Release 15.1SY Supervisor Engine 2T Software Configuration Guide
Multiprotocol Label Switching (MPLS)
Downloads: This chapterpdf (PDF - 262.0KB) The complete bookPDF (PDF - 13.63MB) | The complete bookePub (ePub - 2.65MB) | The complete bookMobi (Mobi - 3.48MB) | Feedback

Table of Contents

Multiprotocol Label Switching (MPLS)

Prerequisites for MPLS

Restrictions for MPLS

Information About MPLS

MPLS Overview

IP to MPLS

MPLS to MPLS

MPLS to IP

MPLS VPN Forwarding

Recirculation

Hardware Supported Features

Supported MPLS Features

Default Settings for MPLS

How to Configure MPLS Features

Configuring MPLS

Configuring MUX-UNI Support on LAN Cards

Configuration Examples for MPLS

Multiprotocol Label Switching (MPLS)


Note • For complete syntax and usage information for the commands used in this chapter, see these publications:

http://www.cisco.com/en/US/products/ps11846/prod_command_reference_list.html

  • Cisco IOS Release 15.1SY supports only Ethernet interfaces. Cisco IOS Release 15.1SY does not support any WAN features or commands.


 


Tip For additional information about Cisco Catalyst 6500 Series Switches (including configuration examples and troubleshooting information), see the documents listed on this page:

http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html

Participate in the Technical Documentation Ideas forum


 

Prerequisites for MPLS

None.

Restrictions for MPLS

  • The PFC and DFCs supports up to 16 load-shared paths (Cisco IOS releases for other platforms support only 8 load-shared paths).
  • MTU size checking is supported in hardware.
  • Fragmentation is supported in software, including traffic that ingresses as IP and egresses as MPLS. To prevent excessive CPU utilization, you can rate-limit the traffic being sent to the RP for fragmentation with the platform rate-limit all mtu-failure command.
  • MPLS supports these commands:

mpls ip default route

mpls ip propagate-ttl

mpls ip ttl-expiration pop

mpls label protocol

mpls label range

mpls ip

mpls label protocol

mpls mtu

For information about these commands, see these publications:

http://www.cisco.com/en/US/products/ps11846/prod_command_reference_list.html

Cisco IOS Release 15.1SY supports only Ethernet interfaces. Cisco IOS Release 15.1SY does not support any WAN features or commands.

Information About MPLS

MPLS Overview

MPLS uses label switching to forward packets over Ethernet. Labels are assigned to packets based on groupings or forwarding equivalence classes (FECs). The label is added between the Layer 2 and the Layer 3 header.

In an MPLS network, the label edge router (LER) performs a label lookup of the incoming label, swaps the incoming label with an outgoing label, and sends the packet to the next hop at the label switch router (LSR). Labels are imposed (pushed) on packets only at the ingress edge of the MPLS network and are removed (popped) at the egress edge. The core network LSRs (provider, or P routers) read the labels, apply the appropriate services, and forward the packets based on the labels.

Incoming labels are aggregate or nonaggregate. The aggregate label indicates that the arriving MPLS packet must be switched through an IP lookup to find the next hop and the outgoing interface. The nonaggregate label indicates that the packet contains the IP next hop information.

Figure 7-1 shows an MPLS network of a service provider that connects two sites of a customer network.

Figure 7-1 MPLS Network

 

The route processor (RP) performs Layer 3 control-plane functions, including address resolution and routing protocols. The RP processes information from the Routing and Label Distribution Protocols and builds the IP forwarding (FIB) table and the label forwarding (LFIB) table. The RP distributes the information in both tables to the PFC and DFCs.

The PFC and DFCs receive the information and creates its own copies of the FIB and LFIB tables. Together, these tables comprise the FIB TCAM. The PFC and DFCs look up incoming IP packets and labeled packets against the FIB TCAM table. The lookup result is the pointer to a particular adjacency entry. It is the adjacency entry that contains appropriate information for label pushing (for IP to MPLS path), label swapping (for MPLS to MPLS path), label popping (for MPLS to IP path), and encapsulation.

Figure 7-2 shows the various functional blocks that support MPLS. Routing protocol generates a routing information base (RIB) that is used for forwarding IP and MPLS data packets. For Cisco Express Forwarding (CEF), necessary routing information from the RIB is extracted and built into a forwarding information base (FIB). The label distribution protocol (LDP) obtains routes from the RIB and distributes the label across a label switch path to build a label forwarding information base (LFIB) in each of the LSRs and LERs.

Figure 7-2 MPLS Forwarding, Control and Data Planes

 

IP to MPLS

At the ingress to the MPLS network, the PFC examines the IP packets and performs a route lookup in the FIB TCAM. The lookup result is the pointer to a particular adjacency entry. The adjacency entry contains the appropriate information for label pushing (for IP to MPLS path) and encapsulation. The PFC generates a result containing the imposition label(s) needed to switch the MPLS packet.

MPLS to MPLS

At the core of an MPLS network, the PFC uses the topmost label to perform a lookup in the FIB TCAM. The successful lookup points to an adjacency that swaps the top label in the packet with a new label as advertised by the downstream label switch router (LSR). If the router is the penultimate hop LSR router (the upstream LSR next to the egress LER), the adjacency instructs the PFCBXL to pop the topmost label, resulting in either an MPLS packet with the remaining label for any VPN or AToM use or a native IP packet.

MPLS to IP

At the egress of the MPLS network there are several possibilities.

For a native IP packet (when the penultimate router has popped the label), the PFC performs a route lookup in the FIB TCAM.

For a MPLS VPN packet, after the Interior Gateway Protocol (IGP) label is popped at penultimate router, the VPN label remains. The operation that the PFC performs depends on the VPN label type. Packets carrying aggregate labels require a second lookup based on the IP header after popping the aggregate label. For a nonaggregate label, the PFC performs a route lookup in the FIB TCAM to obtain the IP next hop information.

For the case of a packet with an IGP label and a VPN label, when there is no penultimate hop popping (PHP), the packet carries the explicit-null label on top of the VPN label. The PFC looks up the top label in the FIB TCAM and recirculates the packet. Then the PFC handles the remaining label as described in the preceding paragraph, depending on whether it is an aggregate or nonaggregate label.

Packets with the explicit-null label for the cases of EoMPLS, MPLS, and MPLS VPN an MPLS are handled the same way.

MPLS VPN Forwarding

There are two types of VPN labels: aggregate labels for directly connected network or aggregate routes, and nonaggregate labels. Packets carrying aggregate labels require a second lookup based on the IP header after popping the aggregate label. The VPN information (VPN-IPv4 address, extended community, and label) is distributed through the Multiprotocol-Border Gateway Protocol (MP-BGP).

Recirculation

In certain cases, the PFC provides the capability to recirculate the packets. Recirculation can be used to perform additional lookups in the ACL or QoS TCAMs, the NetFlow table, or the FIB TCAM table. Recirculation is necessary in these situations:

  • To push more than three labels on imposition
  • To pop more than two labels on disposition
  • To pop an explicit null top label
  • When the VPN Routing and Forwarding (VRF) number is more than 511
  • For IP ACL on the egress interface (for nonaggregate (per-prefix) labels only)

Packet recirculation occurs only on a particular packet flow; other packet flows are not affected. The rewrite of the packet occurs on the modules; the packets are then forwarded back to the PFC for additional processing.

Hardware Supported Features

The following features are supported in hardware:

  • Label operation— Any number of labels can be pushed or popped, although for best results, up to three labels can be pushed, and up to two labels can be popped in the same operation.
  • IP to MPLS path—IP packets can be received and sent to the MPLS path.
  • MPLS to IP path—Labeled packets can be received and sent to the IP path.
  • MPLS to MPLS path—Labeled packets can be received and sent to the label path.
  • MPLS Traffic Engineering (MPLS TE)—Enables an MPLS backbone to replicate and expand the traffic engineering capabilities of Layer 2 ATM and Frame Relay networks.
  • Time to live (TTL) operation—At the ingress edge of the MPLS network, the TTL value in the MPLS frame header can be received from either the TTL field of the IP packet header or the user-configured value from the adjacency entry. At the egress of the MPLS network, the final TTL equals the minimum (label TTL and IP TTL)-1.

Note With the Uniform mode, the TTL is taken from the IP TTL; with the Pipe mode, a value of 255, taken from the hardware register, is used for the outgoing label.


  • QoS—Information on Differentiated Services (DiffServ) and ToS from IP packets can be mapped to MPLS EXP field.
  • MPLS/VPN Support—Up to 1024 VRFs can be supported (over 511 VRFs requires recirculation).
  • Ethernet over MPLS—The Ethernet frame can be encapsulated at the ingress to the MPLS domain and the Ethernet frame can be decapsulated at the egress.
  • Packet recirculation—The PFC provides the capability to recirculate the packets. See the “Recirculation” section.
  • Configuration of MPLS switching is supported on VLAN interfaces with the mpls ip command.

Supported MPLS Features

  • MPLS features:

Basic MPLS

MPLS TE

MPLS TE DiffServ Aware (DS-TE)

MPLS TE Forwarding Adjacency

MPLS TE Interarea Tunnels

MPLS virtual private networks (VPNs)

MPLS VPN Carrier Supporting Carrier (CSC)

MPLS VPN Carrier Supporting Carrier IPv4 BGP Label Distribution

MPLS VPN Interautonomous System (InterAS) Support

MPLS VPN Inter-AS IPv4 BGP label distribution

See these publications for more information:

http://www.cisco.com/en/US/docs/ios-xml/ios/mpls/config_library/15-sy/mp-15-sy-library.html

http://www.cisco.com/en/US/tech/tk436/tk428/technologies_configuration_example09186a0080093fcb.shtml

http://www.cisco.com/en/US/tech/tk436/tk428/technologies_configuration_example09186a0080093fd0.shtml

  • HSRP Support for MPLS VPNs—See this publication:

http://www.cisco.com/en/US/docs/ios-xml/ios/ipapp_fhrp/configuration/15-sy/fhp-15-sy-book.html

  • OSPF Sham-Link Support for MPLS VPN—See this publication:

http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/iro-sham-link.html

  • Multi-VPN Routing and Forwarding (VRF) for CE Routers (VRF Lite)—VRF Lite is supported with the following features:

IPv4 forwarding between VRFs interfaces

IPv4 ACLs

IPv4 HSRP

See this publication:

http://www.cisco.com/en/US/products/hw/routers/ps259/prod_bulletin09186a00800921d7.html

Default Settings for MPLS

None.

How to Configure MPLS Features

Configuring MPLS

Use these publications to configure MPLS:

http://www.cisco.com/en/US/docs/ios-xml/ios/mpls/config_library/15-sy/mp-15-sy-library.html

Configuring MUX-UNI Support on LAN Cards

A User Network Interface (UNI) is the point where the customer edge (CE) equipment connects to the ingress PE and an attachment VLAN is a VLAN on a UNI port.

The MUX-UNI support on LAN cards feature provides the ability to partition a physical port on an attachment VLAN to provide multiple Layer 2 and Layer 3 services over a single UNI.

To configure MUX-UNI support on LAN cards, perform this task on the provider edge (PE) routers.

 

Command
Purpose

Step 1

Router# configure terminal

Enters global configuration mode.

Step 2

Router(config)# interface type number

Selects an interface to configure and enters interface configuration mode; valid only for Ethernet ports.

Step 3

Router(config-if)# switchport

Puts an interface that is in Layer 3 mode into Layer 2 mode for Layer 2 configuration.

Step 4

Router(config-if)# switchport trunk encapsulation dot1q

Configures the port to support 802.1Q encapsulation.

You must configure each end of the link with the same encapsulation type.

Step 5

Router(config-if)# switchport mode trunk

Configures the port as a VLAN trunk.

Step 6

Router(config-if)# switchport trunk allowed vlan vlan-list

By default, all VLANs are allowed. Use this command to explicitly allow VLANs; valid values for vlan-list are from 1 to 4094.

Note Avoid overlapping VLAN assignments between main and subinterfaces. VLAN assignments between the main interface and subinterfaces must be mutually exclusive.

Step 7

Router(config-if)# exit

Exits interface configuration mode.

Step 8

Router(config)# interface type slot/port.subinterface-number

Selects a subinterface to configure and enters interface configuration mode; valid only for Ethernet ports.

Step 9

Router(config-if)# encapsulation dot1q vlan_id

Enables the subinterface to accept 802.1Q VLAN packets.

The subinterfaces between the CE and PE routers that are running Ethernet over MPLS must be in the same subnet. All other subinterfaces and backbone routers do not need to be on the same subnet.

Step 10

Router(config-if)# xconnect peer_router_id vcid encapsulation mpls

Binds the attachment circuit to a pseudowire VC. The syntax for this command is the same as for all other Layer 2 transports.

This example shows a physical trunk port used as UNI:

Router(config)# interface gigabitethernet 3/1
Router(config-if)# switchport
Router(config-if)# switchport encapsulation dot1q
Router(config-if)# switchport mode trunk
Router(config-if)# switchport trunk allowed vlan 200-250

Router(config-if)# exit

 
Router(config)# interface gigabitethernet 3/1.10
Router(config-if)# encap dot1q 3000
Router(config-if)# xconnect 10.0.0.1 3000 encapsulation mpls

Router(config-if)# exit

 
 

This example shows a Layer 2 port channel used as UNI:

Router(config)# interface port-channel 100
Router(config-if)# switchport
Router(config-if)# switchport trunk encapsulation dot1q
Router(config-if)# switchport trunk allowed vlan 100-200
Router(config-if)# switchport mode trunk
Router(config-if)# no ip address

Router(config-if)# exit

 
Router(config)# interface port-channel 100.1
Router(config-if)# encapsulation dot1Q 3100
Router(config-if)# xconnect 10.0.0.30 100 encapsulation mpls

Router(config-if)# exit

 
 

This example shows Layer 3 termination and VRF for muxed UNI ports:

 
Router(config)# vlan 200, 300, 400
Router(config)# interface gigabitethernet 3/1
Router(config-if)# switchport
Router(config-if)# switchport encapsulation dot1q
Router(config-if)# switchport mode trunk
Router(config-if)# switchport trunk allowed vlan 200-500

Router(config-if)# exit

 
Router(config)# interface gigabitethernet 3/1.10
Router(config-if)# encap dot1q 3000
Router(config-if)# xconnect 10.0.0.1 3000 encapsulation mpls

Router(config-if)# exit

 
Router(config)# interface vlan 200
Router(config-if)# ip address 1.1.1.3

Router(config-if)# exit

 
Router(config)# interface vlan 300
Router(config-if)# ip vpn VRF A
Router(config-if)# ip address 3.3.3.1

Router(config-if)# exit

 
Router(config)# interface vlan 400
Router(config-if)# ip address 4.4.4.1
Router(config-if)# ip ospf network broadcast
Router(config-if)# mpls label protocol ldp
Router(config-if)# mpls ip

Router(config-if)# exit

Configuration Examples for MPLS

The following is an example of a basic MPLS configuration:

*****
Basic MPLS
*****
 
 
IP ingress interface:
 
Router# mpls label protocol ldp
 
interface GigabitEthernet6/2
ip address 75.0.77.1 255.255.255.0
media-type rj45
speed 1000
end
 
Label egress interface:
 
interface GigabitEthernet7/15
mtu 9216
ip address 75.0.67.2 255.255.255.0
logging event link-status
mpls ip
 
 
Router# show ip route 188.0.0.0
Routing entry for 188.0.0.0/24, 1 known subnets
 
O IA 188.0.0.0 [110/1] via 75.0.77.2, 00:00:10, GigabitEthernet6/2
 
 
Router# show ip routing 88.0.0.0
Routing entry for 88.0.0.0/24, 1 known subnets
 
O E2 88.0.0.0 [110/0] via 75.0.67.1, 00:00:24, GigabitEthernet7/15
[110/0] via 75.0.21.2, 00:00:24, GigabitEthernet7/16
Router# show mpls forwarding-table 88.0.0.0
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
30 50 88.0.0.0/24 0 Gi7/15 75.0.67.1
50 88.0.0.0/24 0 Gi7/16 75.0.21.2
 
 
Router# show platform cef 88.0.0.0 detail
 
Codes: M - mask entry, V - value entry, A - adjacency index, P - priority bit
D - full don't switch, m - load balancing modnumber, B - BGP Bucket sel
V0 - Vlan 0,C0 - don't comp bit 0,V1 - Vlan 1,C1 - don't comp bit 1
RVTEN - RPF Vlan table enable, RVTSEL - RPF Vlan table select
Format: IPV4_DA - (8 | xtag vpn pi cr recirc tos prefix)
Format: IPV4_SA - (9 | xtag vpn pi cr recirc prefix)
M(3223 ): E | 1 FFF 0 0 0 0 255.255.255.0
V(3223 ): 8 | 1 0 0 0 0 0 88.0.0.0 (A:344105 ,P:1,D:0,m:1 ,B:0 )
M(3223 ): E | 1 FFF 0 0 0 255.255.255.0
V(3223 ): 9 | 1 0 0 0 0 88.0.0.0 (V0:0 ,C0:0 ,V1:0 ,C1:0 ,RVTEN:0 ,RVTSEL:0 )
Router# show platform cef adj ent 344105
 
Index: 344105 smac: 0005.9a39.a480, dmac: 000a.8ad8.2340
mtu: 9234, vlan: 1031, dindex: 0x0, l3rw_vld: 1
packets: 109478260, bytes: 7006608640
 
Router# show platform cef adj ent 344105 detail
 
Index: 344105 smac: 0005.9a39.a480, dmac: 000a.8ad8.2340
mtu: 9234, vlan: 1031, dindex: 0x0, l3rw_vld: 1
format: MPLS, flags: 0x1000008418
label0: 0, exp: 0, ovr: 0
label1: 0, exp: 0, ovr: 0
label2: 50, exp: 0, ovr: 0
op: PUSH_LABEL2
packets: 112344419, bytes: 7190042816


Tip For additional information about Cisco Catalyst 6500 Series Switches (including configuration examples and troubleshooting information), see the documents listed on this page:

http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html

Participate in the Technical Documentation Ideas forum