Catalyst 3750 Metro Switch Software Configuration Guide, 12.2(55)SE
Configuring MPLS, MPLS OAM, MPLS VPN, and EoMPLS
Downloads: This chapterpdf (PDF - 739.0KB) The complete bookPDF (PDF - 14.17MB) | Feedback

Configuring MPLS, MPLS VPN, MPLS OAM, and EoMPLS

Table Of Contents

Configuring MPLS, MPLS VPN, MPLS OAM, and EoMPLS

Understanding MPLS Services

Understanding MPLS VPNs

VPN Benefits

Distribution of VPN Routing Information

Configuring MPLS VPNs

Default MPLS Configuration

MPLS VPN Configuration Guidelines

Enabling MPLS

Defining VPNs

Configuring BGP Routing Sessions

Configuring Provide-Edge-to-Provider-Edge Routing Sessions

Configuring BGP Provider-Edge-to- Customer-Edge Routing Sessions

Configuring RIP Provider-Edge-to-Customer-Edge Routing Sessions

Configuring Static Route Provider-Edge-to-Customer-Edge Routing Sessions

Packet Flow in an MPLS VPN

Understanding MPLS Traffic Engineering and Fast Reroute

MPLS TE

MPLS TE Fast Reroute

MPLS TE Primary and Backup Autotunnel

Configuring MPLS Traffic Engineering and Fast Reroute

Default MPLS TE and Fast Reroute Configuration

MPLS TE and Fast Reroute Configuration Guidelines

Configuring MPLS TE

Configuring an MPLS TE Tunnel

Configuring the Routing Protocol for MPLS TE

Configuring TE Fast Reroute

Configuring a Protected Link to Use a Backup Tunnel

Configuring Fast Reroute Failure Detection

Configuring Primary and Backup Autotunnels

Understanding MPLS OAM

LSP Ping

LSP Traceroute

AToM VCCV (LSP Ping over Pseudowire)

IP SLAs Interworking with MPLS OAM

LSP Tree Trace and IP SLAs ECMP Tree Trace

Configuring MPLS OAM and IP SLAs MPLS

Default MPLS OAM Configuration

MPLS OAM Configuration Guidelines

Using LSP Ping for LDP IPv4 FEC

Using LSP Traceroute for LDP IPv4 FEC

Using LSP Ping for Pseudowire (AToM VCCV)

Configuring IP SLAs MPLS Ping and Traceroute

Configuring the IP SLAs LSP Health Monitor

Manually Configuring IP SLAs MPLS LSP Ping or Traceroute

Using LSP Tree Trace

Manually Setting LSP Tree Trace

Configuring ECMP IP SLAs Tree Trace

Understanding EoMPLS

Interaction with Other Features

EoMPLS and IEEE 802.1Q Tunneling

EoMPLS and Layer 2 Tunneling

EoMPLS and QoS

EoMPLS Limitations

Enabling EoMPLS

Default EoMPLS Configuration

EoMPLS Configuration Guidelines

Configuring EoMPLS

Packet Flow in an EoMPLS Network

Configuring L2VPN Pseudowire Redundancy

Configuration Guidelines

Configuring the Pseudowire

Configuring L2VPN Interworking

Configuring Pseudowire Redundancy

Forcing a Manual Switchover to the Backup Pseudowire VC

Monitoring L2VPN Pseudowire Redundancy

Configuring MPLS and EoMPLS QoS

Understanding MPLS QoS

Enabling MPLS and EoMPLS QoS

Default MPLS and EoMPLS QoS Configuration

Setting the Priority of Packets with Experimental Bits

Configuring MPLS VPN QoS

Monitoring and Maintaining MPLS and EoMPLS


Configuring MPLS, MPLS VPN, MPLS OAM, and EoMPLS


This chapter describes how to configure multiprotocol label switching (MPLS) and Ethernet over MPLS (EoMPLS) on the Catalyst 3750 Metro switch. MPLS is a packet-switching technology that integrates link layer (Layer 2) switching with network layer (Layer 3) routing. With MPLS, data is transferred over any combination of Layer 2 technologies, using any Layer 3 protocol, with increased scalability. MPLS supports different routes between a source and destination over a router-based Internet backbone.

MPLS virtual private networks (VPNs) provides the capability to deploy and administer scalable Layer 3 VPN backbone services to business customers. A VPN is a secure IP-based network that shares resources on one or more physical networks.

Cisco IOS Release 12.2(37)SE includes support for MPLS Operations, Administration, and Maintenance (OAM) functionality to allow service providers to monitor label switched path (LSP) integrity and to quickly isolate MPLS forwarding problems. Cisco IOS Release 12.2(40)SE adds more functionality, including support for MPLS IP Service Level Agreements (IP SLAs).

Cisco IOS Release 12.2(46)SE adds support for MPLS traffic engineering fast reroute link protection. This feature provides link protection to label-switched paths (LSPs), enabling LSP traffic that crosses a failed link to be rerouted around the failure.

EoMPLS is a tunneling mechanism that transports Layer 2 Ethernet frames over an MPLS network. You can connect two Layer 2 networks that are in different locations, without bridges, routers, or switches at the locations. You enable the MPLS backbone to accept Layer 2 traffic by configuring the label-edge routers (LERs) at both ends of the MPLS backbone.

MPLS functionality is supported only on the enhanced-services (ES) ports; EoMPLS is supported on standard ports and on switch virtual interfaces (SVIs).


Note The switch does not support IPv6 features with any ES port features, such as MPLS. MPLS and EoMPLS are mutually exclusive with IPv6.


For more information about MPLS, see the "Multiprotocol Label Switching" section of the Cisco IOS Multiprotocol Label Switching Configuration Guide for Release 12.2 t this URL:
http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/12_2sr/mp_12_2sr_book.html

For complete syntax and usage information for the MPLS commands used in this chapter, see this URL:
http://www.cisco.com/en/US/docs/ios/mpls/command/reference/mp_book.html

This chapter contains these sections:

Understanding MPLS Services

Understanding MPLS VPNs

Configuring MPLS VPNs

Understanding MPLS Traffic Engineering and Fast Reroute

Configuring MPLS Traffic Engineering and Fast Reroute

Understanding MPLS OAM

Configuring MPLS OAM and IP SLAs MPLS

Understanding EoMPLS

Enabling EoMPLS

Configuring MPLS and EoMPLS QoS

Monitoring and Maintaining MPLS and EoMPLS

The switch supports hierarchical virtual private LAN service (H-VPLS) architecture to simulate LAN services over the MPLS network. The switch supports H-VPLS using IEEE 802.1Q tunneling or Ethernet over multiprotocol label switching (EoMPLS). For more information, see these software documents:

For information about EoMPLS, see the"Understanding EoMPLS" section.

For information about configuring EoMPLS, see the "Enabling EoMPLS" section.

For information about IEEE 802.1Q tunneling, see the "Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling" chapter.

For information about configuring H-VPLS on Cisco 7600 routers, see the "Configuring Multiprotocol Label Switching on the Optical Services Modules" section in the OSM Configuration Note, 12.2SX at:

http://www.cisco.com/en/US/docs/routers/7600/install_config/12.2SR_OSM_config/mpls_ps368_TSD_Products_Module_Configuration_Guide_Chapter.html#wp1423607

Understanding MPLS Services

In conventional Layer 3 forwarding, as a packet travels across the network, each router extracts the packet-forwarding information from the Layer 3 header and uses this information as a key for a routing table lookup to determine the packet's next hop. In most cases, the only relevant field in the header is the destination address field, but in some cases other header fields are also relevant. For this reason, each router through which the packet passes must analyze the packet header.

With MPLS, the Layer 3 header is analyzed only once and then is mapped into a fixed-length, unstructured value called a label. Many different headers can map to the same label, as long as those headers always result in the same choice of next hop. In effect, a label represents a forwarding-equivalence class (FEC)—that is, a set of packets that can be very different but that are indistinguishable to the forwarding function.

The initial choice of label can be based exclusively on the contents of the Layer 3 header, or it can be based on policy, allowing forwarding decisions at subsequent hops to be based on policy. After a label is chosen, a short label header is put at the front of the Layer 3 packet and carried across the network as part of the packet. At subsequent hops through each MPLS router in the network, labels are exchanged, and the router uses MPLS forwarding-table lookups for the label to make forwarding decisions. It is not necessary to re-analyze the packet header. Because the label is a fixed length and unstructured, the MPLS forwarding-table lookup process is straightforward and fast.

Each label-switching router (LSR) in the network makes an independent, local decision as to which label value is used to represent which forwarding equivalence class. This association is known as a label binding. Each LSR informs its neighbors of the label bindings that it has made. When a labeled packet is sent from LSR A to neighboring LSR B, the label value carried by the packet is the label value that B assigned to represent the packet's forwarding equivalence class. Thus, the label value changes as the IP packet travels through the network.


Note Because the Catalyst 3750 Metro switch is used as service-provider edge (PE) device, rather than a service-provider core router, it does not normally operate as an LSR. The switch only performs label switching when it is connected to two different provider core routers over the ES ports to provide a redundant path. In this case, the switch uses quality of service (QoS) policies to classify MPLS packets on egress for label switching.


A label represents a forwarding-equivalence class, but it does not represent a particular path through the network. In general, the path through the network continues to be chosen by the existing Layer 3 routing protocols, such as Open Shortest Path First (OSPF), Enhanced Interior Gateway Protocol (EIGRP), Intermediate-System-to-Intermediate-System (IS-IS), and Border Gateway Protocol (BGP). At each hop when a label is looked up, the choice of the next hop is determined by the dynamic routing algorithm.

Understanding MPLS VPNs

Using MPLS virtual private networks (VPNs) provides the capability to deploy and administer scalable Layer 3 VPN backbone services to business customers. A VPN is a secure IP-based network that shares resources on one or more physical networks. A VPN contains geographically dispersed sites that can communicate securely over a shared backbone.

VPN routes are distributed over the MPLS network by using multiprotocol BGP (MP-BGP), which also distributes the labels associated with each VPN route. MPLS VPN depends on VPN routing and forwarding (VRF) support to isolate the routing domains from each other. When routes are learned over an MPLS VPN, the switch learns the new route as a normal VRF route, except that the destination MAC address for the next hop is not the real address, but a specially formed address that contains an identifier that is allocated for the route. When an MPLS-VPN packet is received on a port, the switch looks up the labels in the routing table to determine what to do with the packet.

Each VPN is associated with one or more VPN VRF instances. A VRF includes routing and forwarding tables and rules that define the VPN membership of customer devices attached to the customer-edge (CE) device. A customer site can be a member of multiple VPNs; however, a site can associate with only one VRF. A VRF has these elements:

An IP routing table

A Cisco Express Forwarding table

A set of interfaces that use the forwarding table

A set of rules and routing protocol parameters to control the information in the routing tables

A customer-site VRF contains all the routes available to the site from the VPNs to which it belongs. VPN routing information is stored in the IP routing table and the Cisco Express Forwarding table for each VRF. A separate set of tables is maintained for each VRF, which prevents information from being forwarded outside a VPN and prevents packets that are outside a VPN from being forwarded to a router within the VPN. Based on the routing information stored in the VRF IP routing table and the VRF Cisco Express Forwarding table, packets are forwarded to their destinations.

A provider-edge router binds a label to each customer prefix that is learned from a CE device and includes the label in the network reachability information for the prefix that it advertises to other (PE) routers. When a PE router forwards a packet that is received from a CE device across the provider network, it labels the packet with the label learned from the destination PE router. When the destination PE router receives the labeled packet, it examines the label and uses it to direct the packet to the correct CE device.

A customer data-packet carries two levels of labels when traversing the backbone:

The top label directs the packet to the correct PE router.

The second label defines how that PE router should forward the packet to the CE device.

VPN Benefits

MPLS VPNs allow service providers to deploy scalable VPNs and build the foundation to deliver value-added services, including:

Connectionless service—MPLS VPNs are connectionless, which means that no prior action is required to establish communication between hosts. A connectionless VPN does not require tunnels and encryption for network privacy.

Centralized service—MPLS VPNs are seen as private intranets, which allows delivery of targeted IP services to a group of users represented by a VPN.

Scalability— MPLS-based VPNs use the peer model and Layer 3 connectionless architecture to leverage a highly scalable solution. The peer model requires a customer site to act as a peer to one PE router as opposed to all other customer PE or CE devices that are members of the VPN. The PE routers maintain VPN routes for those VPNs that are members. Routers in the core network do not maintain any VPN routes.

Security—MPLS VPNs offer the same level of security as connection-oriented VPNs. Packets from one VPN do not inadvertently go to another VPN. Security provided at the edge of a provider network ensures that packets received from a customer are placed on the correct VPN; security provided at the backbone ensures that VPN traffic is kept separate.

Easy to create—Because MPLS VPNs are connectionless, no specific point-to-point connection maps or topologies are required, and you can add sites to intranets and extranets to form closed user groups.

Flexible addressing—Customers can continue to use their present address spaces without network address translation (NAT) because the MPLS VPN provides a public and private view of the address. A NAT is required only if two VPNs with overlapping address spaces want to communicate.

Straightforward migration—You can build MPLS VPNs over multiple network architectures. Migration for the end customer is simplified because the CE router is not required to support MPLS, so no customer's intranet modifications are needed.

MPLS VPN also provides increased BGP functionality.

Figure 44-1 shows an example of a VPN with a service-provider backbone network, provider-edge (PE) CLE routers, and customer-edge (CE) devices.

Figure 44-1 VPNs with a Service-Provider Backbone

Each VPN contains customer devices attached to the customer-edge (CE) devices. The customer devices use VPNs to exchange information between devices, and the provider routers (P) are not aware of the VPNs.

Figure 44-2 shows five customer sites communicating within three VPNs. The VPNs can communicate with these sites:

VPN1: Sites 2 and 4

VPN2: Sites 1, 3, and 4

VPN3: Sites 1, 3, and 5

Figure 44-2 Customer Sites with VPNs

Distribution of VPN Routing Information

The distribution of VPN routing information is controlled through the use of VPN route target communities, implemented by BGP extended communities. VPN routing information is distributed in this manner:

When a VPN route learned from a CE device is added to the BGP process, a list of VPN route target extended community attributes is associated with it. The attribute values are obtained from an export list of route targets associated with the VRF from which the route was learned.

An import list of route target extended communities is also associated with each VRF. The import list defines route target extended community attributes that a route must have in order for the route to be imported into the VRF. For example, if the import list for a particular VRF includes route target communities A, B, and C, then any VPN route that carries any of those route target extended communities—A, B, or C—is imported into the VRF.

A PE router can learn an IP prefix from a CE device by static configuration, through a BGP session with the CE device, or through the Routing Information Protocol (RIP) exchange with the CE router. The IP prefix is a member of the IPv4 address family. After it learns the IP prefix, the PE router converts it into a VPN-IPv4 prefix by combining it with an 8-byte route distinguisher. The generated prefix is a member of the VPN-IPv4 address family and uniquely identifies the customer address, even if the customer site is using globally nonunique (unregistered private) IP addresses.

BGP distributes reachability information for VPN-IPv4 prefixes for each VPN. BGP communication takes place at two levels: within IP domains, known as autonomous systems (internal BGP or IBGP), and between autonomous systems (external BGP or EBGP). The PE-to-PE sessions are IBGP sessions, and PE-to-CE sessions are EBGP sessions.

BGP propagates reachability information for VPN-IPv4 prefixes among provider-edge routers by using the BGP multiprotocol extensions, which define support for address families other than IPv4. It does this in a way that ensures that the routes for a given VPN are learned only by other members of that VPN, which enables members of the VPN to communicate with each other.

Configuring MPLS VPNs

This section includes this information about configuring MPLS VPNs on a Catalyst 3750 Metro switch used as a PE router:

Default MPLS Configuration

MPLS VPN Configuration Guidelines

These sections describe the required tasks:

Enabling MPLS

Defining VPNs

Configuring BGP Routing Sessions

Configuring Provide-Edge-to-Provider-Edge Routing Sessions

You must also configure a provider-edge-to-customer-edge routing session. These sections provide example configurations:

Configuring BGP Provider-Edge-to- Customer-Edge Routing Sessions

Configuring RIP Provider-Edge-to-Customer-Edge Routing Sessions

Configuring Static Route Provider-Edge-to-Customer-Edge Routing Sessions

For an example of packet flow in an MPLS VPN, see the "Packet Flow in an MPLS VPN" section.

Default MPLS Configuration

By default, label switching of IPv4 packets along normally routed paths is globally enabled. MPLS forwarding of IPv4 packets is disabled by default on interfaces.

If no distribution protocol is explicitly configured by the mpls label protocol global configuration command, tag distribution protocol (TDP) is the default label distribution protocol for the switch. Cisco recommends that you configure label distribution protocol (LDP) for MPLS.

If no protocol is explicitly configured for an interface, the default label distribution protocol for the switch is used. By default, the labels of all destinations are advertised to all LDP neighbors.

No VRFs are defined. The default routing table for an interface is the global routing table.

MPLS VPN Configuration Guidelines

Follow these guidelines when configuring MPLS VPN:

MPLS requires that CEF is enabled on the switch. CEF is enabled by default. For more information about CEF, see the "Configuring Cisco Express Forwarding" section on page 36-98.

The switch must connect to the MPLS network through an ES port. MPLS configuration is supported only on ES ports.

Do not configure VLAN mapping on an interface configured for MPLS.

The switch supports a total of 26 VRFs and VPNs.

VRFs are not compatible with the PBR template. If you configure the PBR template by entering the sdm prefer routing-pbr command, any preconfigured VRFs are removed from the configuration. PBR and VRFs cannot function on the same switch.

MPLS VPN and QoS— you can apply standard QoS functions to MPLS VPN traffic. However, for a hierarchical QoS function, you cannot apply a service policy that would match traffic on a per VRF basis because VRFs are dynamically assigned to an MPLS label. For MPLS VPN traffic, you can apply a service-policy on egress that matches traffic based on DSCP or MPLS

Enabling MPLS

To use MPLS in a network, such as the one shown in Figure 44-1, MPLS must be globally enabled and explicitly configured on the provider-edge routers.

Beginning in privileged EXEC mode, follow these steps to incrementally deploy MPLS through a network, assuming that packets to all destination prefixes should be label-switched:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

ip routing

Enable IP routing on the switch if it is disabled.

Step 3 

ip cef distributed

Enable CEF on the device if it has been disabled.

Step 4 

mpls ip

Enable MPLS forwarding of IPv4 packets on normally routed paths if it has been disabled.

Step 5 

mpls label protocol ldp

Set the label protocol on the switch to LDP. The default protocol is TDP.

Step 6 

mpls ldp advertise-labels [for prefix-access-list [to peer-access-list]]

Enable MPLS label advertising on the switch. If no keywords are included, there are no restrictions on which labels are advertised.

(Optional) for prefix-access-list—Specify which destinations should have their labels advertised.

(Optional) to peer-access-list—Specify which LDP neighbors should receive label advertisements. A label switch router (LSR) is identified by its router ID, which consists of the first 4 bytes of its 6-byte LDP identifier.

Step 7 

interface interface-id

Enter interface configuration mode, and specify the Layer 3 ES interface connected to the MPLS network. Valid ES interfaces include gigabitethernet1/1/1, gigabitethernet1/1/2, and VLANs.

Step 8 

mpls ip

Enable MPLS forwarding of IPv4 packets along normally routed paths for the interface.

Step 9 

end

Return to privileged EXEC mode.

Step 10 

show mpls forwarding-table

show mpls interfaces

Verify the configuration.

Step 11 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Repeat these steps for every PE router in the network and the appropriate interfaces until all routers and connected interfaces are enabled for MPLS.

Use the no mpls ip global configuration command to disable MPLS on the switch. Use the no mpls label protocol ldp global configuration command to return to the default TDP.

Defining VPNs

Beginning in privileged EXEC mode, follow these steps to define VPN routing instances on the PE router:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

ip routing

Enable IP routing (required only if routing is disabled).

Step 3 

ip vrf vrf-name

Enter VRF configuration mode, and define the VPN routing instance by assigning a VRF name.

Step 4 

rd route-distinguisher

Create a VRF table by specifying a route distinguisher. Enter either an AS number and an arbitrary number (xxx:y) or an IP address and arbitrary number (A.B.C.D:y).

Step 5 

route-target {export | import | both} route-target-ext-community

Create a list of import, export, or import and export route target communities for the specified VRF. Enter either an AS system number and an arbitrary number (xxx:y) or an IP address and an arbitrary number (A.B.C.D:y). The route-target-ext-community should be the same as the route-distinguisher entered in Step 4.

Step 6 

import map route-map

(Optional) Associate the specified import route map with the VRF.

Step 7 

export map route-map

(Optional) Associate the specified export route map with the VRF.

Step 8 

exit

Return to global configuration mode.

Step 9 

interface interface-id

Enter interface configuration mode, and specify the Layer 3 ES or VLAN interface to be associated with the VRF.

Step 10 

ip vrf forwarding vrf-name

Associate the Layer 3 interface with the VRF.

Step 11 

end

Return to privileged EXEC mode.

Step 12 

show ip vrf

Display the defined VRFs and interfaces.

Step 13 

show ip route vrf

show ip cef vrf vrf-name

Display the IP routing table for a VRF.

Display the CEF forwarding table associated with a VRF.

Step 14 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Use the no ip vrf vrf-name global configuration command to delete a VRF and remove interfaces from it. Use the no ip vrf forwarding interface configuration command to remove an interface from a VRF.

Configuring BGP Routing Sessions

Beginning in privileged EXEC mode, follow these steps on the provider-edge router to configure BGP routing sessions in a provider network:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

ip routing

Enable IP routing (required only if routing is disabled).

Step 3 

router bgp autonomous-system-number

Enable a BGP routing process, assign it the AS number passed to the other BGP routers, and enter router configuration mode. The AS number can be from 1 to 65535, with 64512 to 65535 designated as private autonomous numbers.

Step 4 

neighbor {ip-address | peer-group-name} remote-as as-number

Specify a neighbor IP address or BGP peer group that identifies it to the local autonomous system. The AS number can be from 1 to 65535.

Step 5 

neighbor ip-address activate

Activate the advertisement of the IPv4 address family.

Step 6 

end

Return to privileged EXEC mode.

Step 7 

show ip bgp neighbor

Verify the configuration.

Step 8 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Use the no router bgp autonomous-system global configuration command to delete the BGP routing session.

Configuring Provide-Edge-to-Provider-Edge Routing Sessions

Beginning in privileged EXEC mode, follow these steps on the provider-edge router to configure a PE-to-PE routing session in a provider network that uses IBGP:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

router bgp autonomous-system-number

Enter router configuration mode.

Step 3 

address-family vpnv4 [unicast]

Enter address family configuration mode to configure routing sessions that use standard VPNv4 address prefixes.

(Optional) unicast—Specify VPNv4 unicast address prefixes.

Step 4 

neighbor ip-address remote-as as-number

Define an IBGP session between the provider-edge routers.

Step 5 

neighbor ip-address activate

Activate the advertisement of the IPv4 address family.

Step 6 

end

Return to privileged EXEC mode.

Step 7 

show ip bgp [ipv4] [neighbors] [vpnv4]

Verify BGP configuration. Display information about all BGP IPv4 prefixes.

Step 8 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Use the no router bgp autonomous-system global configuration command to delete the BGP routing session.

Configuring BGP Provider-Edge-to- Customer-Edge Routing Sessions

Beginning in privileged EXEC mode, follow these steps on the provider-edge router to configure a BGP PE-to-CE routing session:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

router bgp autonomous-system-number

Configure the BGP routing process with the AS number passed to other BGP routers, and enter router configuration mode.

Step 3 

address-family ipv4 [unicast] vrf vrf-name

Define EGPG parameters for PE-to-CE routing sessions, and enter VRF address-family configuration mode.

Note The default is off for auto-summary and synchronization in the VRF address-family configuration mode.

Step 4 

neighbor address remote-as as-number

Define an EBGP session between PE and CE routers.

Step 5 

neighbor address activate

Activate the advertisement of the IPv4 address family.

Step 6 

end

Return to privileged EXEC mode.

Step 7 

show ip bgp [ipv4] [neighbors]

Verify BGP configuration. Display information about all BGP IPv4 prefixes.

Step 8 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Use the no router bgp as-number global configuration command to delete the BGP routing session.

Configuring RIP Provider-Edge-to-Customer-Edge Routing Sessions


Note You can also use the OSPF routing protocol for PE-to-CE routing sessions.


Beginning in privileged EXEC mode, follow these steps on the provider-edge router to configure RIP PE-to-CE routing:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

router rip

Enable RIP routing, and enter router configuration mode.

Step 3 

address-family ipv4 [unicast] vrf -name

Define RIP parameters for PE-to-CE routing sessions, and enter VRF address-family configuration mode.

Note The default is off for auto-summary and synchronization in the VRF address-family configuration mode.

Step 4 

network prefix

Enable RIP on the PE-to-CE link.

Step 5 

end

Return to privileged EXEC mode.

Step 6 

show ip rip database [network-prefix]

Verify the configuration.

Step 7 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Use the no router rip global configuration command to disable RIP routing.

Configuring Static Route Provider-Edge-to-Customer-Edge Routing Sessions

Beginning in privileged EXEC mode, follow these steps on the provider-edge router to configure static routing:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

ip route vrf vrf-name prefix mask

Define the VRF static routing table to use for PE-to-CE sessions.

Step 3 

router bgp autonomous-system-number

Enter the BGP routing process AS number, and enter router configuration mode.

Step 4 

address-family ipv4 [unicast] vrf vrf-name

Define static route parameters for every PE-to-CE routing session, and enter VRF address-family configuration mode.

Note The default is off for auto-summary and synchronization in the VRF address-family configuration mode.

Step 5 

redistribute static

Redistribute VRF static routes into the VRF BGP table.

Step 6 

redistribute connected

Redistribute directly connected networks into the VRF BGP table.

Step 7 

end

Return to privileged EXEC mode.

Step 8 

show ip bgp [ipv4]

Verify the configuration.

Step 9 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Packet Flow in an MPLS VPN

Figure 44-3 is an example of packet flow between two customer sites in an MPLS VPN network.

Figure 44-3 Sample MPLS VPN Packet Flow

A customer (Fast Ethernet) port on switch PE1 is configured for routed operation in a VPN. The port uses static routing or a routing protocol (RIP, OSPF, EIGRP, or BGP) to forward packets. MP-BGP is configured over the PE1 switch ES port with a route distinguisher that is associated with the customer's VPN. MP-BGP is configured to redistribute the routes and their associated VPN labels over the ES port that is using this route distinguisher.

The packet flow follows these steps:


Step 1 Provider-edge switch PE1 (which could be a Catalyst 3750 Metro switch) receives a packet from the customer switch at site 1. The switch determines from the lookup table that the VRF is a VLAN running MPLS and uses the MPLS lookup table to determine what to do with the packet. The MPLS lookup table contains the peer LSR as the destination MAC address and the local interface as the source MAC address.

Step 2 PE1 finds a BGP route with the appropriate next hop and labels, adds the appropriate labels to the packet, and forwards the packet out of the ES port to the next hop router (P3).

Step 3 The P3 router receives the packet and forwards it over the MPLS-VPN network, based on the packet's top label—the interior gateway protocol (IGP) label—and then removes the top label.

Step 4 PE3 receives the packet, removes the MPLS encapsulation, and forwards the packet by using the VRF interface associated with the VPN label contained in the packet that has the customer-edge switch CE2 as the destination.


Understanding MPLS Traffic Engineering and Fast Reroute

This section describes the Catalyst 3750 Metro support of MPLS traffic engineering (TE) and includes these sections:

MPLS TE

MPLS TE Fast Reroute

MPLS TE Primary and Backup Autotunnel

MPLS TE

MPLS traffic engineering (TE) provides control over how traffic is routed through the network. This increases the bandwidth efficiency by preventing over-use of some links while other links are under used. TE overrides the shortest path selected by the Interior Gateway Protocol (IGP) to select the most efficient path for traffic. Network resources are advertised by using a link-state routing protocol, such as Intermediate System-to-Intermediate System (IS-IS) or Open Shortest Path First (OSPF). MPLS TE then uses a unidirectional LSP or tunnel to forward traffic, calculating the tunnel paths based on required and available resources.

Regular MPLS traffic engineering automatically establishes and maintains label-switched paths (LSPs) across the backbone using Resource Reservation Protocol (RSVP). The path used by a given LSP is based on the LSP resource requirements and available network resources such as bandwidth. Available resources are flooded via extensions to the link-state based IGP.

For more information on MPLS TE, see this URL:

http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/12_4/mp_12_4_book.html

Paths for LSPs are calculated at the LSP headend, the first router in the LSP path. Under failure conditions, the headend determines a new route for the LSP based on destination, bandwidth, link attributes, and priority. RSVP-TE then establishes and maintains the TE tunnel across the MPLS backbone network. Packets are switched inside the tunnel by using MPLS labels. Recovery at the headend provides for the optimal use of resources.

The switch supports 250 tunnels in the TE headend and 2,000 tunnels at the midpoint.

The Catalyst 3750 Metro switch supports these MPLS TE features:

OSPF, IS-IS, and RSVP extensions to support MPLS TE

TE autotunnel primary and backup

TE tunnel reoptimization to improve overall efficiency by rerouting some traffic trunks to new paths

TE load sharing to a destination over paths with unequal costs. The switch supports up to 256 load-shared routes (load-shared routes for up to 256 destinations). Any additional load-balanced routes are forwarded in one path in the hardware.

TE IP explicit address exclusion to exclude a link or node from the path. You use the ip explicit-path global configuration mode to enter explicit-path configuration mode and then use the exclude-address command to specify addresses to exclude from the path.

Support for LDP over TE tunnels for Layer 3 VPN traffic by entering the mpls ip interface configuration command on the tunnel interface. The switch does not support LDP over TE tunnels for Layer 2 VPN traffic.

Traffic forwarding to the TE tunnel using static routing

TE autoroute, which installs the routers announced by the tailend router and the downstream routers into the routing table of the headend router. All traffic directed to prefixes beyond the tunnel end are pushed into the tunnel.

The Catalyst 3750 Metro switch does not support these MPLS TE features:

Interarea TE support for OSPF and IS-IS

TE path protection

Shared risk link group (SRLG)

Traffic forwarding to the TE tunnel using policy routing

Traffic forwarding to the TE tunnel using forwarding adjacency

Auto bandwidth

Autotunnel mesh group

MPLS TE Fast Reroute

With MPLS TE, when a link or node failure occurs, the LSP headend determines a new route for the LSP. However, due to messaging delays, the headend cannot recover as quickly as making a repair at the point of failure. Fast reroute (FRR) protects the LSPs from link and node failures by locally repairing the LSP at the point of failure, allowing data to continue to flow while the headend routers establish replacement end-to-end LSPs. Fast reroute locally repairs the protected LSP by rerouting all LSP traffic crossing a failed link over backup tunnels that bypass the failed link or node.

Link protection is also referred to as next hop (N-Hop) protection because the new route terminates at the next hop beyond the LSP failure.

Node protection is also referred to as next-next-hop (NN-Hop) protection because the new route bypasses the next hop node and terminates at the node following the next-hop node. Node protection also provides protection from link failures because traffic bypasses the failed link and the failed node.

For more information about MPLS TE fast reroute, see this feature module:

http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/fslinkpt.html

The reroute decision is completely controlled locally by the router interfacing the failed link. The headend of the tunnel is also notified of the link failure through the IGP or through RSVP; the headend then attempts to establish a new LSP that bypasses the failure.


Note Local reroute prevents any further packet loss caused by the failed link. If the tunnel is configured to be dynamic, the headend of the tunnel then has time to reestablish the tunnel along a new, optimal route. If the headend still cannot find another path to take, it continues to use the backup tunnel.


Fast link change detection (FLCD) and RSVP hello messages form the failure detection mechanism. FLCD is notified when an interface encounters a link status change and RSVP hello enables the RSVP nodes to detect when a neighboring node is not reachable. You can configure RSVP hello messages by entering the ip rsvp signalling hello [fast reroute] refresh global configuration command.

Backup tunnels have these characteristics on the Catalyst 3750 Metro switch:

A backup tunnel can protect multiple LSPs.

When the primary tunnel restores, traffic changes from the backup tunnel back to the primary tunnel.

The switch does not support backup tunnel bandwidth protection.

The switch supports MPLS TE fast reroute over only routed ports and not over SVIs or EtherChannels.

MPLS TE Primary and Backup Autotunnel

The primary and backup autotunnel feature enables a switch to dynamically build backup tunnels and to dynamically create one-hop primary tunnels on all interfaces configured for MPLS TE.

Primary autotunnel dynamically creates one-hop primary tunnels on all MPLS TE interfaces. Instead of configuring an MPLS TE tunnel with fast-reroute, you enter the mpls traffic-eng auto-tunnel primary onehop global configuration command to dynamically create one-hop tunnels on all MPLS TE interfaces.

Backup autotunnel enables a router to dynamically build backup tunnels when they are needed so that you do not need to configure them manually. To configure backup autotunnel, enter the mpls traffic-eng auto-tunnel backup router configuration command.

Configuring MPLS Traffic Engineering and Fast Reroute

This section includes this information about configuring MPLSTE on a Catalyst 3750 Metro switch:

Default MPLS TE and Fast Reroute Configuration

MPLS TE and Fast Reroute Configuration Guidelines

These sections describe the configuration procedures:

Configuring MPLS TE

Configuring TE Fast Reroute

Configuring Primary and Backup Autotunnels

Default MPLS TE and Fast Reroute Configuration

MPLS TE and fast reroute are not configured.

Backup or primary autotunnel is not configured.

MPLS TE and Fast Reroute Configuration Guidelines

Follow these guidelines when configuring MPLS TE:

Not all of the MPLS TE commands that are visible in the switch command-line interface help are supported. See the "MPLS" section on page C-12 of Appendix C, "Unsupported Commands in Cisco IOS Release12.2(55)SE."

To configure MPLS traffic engineering and fast reroute, the network must be running IP Cisco Express Forwarding (CEF) and MPLS and support at least one of these protocols: OSPF or IS-IS.

For information on all MPLS commands, see the MPLS command reference at this URL:

http://www.cisco.com/en/US/docs/ios/mpls/command/reference/mp_book.html

Configuring MPLS TE

For more information on MPLS TE, see this URL:

http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_te_diffserv_aw_ps6922_TSD_Products_Configuration_Guide_Chapter.html

Beginning in privileged EXEC mode, follow these steps to configure MPLS TE and configure an interface to support RSVP-based tunnel signalling and IGP flooding:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

ip cef distributed

Enable CEF on the switch.

Step 3 

mpls traffic-eng tunnels

Enable MPLS traffic engineering tunnels on the switch.

Step 4 

ip rsvp signalling hello

Globally enable Hello signalling on the switch.

Step 5 

interface interface-id

Specify a physical interface and enter interface configuration mode.

Step 6 

mpls traffic-eng tunnels

Enable the MPLS traffic engineering tunnel feature on an interface.

Step 7 

ip rsvp bandwidth bandwidth

Enable RSVP for IP on an interface and the maximum amount of bandwidth, in kb/s, that may be allocated by RSVP flows. The range is from 1 to 10000000. The default is 75% of the link bandwidth.

Step 8 

ip rsvp signalling hello

Enable Hello signalling on the interface.

Step 9 

end

Return to privileged EXEC mode.

Step 10 

show mpls traffic-eng tunnel

Verify the configuration.

Step 11 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Enter no mpls traffic-eng tunnels to disable MPLS traffic engineering tunnels on the switch or interface. Enter the no rsvp bandwidth interface configuration command to return to the default.

Configuring an MPLS TE Tunnel

Beginning in privileged EXEC mode, follow these steps to configure an MPLS traffic engineering tunnel. The configured tunnel has two path setup options—a preferred explicit path and a backup dynamic path.

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

interface tunnel tunnel-id

Enter interface configuration mode for a tunnel interface.

Step 3 

ip unnumbered loopback0

Configure the tunnel source address to be the IP address of the loopback0 interface. The command is not effective until loopback0 is configured with an IP address.

Step 4 

tunnel destination A.B.C.D

Specify the destination for a tunnel.

Step 5 

tunnel mode mpls traffic-eng

Set the encapsulation mode of the tunnel to MPLS traffic engineering.

Step 6 

tunnel mpls traffic-eng bandwidth bandwidth

Configure the bandwidth, in kb/s per second, set aside for the MPLS traffic engineering tunnel. The range is from 1 to 4294967295 kb/s. The default is 0.

Step 7 

tunnel mpls traffic-eng path-option 1 explicit name name

Configure a named IP explicit path.

Step 8 

tunnel mpls traffic-eng path-option 2 dynamic

Configure a backup path to be dynamically calculated from the traffic engineering topology database.

Step 9 

exit

Return to global configuration mode.

Step 10 

ip explicit-path name name

Specify the IP explicit path name, and enter IP explicit path configuration mode. An IP explicit path is a list of IP addresses, each representing a node or link in the explicit path.

Step 11 

next-address A.B.C.E

Specify the next IP address in the explicit path.

Step 12 

next-address A.B.C.F

Specify the second IP address in the explicit path.

Step 13 

exclude-address A.B.C.X

(Optional) Exclude an address from the IP explicit path.

Step 14 

end

Return to privileged EXEC mode.

Step 15 

show ip explicit-paths

Verify the configuration.

Step 16 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Enter the no forms of the commands to remove the configured MPLS tunnels. Enter the no ip explicit-path name global configuration command to disable IP explicit paths.

Configuring the Routing Protocol for MPLS TE

Beginning in privileged EXEC mode, follow these steps to configure IS-IS or OSPF for MPLS traffic engineering:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

router {isis | ospf}

Enable IS-IS or OSPF routing, and enter router configuration mode.

Step 3 

mpls traffic-eng level 1

or

mpls traffic-eng area 0

Turn on MPLS traffic engineering for IS-IS level 1.

Turn on MPLS traffic engineering for OSPF.

Step 4 

mpls traffic-eng router-id loopback0

Specify the traffic engineering router identifier for the node to be the IP address associated with interface loopback0.

Step 5 

metric-style wide

Configure a router to generate and accept only new-style stands for type, length, and value objects (TLVs).

Note This command is for IS-IS routing only.

Step 6 

end

Return to privileged EXEC mode.

Step 7 

show mpls traffic-eng
show ip ospf mpls traffic-eng

Verify the configuration.

Step 8 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

To remove the traffic engineering router identifier, use the no mpls traffic-eng router-id command.

Configuring TE Fast Reroute

Before or after entering the commands described in these procedures, you must enable the MPLS traffic engineering tunnel capability globally on the tunnel routers by entering the mpls traffic-eng tunnels global and interface configuration commands. For information about the commands for MPLS TE fast reroute, see this URL:

http://www.cisco.com/en/US/docs/ios/mpls/command/reference/mp_book.html

Beginning in privileged EXEC mode, follow these steps to enable MPLS traffic engineering fast reroute on an MPLS tunnel and to create a backup tunnel to the next hop or next-next hop:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

interface tunnel tunnel-number

Create a tunnel interface, and enter interface configuration mode for the tunnel interface.

Step 3 

ip unnumbered interface-id

Configure the tunnel source address. This is usually the IP address of the loopback0 interface. The command is not effective until loopback0 is configured with an IP address.

Step 4 

tunnel destination A.B.C.D

Specify the IP address of the device where the tunnel terminates. This should be the router ID of the next-hop or next-next hop of the LSP to be protected.

Step 5 

tunnel mode mpls traffic-eng

Set the mode of a tunnel to MPLS for traffic engineering.

Step 6 

tunnel mpls traffic-eng path-option number {dynamic | explicit {name path-name | path-number}} [lockdown]

Configure a path option for an MPLS TE tunnel. Keywords have these meanings:

number—When multiple paths are configured, lower-numbered options are preferred.

dynamic—Specify that the LSP path is dynamically calculated.

explicit—Specify that the LSP path is an explicit IP path.

name path-name—Path name of the IP explicit path that the tunnel uses with this option.

name path-number—Path number of the IP explicit path that the tunnel uses with this option.

(Optional) lockdown—Specify that the LSP cannot be reoptimized.

Step 7 

tunnel mpls traffic-eng fast-reroute

Enable the MPLS TE tunnel to use an established backup tunnel in the event of a link or node failure

Step 8 

ip explicit-path name path-name

Specify the path of the tunnel, and enter IP explicit path command mode to set up or modify the explicit path. An IP explicit path is a list of IP addresses, each representing a node or link in the explicit path.

Step 9 

next-address A.B.C.E

Specify the next IP address in the explicit path.

Step 10 

 

Repeat Step 8 for additional IP addresses in the path.

Step 11 

end

Return to privileged EXEC mode.

Step 12 

show ip explicit-paths

Verify the configuration.

Step 13 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Enter the no tunnel mode mpls traffic-eng global configuration command to disable MPLS traffic engineering or the no ip explicit-path global configuration command to remove the IP explicit path configuration.

Configuring a Protected Link to Use a Backup Tunnel

Beginning in privileged EXEC mode, follow these steps to configure a protected link to use the backup tunnel:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

interface interface-id

Specify the interface ID of the protected link and enter interface configuration mode.

Step 3 

mpls traffic-eng backup-path tunnel tunnel-id

Configure the interface to use a backup tunnel in the event of a detected failure on that interface. You can enter this command multiple times to associate the protected interface with multiple backup tunnels.

Step 4 

end

Return to privileged EXEC mode.

Step 5 

show mpls traffic-eng fast-reroute database

Verify the that backup protection is configured. A ready status means that the tunnel is ready to switch to backup; an active status means that tunnel traffic is on backup.

Step 6 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

To remove the backup tunnel configuration, enter the no mpls traffic-eng backup-path tunnel interface configuration command.

Configuring Fast Reroute Failure Detection

Beginning in privileged EXEC mode, follow these steps to configure fast reroute failure detection:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

ip rsvp signalling hello

Globally enable Hello signalling on the switch.

Step 3 

interface interface-id

Specify an interface ID, and enter interface configuration mode.

Step 4 

ip rsvp signalling hello fast-reroute refresh misses number

Configure the number of consecutive RSVP TE hello acknowledgments a node can miss before the node communication with its neighbor status is down. Valid values are from 4 to 10. The default is 4.

Step 5 

ip rsvp signalling hello fast-reroute refresh interval interval-value

Configure the frequency, in milliseconds, at which a node sends hello messages to a neighbor. Valid values are from 10 to 30000 (.01 to 30 seconds). The default frequency is 1000 milliseconds (10 seconds).

Note To prevent false detection of a down neighbor and unnecessarily triggering fast reroute, we recommend configuring a minimum frequency of 200 ms.

Step 6 

ip rsvp signalling hello

Enable Hello signalling on the interface.

Step 7 

end

Return to privileged EXEC mode.

Step 8 

show ip rsvp fast-reroute
show ip rsvp hello instance summary

Verify the configuration.

Step 9 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Enter the no ip rsvp signalling hello global configuration command to disable Hello signalling on the switch. Enter the no ip rsvp signalling hello fast-reroute refresh misses or the no ip rsvp signalling hello fast-reroute refresh interval interface configuration command to set the misses or refresh interval to the default.

Configuring Primary and Backup Autotunnels

The Autotunnel Primary and Backup feature enables a router to dynamically build backup tunnels and to dynamically create one-hop primary tunnels on all interfaces configured for MPLS TE. For information about the commands for MPLS autotunnel, see this URL:

http://www.cisco.com/en/US/docs/ios/mpls/command/reference/mp_book.html

Beginning in privileged EXEC mode, follow these steps to automatically create primary tunnels to all next hop neighbors:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

mpls traffic-eng auto-tunnel primary onehop

Configure the switch to automatically create primary MPLS tunnels to all next hops.

Step 3 

mpls traffic-eng auto-tunnel primary tunnel-num [min num] [max num]

Configure the range of tunnel interface numbers for primary autotunnels.

(Optional) [min num]—Specify the minimum number of the primary tunnels. Valid values are from 0 to 65535. The default is 65436.

(Optional) [max num]—Specify the maximum number of the primary tunnels. The max number is the minimum number plus 99. Valid values are from 0 to 65535.

Step 4 

mpls traffic-eng auto-tunnel primary timers removal rerouted sec

Configure how many seconds after a failure primary autotunnels are removed. Valid values are 30 to 604800. The default is 0.

Step 5 

mpls traffic-eng auto-tunnel primary config unnumbered interface-id

Enable IP processing on the specified interface without an explicit address.

Step 6 

mpls traffic-eng auto-tunnel primary config mpls ip

Enable Label Distribution Protocol (LDP) on primary autotunnels.

Step 7 

end

Return to privileged EXEC mode.

Step 8 

show interface tunnel tunnel-num

Verify the configuration.

Step 9 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Enter the no form of each command to delete the tunnel or disable the feature or capability. To remove all primary auto tunnels, enter the clear mpls traffic-eng auto-tunnel primary privileged EXEC command.

Beginning in privileged EXEC mode, follow these steps to establish MPLS backup auto tunnels:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

mpls traffic-eng auto-tunnel backup

Configure the switch to automatically create next-hop (NHOP) and next-next hop (NNHOP) backup tunnels.

Step 3 

mpls traffic-eng auto-tunnel backup nhop-only

Configure the switch to automatically build only next-hop (NHOP) backup tunnels.

Step 4 

mpls traffic-eng auto-tunnel backup timers removal unused sec

Configure how frequently (in seconds) a timer scans the backup autotunnels and removes tunnels that are not being used. Valid values are 0 to 604800. The default is every 3600 seconds (60 minutes).

Step 5 

mpls traffic-eng auto-tunnel backup config unnumbered interface interface-id

Enable IP processing without an explicit address.

interface interface-id is the interface on which IP processing will be enabled without an explicit address. The default interface is Loopback0.

Step 6 

mpls traffic-eng auto-tunnel primary config mpls ip

Enable Label Distribution Protocol (LDP) on primary autotunnels.

Step 7 

end

Return to privileged EXEC mode.

Step 8 

show interface tunnel tunnel-num

Verify the configuration.

Step 9 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Enter the no form of each command to delete the tunnel or disable the feature or capability.

Understanding MPLS OAM

MPLS OAM helps service providers monitor label-switched paths (LSPs) and quickly isolate MPLS forwarding problems to assist with fault detection and troubleshooting in an MPLS network. The Catalyst 3750 Metro switch supports these MPLS OAM features:

LSP ping/traceroute LDP IPv4 version 3

Any Transport over MPLS (AToM) Virtual Circuit Connection Verification (VCCV) to use MPLS LSP Ping to test the pseudowire section of an AToM virtual circuit (VC).

IP Service Level Agreements (IP SLAs) to monitor MPLS LSP networks and IP SLAs Health Monitor to automatically generate LSP ping and traceroute to BGP VPN neighbors.


Note In Cisco IOS Release 12.2(37)SE, IP SLAs support implemented nonstandard IP SLAs command-line interface commands, using the rtr global configuration command to put the switch into response time reporter (RTR) configuration mode. Beginning with Cisco IOS Release 12.2(40)SE, the switch uses the standard IP SLAs configuration commands, using the ip sla global configuration command to put the switch into IP SLAs configuration mode. See Chapter 41, "Configuring Cisco IOS IP SLAs Operations," for more information on configuring IP SLAs.


For more information about MPLS OAM, see the MPLS LSP Ping/Traceroute for LDP/TE, and LSP Ping for VCCV feature guide at this URL:

http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/ht_lspng.html


Note The switch does not support all of the commands referenced in the MPLS LSP Ping/Traceroute feature module. For a list of commands that are visible in the CLI help, but not supported on the switch, see Appendix C, "Unsupported Commands in Cisco IOS Release12.2(55)SE."


Beginning with Cisco IOS Release 12.2(40)SE, the switch supports these additional keywords for the ping mpls and traceroute mpls privileged EXEC commands to support RFC4379:

Entering the dsmap keyword with the ttl keyword to the ping command allows you configure a MPLS echo request from the source router to expire at a transit router with a wildcard downstream map to obtain downstream information from the transit router.

Entering the flags fec keyword configures the source router to force the transit router to validate the target forwarding equivalence class (FEC).

Entering the force-explicit-null keyword adds a Null label to the end of the label stack to allow the destination provider-edge device to distinguish between traffic that has been rejected by the destination provider router and traffic that arrives untagged.

Entering the interval keyword allows you to specify the echo request packet send interval.

Entering the output interface interface-id keywords provides path information as input to the LDP IPv4 ping and traceroute configuration to force echo packets through the same paths for more detailed analysis for LSP debugging.

Entering the repeat keyword specifies the number of retries attempted if an echo request times out before an echo reply is received.

To allow interoperability between these IETF RFC 4379 drafts, the revision keyword was added to enable Cisco IOS releases to support the existing draft changes and any changes from future versions of the IETF LSP Ping draft. The switch supports revision 2 and RFC 4329 Compliant.

In addition, these other features have been added:

Echo request return codes have been enhanced for better fault isolation.

You can use the no mpls oam global configuration command to disable the MPLS OAM subsystem when MPLS is running.

You can configure the maximum number of labels in a label stack for load balancing.

The switch now supports LSP tree trace, using the trace mpls multipath. privileged EXEC command to trace all possible paths of an LSP network between the ingress and egress routers by using downstream mapping.

Enhancements to the IP SLAs MPLS LSP Health Monitor include:

Entering the auto ip sla mpls-lsp-monitor global configuration command automatically configures ping and traceroute boundaries

Entering the path-discover command in auto IP SLA MPLS parameter configuration mode configures equal cost multipath (ECMP) tree trace. VPN end points are automatically discovered and ping or traceroute actions are automatically generated for each provider edge router.

For more information on configuring the LSP Health Monitor, go to this URL:

http://www.cisco.com/en/US/docs/ios/12_2sx/12_2sxh/feature/guide/sxh_hmon.html

LSP Ping

MPLS LSP ping uses MPLS echo request and reply packets, similar to Internet Control Message Protocol (ICMP) echo request and reply messages, to validate an LSP. ICMP echo request and reply messages validate IP networks; MPLS OAM echo and reply messages validate MPLS LDP networks. The LSP ping and trace functions use IPv4 UDP packets with UDP port number 3503. You can use MPLS LSP ping to validate IPv4 LDP or Forwarding Equivalence Classes (FECs) by using the ping mpls privileged EXEC command. The MPLS echo request packet is sent to a target router by using the label stack associated with the FEC to be validated.

The source address of the LSP echo request is the IP address of the LDP router generating the LSP request. The destination IP address is a 127.x.y.z/8 address, which prevents the IP packet from being switched to its destination if the LSP is broken. The 127.0.0.x destination address range prevents the OAM packets from exiting the egress provider-edge router, which keeps them from leaking from the service-provider network to the customer network.

In response to an MPLS echo request, an MPLS echo reply is forwarded as an IP packet by using IP, MPLS, or a combination of both. The source address of the MPLS echo-reply packet is an address obtained from the router generating the echo reply. The destination address is the source address of the router that originated the MPLS echo-request packet. The MPLS echo-reply destination port is the echo-request source port.

LSP Traceroute

MPLS LSP traceroute also uses MPLS echo request and reply packets to validate an LSP. You can use MPLS LSP traceroute to validate LDP IPv4 by using the trace mpls privileged EXEC command. The traceroute time-to-live (TTL) settings force expiration of the TTL along an LSP. MPLS LSP traceroute incrementally increases the TTL value in its MPLS echo requests (TTL = 1, 2, 3, 4) to discover the downstream mapping of each successive hop. The transit router processing the MPLS echo request returns an MPLS echo reply containing information about the transit hop in response to the TTL-expired MPLS packet. The MPLS echo reply destination port is sent to the echo request source port.

AToM VCCV (LSP Ping over Pseudowire)

You can use AToM VCCV control words to send control packets inband of an AToM pseudowire from the originating provider edge router or out-of-band by using router alert. The Catalyst 3750 Metro switch supports out-of-band VCCV. You configure this by using the ping mpls pseudowire privileged EXEC command. The transmission is intercepted at the destination provider-edge router, instead of being forwarded to the customer-edge router. You can use AToM VCCV and MPLS LSP ping to test the pseudowire section of AToM virtual circuits.

AToM VCCV consists of these components:

A signaled component in which the AToM VCCV capabilities are advertised during virtual-circuit label signaling

A switching component that causes the AToM VC payload to be treated as a control packet

An LSP ping through a Layer 2 pseudowire requires that the originating router first validate the pseudowire control channel capability during the exchange of virtual-circuit labels. In the Catalyst 3750 Metro switch, this is done by using a router alert label, which sends the LSP ping or traceroute packet to the egress PE router processor instead forwarding it to the CE devices. This is type 2 AToM VCCV. The switch does not support inband VCCV validation using a control word (type 1).

IP SLAs Interworking with MPLS OAM

IP SLAs provides a way to generate MPLS LSPs and measure statistics between provider-edge routers participating in the MPLS network. It uses LSP ping and traceroute to determine network availability or measure network connectivity and performance between the provider-edge routers. You can manually configure IP SLAs LSP ping or traceroute, or you can configure it using the IP SLAs Health Monitor.

When you manually configure LSP ping or traceroute, you explicitly specify the FEC you want to validate, for example, a VPN end point.

When you use the MPLS LSP Health Monitor, you specify a VRF, and the monitor automatically discovers the VPN end points. When configured, the LSP Health Monitor automatically creates and deletes IP SLAs LSP ping or LSP traceroute operations based on network topology. It automatically discovers all adjacent BGP next-hop provider-edge routers and creates individual IP SLAs LSP ping operations for each applicable BGP next-hop neighbor.

For more information on configuring the LSP Health Monitor, go to this URL:

http://www.cisco.com/en/US/docs/ios/12_2sx/12_2sxh/feature/guide/sxh_hmon.html

LSP Tree Trace and IP SLAs ECMP Tree Trace

As the number of MPLS deployments increases, the number of traffic types the MPLS networks carry could increase. In addition, load balancing in the MPLS network provides alternate paths for carrying MPLS traffic to a target router, making troubleshooting forwarding problems between PEs difficult.The MPLS LSP multipath tree trace feature provides the means to discover all possible routing paths of an LSP network between an egress and ingress router by using downstream mapping. Once discovered, you can retest these paths periodically by using MPLS LSP ping or traceroute. This feature is an extension to the MPLS LSP traceroute functionality for the tracing of LDP IPv4 LSPs.

With equal cost multipath (ECMP) tree trace, the source router tries to force the request down each ECMP path so that the targeted FEC crosses all possible ECMP paths. The source LSR starts path discovery by sending a transit router a bitmap in an MPLS echo request. The transit router returns information that contains subsets of the bitmap in a downstream map in an echo reply. The source router uses the information in the echo reply to interrogate the next router. It interrogates each successive router until it finds one bitmap setting that is common to all routers along the path.

You can manually configure tree trace by using downsteam mapping Type Length Values (TLVs). You can also use the ECMP tree trace feature in the IP SLAs LSP Health Monitor. When you enter the path-discover command in auto IP SLA MPLS parameter configuration mode, VPN end points are automatically discovered and ping or traceroute actions are automatically generated for each provider edge router. You can also use the LSP Health Monitor to configure multioperation scheduling.

For more information about LSP multipath tree trace, see this URL:

http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_em_multipath_tree_ps6922_TSD_Products_Configuration_Guide_Chapter.html

Configuring MPLS OAM and IP SLAs MPLS

This section includes this information about configuring MPLS OAM s on a Catalyst 3750 Metro switch:

Default MPLS OAM Configuration

MPLS OAM Configuration Guidelines

These sections describe the optional or required tasks:

Using LSP Ping for LDP IPv4 FEC

Using LSP Traceroute for LDP IPv4 FEC

Using LSP Ping for Pseudowire (AToM VCCV)

Configuring IP SLAs MPLS Ping and Traceroute

Using LSP Tree Trace

Default MPLS OAM Configuration

MPLS OAM LSP ping and traceroute are not configured.

The IP SLAs MPLS LSP Health Monitor is not configured.

The mpls oam global configuration command is enabled.

MPLS OAM Configuration Guidelines

Follow these guidelines when configuring MPLS OAM:


Note The switch does not support traffic engineering FEC in this release.


Because MPLS OAM detects problems in the MPLS LSP network, it is a useful tool when there is a discrepancy between the MPLS LSP and IP networks or between the MPLS control plane and data plane.

When the Catalyst 3750 Metro switch is used as a provider router in the core and ECMP tree trace is configured, the switch can force the LSP packet down only one path, the actual data path. This limitation applies only to the Catalyst 3750 Metro switch.

Using LSP Ping for LDP IPv4 FEC

When you enter the ping mpls privileged EXEC command to begin an LSP ping operation, the keyword that follows specifies the Forwarding Equivalence Class (FEC) that is the target of the LCP ping to which you want to verify connectivity.

Beginning in privileged EXEC mode, follow these steps to configure LSP LDP IPv4 ping:

 
Command
Purpose

Step 1 

ping mpls ipv4 destination-address destination-mask [destination address-start address-end increment] [exp exp-bits] [interval ms] [pad pattern] [repeat count] [reply dscp dscp-value] [reply mode {ipv4 | router-alert}] [revision {1 | 2 | 3}] [size packet-size | sweep minimum maximum size-increment] [source source-address] [timeout seconds] [ttl time-to-live] [verbose] [revision tlv-revision-number] [force-explicit-null] [output interface interface-id [nexthop ip-address]] [dsmap [hashkey {none | ipv4 bitmap bitmap-size} [flags fec]

Configure LSP IPv4 ping. The keywords have these meanings:

destination-address destination-mask—Specify the address and network mask of the target FEC.

(Optional) destination address-start address-end increment —Enter the destination 127 network address range.

(Optional) exp exp-bits—Specify the MPLS experimental-field value in the MPLS header for an echo reply. The range is from 0 to 7. The default is 0.

(Optional) interval ms—Specify the time in milliseconds between successive MPLS echo requests. The range is 0 to 3600000 ms; the default is 0 (no interval is configured).

(Optional) pad pattern—Specify to use the pad TLV to fill the datagram so that the MPLS echo request is the specified size.

(Optional) repeat count—Specify the number of times to resend the packet. The range is from 1 to 2147483647. If you do not enter the repeat keyword, the packet is sent 5 times.

(Optional) reply dscp dscp-value—Specify a specific class of service (CoS) in an echo reply by providing a differentiated services code point (DSCP) value.

   

(Optional) reply mode {ipv4 | router-alert}—Specify the reply mode for the echo request packet. Enter ipv4 to reply with an IPv4 UDP packet (the default) or router-alert to reply with an IPv4 UDP packet with router alert.

(Optional) revision—Enter the IEFT MPLS ping draft revision number as 3 (for revision 2) or 4 (for RFC 4329 complaint).

(Optional) size packet-size—Specify the size of the packet with the label stack imposed as the number of bytes in each ping. The range is from 100 to 18024. The default is 100.

(Optional) source source-address—Specify the source address or the name. This is the destination address in the MPLS echo response. The default address is loopback0.

(Optional) sweep minimum maximum size-increment —Set a range packet sizes to be sent, ranging from a start size to an end size. The lower boundary of the sweep range depends on the LSP type. The range for the minimum and maximum is 100 to 18024; the increment range is 1 to 8993.

(Optional) timeout seconds—Specify the timeout interval for an MPLS request packet. The range is from 0 to 3600 seconds. The default is 2 seconds.

(Optional) ttl time-to-live—Specify a time-to-live value. The range is from 1 to 255.

(Optional) verbose —Display the MPLS echo reply sender address of the packet and return codes.

(Optional) revision number—Enter a Cisco-TLV-revision-number, 1 through 4.

(Optional) force-explicit-null—Add an explicit NULL label to the end of the label stack.

(Optional) output interface interface-id—Specify the output interface for the echo request.

(Optional) nexthop ip-address—Force packets to go through the specified next-hop address.

(Optional) dsmap—Request downstream mapping information from the replying router.

(Optional) hashkey—Specify downstream map multipath settings as either none or ipv4 bitmap size (0 to 256).

(Optional) flags fec—Request FEC stack checking at the transit router.

This is an example of an LSP ping:

Switch# ping mpls ipv4 10.131.159.251/32 destination 127.0.0.1 127.0.0.2 0.0.0.1 repeat 2 
sweep 1450 1475 25

Using LSP Traceroute for LDP IPv4 FEC

The LSP traceroute originator sends incremental MPLS echo requests to discover the downstream mapping of each successive hop. When the originating provider edge router receives the reply from the intermediate router, it forms another MPLS echo request with the same target FEC and the time-to-live is incremented by one.

Beginning in privileged EXEC mode, follow these steps to configure LSP LDP IPv4 traceroute:

 
Command
Purpose

Step 1 

traceroute mpls ipv4 destination-address destination-mask [destination address-start address-end increment] [exp exp-bits] [reply dscp dscp-value] [reply mode {ipv4 | router-alert}] [revision {1 | 2 | 3}] [source source-address] [timeout seconds] [ttl time-to-live] [verbose] [revision tlv-revision-number] [force-explicit-null] [output interface interface-id [nexthop ip-address]] [flags fec]

Configure LSP IPv4 traceroute. The keywords have these meanings:

destination-address destination-mask—Specify the address and network mask of the target FEC.

(Optional) destination address-start address-end increment —Enter the destination 127 network address range.

(Optional) exp exp-bits—Specify the MPLS experimental field value in the MPLS header for an echo reply. The range is from 0 to 7. The default is 0.

(Optional) reply dscp dscp-value—Specify a specific class of service (CoS) in an echo reply by providing a differentiated services code point (DSCP) value.

(Optional) reply mode {ipv4 | router-alert}—Specify the reply mode for the echo request packet. Enter ipv4 to reply with an IPv4 UDP packet (the default) or router-alert to reply with an IPv4 UDP packet with router alert.

(Optional) revision —Enter the draft revision number as 1, 2, or 3.

(Optional) source source-address—Specify the source address or the name. This is the destination address in the MPLS echo response. The default address is loopback0.

(Optional) timeout seconds—Specify the timeout interval for an MPLS request packet. The range is from 0 to 3600 seconds. The default is 2 seconds.

(Optional) ttl time-to-live—Specify a time-to-live value. The range is from 1 to 255.

(Optional) verbose—Display the MPLS echo reply sender address of the packet and return codes.

(Optional) revision number—Enter a Cisco-TLV-revision-number, 1 through 4.

(Optional) force-explicit-null—Add an explicit NULL label to the end of the label stack.

(Optional) output interface interface-id—Specify the output interface for the echo request.

(Optional) nexthop ip-address—Force packets to go through the specified next-hop address.

(Optional) flags fec—Request FEC stack checking at the transit router.

This is an example of configuring an LSP traceroute:

Switch# traceroute mpls ipv4 10.131.159.251/32 destination 127.0.0.1 127.0.0.2 1 ttl5

Using LSP Ping for Pseudowire (AToM VCCV)

Entering the ping mpls pseudowire privileged EXEC command invokes the functionality of MPLS VCCV, which is the ability to inject traffic control into an AToM virtual circuit and have it intercepted by the remote provider edge router instead of being passed to the attachment circuits for switching. The command requires you to enter the egress provider edge IP address and a virtual-circuit identifier.

Beginning in privileged EXEC mode, follow these steps to configure LSP ping over pseudowire:

 
Command
Purpose

Step 1 

ping mpls pseudowire ipv4-address vc-id [destination start-address [end-address [address-increment]] [exp exp-bits] [interval ms] [pad pattern] [repeat count] [reply dscp dscp-value] [reply mode {ipv4 | router-alert}] [revision {1 | 2 | 3}] [size packet-size] [source source-address] [sweep minimum maximum size-increment] [timeout seconds] [verbose] [dsmap [hashkey {none | ipv4 bitmap bitmap-size} [flags fec]

Configure LSP ping over pseudowire. The keywords have these meanings:

ipv4-address—Specify the IPv4 address of the peer.

vc-id—Specify virtual-circuit identification number. The range is from 1 to 4294967295.

(Optional) destination start-address [end-address [increment]]—Enter the destination 127 network address or address range with increment.

(Optional) exp exp-bits—Specify the MPLS experimental-field value in the MPLS header. The range is from 0 to 7. The default is 0.

(Optional) interval ms—Specify the time in milliseconds between successive MPLS echo requests. The range is from 0 to 3600000; the default is 0.

(Optional) pad pattern—Specify that the pad TLV is used to fill the datagram so that the MPLS echo request is the specified size.

(Optional) repeat count—Specify the number of times to resend the packet. The range is from 1 to 2147483647. The default is 1. If you do not enter the repeat keyword, the same packet is sent 5 times.

(Optional) reply dscp dscp-value—Specify a specific class of service (CoS) in an echo reply by providing a differentiated services code point (DSCP) value.

(Optional) reply mode {ipv4 | router-alert}—Specify the reply mode for the echo request packet. Enter ipv4 to reply with an IPv4 packet (the default) or router-alert to reply with an IPv4 UPD packet with router alert. Router alert is type 2 AToM VCCV.

(Optional) revision—Enter the IEFT MPLS ping draft revision number as 1, 2, or 3.

(Optional) size packet-size—Specify the size of the packet with the label stack imposed as the number of bytes in each ping. The range is from 40 to 18024. The default is 100.

(Optional) sweep minimum maximum size-increment —Send a number of packets of different sizes.

Step 1 

 

(Optional) timeout seconds—Specify the timeout interval for an MPLS request packet. The range is from 0 to 3600 seconds. The default is 2 seconds.

(Optional) verbose—Display the MPLS echo reply sender address of the packet and return codes.

(Optional) flags fec—Request FEC stack checking at the transit router.

(Optional) dsmap—Request downstream mapping information from the replying router.

(Optional) hashkey—Specify downstream map multipath settings as either none or ipv4 bitmap size (0 to 256).

This is an example of an LSP ping over pseudowire:

Switch# ping mpls pseudowire 10.131.159.251 22 127.0.0.1 127.0.0.2 1 exp 5

Configuring IP SLAs MPLS Ping and Traceroute

To use IP SLAs for monitoring MPLS LSP ping or traceroute operations to monitor Layer 3 MPLS VPNs, you can manually configure the IP SLAs ping or trace operation or you can configure the IP SLAs LSP Health Monitor. When configured, the LSP Health Monitor automatically discovers VPN endpoints and creates and deletes IP SLAs ping or traceroute operations based on network topology.

As with any IP SLAs operation, you can schedule the start time and end time for MPLS IP SLAs ping or trace, as well as whether it is an ongoing or recurring operation. Multioperation scheduling support for the LSP Health Monitor feature provides the capability to easily schedule the automatically created operations to begin at intervals equally distributed over a specified duration of time (schedule period) and to restart at a specified frequency. Multioperation scheduling is particularly useful in cases where the LSP Health Monitor is enabled on a source PE router that has a large number of PE neighbors and, therefore, a large number of IP SLAs operations running at the same time.

This section includes these configuration procedures:

Configuring the IP SLAs LSP Health Monitor

Manually Configuring IP SLAs MPLS LSP Ping or Traceroute

For more details about LSP Health Monitor and MPLS IP SLAs ping or traceroute, see the IP SLAs- LSP Health Monitor feature module at this URL:

http://www.cisco.com/en/US/docs/ios/12_2sx/12_2sxh/feature/guide/sxh_hmon.html

For more details about IP SLAs operations, see Chapter 44 "Configuring MPLS, MPLS VPN, MPLS OAM, and EoMPLS." For detailed information about IP SLAs commands, see the command reference at this URL:

http://www.cisco.com/en/US/docs/ios/ipsla/command/reference/sla_book.html

Configuring the IP SLAs LSP Health Monitor

You can configure the MPLS LSP Health Monitor to discover BGP VPN next hops and automatically create IP SLAs LSP ping or traceroute operations. You can specify an LSP ping or traceroute operation and VRF tables to be used. By default the LSP Health Monitor discovers all BGP next- hop neighbors by using all VRFs associated with the source provider edge router.

When you configure an LSP Health Monitor operation, you enter auto IP SLAs MPLS parameters configuration mode where you can configure the optional parameters shown in the Steps 4 through 17. See the IP SLAs-LSP Health Monitor feature module for more information about the parameters.

You must configure the MPLS LSP Health Monitor on a provider-edge router. The IP SLAs measurement statistics are stored on the source PE router.

Beginning in privileged EXEC mode, follow these steps to configure the operation parameters, reaction conditions, and scheduling options for a MPLS LSP monitor ping or traceroute.

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

auto ip sla mpls-lsp-monitor operation-number

Specify an LSP Health Monitor operation number and enter auto IP SLA MPLS configuration mode. The operation number range is from 1 to 2147483647.

Step 3 

type {echo | pathEcho} {ipsla-vrf-all | vrf vpn-name}

Configure the parameters of the LSP Health Monitor by selecting the operation and entering auto IP SLAs MPLS parameters configuration mode.

echo—Select an LSP monitor ping operation.

pathEcho—Select an LSP monitor traceroute operation.

ipsla-vrf-allConfigure IP SLAs MPSL LSP monitor for all VPNs.

vrf vpn-name—Configure the IP SLAs LSP monitor for the specified VPN.

Step 4 

access-list access-list-number

(Optional) Specify an access list to apply to LSP Health Monitor operation.

Step 5 

delete-scan-factor factor

(Optional) Specify the number of times the LSP Health Monitor checks the scan queue before automatically deleting IP SLAs operations for BGP next-hop neighbors that are no longer valid. The factor range is 0 to 2147483647. The default scan factor is 1.

Note You must use the scan-interval command with this command.

Step 6 

exp exp-bits

(Optional) Specify the experimental field value in the echo request packet header. The range is 0 to 7; the default value is 0.

Step 7 

force-explicit-null

(Optional) Add an explicit null label to all echo request packets of an IP SLAs operation.

Step 8 

lsp-selector ip-address

(Optional) Specify the local host IP address used to select the IP SLAs operation LSP. The default is 127.0.0.1.

Step 9 

reply-dscp-bits dscp-value

(Optional) Specify the differentiated services codepoint (DSCP) value for an echo reply packet of an IP SLAs operation. The default value is 0.

Step 10 

reply-mode {ipv4 | router-alert}

(Optional) Specify the IP SLAs echo request reply mode as ipv4 or router-alert. The default is IPv4 UDP packet.

Step 11 

request-data-size bytes

(Optional) Specify the protocol data size for an IP SLAs request packet. The range is 100 to 1500; the default is 100 bytes.

Step 12 

scan-interval minutes

(Optional) Specifies the time interval (in minutes) at which the LSP Health Monitor checks the scan queue for BGP next hop neighbor updates. The range is 1 to 70560; the default is 240 minutes.

Step 13 

secondary-frequency {both | connection-loss | timeout} frequency

(Optional) Set the secondary frequency (faster measurement frequency) to which an IP SLAs operation should change when a reaction condition occurs. The frequency range is 1 to 604800.

Step 14 

tag text

(Optional) Create a user-specified identifier for an IP SLAs operation.

Step 15 

threshold milliseconds

(Optional) Specify the rising threshold (hysteresis) that generates a reaction event and stores history information for an IP SLAs operation. The range is 0 to 2147483647; the default is 5000 ms.

Step 16 

timeout milliseconds

(Optional) Specify the amount of time that the IP SLAs operation waits for a response from its request packet. The range is 0 to 604800000; the default value is 5000 ms.

Step 17 

ttl time-to-live

(Optional) Specify the maximum hop count for an IP SLAs echo request packet. The range is 1 to 255.

Step 18 

exit

Exit IP SLAs MPLS LSP monitor path discover configuration mode and return to auto IP SLA MPLS parameter configuration mode.

Step 19 

exit

Exit auto IP SLA MPLS parameter configuration mode and returns to global configuration mode.

Step 20 

auto ip sla mpls-lsp-monitor reaction-configuration operation-number react monitored-element [action-type option] [threshold-type {consecutive [occurrences] | immediate | never}]

(Optional) Configure other LSP Health Monitor actions:

operation-number—Enter the operation number.

react monitored-element—Specify the element to be monitored for violations. For example, enter connectionLoss to configure a reaction to a 1-way connection loss for the operation.

(Optional) action-type option—Specify the action to take when the threshold event occurs. For example, enter none for no action or trapOnly to send an SMNP logging trap.

(Optional) threshold-type—Specify when the action-type occurs. These are the options:

consecutive [occurrences]—When reaction conditions are met consecutively for a specified number of times. The valid range is from 1 to 16; the default is 5.

(Optional) threshold-type immediate—When the reaction conditions are met.

(Optional) threshold-type never—Never. This is the default threshold type.

Step 21 

auto ip sla mpls-lsp-monitor schedule operation-number schedule-period seconds [frequency seconds] [start-time {hh:mm {:ss} [month day | day month] | pending | now | after hh:mm:ss}]

Schedule time parameters for the LSP Health Monitor.

operation number—Enter the operation number.

schedule-period seconds—Enter the schedule period in seconds. The range is 1 to 604800 seconds.

(Optional) frequency seconds—Enter the frequency for LSP monitoring in seconds. The range is 1 to 604800 seconds.

(Optional) start-time—Enter the time for the operation to begin collecting information:

To start at a specific time, enter the hour, minute, second (in 24-hour notation) and day of the month. If no month is entered, the default is the current month.

Enter pending to select no information being collected until a start time is selected.

Enter now to start the operation immediately.

Enter after hh:mm:ss to indicate that the operation should start after the entered time has elapsed.

Step 22 

auto ip sla mpls-lsp-monitor reset

(Optional) Reset LDP monitor group statistics.

Step 23 

end

Return to privileged EXEC mode.

Step 24 

show ip sla mpls-lsp-monitor configuration [operation-number]

Show the configured LSP monitoring operations.

Step 25 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Step 26 

show ip sla mpls-lsp-monitor summary

Display a summary of IP SLAs LSP MPLS status.

Enter the no auto ip sla mpls-lsp-monitor operation-number global configuration command to delete the operation.

This is an example of configuring the MPLS LSP Health Monitor for all VPNs:

Switch# config t
Switch(config)# auto ip sla mpls-lsp-monitor 1
Switch(config-auto-ip-sla-mpls)# type echo ipsla-vrf-all 
Switch(config-auto-ip-sla-mpls-params)# timeout 1000
Switch(config-auto-ip-sla-mpls-params)# scan-interval 1
Switch(config-auto-ip-sla-mpls-params)# secondary-frequency connection-loss 10
Switch(config-auto-ip-sla-mpls-params)# secondary-frequency timeout 10
Switch(config-auto-ip-sla-mpls-params)# exit
Switch(config-auto-ip-sla-mpls) exit
Switch(config)# auto ip sla mpls-lsp-monitor reaction-configuration 1 react connectionLoss 
threshold-type consecutive 3 action-type trapOnly
Switch(config)# auto ip sla mpls-lsp-monitor schedule 1 schedule-period 60 start-time now
Switch(config)# end 

Manually Configuring IP SLAs MPLS LSP Ping or Traceroute

Beginning in privileged EXEC mode, follow these steps to manually configure the IP SLAs LSP ping or traceroute:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

ip sla operation-number

Enter an IP SLAs operation number and enter IP SLAs configuration mode. The range is from 1 to 2147483647.

Step 3 

mpls lsp {ping | trace} ipv4 destination_address destination_mask [force-explicit-null] [lsp-selector ip_address] [reply dscp] [reply mode {ipv4 | router-alert}] [source_ipaddr source_address]

Manually configure the IP SLAs LSP monitor. and enter IP SLAs monitor LSP ping or trace configuration mode.

ping—Select an LSP monitor ping operation.

trace—Select an LSP monitor traceroute operation.

destination_address destination_mask—Enter the address and network mask of the target.

(Optional) force-explicit-null Add an explicit NULL label to the end of the label stack.

(Optional) lsp-selector ip_address—Specify the local host address used to select the LSP.

(Optional) reply dscp dscp-value—Specify a specific class of service (CoS) in an echo reply by providing a differentiated services code point (DSCP) value.

(Optional) reply mode {ipv4 | router-alert} —Specify the reply mode for the echo request packet as ipv4 to reply with an IPv4 UDP packet (the default) or router-alert to reply with an IPv4 UDP packet with router alert.

(Optional) source_ipaddr source_address —Specify the source IP address of the echo request originator.

Step 4 

exp exp-bits

(Optional) Specify the experimental field value in the echo request packet header. The range is 0 to 7; the default value is 0.

Step 5 

request-data-size bytes

(Optional) Specify the protocol data size for an IP SLAs request packet. The range is 100 to 1500; the default is 100 bytes.

Step 6 

secondary-frequency {both | connection-loss | timeout} frequency

(Optional) Set the secondary frequency (faster measurement frequency) to which an IP SLAs operation should change when a reaction condition occurs. The frequency range is 1 to 604800.

Step 7 

tag text

(Optional) Create a user-specified identifier for an IP SLAs operation.

Step 8 

threshold milliseconds

(Optional) Specify the rising threshold (hysteresis) that generates a reaction event and stores history information for an IP SLAs operation. The range is 0 to 2147483647; the default is 5000 ms.

Step 9 

timeout milliseconds

(Optional) Specify the amount of time that the IP SLAs operation waits for a response from its request packet. The range is 0 to 604800000; the default value is 5000 ms.

Step 10 

ttl time-to-live

(Optional) Specify the maximum hop count for an IP SLAs echo request packet. The range is 1 to 255.

Step 11 

exit

Return to global configuration mode.

Step 12 

ip sla schedule operation-number [ageout seconds] [life {forever | seconds}] [recurring] [start-time {hh:mm {:ss} [month day | day month] | pending | now | after hh:mm:ss}]

Schedule the time parameters for MPLS LSP monitoring.

operation-number—Enter the IP SLAs operation number.

(Optional) ageout seconds—Enter the number of seconds to keep the operation in memory when it is not actively collecting information. The default is 0 seconds (never ages out). The range is 0 to 2073600 seconds.

(Optional) life—Set the operation to run indefinitely (forever) or for a specific number of seconds. The range is from 0 to 2147483647. The default is 3600 seconds (1 hour)

(Optional) recurring—Set the probe to be automatically scheduled every day.

(Optional) start-time—Enter the time for the operation to begin collecting information:

To start at a specific time, enter the hour, minute, second (in 24-hour notation) and day of the month. If no month is entered, the default is the current month.

Enter pending to select no information being collected until a start time is selected.

Enter now to start the operation immediately.

Enter after hh:mm:ss to indicate that the operation should start after the entered time has elapsed.

Step 13 

end

Return to privileged EXEC mode.

Step 14 

show ip sla configuration [operation-number]

Show the configured LSP monitoring operations.

Step 15 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Step 16 

show ip sla statistics [operation-number]

Display the statistics of a scheduled LSP monitoring operation.

To remove an IP SLAs operation, enter the no ip sla operation-number global configuration command.

This is an example of manually configuring an MPLS LSP ping operation:

Switch# config t
Switch(config)# ip sla 1
Switch(config-ip-sla)# mpls lsp ping ipv4 192.168.1.4 255.255.255.255 lsp-selector 
127.1.1.1
Switch(config-ip-sla-lspPing)# secondary-frequency connection-loss 30
Switch(config-ip-sla-lspPing)# secondary-frequency timeout 30
Switch(config-ip-sla-lspPing)# exit
Switch(config)# ip sla schedule 1 start-time now life forever
Switch(config)# exit 

Using LSP Tree Trace

LSP tree trace is the capability to trace through all possible paths of an LSP network between the ingress and egress routers by using downstream mapping. You can manually configure tree trace using the trace mpls multipath privileged EXEC command. You can use IP SLAs Health Monitor for (ECMP tree trace by entering the path-discover command in auto IP SLA MPLS parameter configuration mode. VPN end points are automatically discovered and ping or traceroute actions are automatically generated for each provider edge router.

This section includes these configuration procedures:

Manually Setting LSP Tree Trace

Configuring ECMP IP SLAs Tree Trace

Manually Setting LSP Tree Trace

Beginning in privileged EXEC mode, follow these steps to manually set LSP tree trace:

 
Command
Purpose

Step 1 

traceroute mpls multipath ipv4 destination-address destination-mask [destination address-start address-end increment] [exp exp-bits] [reply dscp dscp-value] [reply mode {ipv4 | router-alert}] [revision {1 | 2 | 3}] [source source-address] [timeout seconds] [ttl time-to-live] [verbose] [revision tlv-revision-number] [force-explicit-null] [output interface interface-id [nexthop ip-address]] [flags fec]

Configure LSP LDP IPv4 traceroute. The keywords have these meanings:

destination-address destination-mask—Specify the address and network mask of the target FEC.

(Optional) destination address-start address-end increment —Enter the destination 127 network address range.

(Optional) exp exp-bits—Specify the MPLS experimental field value in the MPLS header for an echo reply. The range is from 0 to 7. The default is 0.

(Optional) reply dscp dscp-value—Specify a specific class of service (CoS) in an echo reply by providing a differentiated services code point (DSCP) value.

   

(Optional) reply mode {ipv4 | router-alert}—Specify the reply mode for the echo request packet. Enter ipv4 to reply with an IPv4 UDP packet (the default) or router-alert to reply with an IPv4 UDP packet with router alert.

(Optional) revision —Enter the draft revision number as 1, 2, or 3.

(Optional) source source-address—Specify the source address or the name. This is the destination address in the MPLS echo response. The default address is loopback0.

(Optional) timeout seconds—Specify the timeout interval for an MPLS request packet. The range is from 0 to 3600 seconds. The default is 2 seconds.

(Optional) ttl time-to-live—Specify a time-to-live value. The range is from 1 to 255.

(Optional) verbose—Display the MPLS echo reply sender address of the packet and return codes.

(Optional) revision number—Enter a Cisco-TLV-revision-number, 1 through 4.

(Optional) force-explicit-null—Add an explicit NULL label to the end of the label stack.

(Optional) output interface interface-id—Specify the output interface for the echo request.

(Optional) nexthop ip-address—Force packets to go through the specified next-hop address.

(Optional) flags fec—Request FEC stack checking at the transit router.

Configuring ECMP IP SLAs Tree Trace

Beginning in privileged EXEC mode, follow these steps to use the LSP Health Monitor to configure IP SLAs ECMP tree trace:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

auto ip sla mpls-lsp-monitor operation-number

Specify an LSP Health Monitor operation number and enter auto IP SLAs MPLS configuration mode. The operation number range is from 1 to 2147483647.

Step 3 

path-discover

Enter IP SLAs MPLS LSP monitor path discover configuration mode to configure sending MPLS trace down all multiple paths (tree trace).

Step 4 

force-explicit-null

(Optional) Add an explicit null label to all echo request packets of an IP SLAs Health Monitor operation.

Step 5 

hours-or-statistics kept hours

(Optional) Set the number of hours for which LSP discovery group statistics are maintained for an LSP Health Monitor operation.

Step 6 

interval milliseconds

(Optional) Specify the time interval between MPLS echo requests that are sent as part of the LSP discovery process for an LSP Health Monitor operation.

Step 7 

lsp-selector-base ip-address

Optional) Specifies the base IP address used to select the LSPs belonging to the LSP discovery groups of an LSP Health Monitor operation.

Step 8 

maximum-sessions

(Optional) Set the number of concurrent active tree trace request to be submitted. This is the maximum number of BGP next hop neighbors that can be concurrently undergoing LSP discovery for a single LSP Health Monitor operation.

Note Use careful consideration when configuring this parameter to avoid a negative impact on the switch CPU.

Step 9 

scan-period minutes

(Optional) Set a time period in minutes for completing tree trace discovery. This is the amount of time after which the LSP discovery process can restart for an LSP Health Monitor operation.

Step 10 

session timeout seconds

(Optional) Set a timeout value in seconds for tree trace requests. This is the amount of time the LSP discovery process for an LSP Health Monitor operation waits for a response to its LSP discovery request for a particular BGP next hop neighbor.

Step 11 

timeout seconds

(Optional) Set the amount of time the LSP discovery process for an LSP Health Monitor operation waits for a response to its echo request packets.

Note Use careful consideration when configuring this parameter to avoid a negative impact on the switch CPU.

Step 12 

exit

Exit IP SLAs MPLS LSP monitor path discover configuration mode and return to auto IP SLA MPLS parameter configuration mode.

Step 13 

exit

Exit auto IP SLA MPLS parameter configuration mode and returns to global configuration mode.

Step 14 {

auto ip sla mpls-lsp-monitor reaction-configuration operation-number react lpd {lpd-group [retry number] | tree-trace} [action-type trapOnly]

(Optional) Configure LSP Health Monitor tree trace actions:

operation-number—Enter the Health Monitor tree-trace operation number.

react lpd—Specify LPD as the element to be monitored for violations.

lpd-group— Enable monitoring of LSP discovery group status changes.

retry number—Specify the number of times the equal-cost multipaths belonging to an LSP discovery group are retested when a failure is detected. The value of the number argument is zero by default.

tree-trace—Enable monitoring of situations where LSP discovery to a BGP next hop neighbor fails.

(Optional) action-type trapOnly—Specify the action to take when the threshold event occurs as trapOnly to send an SMNP logging trap.

Step 15 

ip sla monitor logging traps

(Optional) Enable the generation of SNMP system logging messages specific to IP SLAs trap notifications.

Step 16 

auto ip sla mpls-lsp-monitor schedule operation-number schedule-period seconds [frequency seconds] [start-time {hh:mm {:ss} [month day | day month] | pending | now | after hh:mm:ss}]

Schedule the time parameters for the LSP Health Monitor.

operation number—Enter the IP SLAs MPLS LSP monitor operation number.

schedule-period seconds—Enter the schedule period in seconds. The range is 1 to 604800 seconds.

(Optional) frequency seconds—Enter the frequency for LSP monitoring. The range is 1 to 604800 seconds.

(Optional) start-time—Enter the time for the operation to begin collecting information:

To start at a specific time, enter the hour, minute, second and day of the month. If no month is entered, the default is the current month.

Enter pending to select no information being collected until a start time is selected.

Enter now to start the operation immediately.

Enter after hh:mm:ss to indicate that the operation should start after the entered time has elapsed.

Step 17 

end

Return to privileged EXEC mode.

Step 18 

show ip sla mpls-lsp-monitor configuration [operation-number]

Show the configured LSP monitoring operations.

Step 19 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Step 20 

show ip sla monitor mpls-lsp-monitor collection-statistics [group-id]

show ip sla mpls-lsp-monitor lpd operational-state

(Optional) Displays the statistics for IP SLAs operations belonging to an LSP discovery group of an LSP Health Monitor operation.

Optional) Displays the operational status of the LSP discovery groups belonging to an LSP Health Monitor operation.

Note These commands are applicable only if the LSP discovery option is enabled.

Understanding EoMPLS

Any Transport over MPLS () is a solution for transporting Layer 2 packets over an MPLS network, allowing service providers to use the MPLS network to provide connectivity between customer sites with existing Layer 2 networks. Instead of separate networks with network management environments, service providers can use the MPLS network to transport all types of traffic for different customers. The Catalyst 3750 Metro switch supports EoMPLS, a subset of AToM that uses a tunneling mechanism to carry Layer 2 Ethernet traffic.

EoMPLS encapsulates Ethernet frames in MPLS packets and forwards them across the MPLS network. Each frame is sent as a single packet, and the provider-edge (PE) routers connected to the backbone add and remove labels as appropriate for packet encapsulation:

The ingress PE router receives an Ethernet frame and encapsulates the packet by removing the preamble, the start of frame delimiter (SFD), and the frame check sequence (FCS). The rest of the packet header is not changed.

The ingress PE router adds a point-to-point virtual connection label and a label switched path (LSP) tunnel label for normal MPLS routing through the MPLS backbone.

The network core routers use the LSP tunnel label to move the packet through the MPLS backbone and do not distinguish Ethernet traffic from any other types of packets in the MPLS backbone.

At the other end of the MPLS backbone, the egress PE router receives the packet and de-encapsulates the packet by removing the LSP tunnel label if one is present. The PE router also removes the virtual-connection label from the packet.

The provider-edge router updates the header, if necessary, and sends the packet out the appropriate interface to the destination switch.

The MPLS backbone uses the tunnel labels to send the packet between the PE routers. The egress PE router uses the virtual-connection label to select the outgoing interface for the Ethernet packet. EoMPLS tunnels are unidirectional; for bidirectional EoMPLS, you need to configure one tunnel in each direction.

The point-to-point virtual connection requires you to configure virtual-connection endpoints at the two PE routers. Only the provider-edge routers at the ingress and egress points of the MPLS backbone are aware of the virtual connections dedicated to transporting Layer 2 traffic. Other routers do not have table entries for these virtual connections.

This section includes additional information about these topics:

Interaction with Other Features

EoMPLS Limitations

Interaction with Other Features

This section describes how EoMPLS interacts other features. It includes these sections:

EoMPLS and IEEE 802.1Q Tunneling

EoMPLS and Layer 2 Tunneling

EoMPLS and QoS

EoMPLS and IEEE 802.1Q Tunneling

IEEE 802.1Q tunneling enables service providers to use a single VLAN to support customers who have multiple VLANs, while preserving customer VLAN IDs and segregating traffic in different VLANs. For more information about IEEE 802.1Q tunneling, see Chapter 15, "Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling."

Figure 44-4 is an example configuration where IEEE 802.1Q-tunneled traffic is forwarded using EoMPLS over an MPLS network. To support IEEE 802.1Q tunneling in a topology where a Layer 2 device connects to an MPLS network through a switch functioning as a provider-edge device, the ingress LAN port on the PE that receives the IEEE 802.1Q tunnel-encapsulated traffic (PE1) is configured as a tunnel port that accepts VLAN 100 traffic. On PE1, the interface is configured for port-based EoMPLS forwarding, with PE2 as the destination IP address. When packets from VLANs 10 to 50 arrive from CE1, they are encapsulated in VLAN 100 and sent to the PE1 egress port that is connected to the MPLS network. At the egress port, an MPLS tag is added to the frame header before it is mapped to a virtual connection and forwarded to the next MPLS PE (PE2).

Figure 44-4 EoMPLS Example

By entering the mpls l2transport route or the xconnect interface configuration command on either a VLAN for VLAN-based EoMPLS or an Ethernet port for port-based EoMPLS, you can configure an EoMPLS tunnel to forward traffic based on either the customer VLAN or the Ethernet port.

To forward IEEE 802.1Q tunnel-encapsulated traffic through the MPLS core to a specific recipient on the other side of the MPLS network, configure port-based EoMPLS.

To forward IEEE 802.1Q tunnel-encapsulated traffic from an access device to a provider-edge router, configure VLAN-based EoMPLS.

EoMPLS and Layer 2 Tunneling

Layer 2 protocol tunneling over an EoMPLS link allows CDP, STP, and VTP protocol data units (PDUs) to be tunneled through an MPLS network. To support Layer 2 protocol tunneling when the Layer 2 device connects to an MPLS network through a switch functioning as a PE, you configure the ingress port on the provider-edge that receives the Layer 2 protocol traffic as a tunnel port. The Layer 2 protocol traffic is encapsulated before it is forwarded over the MPLS network. For more information about Layer 2 protocol tunneling, see Chapter 15, "Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling."

EoMPLS and QoS

EoMPLS supports QoS by using three experimental bits in a label to determine the priority of packets. To support QoS between label edge routers (LERs), you set the experimental bits in both the virtual connection and the tunnel labels. EoMPLS QoS classification occurs on ingress, and you can only match on Layer 3 parameters (such as IP or DSCP), not Layer 2 parameters (CoS). See the "Configuring MPLS and EoMPLS QoS" section for more information about EoMPLS and QoS.

EoMPLS Limitations

These restrictions apply to EoMPLS:

EoMPLS requires that at least one of the two ES ports be configured for MPLS.

MTU—EoMPLS does not support packet fragmentation and reassembly. Therefore, the maximum transmission unit (MTU) of all intermediate links between endpoints must be sufficient to carry the largest Layer 2 VLAN received. The ingress and egress provider-edge routers must have the same MTU value.

Address Format—All loopback addresses on provider-edge routers must be configured with 32-bit masks to ensure proper operation of MPLS forwarding. OSPF requires the use of loopback addresses.

Packet Format—EoMPLS supports VLAN packets that conform to the IEEE 802.1Q standard. ISL encapsulation is not supported between provider-edge and customer-edge routers.

The maximum number of VLANs using EoMPLS on a switch is 1005.

Layer 2 connection restrictions:

You cannot have a direct Layer 2 connection between provider-edge routers with EoMPLS.

You cannot have more than one Layer 2 connection between routers if those routers are configured to transport Ethernet VLANs over the MPLS backbone. Adding a second Layer 2 connection causes the spanning-tree state to constantly toggle if you disable spanning tree on the peer router.

STP— Do not enable per-VLAN spanning-tree (PVST) on the VLAN configured for an EoMPLS session. STP instances are not supported on this VLAN. All PVST bridge protocol data units (BPDUs) coming in on the EoMPLS VLAN from the customer side are tunneled transparently as data packets over to the EoMPLS pseudowire and vice-versa.

Trunking—The native VLAN of a trunk cannot be an EoMPLS VLAN.

You can enable EoMPLS on IEEE 802.1Q interfaces by using the mpls l2transport route or the xconnect interface configuration command. Use the xconnect command if you want to configure pseudowire redundancy.

Do not configure VLAN mapping on an interface configured for EoMPLS.

Do not configured EoMPLS on private-VLAN interfaces.

Enabling EoMPLS

This section includes this information about configuring EoMPLS on a switch used as a provider-edge router:

Default EoMPLS Configuration

EoMPLS Configuration Guidelines

Configuring EoMPLS

Packet Flow in an EoMPLS Network

Configuring L2VPN Pseudowire Redundancy

For more information about EoMPLS commands, see the command reference for this release.

Default EoMPLS Configuration

By default, EoMPLS is not configured.

The mpls ldp router-id command is disabled. No virtual connections are configured.

EoMPLS Configuration Guidelines

When you configure EoMPLS, you must follow these guidelines:

EoMPLS requires that at least one of the two ES ports be configured for MPLS.

Before enabling EoMPLS, you must enable dynamic MPLS labeling by using the mpls ip interface configuration command on all paths between the imposition and disposition LERs. MPLS is globally enabled by default.

For VLAN-based EoMPLS, you must configure VLANs on the switch.

EoMPLS operation between two provider-edge routers requires an LDP session between the routers. The IP address used by each router as its LDP router ID must be reachable through IP by the other. Use the optional mpls ldp router-id global configuration command to control the selection of the LDP router ID by specifying the interface whose IP address should be used.

If the specified interface is up and has an IP address, you can use the command without the optional force keyword. When the router ID is selected, that IP address is selected as the router ID.

If the specified interface is not up or does not have an IP address, use the force keyword with the command to ensure that the IP address of the specified interface is used when that interface is brought up.

Both provider-edge routers require a loopback address that you can use to create a virtual connection between the routers. When you use OSPF as the interior gateway protocol, you must configure all loopback addresses on provider-edge routers with 32-bit masks to ensure proper operation of MPLS forwarding between the provider-edge routers.

Do not configure EoMPLS on an interface configured for VLAN mapping.

Starting with Cisco IOS Release 12.2(44)SE, when you configure port-based EoMPLS on a Layer 3 interface, you can enter the mac address-table learning interface interface-id global configuration command to enable MAC address learning on the port. This ensures that bidirectional traffic can occur at line rate. However, when MAC address learning is enabled, duplicate MAC addresses across VLANs are not supported. An example would be running HSRP groups across the port-based EoMPLS session.

Configuring EoMPLS

You configure VLAN-based EoMPLS on a VLAN interface. When VLAN-based EoMPLS is enabled, the switch associates the tunnel and virtual-connection labels based on the VLAN ID.

Beginning in privileged EXEC mode, follow these steps on the provider-edge routers to configure EoMPLS to transport Layer 2 packets between two endpoints:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

mpls label protocol ldp

Enable LDP for all interfaces. By default, TDP is enabled. This command causes all interfaces to use LDP.

Step 3 

interface loopback0

Enter interface configuration mode for a loopback interface.

Step 4 

ip address ip-address subnet mask

Assign an IP address to the loopback interface.

Step 5 

exit

Return to global configuration mode.

Step 6 

mpls ldp router-id loopback0 force

(Optional) Force the IP address of loopback interface 0 to be used as the router ID.

Step 7 

mac address-table learning interface interface-id

(Optional) For port-based EoMPLS, enable MAC address learning on the Layer 3 interface.

Step 8 

interface interface-id

Enter a Layer 3 VLAN (for VLAN-based EoMPLS) or the interface ID of a standard port (for port-based EoMPLS), and enter interface configuration mode.

Step 9 

mpls l2transport route destination vc-id

or

xconnect destination vc-id encapsulation mpls

Configure the interface to transport the Layer 2 VLAN packets over MPLS.

destination—IP address of the provider-edge router at the other end of the virtual connection.

vc-id—Unique value defined for the virtual connection. The VC-ID connects the end points of the virtual connection and must be the same on both ends of the connection. The range is from 1 to 4294967295.

Note Use the xconnect command if pseudowire redundancy is required.

Step 10 

end

Return to privileged EXEC mode.

Step 11 

show mpls l2transport vc

Verify the configuration.

Step 12 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

Use the no mpls l2transport route destination vc-id or no xconnect destination vc-id encapsulation mpls interface command to delete the EoMPLS tunnel.

This example shows how to configure an EoMPLS tunnel between switch PE1's VLAN 3 interface and PE2's VLAN 4 interface.

PE1 has an IP address 10.0.0.1/32, and PE2 has IP address 20.0.01/32. Both provider-edge routers are configured with an MPLS connection to the MPLS core. The VC ID is 123.

Enter these commands on the PE1 switch:

Switch(config)# interface loopback0
Switch(config-if)# ip address 10.10.10.10 255.255.255.255
Switch(config-if)# exit
Switch(config)# interface vlan 3
Switch(config-if)# mpls l2transport route 20.0.0.1 123

Enter these commands on the PE2 switch:

Switch(config)# interface loopback0
Switch(config-if)# ip address 20.20.20.20 255.255.255.255
Switch(config-if)# exit
Switch(config)# interface vlan 4
Switch(config-if)# mpls l2transport route 10.0.0.1 123

Packet Flow in an EoMPLS Network

Figure 44-5 is an example of packet flow in an EoMPLS network. A customer port on PE1 is configured for a per-port EoMPLS tunnel to a remote customer port on PE2. This allows the two physically separated customer switches (A and B) connected to these ports to appear as if they are directly connected on the same physical LAN.

The EoMPLS tunnel is configured with the IP address of Switch B and a VC ID that is associated with the remote customer port. PE1 establishes a tunnel LSP with PE2 by using a label advertised with LDP by Router A, which is connected to the ES port of PE1. PE1 then establishes a targeted LDP session to PE2 to advertise the virtual-connection label associated with the VC ID. When PE2 is configured with the EoMPLS tunnel, it also establishes a targeted LDP session to advertise the virtual-connection label it associated to the VC ID. This establishes an EoMPLS tunnel between the two ES ports on switch PE1 and switch PE2.

Figure 44-5 Sample EoMPLS Packet Flow

Assume that Host A is connected to the customer switch on VLAN 3 that has a trunk port connected to PE1 configured for IEEE 802.1Q tagging. Host A sends a packet to Host B, using the specific values of MAC addresses, labels, and VLANs shown in the figure. The customer switch tags the host packet and forwards it over the trunk port to PE1.

The tagged packet is received on the customer-edge port that is configured for per-port EoMPLS tunneling. The PE1 switch examines the packet headers and looks at the tables stored in the switch to determine what to do with the packet. Because the port is configured for per-port EoMPLS tunneling, the switch does not remove any VLAN tags that are in the packet, but assigns the packet to an internal VLAN. Only the customer port and the ES port are configured with that internal VLAN, which makes the PE1 ES port the only possible destination for the packet.

The ES port encapsulates the packet header with the tunnel label and the virtual-connection label and forwards the packet to the next hop, in this case Router A, to send it across the MPLS network.

The router receives the packet and forwards it over the MPLS network to the remote PE2 switch. PE2 removes the MPLS encapsulation and sends the packet out the port associated with the virtual-connection label. Customer Switch B removes the final VLAN tag and forwards the packet to the remote host B.

VLAN-based EoMPLS packet flow is basically the same as port-based EoMPLS, except that the customer VLAN is used instead of an internal VLAN. The PE1 switch looks up the customer VLAN ID to determine that the packet is forwarded to the ES port, where the packets is again examined and encapsulated with the tunnel label and virtual-connection label based on the EoMPLS for that VLAN.

Configuring L2VPN Pseudowire Redundancy

Successful transmission of Layer 2 frames between PE routers requires a connection, called a pseudowire, between the routers. You can use the L2VPN pseudowire redundancy feature to configure your network to detect a failure in the network and reroute the Layer 2 service to another endpoint that can continue to provide service. This feature provides the ability to recover from a failure of either the remote provider edge (PE) router or of the link between the PE and customer edge (CE) routers.

For more information see this URL:

http://www.cisco.com/en/US/docs/ios/wan/configuration/guide/wan_l2vpn_pw_red_external_docbase_0900e4b1805e9066_4container_external_docbase_0900e4b1806a218a.html

L2VPNs also provide pseudowire resiliency through their routing protocols. When connectivity between end-to-end PE routers fails, an alternative path is provided between the directed LDP session and the user data. However, there are some parts of the network where this rerouting mechanism does not protect against interruptions in service. Figure 44-6 shows those parts of the network that are vulnerable to an interruption in service.

Figure 44-6 Points of Potential Failure in an L2 VPN Network

L2VPN pseudowire redundancy provides the ability to ensure that the CE2 router in Figure 44-6 can always maintain network connectivity, even if one or all of the failures in the figure occur. You can configure a backup pseudowire so that if the primary pseudowire fails, the provider-edge router switches to the backup pseudowire. You can configure the primary pseudowire to resume operation after it restarts. You can also configure the network with redundant pseudowires and redundant network elements (routers).

Figure 44-7 shows a network with redundant pseudowires and redundant attachment circuits. You can also optionally configure the network with redundant CE routers and redundant PE routers.

Figure 44-7 L2 VPN Network with Redundant Pseudowires and Attachment Circuits

This section includes this information

Configuration Guidelines

Configuring the Pseudowire

Configuring L2VPN Interworking

Configuring Pseudowire Redundancy

Forcing a Manual Switchover to the Backup Pseudowire VC

Monitoring L2VPN Pseudowire Redundancy

Configuration Guidelines

Follow these guidelines when configuring L2 VPN pseudowire redundancy:

The default Label Distribution Protocol (LDP) session hold-down timer enables the software to detect failures in about 180 seconds. You can use the mpls ldp holdtime global configuration command to configure the switch to detect failures more quickly.

The primary and backup pseudowires must run the same type of transport service. You must configure Any Transport over MPLS (AToM) on both the primary and backup pseudowires.

L2VPN pseudowire redundancy does not support different pseudowire encapsulation types on the MPLS pseudowire.

L2VPN pseudowire redundancy does support setting the experimental (EXP) bit on the MPLS pseudowire.

The switch does not support LDP MAC address withdrawal.

The mpls l2transport route command is not supported. Use the xconnect command instead.

The backup pseudowire cannot be operational at the same time that the primary pseudowire is operational. The backup pseudowire becomes active only after the primary pseudowire fails.

VCCV is supported only on the active pseudowire.

The switch does not support more than one backup pseudowire.

Configuring the Pseudowire

The pseudowire-class configuration specifies the characteristics of the tunneling mechanism, including encapsulation type and control protocol. You must specify the encapsulation mpls command as part of the pseudowire class for the AToM VCs to work properly.

Beginning in privileged EXEC mode, follow these steps to configure a pseudowire class:

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

pseudowire-class name

Create a pseudowire class with the specified name and enter pseudowire class configuration mode.

Step 3 

encapsulation mpls

Specify tunneling encapsulation. For AToM, the encapsulation type is mpls.

Step 4 

preferred-path interface tunnel tunnel-id

(Optional) Specify the path that pseudowire traffic uses to be an MPLS TE tunnel.

Step 5 

end

Return to privileged EXEC mode.

Step 6 

show mpls l2transport vc [detail]

Verify the configuration.

Step 7 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

This example configures the pseudowire class test.

Switch# config t
Switch(config)# pseudowire-class test
Switch(config-pw-class)# encapsulation mpls 

This example shows the output of the show mpls l2transport vc command when the primary attachment circuit is up and the backup attachment circuit is available, but not currently selected.

Switch# show mpls l2transport vc 

Local intf     Local circuit              Dest address    VC ID      Status     
-------------  -------------------------- --------------- ---------- ---------- 
Vl20           Eth VLAN 20                10.1.1.2        20          UP 
Vl20           Eth VLAN 20                10.1.1.4        20          DOWN 

Configuring L2VPN Interworking

Layer 2 transport over MPLS and IP exists for like-to-like attachment circuits, such as Ethernet-to-Ethernet. L2VPN interworking builds on this functionality by allowing disparate attachment circuits to be connected. An interworking function facilitates the translation between the different Layer 2 encapsulations.

For information about L2VPN interworking, see the L2VPN Interworking feature module at this URL:

http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_l2vpn_intrntwkg.html

Note that the Catalyst 3750 Metro switch does not support ATM interfaces, Point-to-Point Protocol (PPP), or frame relay as mentioned in this document. It also does not support Layer 2 Tunnel Protocol Version 3 (L2TPv3).

L2VPN interworking on the Catalyst 3650 Metro switch works in either Ethernet mode or VLAN mode. You specify the mode by entering the interworking {ethernet | vlan} command in pseudowire-class configuration mode. Although visible in the command-line interface help, the ip keyword is not supported. Entering the interworking command causes the attachment circuits to be terminated locally.

The keywords perform these functions:

The ethernet keyword causes Ethernet frames to be extracted from the attachment circuit and sent over the pseudowire. Ethernet end-to-end transmission is assumed. Attachment circuit frames that are not Ethernet are dropped.

The vlan keyword causes VLAN-tagged packets to be extracted and sent over the pseudowire. Frames that are not VLAN-tagged are dropped.

Beginning in privileged EXEC mode, follow these steps to configure L2VPN VLAN interworking on a PE router:

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

pseudowire-class name

Create a pseudowire class with the specified name and enter pseudowire class configuration mode.

Step 3 

encapsulation mpls

Specify tunneling encapsulation. For AToM, the encapsulation type is mpls.

Step 4 

interworking {ethernet | vlan}

Enable interworking and specify the translation method.

ethernet—Send Ethernet packets across the pseudowire.

vlan—Send VLAN-tagged packets across the pseudowire.

Note Although visible in the CLI, the ip keyword is not supported.

Step 5 

end

Return to privileged EXEC mode.

Step 6 

show mpls l2transport vc [detail]

Verify the configuration.

Step 7 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

This example shows how to configure VLAN interworking:

Switch# config t
Switch(config)# pseudowire-class test
Switch(config-pw-class)# encapsulation mpls 
Switch(config-pw-class)# interworking vlan
Switch(config-pw-class)# exit

For a more detailed configuration example, see the configuration example for "Ethernet to VLAN over AToM (Bridged): Example" in the L2VPN Interworking feature module.

Configuring Pseudowire Redundancy

When configuring pseudowire redundancy, you use the xconnect interface configuration command for each transport type. Beginning in privileged EXEC mode, follow these steps to configure pseudowire redundancy on a PE router:

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

interface interface-id

Specify an interface and enter interface configuration mode. The interface on the adjoining router must be on the same VLAN as this router.

Step 3 

xconnect peer-router-id vcid encapsulation mpls pw-class pw-class name

Bind the attachment circuit to a pseudowire virtual circuit (VC) and enter xconnect configuration mode.

Note You must specify MPLS encapsulation. If you omit the encapsulation mpls command as part of the xconnect command, you receive an Incomplete command error message.

Step 4 

backup peer peer-router-ip-address vcid [pw-class pw-class name]

Specify a redundant peer for the pseudowire VC. If you do not specify a pw-class name, the value is inherited from the parent.

Step 5 

backup delay enable-delay {disable-delay | never}

Specify the delays before pseudowire takeovers.

enable-delay— Specify how long (in seconds) the backup pseudowire VC waits to take over after the primary pseudowire VC goes down. The range is 0 to 180 seconds; the default is 0.

disable-delay— Specify how long (in seconds) the primary pseudowire waits after it becomes active to take over from the backup pseudowire. The range is 0 to 180 seconds; the default is 0.

If you enter never, the switchback to the primary pseudowire never occurs.

Step 6 

end

Return to privileged EXEC mode.

Step 7 

show xconnect all

Verify the configuration.

Step 8 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

This example shows how to configure pseudowire redundancy as a switchover to the peer with the IP address 10.1.1.12 immediately when a failure occurs and to not switch back to the primary VC when it becomes available.

Switch# config t
Switch(config)# interface gigabitethernet1/1/1
Switch (config-if)# xconnect 10.1.1.4 33 encapsulation mpls
Switch(config-if-xconn)# backup peer 10.1.1.2 33
Switch(config-if-xconn)# backup delay 0 never

Forcing a Manual Switchover to the Backup Pseudowire VC

You can manually force the router to switch to the backup or primary pseudowire. You can specify either the interface of the primary attachment circuit or the IP address and VC ID of the peer router. If the specified interface or peer is not available, the switchover does not occur. The backup pseudowire becomes active when you enter the command.

Beginning in privileged EXEC mode, follow these steps to force a pseudowire switchover:

 
Command
Purpose

Step 1 

xconnect backup force-switchover {interface interface-id | peer ip-address voiced}

Specify that the router should switch to the backup or to the primary pseudowire when the command is entered.

This command forces a switchover to the peer with the IP address 10.1.1.4 and VCID 33.

Switch# xconnect backup force-switchover peer 10.1.1.4 33

Monitoring L2VPN Pseudowire Redundancy

Use the privileged EXEC commands in Table 44-2 to verify or monitor pseudowire redundancy.

Table 44-1 Commands for Displaying MPLS and EoMPLS Information

Command
Purpose

show xconnect {all | interface | peer | primp}

Display xconnect entries, interfaces, peers, and so on.

show mpls l2transport vc [detail] [summary]

Display detailed or summary information about the active virtual connections that are enabled to route Layer 2 packets on a provider-edge device.


You can also use the xconnect logging redundancy global configuration command to track the status of the xconnect redundancy group. The command generates messages during switchover events.

Configuring MPLS and EoMPLS QoS

Quality of service (QoS) in MPLS and EoMPLS enables network administrators to provide differentiated types of service across an MPLS network. Each packet can receive the particular kind of service specified by the packet QoS. To preserve QoS IP precedence bits, you must globally disable QoS.

After you enable QoS, you can preserve Differentiated Services Code Point (DSCP) or IP precedence bits by using a trusted configuration at the interface level. For more information, see the "Configuring Ingress Classification by Using Port Trust States" section on page 34-56. However, the unpreserved bits are automatically overwritten by the value of the preserved bits. For example, if you preserve the DSCP bits, the IP precedence and CoS bits are overwritten with the value of the DSCP bits. You can also set MPLS and EoMPLS QoS priority by using 3 experimental bits in the MPLS label to determine the priority of packets.


Note The switch supports only DSCP and IP precedence classification for MPLS and EoMPLS.


This section contains this information:

Understanding MPLS QoS

Enabling MPLS and EoMPLS QoS

Understanding MPLS QoS

Service in an MPLS network can be specified in different ways, for example, by using the IP precedence bit settings in IP packets. When you send IP packets from one site to another, the IP precedence field (the first 3 bits of the DSCP field in the header of an IP packet) specifies the QoS. Based on the IP precedence marking, the packet is given the desired treatment such as latency or bandwidth. If the network is an MPLS network, the IP precedence bits are copied into the MPLS EXP field at the edge of the network.

A service provider might also want to set a QoS value for an MPLS packet to a different value. Instead of overwriting the value in the IP precedence field that belongs to a customer, the service provider can set the MPLS experimental field. The IP header remains available for the customer's use, and the QoS of an IP packet is not changed as the packet travels through the MPLS network.

By choosing different values for the MPLS experimental field, you can mark packets based on their characteristics, such as rate or type, so that packets have the priority that they require during periods of congestion.

Figure 44-8 shows an MPLS network that connects two sites of an IP network that belongs to a customer.

Figure 44-8 MPLS Network Connecting Two Customer Sites

PE1 and PE2 are customer-located routers at the boundaries between the MPLS network and the IP network and are the ingress and egress provider-edge devices. CE1 and CE2 are customer edge devices. P1 and P2 are service provider routers within the core of the service-provider network.

Packets arrive as IP packets at PE1, the ingress provider-edge router, and PE1 sends the packets to the MPLS network as MPLS packets. Within the service-provider network, there is no IP precedence field for the queuing mechanism to look at because the packets are MPLS packets. The packets remain as MPLS packets until they arrive at PE2, the egress provider-edge router. PE2 removes the label from each packet and forwards the packets as IP packets.

MPLS QoS enables service providers to classify packets according to their type, input interface, and other factors by setting (marking) each packet within the MPLS experimental field without changing the IP precedence or DSCP field. You can use the IP Precedence or DSCP bits to specify the QoS for an IP packet and use the MPLS experimental bits to specify the QoS for an MPLS packet. In an MPLS network, configure the MPLS experimental field value at PE1 (the ingress router) to set the QoS value in the MPLS packet.

It is important to assign the correct priority to a packet. The priority of a packet affects how the packet is treated during periods of congestion. For example, service providers have service-level agreements with customers that specify how much traffic the service provider has agreed to deliver. To comply with the agreement, the customer must not send more than the agreed-upon rate. Packets are considered to be in-rate or out-of-rate. If there is congestion in the network, out-of-rate packets might be dropped more aggressively.

Enabling MPLS and EoMPLS QoS

This section describes how to configure MPLS QoS on the ingress provider-edge router. It includes these topics:

Default MPLS and EoMPLS QoS Configuration

Setting the Priority of Packets with Experimental Bits

Configuring MPLS VPN QoS

For more information about QoS, see Chapter 34, "Configuring QoS."

Default MPLS and EoMPLS QoS Configuration

QoS is disabled. Packets are not modified, and the CoS, DSCP, and IP precedence values in the packet are not changed. Traffic is switched in pass-through mode (packets are switched without any rewrites and classified as best effort without any policing).

The default behavior for the VLAN-based EoMPLS packets is to relay the IEEE 802.1p bits into the EXP bits of the virtual-connection and tunnel labels. The default behavior for the port-based EoMPLS packets is to use a value of 0 in the EXP bits of the virtual-connection and tunnel labels. You can change the default behavior for VLAN- or port-based EoMPLS by applying a hierarchical QoS policy on an ES port.

When QoS is enabled with the mls qos global configuration command and all other QoS settings are at their defaults, traffic is classified as best effort (the DSCP value is set to 0) without any policing. No policy maps are configured.


Note For MPLS and EoMPLS QoS, you can match only Layer 3 parameters (IP or DCSP values), not Layer 2 (CoS values).


Setting the Priority of Packets with Experimental Bits

MPLS and EoMPLS provide QoS on the ingress router by using 3 experimental bits in a label to determine the priority of packets. To support QoS between LERs, set the experimental bits in both the virtual-connection and tunnel labels. If you do not assign values to the experimental bits, the priority bits in the IEEE 802.1Q header tag control information field are written into the experimental bit fields.

The process includes these steps on the ingress router:

Configure a class map to classify IP packets according to their DSCP or IP precedence classification.


Note The switch supports only DSCP and IP precedence classification for MPLS and EoMPLS.


Configure a policy map to mark MPLS packets (write their classification into the MPLS experimental field).

Configure the input interface to attach the service policy.

Beginning in privileged EXEC mode, follow these steps to set the experimental bits for EoMPLS or MPLS QoS:

 
Command
Purpose

Step 1 

configure terminal

Enter global configuration mode.

Step 2 

mls qos

Enable QoS globally.

QoS runs from the default settings described in Chapter 34, "Configuring QoS."

Step 3 

class-map class-map-name

Specify the name of the traffic class, and enter class-map configuration mode.

Step 4 

match {ip dscp dscp-list | ip precedence ip-precedence-list}

Specify the matching criteria for IEEE 802.1Q packets.

ip dscp dscp-list—list of up to eight IP DSCP values to match against incoming packets. The range is 0 to 63.

ip precedence ip-precedence-listlist of up to eight IP-precedence values to match against incoming packets. Separate each value with a space. The range is 0 to 7.

Note The switch does not support the cos and vlan keywords for MPLS and EoMPLS.

Step 5 

exit

Return to global configuration mode.

Step 6 

policy-map policy-map-name

Specify the name of the traffic policy to configure, and enter policy-map configuration mode.

Step 7 

class class-name

Specify the name of the predefined traffic class configured with the class-map command, and enter policy-map class configuration mode.

Step 8 

set mpls experimental exp-number

Specify the value to which the MPLS bits are set if the packets match the specified policy map. The range is 0 to 7.

Step 9 

exit

Return to policy-map configuration mode.

Step 10 

exit

Return to global configuration mode.

Step 11 

interface interface-id

Enter the interface ID, and enter interface configuration mode. The interface should be the ES egress port of the ingress router.

Step 12 

service-policy output policy-map-name

Attach the specified policy map to the output interface.

Step 13 

end

Return to privileged EXEC mode.

Step 14 

show policy-map [policy-map-name [class class-map-name]]
show policy-map interface interface-id

Verify the configuration.

Step 15 

copy running-config startup-config

(Optional) Save your entries in the configuration file.

To delete an existing policy map, use the no policy-map policy-map-name global configuration command. To delete an existing class, use the no class class-name policy-map configuration command.

This example shows how to use class and policy maps to configure different experimental bit settings for DSCP and IP precedence for MPLS QoS.

Switch(config)# class-map match-all gold-class
Switch(config-cmap)# match ip dscp 1
Switch(config-cmap)# exit
Switch(config)# class-map match-all silver-class
Switch(config-cmap)# match ip precedence 2
Switch(config-cmap)# exit

Switch(config)# policy-map out-policy
Switch(config-pmap)# class gold-class
Switch(config-pmap-c)# set mpls experimental 5
Switch(config-pmap-c)# exit
Switch(config-pmap)# class silver-class
Switch(config-pmap-c)# set mpls experimental 4
Switch(config-pmap-c)# exit

Switch(config)# interface gigabitethernet1/1/1
Switch(config-if)# service-policy output out-policy
Switch(config-if)# end

Configuring MPLS VPN QoS

To perform per VRF QoS, you typically configure the PE router to perform per-VRF QoS functions at the CE-facing interfaces. On the Catalyst 3750 Metro switch, you can apply policers at the SVI and perform per-VRF QoS. However, you can only apply policers on ingress at the SVI; the switch does not support egress policers at the SVI. For more information about hierarchical-QoS policers applied at the SVI, see the "Hierarchical Dual-Level Policing on SVIs" section on page 34-15.

You can apply standard QoS functions to MPLS VPN traffic. However, for a hierarchical QoS function, you cannot apply a service policy that would match traffic on a per VRF basis because VRFs are dynamically assigned to an MPLS label. For MPLS VPN traffic, you can apply a service-policy on egress that matches traffic based on DSCP or MPLS

Monitoring and Maintaining MPLS and EoMPLS

To clear MPLS counters or display MPLS and EoMPLS information, use the privileged EXEC commands in Table 44-2.

Table 44-2 Commands for Displaying MPLS and EoMPLS Information 

Command
Purpose

clear mpls counters

Clear MPLS forwarding counters.

clear mpls traffic-eng autotunnel primary

Remove all primary auto tunnels and recreate them.

show interface tunnel tunnel-number

Display information about the specified tunnel interface.

show ip explicit paths

Display the configured IP explicit paths.

show ip rsvp fast reroute [detail]

Display specific information for RSVP categories, including fast reroute.

show ip rsvp host

Display RSVP terminal point information for receivers or senders

show isis database verbose

Display information about the IS-IS database.

show isis mpls traffic-eng

Display information about IS-IS MPLS traffic engineering.

show mpls forwarding-table

Display the contents of the MPLS label forwarding information base (LFIB).

show mpls interfaces

Display information about interfaces that have been configured for label switching.

show mpls ip binding

Display specified information about label bindings learned by LDP.

show mpls l2transport vc [detail] [summary]

Display detailed or summary information about the EoMPLS virtual connections that have been enabled to route Layer 2 packets on a provider-edge device.

show mpls l2transport vc [vc-id] [vc-id-min - vc-id-max]

Display information about the specified virtual connection or range of virtual-connections. The range is from 1 to 4294967295.

show mpls label range

Display the range of local labels available for use on packet interfaces.

show mpls ldp backoff

Display information about the configured session setup backoff parameters and any potential LDP peers with which session setup attempts are being throttled.

show mpls ldp bindings

Display the contents of the label information base (LIB).

show mpls ldp discovery

Display the status of the LDP discovery process.

show mpls ldp neighbor

Display the status of LDP sessions.

show mpls ldp parameters

Display current LDP parameters.

show mpls prefix-map

Show the prefix map used to assign a QoS map to network prefixes that match a standard IP access list.

show mpls traffic-eng autoroute

Display tunnels announced to the IGP, including interface, destination, and bandwidth.

show mpls traffic-eng fast-reroute database

Display the contents of the Fast Reroute (FRR) database.

show mpls traffic-eng link-management

Display link information about MPLS traffic engineering link management.

show mpls traffic-eng topology

Display the MPLS traffic engineering global topology as currently known at a node.

show mpls traffic-eng tunnel

Display information about MPLS traffic-engineering tunnels.