LSR).



Traceroute with TTL Disabled

• The first traceroute packet (ICMP or UDP) that reaches the network is dropped on Router A.

• An ICMP Time-to-Live exceeded message is sent to the source from Router A.



Traceroute with TTL Disabled (Cont.)

• The second traceroute packet that reaches the network is dropped on Router D.

• An ICMP TTL exceeded message is sent to the source from Router D.



Disabling TTL Propagation for Customer or LocalTraffic

Selectively disables IP TTL propagation for:

• Forwarded traffic (traceroute does not work for transit traffic labeled by this router)

• Local traffic (traceroute does not work from the router but works for transit traffic labeled by this router)



Loop Prevention in Cell-mode MPLS - Hop-Count TLV

• LDP uses an additional Type-Length-Value (TLV) to count the number of hops in an LSP.

• The TTL field in the IP header or label header is decreased by the number of hops by the ingress ATM edge LSR before being forwarded through an Label Virtual Circuit (LVC).

• If the TTL field is zero or less the packet is discarded.• Maximum number of hops can also be specified for LDP



Loop Prevention in Cell-mode MPLS - Hop-Count TLV (Cont.)

• The first traceroute packet that reaches the network is dropped on Router A.

• An ICMP Time-to-live exceeded message is sent to the source from Router A.




• The second traceroute packet that reaches the network is dropped on Router A.

• An ICMP TTL exceeded message is sent to the source from Router A.




• The third traceroute packet that reaches the network is dropped on Router A.

• An ICMP TTL exceeded message is sent to the source from Router A.



• The fourth traceroute packet that reaches the network is dropped on Router D

• An ICMP TTL exceeded message is sent to the source from Router D




Path Vector TLV

• Path Vector TLV is another safeguard that prevents loops in LDP.

• This TLV is used to carry router IDs of all ATM LSRs in the path.

• If an LSR receives an LDP update with its own router ID in the Path Vector TLV, the update is ignored.

• Path Vector TLV is similar to BGP’s AS-path or Cluster List attributes.

• Path Vector TLV is not present in TDP.



Path Vector TLV Example

• The LDP update is dropped because it contains the router ID of Router C in the Path Vector TLV.


Summary

• Loop detection in MPLS-enabled network relies on more than one mechanism.

• If a routing loop does occur, MPLS label headers also contain a TTL that prevents packets from looping indefinitely.

• TTL propagation can be disabled to hide the core routers from the end users.

• Cell-mode MPLS uses the VPI/VCI fields in the ATM header to encode labels.

• The Path Vector TLV is another loop prevention mechanism that is used to prevent loops within LDP for downstream-on-demand label label allocation in cell mode MPLS.


Monitor and Troubleshoot an MPLS Network


Objectives

Upon completion of this section, you will be able to perform the following tasks:

Monitor and Troubleshoot an MPLS Network:• Label/Tag Distribution Protocol (LDP/TDP) Session

Verification• Monitor Label Switching• Monitor Cisco Express Forwarding (CEF) Switching and

Label Imposition• Debug Label Switching and LDP/TDP• Common Frame-mode MPLS Symptom Troubleshooting


LDP/TDP Session VerificationLDP/TDP Monitoring Commands

• Displays LDP/TDP parameters on the local router.

• Displays MPLS status on individual interfaces.


LDP/TDP Session Verification (Cont.)Example Output - show mpls ldp parameters


LDP/TDP Session Verification (Cont.)Example Output - show mpls ldp parameters (Cont.)


LDP/TDP Session Verification (Cont.)Example Output - show mpls interfaces detail


LDP/TDP Session Verification (Cont.)LDP/TDP Monitoring Commands

• Displays information on established LDP/TDP neighborships.

• Displays all discovered LDP/TDP neighbors.


LDP/TDP Session Verification (Cont.)Example Output - show mpls ldp neighbor


LDP/TDP Session Verification (Cont.)Example Output - show mpls ldp neighbor (Cont.)


LDP/TDP Session Verification (Cont.)Example Output - show mpls neighbor detail


LDP/TDP Session Verification (Cont.)Example Output - show mpls ldp discovery


Monitoring Label Switching

• Displays Label Information Base (LIB).• MPLS version of command offers additional options.

• Displays contents of Label Forwarding Information Base (LFIB).

• MPLS version includes additional vrf option.


Monitoring Label Switching (Cont.)Example Output - show mpls ldp bindings


Monitoring Label Switching (Cont.)Example Output – show mpls forwarding-table detail


Monitoring Label Switching (Cont.)Example Output – show mpls forwarding-table detail (Cont.)


Monitoring CEF Switching and Label Imposition

• Displays label or labels attached to a packet during label imposition on edge LSR.

• Displays the state of CEF switching on interfaces.


Monitoring CEF Switching and Label Imposition (Cont.)Example Output – show ip cef detail


Monitoring CEF Switching and Label Imposition (Cont.)

Example Output – show cef interface


Debug Label Switching and LDP/TDP

• Debugs TDP adjacencies, session establishment, and label bindings exchange.

• Debugs Label Forwarding Information Base (LFIB) events: label creations, removals, rewrites.

• Debugs labeled packets switched by the router.• Disables fast or distributed tag switching.


Common Frame-mode MPLS SymptomTroubleshooting

• LDP/TDP session does not start.

• Labels are not allocated or distributed.

• Packets are not labeled although the labels have been distributed.

• MPLS intermittently breaks after an interface failure.

• Large packets are not propagated across the network.


Common Frame-mode MPLS SymptomTroubleshooting (Cont.)

LDP Session Startup Issues: 1/4

?Symptom:LDP neighbors are not discovered:show tag tdp discovery does not display

expected LDP neighbors.

?Diagnosis:MPLS is not enabled on adjacent router.

?Verification:Verify with show mpls interface on the adjacent

router.




?Symptom:LDP neighbors are not discovered.

?Diagnosis:Label distribution protocol mismatch--TDP on one end,

LDP on the other end.

?Verification:Verify with show mpls interface detail on both

routers.




?Symptom:LDP neighbors are not discovered.

?Diagnosis:Packet filter drops LDP/TDP neighbor discovery packets.

?Verification:Verify access-list presence with show ip interface.

Verify access-list contents with show access-list.




?Symptom:LDP neighbors discovered, LDP session is not

established:show tag-switching tdp neighbor does not

display a neighbor in Oper state.

?Diagnosis:Connectivity between loopback interfaces is broken--

LDP session is usually established between loopback interfaces of adjacent LSRs.

?Verification:Verify connectivity with extended ping command.



Label Allocation Issues

?Symptom:Labels are not allocated for local routes:show mpls forwarding-table does not display

any labels.

?Diagnosis:CEF is not enabled.

?Verification:Verify with show ip cef.



Label Distribution Issues?Symptom:

Labels are allocated, but not distributed:

show mpls ldp bindings on adjacent LSR does not display labels from this LSR.

?Diagnosis:There are problems with conditional label distribution.

?Verification:Debug label distribution with debug mpls ldp advertisements.Examine the neighbor LDP router ID with show mpls ldp

discovery.Verify that the neighbor LDP router ID is matched by the access

list specified in mpls ldp advertise-labels command.



Packet Labeling

?Symptom:Labels are distributed, packets are not labeled:show interfaces accounting does not display

labeled packets being sent.

?Diagnosis:CEF is not enabled on input interface (potentially due to

a conflicting feature being configured).

?Verification:Verify with show cef interface.



Intermittent MPLS Failure after Interface Failure?Symptom:

Overall MPLS connectivity in a router intermittentlybreaks after an interface failure.

?Diagnosis:The IP address of a physical interface is used for

LDP/TDP identifier. Configure a loopback interface on the router.

?Verification:Verify local LDP identifier with show mpls ldpneighbors.



Packet Propagation Issues?Symptom:

Large packets are not propagated across the network:Extended ping with varying packet sizes fails for packet sizes

close to 1500.In some cases, MPLS might work, but MPLS/VPN will fail.

?Diagnosis:MPLS MTU issues or switches with no support for jumbo frames in

the forwarding path.

?Verification:Trace the forwarding path; identify all LAN segments in the path.Verify MPLS MTU setting on routers attached to LAN segments.Check for low-end switches in the transit path.



Packet Propagation Issues (Cont.)

•MPLS MTU is increased to 1512 to support 1500-byte IP packets and MPLS stack up to three levels deep.

Jumbo frames have to be enabled on the switch.



MPLS Troubleshooting Process


Summary

• There are two sets of commands for MPLS troubleshooting that generally create the same output.

• The MPLS set offers a wider range of commands and some commands offer additional parameters.

• There are several commands used for label switching related MPLS monitoring.

• MPLS LDP debugging commands:•debug tag-switching tdp•debug tag-switching tfib•debug tag-switching packets


Summary (Cont.)

• Common Frame-mode MPLS Symptom Troubleshooting:

• LDP/TDP session does not start.

• Labels are not allocated or distributed.

• Packets are not labeled although the labels have been distributed.

• MPLS intermittently breaks after an interface failure.

• Large packets are not propagated across the network.


Determine the State of an LSP


Objectives

Upon completion of this section, you will be able to perform the following tasks: •Determine the state of an LSP

• MPLS operation, administration, and maintenance (OAM) for Layer 3

• IP Traceroute with MPLS extensions• ITU MPLS OAM - Y.1711• IETF MPLS OAM


• More and more services (Layer 2 VPN, Layer 3 VPN, Voice, VPLS, etc.) offered over MPLS

•Service providers rely heavily on LSP integrity• Tight Service Level Agreements (SLAs)• Traditional ICMP Ping/Traceroute no longer sufficient?MPLS specific OAM is needed

MPLS OAM for Layer 3The Need for MPLS Operation and Maintenance


MPLS OAM for Layer 3 (Cont.)

VC and LSP Comparison from OAM Perspective


MPLS OAM for Layer 3 (Cont.)VC and LSP Comparison from OAM Perspective (Cont.)










MPLS OAM for Layer 3 (Cont.)LSP with Equal Cost Muiltipath (ECMP)

• IP uses shortest path routing.

• Traffic can be split across multiple shortest paths.

• Most deployed label switching boxes use the bottom-most label in their ECMP algorithm.

• Adding an OAM label at the bottom may change the behavior that is being measured.




LER forwards packet on IP header

MPLS OAM for Layer 3 (Cont.)Penultimate Hop Popping

Label Switch Router does a Swap operation to send packetto another LSR

Label Switch Router does a Pop operation to send packetto a Label Edge Router

•One lookup is more efficient than two.

•Label is no longer available for LSP identification.

•Additional OAM label would require behavior change at LER.


•Separation between many various control planes and data plane OAM

•Detection, diagnosis, localization of broken LSPs•LSP tunnel trace capability•Should support ECMP LSPs•Ability to raise alarm when failures are detected without

causing an alarm during a defect event in a lower layer•Should be backward-compatible and must support the

existing (IP) infrastructure•Should offer SLA mechanisms

MPLS OAM for Layer 3 (Cont.)Motivation and Requirements


MPLS OAM for Layer 3 (Cont.)

•Traditional IP Ping/Traceroute• Some extensions made to “fit”MPLS environment

•ITU MPLS OAM• Y.1711

•IETF MPLS OAM• New MPLS/LSP Ping/Traceroute

OAM Tools


IP Traceroute with MPLS extensions


IP Traceroute with MPLS Extensions (Cont.)

• Label assigned to the next hop of IP address B (label assigned to IP address of PE2) is used for forwarding.

• ICMP “TTL expired”message could simply be returned.

• That could work, since PE1 has knowledge about prefixes received from ISP1, and is therefore able to properly forward ICMP “TTL expired”message to IP address A.

• BUT…



• P2 has no knowledge about prefixes received from ISP1 and therefore is not able to properly forward ICMP “TTL expired”message to IP address A.

• P1 has no knowledge about IP address A, either.



• P2 could eventually use label switching paradigm to forward ICMP “TTL expired”message to IP address A.

• What label should be used?•Remember, no IP address A in P2’s routing

table.



•P routers forward the ICMP “TTL expired”message to the LSP tail-end using downstream label (implicit null – POP – in the example).

•The ICMP message is label switched to the egress LSR (PE2 in the example).

•PE2 performs L3 lookup for IP address A.



• There is LDP failure (for example due to wrong ACL on PE2). • P2 expects LDP adjacency and label mapping from PE2, but no

labels are distributed.• P2 marks outgoing action for label 17 as “Untagged,”which

causes L3 lookup for all packets received with label 17.• Since IP address A is unknown to P2, the ICMP message is

dropped.

LDP implications


ITU MPLS OAM - Y.1711

•Follows closely ATM OAM (I.610)•Three functions defined

Connectivity Verification (CV) Forward Defect Indication (FDI)Backward Defect Indication (BDI)

•OAM alert labelReserved label value (14) Added at bottom of stack to identify OAM packet


ITU MPLS OAM - Y.1711 (Cont.)

•44 byte payload

•Function Type (1 byte)

•Trail Termination Source ID (20 bytes)IPv6 node ID (16 bytes)LSP ID (4 bytes)

•BIP16 (2 bytes)

•Other bytes specific to function type“Defect Type”and “Defect Location”in FDI and BDI

Packets


•LSP identification (TTSI)

•Equal cost multipath (ECMP)

•Penultimate Hop Popping

•Requirement for a reverse path

•Fixed interval between CV packets

•Y.1711 will not scale for LDP networksComprises 90% of deployed MPLS networks!

Drawbacks




•IP-based tools approach to be added to Y.1711 –Y.1711fw

Will leverage existing IP-based tools to overcome many aforementioned shortcomings

Will integrate new tools (LSP Ping/Traceroute) into tool box of existing operator management tools

Evolutionary, not revolutionary, approach

Future Directions - Y.1711fw


IETF MPLS OAM

•MPLS is IP-based.

•All MPLS control protocols are based on the IP protocol suite.

LDP / BGP / RSVP / PIM

•The majority of MPLS applications carry IP traffic.Even most Frame Relay & ATM traffic has IP as its

payload.

•The primary goal of OAM is to ensure that the customer is receiving the expected service.

Rationale for IP-based OAM


•Similar to ICMP (IP) Ping/TracerouteSequence numberTimestampsSender identification

•Full identification of FEC based on syntax and semantics of the application

•Variable length for MTU discovery•Support for tunnel tracing (PE-PE)

Packet evaluated by control plane of each LSR

LSP Ping/Traceroute

IETF MPLS OAM (Cont.)



•UDP echo request (dest. IP from 127.0.0.0/8 address space) sent inside an LSP.

Packets are processed by router if LSP breaks.Packets are processed by egress LSR.Influences load-sharing algorithms in ECMP.

•UDP echo reply sent via LSP or native IP.

LSP Ping Operation


IETF MPLS OAM (Cont.)LSP Traceroute Operation

•UDP echo requests (dest. IP from 127.0.0.0/8 address space) with increasing TTL sent inside an LSP.

Packets are processed by transit LSR (not simply dropped).TTL=0, BUT destination IP address is from local address space.

Transit LSRs return valuable information about FEC being tested.



•ECMPRandomly chosen IP address from 127.0.0.0/8 address range

influences load-sharing algorithm.

•Non-compliant routersIf TTL=0 no echo reply generatedIf TTL>0 echo request passed transparentlyIP reply uses router alert option to avoid LSPs

Dealing with Difficulties


IETF MPLS OAM (Cont.)IETF vs. ITU MPLS OAM


IETF MPLS OAM (Cont.)LSP Ping Command – IOS 12.0(27)S

• Performs LSP ping• Three FECs supported in IOS 12.0(27)S

•IPv4, AToM, TE• Two reply modes

•ipv4 – echo reply is encapsulated in UDP•router-alert – echo reply is encapsulated in UDP and router

alert option is used to force process switching of reply packets on every hop

• Experimental bits for echo reply might be set• More “standard”ping options are available


IETF MPLS OAM (Cont.)LSP Trace Command – IOS 12.0(27)S

• Performs LSP trace• Two FECs supported in IOS 12.0(27)S

•IPv4, TE• Two reply modes

•ipv4 – echo reply is encapsulated in UDP•router-alert – echo reply is encapsulated in UDP and router-

alert option is used to force process switching of reply packets on every hop

• Experimental bits for echo reply might be set• More “standard”Traceroute options are available


IETF MPLS OAM (Cont.)LSP Ping – Sample Output


IETF MPLS OAM (Cont.)LSP Trace – Sample Output

• P1 contains the mapping for 1.1.1.2/32 – it is a downstream router for that FEC but not an egress LSR.

• P2 has no mapping for 1.1.1.2/32 – it is marked as unreachable, but LSP is not broken since LSP for 200.1.1.2/32 is “borrowed.”

• PE2 is the LSR for LSP for FEC 1.1.1.2/32.


Topic Summary

•MPLS OAM is important for monitoring the LSPs.

•There are two approaches to MPLS OAM:ITU Y.1711IETF LSP ping

•IETF LSP ping is supported on Cisco IOS.Ping mpls commandTrace mpls command


Documents

Curso MPLS Intro