Understanding MPLS

Understanding MPLS: Basic MPLS Configuration Basic Configuration of an MPLS network

The configuration of a basic MPLS network is actually very simple and only requires a few basic

steps. The requirements of such a network are the following:

1. Enable CEF: CEF is essentially what allows the imposition and disposition of labels in an

MPLS network. You must make sure it is enabled globally, as well as on the specific interfaces

participating in the MPLS network. How to enable CEF globally and on interfaces will be shown

later. When possible enable CEF in distributed mode, which is largely platform dependent.

Unfortunately it does not to pertain to the platforms used in this lab.

2. Configure IGP routing protocol: Interior Gateway Protocols are routing protocols such as

RIP, IGRP, EIGRP, and OSPF. In this case OSPF was used on all the routers. The configuration

of this relevant to the lab will be shown later. IGP routing protocols are needed to populate the

routing tables, which CEF operation takes over and label binding ensues.

3. (Optional) Define Label Distribution Protocol: LDP by default is the label distribution

protocol. The only other option is TDP, which in the real world is a overwhelming minority, if used

at all.

The command to manually do this is:

router(config)#mpls label protocol {ldp|tdp}

4. (Optional) Assign LDP Router ID: LDP uses the highest IP address on a loopback interface.

A loopback interface is a logical interface as opposed to an actual physical interface such as

interface gigabit 0/1 of a router. Loopback interfaces are often used as management IPâ€™s for

telnet sessions, monitoring, or other forms of maintenance or management. If there is no

loopback interface defined, the highest IP address on the router becomes the LDP router ID.

To force an interface to be an LDP router interface simply type the command:

router(config)#mpls ldp router -id [interface type] [number] for example,

router(config)#mpls ldp router-id gigabit 0/1

The LDP router ID is important in setting up sessions between MPLS routers to exchange label

information.

5. Configure MPLS or Label Forwarding on the Interface: This part of the configuration tells

the specific interfaces that they are participating in MPLS or Label Forwarding. The commands to

configure this will be shown later.

Configuration of the MPLS Devices

Mirrored from the previous section, configuration of the actual lab devices will be shows in order

of the steps aforementioned. The same exact procedure had to be completed on all routers

except for both CEâ€™s.

1. Enable CEF Globally on the router:

8.11.PE1(config)#ip cef

1B. Enable CEF on the MPLS participating interfaces:

http://notquiteleet.com/2007/05/02/understanding-ip-communicationsmpls-configuration/

http://notquiteleet.com/2007/05/02/understanding-ip-communicationsmpls-configuration/

8.11.PE1(config-f)#ip route-cache cef

2. Configure an IGP protocol on the Router:

8.11.PE1(config)#router ospf 1

8.11.PE1(config-router)#network 10.1.4.0 255.255.255.0 area 0

* The network statements are the networks the loopback IPâ€™s are configured for. Directly

connected networks are automatically known, loopback interface network addresses are not.

3. Define Label Distribution Protocol:

8.11.PE1(config)#mpls label protocol ldp

4. Assign LDP router ID:

*Loopback IPâ€™s are used by default, this step was not completed.*

5. Configure MPLS Label Forwarding on the interface:

8.11.PE1(config)#interface GigabitEthernet 0/0

8.11.PE1(config-if)#mpls ip

8.11.PE1(config)#interface GigabitEthernet 0/1

8.11.PE1(config-if)#mpls ip

This concludes all the necessary commands needed for basic MPLS operation.

Understanding MPLS: MPLS Architecture To further understand exactly how MPLS works you must understand how the control plane and

data plane compliment each other during the forwarding process in a Label Switch Router. This

process is slightly different depending if you are on a PE or P device. Below is a graphic to help

illustrate those slight differences.

http://notquiteleet.com/2006/09/13/understanding-ip-communiations-mpls-terminology/

http://notquiteleet.com/2007/05/14/fundamentals-of-mpls-mpls-architecture/

http://notquiteleet.com/2007/05/14/fundamentals-of-mpls-mpls-architecture/

As you can see from the graph the Label Switch Routers exchange routes with each other,

usually by the routing protocols OSPF or EIGRP. This is a standard network layer function. The

best routes for the respective networks based on the routing protocols in use are placed in the

routing table, this is how standard routing works.

Once the routing table is populated, CEF (Cisco Express Forwarding) uses that information to

enable MPLS label switching. Simply put, CEF is required to be able to label switch in an MPLS

network. CEF has two components, the Forwarding Information Base (FIB) and the adjacency

table. The FIB (located in the data plane) is responsible for maintaining next hop IP addresses for

all of the routes in the routing table. The adjacency table is responsible for maintaining the layer 2

information for each FIB entry. The adjacency table is responsible for the layer 2 rewrite, and it

avoids the need for an ARP request for each IP address lookup. Basically CEF binds the next

http://www.notquiteleet.com/MPLS_architecture.JPG

hop address for a specific network to a physical interface mac address. It relies on recursive

updates in and from the routing table to do this. This is essentially what allows layer 3 switching.

When you enable MPLS on a router, the routing table is also copied in to a MPLS IP routing

control table, which remains in the control plane. Adjacent to this is the Label Information Base

(LIB, also referred to as Tag Information Base as shown in the picture) which is where the MPLS

labels exist. The MPLS IP routing control table is what actually binds labels from the LIB to the IP

routes in the IP routing table. The MPLS IP routing and control table is also where the label

distribution protocol lives. Said protocol, like Label Distribution Protocol (LDP), shares the locally

significant label to IP route bindings with other LSRâ€™s in the network. This makes the creation

of virtual circuits via label stacks possible. Label stacks are used in MPLS applications such as

Traffic Engineering and VPN implementation.

MPLS IP routing and control information is also copied in to the FIB and the TFIB/LFIB (Tag or

Label Forwarding Information Base). The difference between these two tables (FIB and

TFIB/LFIB) is in their purpose in the forwarding of data. What is not shown is a logic block that

exists in between the FIB and TFIB/LFIB. This block is where label lookup occurs and the

decision to remove the label from the packet for forwarding, or replace the label with the locally

significant label for forwarding occurs. This is applicable when a labeled packet is received. Since

the packet is labeled it goes to the TFIB, there is usually an arrow pointing up to the FIB (denoting

the logic process) but not in this particular diagram. If the label was removed it would be sent to

the FIB for appropriate forwarding.

The MPLS Edge router has the most intricate architecture because it must be able to forward

data on to and off of the MPLS network, to and from the customer. An understanding of basic

MPLS architecture is paramount to understanding the configuration of MPLS devices in your

network.

“Hacking” a Cisco Router (Password Recovery) Ever wonder what to do if you forget your password to your router?

Ever wonder why physical security is so important for networking equipment?

Do you wonder how people an break in to, or hack in to a router?

This Cisco Password Recovery Document shows you how to do such on every device they make.

Look below to find out how!

Step-by-Step Procedure

Follow these steps in order to recover your password:

Attach a terminal or PC with terminal emulation to the console port of the router.

Use these terminal settings:

9600 baud rate

No parity

8 data bits

http://cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00801746e6.shtml

http://notquiteleet.com/2007/04/11/cisco-router-password-recovery/

http://notquiteleet.com/2007/04/11/cisco-router-password-recovery/

1 stop bit

No flow control

If you can access the router, type show version at the prompt, and record the configuration

register setting. See Example of Password Recovery Procedure in order to view the output of a

show version command

Note: The configuration register is usually set to 0×2102 or 0×102. If you can no longer access

the router (because of a lost login or TACACS password), you can safely assume that your

configuration register is set to 0×2102.

Use the power switch in order to turn off the router, and then turn the router back on.

Press Break on the terminal keyboard within 60 seconds of power up in order to put the router

into ROMMON.

If the break sequence does not work, refer to Standard Break Key Sequence Combinations

During Password Recovery for other key combinations.

Type confreg 0×2142 at the rommon 1> prompt in order to boot from Flash.

This step bypasses the startup configuration where the passwords are stored.

Type reset at the rommon 2> prompt.

The router reboots, but ignores the saved configuration.

Type no after each setup question, or press Ctrl-C in order to skip the initial setup procedure.

Type enable at the Router> prompt.

You are in enable mode and should see the Router# prompt.

Type configure memory or copy startup-config running-config in order to copy the nonvolatile

RAM (NVRAM) into memory.

Important: Do not type “copy running-config startup-config” or “write”. These commands

erase your startup configuration.

Type show running-config.

**The show running-config command shows the configuration of the router. In this configuration,

the shutdown command appears under all interfaces, which indicates all interfaces are currently

shut down. In addition, the passwords (enable password, enable secret, vty, console passwords)

are in either an encrypted or unencrypted format. You can reuse unencrypted passwords. You

must change encrypted passwords to a new password.**

Type configure terminal.

The hostname(config)# prompt appears.

Type enable secret

in order to change the enable secret password. For example:

hostname(config)#enable secret cisco

Issue the no shutdown command on every interface that you use.

If you issue a show ip interface brief command, every interface that you want to use should

display up up.

Type config-register . Where configuration_register_setting is either the value you recorded in

step 2 or 0×2102 . For example:

hostname(config)#config-register 0×2102

Press Ctrl-z or end in order to leave the configuration mode.

The hostname# prompt appears.

Type write memory or copy running-config startup-config in order to commit the changes.

**Example of Password Recovery Procedure**

This section provides an example of the password recovery procedure. This example was

created with a Cisco 2600 Series Router. Even if you do not use a Cisco 2600 Series Router, this

output provides an example of what you should experience on your product.

Router>enable

Password:

Password:

Password:

% Bad secrets

Router>show version

Cisco Internetwork Operating System Software

IOS ™ C2600 Software (C2600-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)

Copyright (c) 1986-1999 by cisco Systems, Inc.

Compiled Tue 07-Dec-99 02:21 by phanguye

Image text-base: 0×80008088, data-base: 0×80C524F8

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

Router uptime is 3 minutes

System returned to ROM by abort at PC 0×802D0B60

System image file is “flash:c2600-is-mz.120-7.T”

cisco 2611 (MPC860) processor (revision 0×202) with 26624K/6144K bytes of memory.

Processor board ID JAB031202NK (3878188963)

M860 processor: part number 0, mask 49

Bridging software.

X.25 software, Version 3.0.0.

Basic Rate ISDN software, Version 1.1.

2 Ethernet/IEEE 802.3 interface(s)

2 Serial(sync/async) network interface(s)

1 ISDN Basic Rate interface(s)

32K bytes of non-volatile configuration memory.

8192K bytes of processor board System flash partition 1 (Read/Write)


Configuration register is 0×2102

Router>

!— The router was just powercycled, and during bootup a

!— break sequence was sent to the router.

!

*** System received an abort due to Break Key ***

signal= 0×3, code= 0×500, context= 0×813ac158

PC = 0×802d0b60, Vector = 0×500, SP = 0×80006030

rommon 1 > confreg 0×2142

You must reset or power cycle for new config to take effect

rommon 2 > reset

System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

Copyright (c) 1999 by cisco Systems, Inc.

TAC:Home:SW:IOS:Specials for info

C2600 platform with 32768 Kbytes of main memory

program load complete, entry point: 0×80008000, size: 0×6fdb4c

Self decompressing the image : ###############################

##############################################################

##############################################################

##############################################################

############################### [OK]

Restricted Rights Legend

Use, duplication, or disclosure by the Government is

subject to restrictions as set forth in subparagraph

(c) of the Commercial Computer Software - Restricted

Rights clause at FAR sec. 52.227-19 and subparagraph

(c) (1) (ii) of the Rights in Technical Data and Computer

Software clause at DFARS sec. 252.227-7013.

cisco Systems, Inc.

170 West Tasman Drive

San Jose, California 95134-1706






cisco 2611 (MPC860) processor (revision 0×202) with 26624K/6144K bytes of memory.



Bridging software.









— System Configuration Dialog —

Would you like to enter the initial configuration dialog? [yes/no]: n

Press RETURN to get started!

00:00:19: %LINK-3-UPDOWN: Interface BRI0/0, changed state to up

00:00:19: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up


00:00:19: %LINK-3-UPDOWN: Interface Serial0/0, changed state to down

00:00:19: %LINK-3-UPDOWN: Interface Serial0/1, changed state to down

00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0,

changed state to down

00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0,

changed state to up

Router>


changed state to up

00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0,


00:00:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1,


00:00:50: %SYS-5-RESTART: System restarted –





00:00:50: %LINK-5-CHANGED: Interface BRI0/0,

changed state to administratively down

00:00:52: %LINK-5-CHANGED: Interface Ethernet0/0,


00:00:52: %LINK-5-CHANGED: Interface Serial0/0,


00:00:52: %LINK-5-CHANGED: Interface Ethernet0/1,


00:00:52: %LINK-5-CHANGED: Interface Serial0/1,






Router>

Router>enable

Router#copy startup-config running-config

Destination filename [running-config]?

1324 bytes copied in 2.35 secs (662 bytes/sec)

Router#

00:01:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:1,


00:01:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:2,


Router#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#enable secret < password>

Router(config)#^Z (^Z is the cntrl+Z key together)

00:01:54: %SYS-5-CONFIG_I: Configured from console by console

Router#show ip interface brief

Interface IP-Address OK? Method Status Protocol

Ethernet0/0 10.200.40.37 YES TFTP administratively down down

Serial0/0 unassigned YES TFTP administratively down down

BRI0/0 193.251.121.157 YES unset administratively down down

BRI0/0:1 unassigned YES unset administratively down down

BRI0/0:2 unassigned YES unset administratively down down

Ethernet0/1 unassigned YES TFTP administratively down down

Serial0/1 unassigned YES TFTP administratively down down

Loopback0 193.251.121.157 YES TFTP up up



Router(config)#interface Ethernet0/0

Router(config-if)#no shutdown

Router(config-if)#



changed state to up

Router(config-if)#interface BRI0/0

Router(config-if)#no shutdown

Router(config-if)#

00:02:26: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to down

00:02:26: %LINK-3-UPDOWN: Interface BRI0/0:2, changed state to down

00:02:26: %LINK-3-UPDOWN: Interface BRI0/0, changed state to up

00:02:115964116991: %ISDN-6-LAYER2UP: Layer 2 for Interface BR0/0,

TEI 68 changed to up

Router(config-if)#^Z

Router#


Router#copy running-config startup-config

Destination filename [startup-config]?

Building configuration…

[OK]

Router#show version










cisco 2611 (MPC860) processor (revision 0×202)

with 26624K/6144K bytes of memory.



Bridging software.









Configuration register is 0×2142



Router(config)#config-register 0×2102

Router(config)#^Z


Router#show version










cisco 2611 (MPC860) processor (revision 0×202)

with 26624K/6144K bytes of memory.



Bridging software.









Configuration register is 0×2142 (will be 0×2102 at next reload)

Router#

Understanding MPLS: MPLS in Layered Communciations What is its MPLS’ place in layered communication?

It is a niche all its own with no other competitors, MPLS has a complete monopoly in layered

communications. Often referred to as switching at layer 2.5, MPLS uses a shim header that

contains information that helps move frames from hop to hop.

A shim header is a 32 bit header placed between the layer 2 header, and layer 3 payload as

shown in the picture below. In certain applications like MPLS VPN and MPLS TE, the shim

header can contain enough information to define a path through an entire network, not just to the

next hop. The standard shim header has 4 fields, of which the functions are defined below.

The 4 fields are:

http://notquiteleet.com/2007/05/02/understanding-ip-communiations-mpls-in-layered-communciations/

http://notquiteleet.com/2007/05/02/understanding-ip-communiations-mpls-in-layered-communciations/

Label - 20 bits; This field stores the label value. This value can be between 0 and 2^20th - 1. The

first 16 of these labels ( 0 - 15) are exempted from nthey are reserved for specific functions

known as label operations.

Experimental (EXP) - 3 bits; This field is used specifically for Quality of Service implementation.

Bottom of Stack (S) - 1 bit; This identifies if the particular label in the stack is the bottom or top

label. This bit is set to 0 unless it is the bottom label in a label stack, if so the bit is set to 1. A

stack is a collection of labels on top of the packet. The number of labels you can have (that is, the

number of 32 bit fields) on top of a packet is limitless, though you should seldom see a stack of 4

labels or more.

Time to Live (TTL) - 8 bits; This field performs the same function as the TTL field found in an IP

header. Its main function is to avoid a packet being stuck in a routing loop. If a routing loop occurs

and no TTL is present the packet loops forever. If the TTL reaches 0, the packet is discarded.

http://www.notquiteleet.com/MPLS_shim_header.gif

Documents

Understanding MPLS