MPLS: High Availability Configuration Guide, Cisco IOS XE Release 3S
Configuring NSF/SSO—MPLS VPN
Downloads: This chapterpdf (PDF - 182.0KB) | Feedback

Configuring NSF/SSO—MPLS VPN

Table Of Contents

Configuring NSF/SSO—MPLS VPN

Finding Feature Information

Contents

Prerequisites for NSF/SSO—MPLS VPN

Restrictions for NSF/SSO—MPLS VPN

Information About NSF/SSO—MPLS VPN

Elements That Enable NSF/SSO—MPLS VPN

How VPN Prefix Information Is Checkpointed to the Backup Route Processor

How BGP Graceful Restart Preserves Prefix Information During a Restart

How to Configure NSF/SSO—MPLS VPN

Configuring NSF Support for Basic VPNs

Verifying the NSF/SSO—MPLS VPN Configuration

Configuration Examples for NSF/SSO—MPLS VPN

Example: NSF/SSO—MPLS VPN for a Basic MPLS VPN

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Feature Information for NSF/SSO—MPLS VPN


Configuring NSF/SSO—MPLS VPN


First Published: August 11, 2004
Last Updated: November 22, 2010

The NSF/SSO—MPLS VPN feature allows a provider edge (PE) router to preserve data forwarding information in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) when the primary Route Processor (RP) restarts. This module describes how to enable nonstop forwarding (NSF) in a basic MPLS VPN network.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "Feature Information for NSF/SSO—MPLS VPN" section.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Contents

Prerequisites for NSF/SSO—MPLS VPN

Restrictions for NSF/SSO—MPLS VPN

Information About NSF/SSO—MPLS VPN

How to Configure NSF/SSO—MPLS VPN

Configuration Examples for NSF/SSO—MPLS VPN

Additional References

Feature Information for NSF/SSO—MPLS VPN

Prerequisites for NSF/SSO—MPLS VPN

You must have a supported MPLS VPN network configuration. See Configuring MPLS VPNs for more information.

The networking device that is to be configured for NSF must first be configured for stateful switchover (SSO). See Stateful Switchover for more information

You must enable NSF on the routing protocols running between the provider (P) routers, provider edge (PE) routers, and customer edge (CE) routers. The supported routing protocols are Border Gateway Protocol (BGP), Open Shortest Path First (OSPF), and Intermediate System-to-Intermediate System (IS-IS). See Configuring Nonstop Forwarding for more information.

You must configure Cisco NSF support on the routers for Cisco Express Forwarding. See Configuring Nonstop Forwarding for more information.

All neighbor networking devices must be NSF-aware. Peer routers must support the graceful restart of the protocol used to communicate with the NSF/SSO—MPLS VPN-capable router.

Restrictions for NSF/SSO—MPLS VPN

Tag Distribution Protocol (TDP) sessions are not supported. Only Label Distribution Protocol (LDP) sessions are supported.

The NSF/SSO—MPLS VPN feature cannot be configured on label-controlled ATM (LC-ATM) interfaces.

Information About NSF/SSO—MPLS VPN

Elements That Enable NSF/SSO—MPLS VPN

How VPN Prefix Information Is Checkpointed to the Backup Route Processor

How BGP Graceful Restart Preserves Prefix Information During a Restart

Elements That Enable NSF/SSO—MPLS VPN

VPN NSF requires several elements in order to work:

VPN NSF uses the BGP Graceful Restart mechanisms to create MPLS forwarding entries for VPNv4 prefixes in NSF mode. The forwarding entries are preserved during a restart. BGP also saves prefix and corresponding label information and recovers the information after a restart.

The NSF/SSO—MPLS VPN feature also uses NSF for the label distribution protocol in the core network (either MPLS Label Distribution Protocol, traffic engineering, or static labeling).

The NSF/SSO—MPLS VPN feature uses NSF for the Interior Gateway Protocol (IGP) used in the core (OSPF or IS-IS).

The NSF/SSO—MPLS VPN feature uses NSF for the routing protocols between the PE and CE routers.

How VPN Prefix Information Is Checkpointed to the Backup Route Processor

When BGP allocates local labels for prefixes, it checkpoints the local label binding in the backup RP. The checkpointing function copies state information from the active RP to the backup RP, thereby ensuring that the backup RP has an identical copy of the latest information. If the active RP fails, the backup RP can take over with no interruption in service. Checkpointing begins when the active RP does a bulk synchronization, which copies all of the local label bindings to the backup RP. After that, the active RP dynamically checkpoints individual prefix label bindings when a label is allocated or freed. This allows forwarding of labeled packets to continue before BGP reconverges.

How BGP Graceful Restart Preserves Prefix Information During a Restart

When a BGP Graceful Restart-capable router loses connectivity, it performs the following actions as the restarting router:

1. The restarting router establishes BGP sessions with other routers and relearns the BGP routes from other routers that are also capable of Graceful Restart. The restarting router waits to receive updates from the neighboring routers. When the neighboring routers send end-of-Routing Information Base (RIB) markers to indicate that they are done sending updates, the restarting router starts sending its own updates.

2. The restarting router accesses the checkpoint database to find the label that was assigned for each prefix. If it finds the label, it advertises it to the neighboring router. If it does not find the label, it allocates a new label and advertises it.

3. The restarting router removes any stale prefixes after a timer for stale entries expires.

A BGP Graceful Restart-capable peer router performs the following actions when it encounters a restarting router:

1. The peer router sends all the routing updates to the restarting router. When it has finished sending updates, the peer router sends an end-of-RIB marker to the restarting router.

2. The peer router does not immediately remove the BGP routes learned from the restarting router from its BGP routing table. As it learns the prefixes from the restarting router, the peer refreshes the stale routes if the new prefix and label information matches the old information.

If a router is not configured for the NSF/SSO—MPLS VPN feature and it attempts to establish a BGP session with a router that is configured with the NSF/SSO—MPLS VPN feature, the two routers create a normal BGP session but do not have the ability to perform the NSF/SSO—MPLS VPN feature.

How to Configure NSF/SSO—MPLS VPN

Configuring NSF Support for Basic VPNs (required)

Verifying the NSF/SSO—MPLS VPN Configuration (optional)

Configuring NSF Support for Basic VPNs

SUMMARY STEPS

1. enable

2. configure terminal

3. ip cef [distributed]

4. router bgp autonomous-system-number

5. bgp graceful-restart

6. bgp graceful-restart restart-time seconds

7. bgp graceful-restart stalepath-time seconds

8. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

ip cef [distributed]

Example:

Router(config)# ip cef distributed

Enables Cisco Express Forwarding.

Use this command if Cisco Express Forwarding is not enabled by default on the router.

Step 4 

router bgp autonomous-system-number

Example:

Router(config)# router bgp 1

Configures a BGP routing process and enters router configuration mode.

Step 5 

bgp graceful-restart 
Example:
Router(config-router)# bgp graceful-restart

Enables BGP Graceful Restart on the router.

Step 6 

bgp graceful-restart restart-time seconds
Example:
Router(config-router)# bgp graceful-restart 
restart-time 200

(Optional) Specifies the maximum time to wait for a graceful-restart-capable neighbor to come back up after a restart.

Step 7 

bgp graceful-restart stalepath-time seconds 
Example:
Router(config-router)# bgp graceful-restart 
stalepath-time 400

(Optional) Specifies the maximum time to hold on to the stale paths of a gracefully restarted peer. All stale paths are deleted after the expiration of this timer.

Step 8 

end

Example:

Router(config-router)# end

Exits to privileged EXEC mode.


Verifying the NSF/SSO—MPLS VPN Configuration

SUMMARY STEPS

1. show ip bgp vpnv4 all labels

2. show ip bgp vpnv4 all neighbors

3. show ip bgp labels

4. show ip bgp neighbors

DETAILED STEPS


Step 1 show ip bgp vpnv4 all labels

This command displays incoming and outgoing BGP labels for each route distinguisher. The following is sample output from the command:

Router# show ip bgp vpnv4 all labels 

Network          Next Hop      In label/Out label
Route Distinguisher: 100:1 (vpn1)
   10.3.0.0/16      10.0.0.5        25/20
                    10.0.0.1        25/23
                    10.0.0.2        25/imp-null
   10.0.0.9/32      10.0.0.1        24/22
                    10.0.0.2        24/imp-null

Step 2 show ip bgp vpnv4 all neighbors

This command displays whether the BGP peers are capable of Graceful Restart. The following is sample output from the command:

Router# show ip bgp vpnv4 all neighbors

BGP neighbor is 10.0.0.1,  remote AS 100, internal link
  BGP version 4, remote router ID 10.0.0.1
  BGP state = Established, up for 02:49:47
  Last read 00:00:47, hold time is 180, keepalive interval is 60 seconds
  Neighbor capabilities:
    Route refresh: advertised and received(new)
    Address family VPNv4 Unicast: advertised and received
    Graceful Restart Capabilty: advertised and received
      Remote Restart timer is 120 seconds
      Address families preserved by peer:
        VPNv4 Unicast
.
.
.

Step 3 show ip bgp labels

This command displays information about MPLS labels in the Exterior Border Gateway Protocol (EBGP) route table. The following is sample output from the command:

Router# show ip bgp labels

   Network          Next Hop      In label/Out label
   10.3.0.0/16      10.0.0.1        imp-null/imp-null
                    0.0.0.0         imp-null/nolabel
   10.0.0.9/32      10.0.0.1        21/29
   10.0.0.11/32     10.0.0.1        24/38
   10.0.0.13/32     0.0.0.0         imp-null/nolabel
   10.0.0.15/32     10.0.0.1        29/nolabel
                    10.0.0.1        29/21

Step 4 show ip bgp neighbors

This command displays whether the BGP peers are capable of Graceful Restart. The following is sample output from the command:

Router# show ip bgp neighbors

BGP neighbor is 10.0.0.1,  remote AS 100, external link
  BGP version 4, remote router ID 10.0.0.5
  BGP state = Established, up for 02:54:19
  Last read 00:00:18, hold time is 180, keepalive interval is 60 seconds
  Neighbor capabilities:
    Route refresh: advertised and received(new)
    Address family IPv4 Unicast: advertised and received
    ipv4 MPLS Label capability: advertised and received
    Graceful Restart Capabilty: advertised and received
      Remote Restart timer is 120 seconds
      Address families preserved by peer:
        IPv4 Unicast
.
.
.

Configuration Examples for NSF/SSO—MPLS VPN

Example: NSF/SSO—MPLS VPN for a Basic MPLS VPN

Example: NSF/SSO—MPLS VPN for a Basic MPLS VPN

The following sample output shows the configuration of the NSF/SSO—MPLS VPN feature on the CE and PE routers. SSO is enabled by default, and LDP is the default MPLS label protocol.

CE1 Router

ip cef
no ip domain-lookup
!
interface Loopback0
 ip address 10.10.10.10 255.255.255.255
!
interface GigabitEthernet1/0/4
 ip address 10.0.0.1 255.0.0.0
 media-type 10BaseT
!
router ospf 100
 redistribute bgp 101
 nsf enforce global
 passive-interface GigabitEthernet1/0/4
 network 10.0.0.0 0.255.255.255 area 100
!
router bgp 101
 no synchronization
 bgp graceful-restart restart-time 120 
 bgp graceful-restart stalepath-time 360 
 bgp graceful-restart network 10.0.0.0
 network 10.0.0.0
 neighbor 10.0.0.2 remote-as 100

PE1 Router

redundancy 
mode sso 
!
ip cef distributed
mpls ldp graceful-restart 
mpls label protocol ldp

ip vrf vpn1
 rd 100:1
 route-target export 100:1
 route-target import 100:1
no mpls aggregate-statistics
!
interface Loopback0
 ip address 10.12.12.12 255.255.255.255
!
interface GigabitEthernet1/0/4
 ip vrf forwarding vpn1
 ip address 10.0.0.2 255.0.0.0
 !
 mpls ip

interface ATM3/0/0
 no ip address
!
interface ATM3/0/0.1 point-to-point
 ip unnumbered Loopback0
 mpls ip
!
router ospf 100
 passive-interface GigabitEthernet1/0/4
 nsf enforce global
 network 10.0.0.0 0.255.255.255 area 100
!
router bgp 100
 no synchronization
 bgp graceful-restart restart-time 120 
 bgp graceful-restart stalepath-time 360 
 bgp graceful-restart 

 no bgp default ipv4-unicast
 neighbor 10.14.14.14 remote-as 100
 neighbor 10.14.14.14 update-source Loopback0
!
address-family ipv4 vrf vpn1
 neighbor 10.0.0.1 remote-as 101
 neighbor 10.0.0.1 activate
 exit-address-family
!
address-family vpnv4
 neighbor 10.14.14.14 activate
 neighbor 10.14.14.14 send-community extended
 exit-address-family

PE2 Router

redundancy 
mode sso 
!
ip cef distributed
mpls ldp graceful-restart 
mpls label protocol ldp
!
ip vrf vpn1
 rd 100:1
 route-target export 100:1
 route-target import 100:1
no mpls aggregate-statistics
!
!
interface Loopback0
 ip address 10.14.14.14 255.255.255.255
!
interface ATM1/0
 no ip address
!
interface ATM1/0.1 point-to-point
 ip unnumbered Loopback0
 mpls ip
!
interface FastEthernet3/0/0
 ip vrf forwarding vpn1
 ip address 10.0.0.1 255.0.0.0
 ip route-cache distributed
!
router ospf 100
 nsf enforce global
 passive-interface FastEthernet3/0/0
 network 10.0.0.0 0.255.255.255 area 100
!
router bgp 100
 no synchronization
 bgp graceful-restart restart-time 120 
 bgp graceful-restart stalepath-time 360 
 bgp graceful-restart 
 no bgp default ipv4-unicast
 neighbor 10.12.12.12 remote-as 100
 neighbor 10.12.12.12 update-source Loopback0
!
address-family ipv4 vrf vpn1
 neighbor 10.0.0.2 remote-as 102
 neighbor 10.0.0.2 activate
 exit-address-family
!
address-family vpnv4
 neighbor 10.12.12.12 activate
 neighbor 10.12.12.12 send-community extended
 exit-address-family

CE2 Router

ip cef
!
interface Loopback0
 ip address 10.13.13.13 255.255.255.255
!
interface FastEthernet0/1
 ip address 10.0.0.2 255.0.0.0
 no ip mroute-cache
!
router ospf 100
 redistribute bgp 102
 nsf enforce global 
 passive-interface FastEthernet0/1
 network 10.0.0.0 0.255.255.255 area 100
!
router bgp 102
 no synchronization
 bgp graceful-restart restart-time 120 
 bgp graceful-restart stalepath-time 360 
 bgp graceful-restart 

 network 10.0.0.0
 network 10.0.0.0
 neighbor 10.0.0.1 remote-as 100

Additional References

Related Documents

Related Topic
Document Title

Basic MPLS VPNs

"Part 4: MPLS Virtual Private Networks" module in the Cisco IOS XE Multiprotocol Label Switching Configuration Guide

Cisco IOS commands

Cisco IOS Master Commands List, All Releases

Cisco IOS debug commands

Cisco IOS Debug Command Reference

Cisco IOS HA commands

Cisco IOS High Availability Command Reference

MPLS VPNs

Configuring MPLS VPNs

Nonstop forwarding and BGP Graceful Restart

Cisco Nonstop Forwarding

Nonstop forwarding for MPLS LDP

NSF/SSO-MPLS LDP and MPLS LDP Graceful Restart

Stateful switchover

Stateful Switchover


Standards

Standard
Title

draft-ietf-mpls-bgp-mpls-restart.txt

Graceful Restart Mechanism for BGP with MPLS

draft-ietf-mpls-idr-restart.txt

Graceful Restart Mechanism for BGP


MIBs

MIB
MIBs Link

MPLS VPN MIB

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs


RFCs

RFC
Title

RFC 1163

A Border Gateway Protocol

RFC 1164

Application of the Border Gateway Protocol in the Internet

RFC 2283

Multiprotocol Extensions for BGP-4

RFC 2547

BGP/MPLS VPNs


Technical Assistance

Description
Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html


Feature Information for NSF/SSO—MPLS VPN

Table 1 lists the release history for this feature.

Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/fn. An account on Cisco.com is not required.


Note Table 1 lists only the software release that introduced support for a given feature in given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.


Table 1 Feature Information for NSF/SSO—MPLS VPN 

Feature Name
Releases
Feature Information

NSF/SSO—MPLS VPN

Cisco IOS XE Release 2.1

This feature allows a provider edge router to preserve data forwarding information in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) when the primary Route Processor restarts.