MPLS: Layer 3 VPNs Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
MPLS VPN Per VRF Label
Downloads: This chapterpdf (PDF - 1.21MB) The complete bookPDF (PDF - 4.9MB) | The complete bookePub (ePub - 1.1MB) | Feedback

MPLS VPN Per VRF Label

MPLS VPN Per VRF Label

The MPLS VPN Per VRF Label feature allows you to configure a single Virtual Private Network (VPN) label for all local routes in the entire VPN routing and forwarding (VRF) domain. This MPLS VPN Per VRF Label feature incorporates a single (per VRF) VPN label that for all local routes in the VRF table.

You can enable (or disable) the MPLS VPN Per VRF Label feature in global configuration mode.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Prerequisites for MPLS VPN Per VRF Label

  • If your virtual routing and forwarding (VRF) domain has the external/internal Border Gateway Protocol (EIBGP) multipath feature or the Carrier Supporting Carrier (CSC) feature enabled, disable those features before you configure the MPLS VPN Per VRF Label feature.
  • Before configuring Multiprotocol Label Switching (MPLS) Layer 3 Virtual Private Networks (VPNs), you must install MPLS, Label Distribution Protocol (LDP), and Cisco Express Forwarding in your network. All devices in the core, including the provider edge (PE) devices, must be able to support Cisco Express Forwarding and MPLS forwarding.

Restrictions for MPLS VPN Per VRF Label

  • Enabling the MPLS VPN Per VRF Label feature causes Border Gateway Protocol (BGP) reconvergence, which can result in data loss for traffic coming from the Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) core.

Note


You can minimize network disruption by enabling this feature during a scheduled MPLS maintenance window. Also, if possible, avoid enabling this feature on a live device


  • There is no performance degradation when you configure up to 511 VRFs; however, when you add more than 511 VRFs, your network might experience some minor performance degradation (similar to the normal degradation experienced by any of the directly connected VRF prefixes present in the device).
  • Per-prefix MPLS counters for VPN prefixes are lost when you enable the MPLS VPN Per VRF Label feature.
  • You cannot use this feature with Carrier Supporting Carrier (CSC) and external/internal Border Gateway Protocol (EIBGP) multipath features.

Information About MPLS VPN Per VRF Label

MPLS VPN Per VRF Label Functionality

The provider edge (PE) stores both local and remote routes and includes a label entry for each route. For distributed platforms, the per-prefix labels consume memory. When there are many virtual routing and forwarding (VRF) domains and routes, the amount of memory that the per-prefix labels consume can become an issue.

The MPLS VPN Per VRF Label feature allows the advertisement of a single Virtual Private Network (VPN) label for local routes throughout the entire VRF. The device uses a new VPN label for the VRF decoding and IP-based lookup to learn where to forward packets for the PE or customer edge (CE) interfaces.

The following conditions apply when you configure the Per VRF Label feature:

  • The VRF uses one label for all local routes.
  • When you enable the MPLS VPN Per VRF Label feature, any existing Per VRF Aggregate label is used. If no Per VRF Aggregate label is present, the software creates a new Per VRF label.
  • When you enable the MPLS VPN Per VRF Label feature, the CE device’s learned local routes will experience some data loss.

The CE does not lose data when you disable the MPLS VPN Per VRF Label feature because when you disable the feature, the configuration reverts to the default labeling configuration, which uses the Per VRF Aggregate label from the local nonCE-sourced routes.

  • When you disable the MPLS VPN Per VRF Label feature, the configuration reverts to the default configuration.
  • A Per VRF label forwarding entry is deleted only if the VRF or the Border Gateway Protocol (BGP) configuration is removed.

Summarization of Label Allocation Modes

The table below defines the label allocations used with various route types.

Table 1 Label Allocation Modes

Route Types

Label Mode Default

Label Mode: Per VRF Label Feature

Local to the PE (connected, static route to NULL0, BGP aggregates), redistributed to BGP

Per VRF Aggregate label

Per VRF label

Locally learned from CE (through EBGP or other PE or CE protocols)

Per Prefix label

Per VRF label

How to Configure MPLS VPN Per VRF Label

Configuring the Per VRF Label Feature

SUMMARY STEPS

    1.    enable

    2.    configure terminal

    3.    mpls label mode {vrf vrf-name | all-vrfs} protocol bgp-vpnv4 {per-prefix | per-vrf}

    4.    end

    5.    show ip vrf detail


DETAILED STEPS
      Command or Action Purpose
    Step 1 enable


    Example:
    Device> enable
     

    Enables privileged EXEC mode.

    • Enter your password if prompted.
     
    Step 2 configure terminal


    Example:
    Device# configure terminal
     

    Enters global configuration mode.

     
    Step 3 mpls label mode {vrf vrf-name | all-vrfs} protocol bgp-vpnv4 {per-prefix | per-vrf}


    Example:
    Device(config)# mpls label mode all-vrfs protocol bgp-vpnv4 per-vrf
     

    Configures the MPLS VPN Per VRF Label feature.

     
    Step 4 end


    Example:
    Device(config)# end
     

    Returns to privileged EXEC mode.

     
    Step 5 show ip vrf detail


    Example:
    Device# show ip vrf detail
     

    Displays the VRF label mode.

     

    Examples

    The following command example shows how to verify the MPLS VPN Per VRF Label configuration:

    In this example output, the bold text indicates the label modes:

    Device# show ip vrf detail
    VRF vpn1; default RD 1:1; default VPNID <not set>
    VRF Table ID = 1
      Interfaces:
        Ethernet0/0              Serial5/0                Loopback1
      Connected addresses are not in global routing table
      Export VPN route-target communities
        RT:1:1                  
      Import VPN route-target communities
        RT:1:1                  
      No import route-map
      No export route-map
    CSC is not configured.
     VRF label allocation mode: per-vrf (Label 19)
    VRF vpn2; default RD 2:1; default VPNID <not set>
    VRF Table ID = 2
      Interfaces:
        Ethernet2/0              Loopback2               
      Connected addresses are not in global routing table
      Export VPN route-target communities
        RT:2:1                  
      Import VPN route-target communities
        RT:2:1                  
      No import route-map
      No export route-map
    CSC is not configured.
     VRF label allocation mode: per-vrf (Label 20)
    VRF vpn3; default RD 3:1; default VPNID <not set>
    VRF Table ID = 3
      Interfaces:
        Ethernet3/0              Loopback3               
      Connected addresses are not in global routing table
      Export VPN route-target communities
        RT:3:1                  
      Import VPN route-target communities
        RT:3:1                  
      No import route-map
      No export route-map
    CSC is not configured.
     VRF label allocation mode: per-vrf (Label 23)
    Device# show ip bgp vpnv4 all labels
       Network          Next Hop      In label/Out label
    Route Distinguisher: 1:1 (vpn1)
     127.0.0.1/32 192.168.1.1 IPv4 VRF Aggr:19/nolabel
       127.0.0.5/32     127.0.0.4       nolabel/19
       192.168.1.0/24   192.168.1.1     IPv4 VRF Aggr:19/nolabel
                        0.0.0.0         IPv4 VRF Aggr:19/aggregate(vpn1)
       192.168.4.0/24   127.0.0.4       nolabel/20
       172.16.0.0/16    0.0.0.0         IPv4 VRF Aggr:19/aggregate(vpn1)
     172.16.128.0/32 192.168.1.1 IPv4 VRF Aggr:19/nolabel
    Route Distinguisher: 2:1 (vpn2)
       127.0.2.2/32     0.0.0.0         IPv4 VRF Aggr:20/aggregate(vpn2)
     127.0.0.6/32 192.168.5.1 IPv4 VRF Aggr:20/nolabel
       192.168.5.0/24   0.0.0.0         IPv4 VRF Aggr:20/aggregate(vpn2)
     172.17.128.0/32 192.168.5.1 IPv4 VRF Aggr:20/nolabel
    Route Distinguisher: 3:1 (vpn3)
       127.0.3.2/32     0.0.0.0         IPv4 VRF Aggr:23/aggregate(vpn3)
     127.0.0.8/32 192.168.7.1 IPv4 VRF Aggr:23/nolabel
       192.168.7.0/24   0.0.0.0         IPv4 VRF Aggr:23/aggregate(vpn3)
     172.16.128.0/32 192.168.7.1 IPv4 VRF Aggr:23/nolabel
    Device# show mpls forwarding-table 
    
    Local  Outgoing    Prefix              Bytes tag  Outgoing   Next Hop    
    tag    tag or VC   or Tunnel Id        switched   interface              
    16     Pop tag     192.168.3.0/24    0          Et1/0      192.168.2.3     
    17     Pop tag     127.0.0.3/32      0          Et1/0      192.168.2.3     
    18     17          127.0.0.4/32      0          Et1/0      192.168.2.3     
    19 Pop Label IPv4 VRF[V] 0 aggregate/vpn1
    20 Pop Label IPv4 VRF[V] 0 aggregate/vpn2
    23 Pop Label IPv4 VRF[V] 0 aggregate/vpn3
    PE1# 
    

    Configuration Examples for MPLS VPN Per VRF Label

    Example: No Label Mode Default Configuration

    The following example shows the default label mode configuration (no label mode).

    In this example output, the bold text indicates the label modes:

    Device# show ip vrf detail
    VRF vpn1; default RD 1:1; default VPNID <not set>
    VRF Table ID = 1
      Interfaces:
        Ethernet0/0              Serial5/0                Loopback1
      Connected addresses are not in global routing table
      Export VPN route-target communities
        RT:1:1                  
      Import VPN route-target communities
        RT:1:1                  
      No import route-map
      No export route-map
    CSC is not configured.
      VRF label allocation mode: per-prefix 
     per-vrf-aggr for connected and BGP aggregates (Label 19) 
    VRF vpn2; default RD 2:1; default VPNID <not set>
    VRF Table ID = 2
      Interfaces:
        Ethernet2/0              Loopback2               
      Connected addresses are not in global routing table
      Export VPN route-target communities
        RT:2:1                  
      Import VPN route-target communities
        RT:2:1                  
      No import route-map
      No export route-map
    CSC is not configured.
      
    VRF label allocation mode: per-prefix
     
     per-vrf-aggr for connected and BGP aggregates (Label 20) 
    VRF vpn3; default RD 3:1; default VPNID <not set>
    VRF Table ID = 3
      Interfaces:
        Ethernet3/0              Loopback3               
      Connected addresses are not in global routing table
      Export VPN route-target communities
        RT:3:1                  
      Import VPN route-target communities
        RT:3:1                  
      No import route-map
      No export route-map
    CSC is not configured.
      VRF label allocation mode: per-prefix 
     per-vrf-aggr for connected and BGP aggregates (Label 23) 
    Device# show ip bgp vpnv4 all labels 
       Network          Next Hop      In label/Out label
    Route Distinguisher: 1:1 (vpn1)
       127.0.0.1/32     192.168.1.1     27/nolabel
       127.0.0.5/32     127.0.0.4       nolabel/19
       192.168.1.0/24   192.168.1.1     IPv4 VRF Aggr:19/nolabel
                        0.0.0.0         IPv4 VRF Aggr:19/aggregate(vpn1)
       192.168.4.0/24   127.0.0.4       nolabel/20
       172.16.0.0/16    0.0.0.0         IPv4 VRF Aggr:19/aggregate(vpn1)
       172.16.128.0/32  192.168.1.1     28/nolabel
    Route Distinguisher: 2:1 (vpn2)
       127.0.2.2/32     0.0.0.0         IPv4 VRF Aggr:20/aggregate(vpn2)
       127.0.0.6/32     192.168.5.1     21/nolabel
       192.168.5.0/24   0.0.0.0         IPv4 VRF Aggr:20/aggregate(vpn2)
       172.17.128.0/32  192.168.5.1     22/nolabel
    Route Distinguisher: 3:1 (vpn3)
       127.0.3.2/32     0.0.0.0         IPv4 VRF Aggr:23/aggregate(vpn3)
       127.0.0.8/32     192.168.7.1     24/nolabel
       192.168.7.0/24   0.0.0.0         IPv4 VRF Aggr:23/aggregate(vpn3)
       172.16.128.0/32  192.168.7.1     25/nolabel
    Device# show mpls forwarding-table
    Local  Outgoing    Prefix              Bytes tag  Outgoing   Next Hop    
    tag    tag or VC   or Tunnel Id        switched   interface              
    16     Pop tag     192.168.3.0/24    0          Et1/0      192.168.2.3     
    17     Pop tag     127.0.0.3/32      0          Et1/0      192.168.2.3     
    18     17          127.0.0.4/32      0          Et1/0      192.168.2.3     
    19     Pop Label   IPv4 VRF[V] 0 aggregate/vpn1
    20     Pop Label   IPv4 VRF[V] 0 aggregate/vpn2
    21     Untagged    127.0.0.6/32[V]   0          Et2/0      192.168.5.1     
    22     Untagged    172.17.128.0/32[V]0          Et2/0      192.168.5.1     
    23     Pop Label   IPv4 VRF[V] 0 aggregate/vpn3
    24     Untagged    127.0.0.8/32[V]   0          Et3/0      192.168.7.1     
    25     Untagged    172.16.128.0/32[V]0          Et3/0      192.168.7.1     
    27     Untagged    127.0.0.1/32[V]   0          Et0/0      192.168.1.1     
    28     Untagged    172.16.128.0/32[V]0          Et0/0      192.168.1.1 

    Example: Mixed Mode with Global Per-Prefix

    For this example, the following commands set VPN 1 for per-vrf label mode, VPN 2 for per-prefix label mode, and all remaining VPNs for per-prefix (globally).

    In this example output, the bold text indicates the label modes:

    Device# mpls label mode vrf vpn1 protocol bgp-vpnv4 per-vrf 
    Device# mpls label mode vrf vpn2 protocol bgp-vpnv4 per-prefix 
    

    Use the following show commands to display the label mode settings:

    Device# show ip vrf detail 
    VRF vpn1; default RD 1:1; default VPNID <not set>
    VRF Table ID = 1
      Interfaces:
        Ethernet0/0              Serial5/0                Loopback1
      Connected addresses are not in global routing table
      Export VPN route-target communities
        RT:1:1                  
      Import VPN route-target communities
        RT:1:1                  
      No import route-map
      No export route-map
    CSC is not configured.
     VRF label allocation mode: per-vrf (Label 26)
    VRF vpn2; default RD 2:1; default VPNID <not set>
    VRF Table ID = 2
      Interfaces:
        Ethernet2/0              Loopback2               
      Connected addresses are not in global routing table
      Export VPN route-target communities
        RT:2:1                  
      Import VPN route-target communities
        RT:2:1                  
      No import route-map
      No export route-map
    CSC is not configured.
      VRF label allocation mode: per-prefix 
     per-vrf-aggr for connected and BGP aggregates (Label 27) 
    VRF vpn3; default RD 3:1; default VPNID <not set>
    VRF Table ID = 3
      Interfaces:
        Ethernet3/0              Loopback3               
      Connected addresses are not in global routing table
      Export VPN route-target communities
        RT:3:1                  
      Import VPN route-target communities
        RT:3:1                  
      No import route-map
      No export route-map
    CSC is not configured.
      
    VRF label allocation mode: per-prefix 
     per-vrf-aggr for connected and BGP aggregates (Label 28) 
    Device# show ip bgp vpnv4 all label
       Network          Next Hop      In label/Out label
    Route Distinguisher: 1:1 (vpn1)
     127.0.0.1/32 192.168.1.1 IPv4 VRF Aggr:26/nolabel
       127.0.0.5/32     127.0.0.4       nolabel/19
       192.168.1.0/24   0.0.0.0         IPv4 VRF Aggr:26/aggregate(vpn1)
                        192.168.1.1     IPv4 VRF Aggr:26/nolabel
       192.168.4.0/24   127.0.0.4       nolabel/20
       172.16.0.0/16    0.0.0.0         IPv4 VRF Aggr:26/aggregate(vpn1)
     172.16.128.0/32 192.168.1.1 IPv4 VRF Aggr:26/nolabel 
    Route Distinguisher: 2:1 (vpn2)
       127.0.2.2/32     0.0.0.0         IPv4 VRF Aggr:27/aggregate(vpn2)
       127.0.0.6/32     192.168.5.1     20/nolabel
       192.168.5.0/24   0.0.0.0         IPv4 VRF Aggr:27/aggregate(vpn2)
       172.17.128.0/32  192.168.5.1     21/nolabel
    Route Distinguisher: 3:1 (vpn3)
       127.0.3.2/32     0.0.0.0         IPv4 VRF Aggr:28/aggregate(vpn3)
       127.0.0.8/32     192.168.7.1     22/nolabel
       192.168.7.0/24   0.0.0.0         IPv4 VRF Aggr:28/aggregate(vpn3)
       172.16.128.0/32  192.168.7.1     23/nolabel
    Device# show mpls forwarding-table
     
    Local  Outgoing    Prefix              Bytes tag  Outgoing   Next Hop    
    tag    tag or VC   or Tunnel Id        switched   interface              
    16     Pop tag     192.168.3.0/24    0          Et1/0      192.168.2.3     
    17     Pop tag     127.0.0.3/32      0          Et1/0      192.168.2.3     
    18     17          127.0.0.4/32      0          Et1/0      192.168.2.3     
    20     Untagged    127.0.0.6/32[V]   0          Et2/0      192.168.5.1     
    21     Untagged    172.17.128.0/32[V]0          Et2/0      192.168.5.1     
    22     Untagged    127.0.0.8/32[V]   0          Et3/0      192.168.7.1     
    23     Untagged    172.16.128.0/32[V]0          Et3/0      192.168.7.1     
    26 Pop Label IPv4 VRF[V] 0 aggregate/vpn1 
    27     Pop Label   IPv4 VRF[V] 0 aggregate/vpn1 
    28     Pop Label   IPv4 VRF[V] 0 aggregate/vpn1 
    

    Example: Mixed Mode with Global Per-VRF

    For this example, the following commands set VPN 1 for per-vrf label mode, VPN 2 for per-prefix label mode, and all remaining VPNs for per-vrf (globally).

    In this example output, the bold text indicates the label modes:

    Device# mpls label mode vrf vpn1 protocol bgp-vpnv4 per-vrf 
    Device# mpls label mode vrf vpn2 protocol bgp-vpnv4 per-prefix 
    Device# mpls label mode all-vrfs protocol bgp-vpnv4 per-vrf 
    Device# show ip vrf detail
    VRF vpn1; default RD 1:1; default VPNID <not set>
    VRF Table ID = 1
      Interfaces:
        Ethernet0/0              Serial5/0                Loopback1
      Connected addresses are not in global routing table
      Export VPN route-target communities
        RT:1:1                  
      Import VPN route-target communities
        RT:1:1                  
      No import route-map
      No export route-map
    CSC is not configured.
     VRF label allocation mode: per-vrf (Label 26)
    VRF vpn2; default RD 2:1; default VPNID <not set>
    VRF Table ID = 2
      Interfaces:
        Ethernet2/0              Loopback2               
      Connected addresses are not in global routing table
      Export VPN route-target communities
        RT:2:1                  
      Import VPN route-target communities
        RT:2:1                  
      No import route-map
      No export route-map
    CSC is not configured.
      VRF label allocation mode: per-prefix 
     per-vrf-aggr for connected and BGP aggregates (Label 27) 
    VRF vpn3; default RD 3:1; default VPNID <not set>
    VRF Table ID = 3
      Interfaces:
        Ethernet3/0              Loopback3               
      Connected addresses are not in global routing table
      Export VPN route-target communities
        RT:3:1                  
      Import VPN route-target communities
        RT:3:1                  
      No import route-map
      No export route-map
    CSC is not configured.
     VRF label allocation mode: per-vrf (Label 28) 
    Device# show ip bgp vpnv4 all label
       
       Network          Next Hop      In label/Out label
    Route Distinguisher: 1:1 (vpn1)
     127.0.0.1/32 192.168.1.1 IPv4 VRF Aggr:26/nolabel 
       127.0.0.5/32     127.0.0.4       nolabel/19
       192.168.1.0/24   0.0.0.0         IPv4 VRF Aggr:26/aggregate(vpn1)
                        192.168.1.1     IPv4 VRF Aggr:26/nolabel
       192.168.4.0/24   127.0.0.4       nolabel/20
       172.16.0.0/16    0.0.0.0         IPv4 VRF Aggr:26/aggregate(vpn1)
     172.16.128.0/32 192.168.1.1 IPv4 VRF Aggr:26/nolabel 
    Route Distinguisher: 2:1 (vpn2)
       127.0.2.2/32     0.0.0.0         IPv4 VRF Aggr:27/aggregate(vpn2)
       127.0.0.6/32     192.168.5.1     20/nolabel
       192.168.5.0/24   0.0.0.0         IPv4 VRF Aggr:27/aggregate(vpn2)
       172.17.128.0/32  192.168.5.1     21/nolabel
    Route Distinguisher: 3:1 (vpn3)
       127.0.3.2/32     0.0.0.0         IPv4 VRF Aggr:28/aggregate(vpn3)
     127.0.0.8/32 192.168.7.1 IPv4 VRF Aggr:28/nolabel 
       192.168.7.0/24   0.0.0.0         IPv4 VRF Aggr:28/aggregate(vpn3)
     172.16.128.0/32 192.168.7.1 IPv4 VRF Aggr:28/nolabel 
    Device# show mpls forwarding-table
        
    Local  Outgoing    Prefix              Bytes tag  Outgoing      Next Hop    
    tag    tag or VC   or Tunnel Id        switched   interface              
    16     Pop tag     192.168.3.0/24    0          Et1/0           192.168.2.3     
    17     Pop tag     127.0.0.3/32      0          Et1/0           192.168.2.3     
    18     17          127.0.0.4/32      0          Et1/0           192.168.2.3     
    20     Untagged    127.0.0.6/32[V]   0          Et2/0           192.168.5.1     
    21     Untagged    172.17.128.0/32[V]0          Et2/0           192.168.5.1     
    26 Pop Label IPv4 VRF[V] 0 aggregate/vpn1 
    27 Pop Label IPv4 VRF[V] 0 
    aggregate/vpn2
    28 Pop Label IPv4 VRF[V] 0 aggregate/vpn3 
    

    Additional References

    Related Documents

    Related Topic

    Document Title

    Cisco IOS commands

    Cisco Master Command List, All Releases

    MPLS and MPLS applications commands

    Cisco IOS Multiprotocol Label Switching Command Reference

    MPLS VPNs

    MPLS Layer 3 VPNs Configuration Guide

    Standards and RFCs

    Standard/RFC

    Title

    RFC 2547

    BGP/MPLS

    Technical Assistance

    Description

    Link

    The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

    http:/​/​www.cisco.com/​cisco/​web/​support/​index.html

    Feature Information for MPLS VPN Per VRF Label

    The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

    Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

    Table 2 Feature Information for MPLS VPN Per VRF Label

    Feature Name

    Releases

    Feature Information

    MPLS VPN Per VRF Label

    12.2(18)SXF2

    12.2(33)SRA

    12.2(33)SXH

    12.4(6)T

    Cisco IOS XE Release 2.2

    The MPLS VPN Per VRF Label feature allows a user to configure a single VPN label for all local routes in the entire VPN routing and forwarding (VRF) domain. The feature incorporates a single (per VRF) VPN label for all local routes in the VRF table.

    In Cisco IOS Release 12.2(18)SXF2, this feature was introduced.

    In Cisco IOS Releases 12.2(33)SRA, 12.2(33)SRD, and 12.4(6)T, this feature was integrated.

    In Cisco IOS XE Release 2.2, support was added for the Cisco ASR 1000 Series Routers.

    The following commands were introduced or modified:

    debug ip bgp vpnv4 unicast, mpls label mode.