- Index
- Preface
- Product Overview
- Command-Line Interfaces
- Smart Port Macros
- Virtual Switching Systems (VSS)
- Enhanced Fast Software Upgrade (eFSU)
- Fast Software Upgrades
- Stateful Switchover (SSO)
- Non-Stop Forwarding (NSF)
- RPR Supervisor Engine Redundancy
- Layer 2 LAN Port Configuration
- Flex Links
- EtherChannels
- IEEE 802.1ak MVRP and MRP
- VLAN Trunking Protocol (VTP)
- VLANs
- Private VLANs (PVLANs)
- Private Hosts
- IEEE 802.1Q Tunneling
- Layer 2 Protocol Tunneling
- Spanning Tree Protocols (STP, MST)
- Optional STP Features
- IP Unicast Layer 3 Switching
- Policy Based Routing (PBR)
- Layer 3 Interface Configuration
- Unidirectional Ethernet (UDE) and unidirectional link routing (UDLR)
- Multiprotocol Label Switching (MPLS)
- MPLS VPN Support
- Ethernet over MPLS (EoMPLS)
- IPv4 Multicast Layer 3 Features
- IPv4 Multicast IGMP Snooping
- IPv4 PIM Snooping
- IPv4 Multicast VLAN Registration (MVR)
- IPv4 IGMP Filtering
- IPv4 Router Guard
- IPv4 Multicast VPN Support
- IPv6 Multicast Layer 3 Features
- IPv6 MLD Snooping
- Netflow
- NetFlow Data Export (NDE)
- Call Home
- System Event Archive (SEA)
- Backplane Platform Monitoring
- Local SPAN, RSPAN, and ERSPAN
- SNMP IfIndex Persistence
- Top-N Reports
- Layer 2 Traceroute Utility
- Mini Protocol Analyzer
- PFC QoS
- AutoQoS
- MPLS QoS
- PFC QoS Statistics Data Export
- Cisco IOS ACL Support
- Cisco TrustSec (CTS)
- AutoSecure
- MAC Address-Based Traffic Blocking
- Port ACLs (PACLs)
- VLAN ACLs (VACLs)
- Policy-Based Forwarding (PBF)
- Denial of Service (DoS) Protection
- Control Plane Policing (CoPP)
- Dynamic Host Configuration Protocol (DHCP) Snooping
- IP Source Guard
- Dynamic ARP Inspection (DAI)
- Traffic Storm Control
- Unknown Unicast and Multicast Flood Control
- IEEE 802.1X Port-Based Authentication
- Configuring Web-Based Authentication
- Port Security
- Lawful Intercept
- Online Diagnostic Tests
Multiprotocol Label Switching (MPLS)
•How to Configure MPLS Features
•Configuration Examples for MPLS
Note•For complete syntax and usage information for the commands used in this chapter, see these publications:
http://www.cisco.com/en/US/products/ps11846/prod_command_reference_list.html
•Cisco IOS Release 15.1SY supports only Ethernet interfaces. Cisco IOS Release 15.1SY does not support any WAN features or commands.
Tip For additional information about Cisco Catalyst 6500 Series Switches (including configuration examples and troubleshooting information), see the documents listed on this page:
http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
Participate in the Technical Documentation Ideas forum
Prerequisites for MPLS
None.
Restrictions for MPLS
•The PFC and DFCs supports up to 16 load-shared paths (Cisco IOS releases for other platforms support only 8 load-shared paths).
•MTU size checking is supported in hardware.
•Fragmentation is supported in software, including traffic that ingresses as IP and egresses as MPLS. To prevent excessive CPU utilization, you can rate-limit the traffic being sent to the RP for fragmentation with the mls rate-limit all mtu-failure command.
•MPLS supports these commands:
–mpls ip default route
–mpls ip propagate-ttl
–mpls ip ttl-expiration pop
–mpls label protocol
–mpls label range
–mpls ip
–mpls label protocol
–mpls mtu
For information about these commands, see these publications:
http://www.cisco.com/en/US/products/ps11846/prod_command_reference_list.html
Cisco IOS Release 15.1SY supports only Ethernet interfaces. Cisco IOS Release 15.1SY does not support any WAN features or commands.
Information About MPLS
MPLS Overview
MPLS uses label switching to forward packets over Ethernet. Labels are assigned to packets based on groupings or forwarding equivalence classes (FECs). The label is added between the Layer 2 and the Layer 3 header.
In an MPLS network, the label edge router (LER) performs a label lookup of the incoming label, swaps the incoming label with an outgoing label, and sends the packet to the next hop at the label switch router (LSR). Labels are imposed (pushed) on packets only at the ingress edge of the MPLS network and are removed (popped) at the egress edge. The core network LSRs (provider, or P routers) read the labels, apply the appropriate services, and forward the packets based on the labels.
Incoming labels are aggregate or nonaggregate. The aggregate label indicates that the arriving MPLS packet must be switched through an IP lookup to find the next hop and the outgoing interface. The nonaggregate label indicates that the packet contains the IP next hop information.
Figure 36-1 shows an MPLS network of a service provider that connects two sites of a customer network.
Figure 36-1 MPLS Network
The route processor (RP) performs Layer 3 control-plane functions, including address resolution and routing protocols. The RP processes information from the Routing and Label Distribution Protocols and builds the IP forwarding (FIB) table and the label forwarding (LFIB) table. The RP distributes the information in both tables to the PFC and DFCs.
The PFC and DFCs receive the information and creates its own copies of the FIB and LFIB tables. Together, these tables comprise the FIB TCAM. The PFC and DFCs look up incoming IP packets and labeled packets against the FIB TCAM table. The lookup result is the pointer to a particular adjacency entry. It is the adjacency entry that contains appropriate information for label pushing (for IP to MPLS path), label swapping (for MPLS to MPLS path), label popping (for MPLS to IP path), and encapsulation.
Figure 36-2 shows the various functional blocks that support MPLS. Routing protocol generates a routing information base (RIB) that is used for forwarding IP and MPLS data packets. For Cisco Express Forwarding (CEF), necessary routing information from the RIB is extracted and built into a forwarding information base (FIB). The label distribution protocol (LDP) obtains routes from the RIB and distributes the label across a label switch path to build a label forwarding information base (LFIB) in each of the LSRs and LERs.
Figure 36-2 MPLS Forwarding, Control and Data Planes
IP to MPLS
At the ingress to the MPLS network, the PFC examines the IP packets and performs a route lookup in the FIB TCAM. The lookup result is the pointer to a particular adjacency entry. The adjacency entry contains the appropriate information for label pushing (for IP to MPLS path) and encapsulation. The PFC generates a result containing the imposition label(s) needed to switch the MPLS packet.
MPLS to MPLS
At the core of an MPLS network, the PFC uses the topmost label to perform a lookup in the FIB TCAM. The successful lookup points to an adjacency that swaps the top label in the packet with a new label as advertised by the downstream label switch router (LSR). If the router is the penultimate hop LSR router (the upstream LSR next to the egress LER), the adjacency instructs the PFCBXL to pop the topmost label, resulting in either an MPLS packet with the remaining label for any VPN or AToM use or a native IP packet.
MPLS to IP
At the egress of the MPLS network there are several possibilities.
For a native IP packet (when the penultimate router has popped the label), the PFC performs a route lookup in the FIB TCAM.
For a MPLS VPN packet, after the Interior Gateway Protocol (IGP) label is popped at penultimate router, the VPN label remains. The operation that the PFC performs depends on the VPN label type. Packets carrying aggregate labels require a second lookup based on the IP header after popping the aggregate label. For a nonaggregate label, the PFC performs a route lookup in the FIB TCAM to obtain the IP next hop information.
For the case of a packet with an IGP label and a VPN label, when there is no penultimate hop popping (PHP), the packet carries the explicit-null label on top of the VPN label. The PFC looks up the top label in the FIB TCAM and recirculates the packet. Then the PFC handles the remaining label as described in the preceding paragraph, depending on whether it is an aggregate or nonaggregate label.
Packets with the explicit-null label for the cases of EoMPLS, MPLS, and MPLS VPN an MPLS are handled the same way.
MPLS VPN Forwarding
There are two types of VPN labels: aggregate labels for directly connected network or aggregate routes, and nonaggregate labels. Packets carrying aggregate labels require a second lookup based on the IP header after popping the aggregate label. The VPN information (VPN-IPv4 address, extended community, and label) is distributed through the Multiprotocol-Border Gateway Protocol (MP-BGP).
Recirculation
In certain cases, the PFC provides the capability to recirculate the packets. Recirculation can be used to perform additional lookups in the ACL or QoS TCAMs, the NetFlow table, or the FIB TCAM table. Recirculation is necessary in these situations:
•To push more than three labels on imposition
•To pop more than two labels on disposition
•To pop an explicit null top label
•When the VPN Routing and Forwarding (VRF) number is more than 511
•For IP ACL on the egress interface (for nonaggregate (per-prefix) labels only)
Packet recirculation occurs only on a particular packet flow; other packet flows are not affected. The rewrite of the packet occurs on the modules; the packets are then forwarded back to the PFC for additional processing.
Hardware Supported Features
The following features are supported in hardware:
•Label operation— Any number of labels can be pushed or popped, although for best results, up to three labels can be pushed, and up to two labels can be popped in the same operation.
•IP to MPLS path—IP packets can be received and sent to the MPLS path.
•MPLS to IP path—Labeled packets can be received and sent to the IP path.
•MPLS to MPLS path—Labeled packets can be received and sent to the label path.
•MPLS Traffic Engineering (MPLS TE)—Enables an MPLS backbone to replicate and expand the traffic engineering capabilities of Layer 2 ATM and Frame Relay networks.
•Time to live (TTL) operation—At the ingress edge of the MPLS network, the TTL value in the MPLS frame header can be received from either the TTL field of the IP packet header or the user-configured value from the adjacency entry. At the egress of the MPLS network, the final TTL equals the minimum (label TTL and IP TTL)-1.
Note With the Uniform mode, the TTL is taken from the IP TTL; with the Pipe mode, a value of 255, taken from the hardware register, is used for the outgoing label.
•QoS—Information on Differentiated Services (DiffServ) and ToS from IP packets can be mapped to MPLS EXP field.
•MPLS/VPN Support—Up to 1024 VRFs can be supported (over 511 VRFs requires recirculation).
•Ethernet over MPLS—The Ethernet frame can be encapsulated at the ingress to the MPLS domain and the Ethernet frame can be decapsulated at the egress.
•Packet recirculation—The PFC provides the capability to recirculate the packets. See the "Recirculation" section.
•Configuration of MPLS switching is supported on VLAN interfaces with the mpls ip command.
Supported MPLS Features
•MPLS features:
–Basic MPLS
–MPLS TE
–MPLS TE DiffServ Aware (DS-TE)
–MPLS TE Forwarding Adjacency
–MPLS TE Interarea Tunnels
–MPLS virtual private networks (VPNs)
–MPLS VPN Carrier Supporting Carrier (CSC)
–MPLS VPN Carrier Supporting Carrier IPv4 BGP Label Distribution
–MPLS VPN Interautonomous System (InterAS) Support
–MPLS VPN Inter-AS IPv4 BGP label distribution
See these publications for more information:
http://www.cisco.com/en/US/docs/ios-xml/ios/mpls/config_library/15-sy/mp-15-sy-library.html
http://www.cisco.com/en/US/tech/tk436/tk428/technologies_configuration_example09186a0080093fcb.shtml
http://www.cisco.com/en/US/tech/tk436/tk428/technologies_configuration_example09186a0080093fd0.shtml
•HSRP Support for MPLS VPNs—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/ipapp_fhrp/configuration/15-sy/fhp-15-sy-book.html
•OSPF Sham-Link Support for MPLS VPN—See this publication:
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/configuration/15-sy/iro-sham-link.html
•Multi-VPN Routing and Forwarding (VRF) for CE Routers (VRF Lite)—VRF Lite is supported with the following features:
–IPv4 forwarding between VRFs interfaces
–IPv4 ACLs
–IPv4 HSRP
See this publication:
http://www.cisco.com/en/US/products/hw/routers/ps259/prod_bulletin09186a00800921d7.html
Default Settings for MPLS
None.
How to Configure MPLS Features
•Configuring MUX-UNI Support on LAN Cards
Configuring MPLS
Use these publications to configure MPLS:
http://www.cisco.com/en/US/docs/ios-xml/ios/mpls/config_library/15-sy/mp-15-sy-library.html
Configuring MUX-UNI Support on LAN Cards
A User Network Interface (UNI) is the point where the customer edge (CE) equipment connects to the ingress PE and an attachment VLAN is a VLAN on a UNI port.
The MUX-UNI support on LAN cards feature provides the ability to partition a physical port on an attachment VLAN to provide multiple Layer 2 and Layer 3 services over a single UNI.
To configure MUX-UNI support on LAN cards, perform this task on the provider edge (PE) routers.
This example shows a physical trunk port used as UNI:
Router(config)# interface gigabitethernet 3/1
Router(config-if)# switchport
Router(config-if)# switchport encapsulation dot1q
Router(config-if)# switchport mode trunk
Router(config-if)# switchport trunk allowed vlan 200-250
Router(config-if)# exit
Router(config)# interface gigabitethernet 3/1.10
Router(config-if)# encap dot1q 3000
Router(config-if)# xconnect 10.0.0.1 3000 encapsulation mpls
Router(config-if)# exit
This example shows a Layer 2 port channel used as UNI:
Router(config)# interface port-channel 100
Router(config-if)# switchport
Router(config-if)# switchport trunk encapsulation dot1q
Router(config-if)# switchport trunk allowed vlan 100-200
Router(config-if)# switchport mode trunk
Router(config-if)# no ip address
Router(config-if)# exit
Router(config)# interface port-channel 100.1
Router(config-if)# encapsulation dot1Q 3100
Router(config-if)# xconnect 10.0.0.30 100 encapsulation mpls
Router(config-if)# exit
This example shows Layer 3 termination and VRF for muxed UNI ports:
Router(config)# vlan 200, 300, 400
Router(config)# interface gigabitethernet 3/1
Router(config-if)# switchport
Router(config-if)# switchport encapsulation dot1q
Router(config-if)# switchport mode trunk
Router(config-if)# switchport trunk allowed vlan 200-500
Router(config-if)# exit
Router(config)# interface gigabitethernet 3/1.10
Router(config-if)# encap dot1q 3000
Router(config-if)# xconnect 10.0.0.1 3000 encapsulation mpls
Router(config-if)# exit
Router(config)# interface vlan 200
Router(config-if)# ip address 1.1.1.3
Router(config-if)# exit
Router(config)# interface vlan 300
Router(config-if)# ip vpn VRF A
Router(config-if)# ip address 3.3.3.1
Router(config-if)# exit
Router(config)# interface vlan 400
Router(config-if)# ip address 4.4.4.1
Router(config-if)# ip ospf network broadcast
Router(config-if)# mpls label protocol ldp
Router(config-if)# mpls ip
Router(config-if)# exit
Configuration Examples for MPLS
The following is an example of a basic MPLS configuration:
*****
Basic MPLS
*****
IP ingress interface:
Router# mpls label protocol ldp
interface GigabitEthernet6/2
ip address 75.0.77.1 255.255.255.0
media-type rj45
speed 1000
end
Label egress interface:
interface GigabitEthernet7/15
mtu 9216
ip address 75.0.67.2 255.255.255.0
logging event link-status
mpls ip
Router# show ip route 188.0.0.0
Routing entry for 188.0.0.0/24, 1 known subnets
O IA 188.0.0.0 [110/1] via 75.0.77.2, 00:00:10, GigabitEthernet6/2
Router# show ip routing 88.0.0.0
Routing entry for 88.0.0.0/24, 1 known subnets
O E2 88.0.0.0 [110/0] via 75.0.67.1, 00:00:24, GigabitEthernet7/15
[110/0] via 75.0.21.2, 00:00:24, GigabitEthernet7/16
Router# show mpls forwarding-table 88.0.0.0
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
30 50 88.0.0.0/24 0 Gi7/15 75.0.67.1
50 88.0.0.0/24 0 Gi7/16 75.0.21.2
Router# show mls cef 88.0.0.0 detail
Codes: M - mask entry, V - value entry, A - adjacency index, P - priority bit
D - full don't switch, m - load balancing modnumber, B - BGP Bucket sel
V0 - Vlan 0,C0 - don't comp bit 0,V1 - Vlan 1,C1 - don't comp bit 1
RVTEN - RPF Vlan table enable, RVTSEL - RPF Vlan table select
Format: IPV4_DA - (8 | xtag vpn pi cr recirc tos prefix)
Format: IPV4_SA - (9 | xtag vpn pi cr recirc prefix)
M(3223 ): E | 1 FFF 0 0 0 0 255.255.255.0
V(3223 ): 8 | 1 0 0 0 0 0 88.0.0.0 (A:344105 ,P:1,D:0,m:1 ,B:0 )
M(3223 ): E | 1 FFF 0 0 0 255.255.255.0
V(3223 ): 9 | 1 0 0 0 0 88.0.0.0 (V0:0 ,C0:0 ,V1:0 ,C1:0 ,RVTEN:0 ,RVTSEL:0 )
Router# show mls cef adj ent 344105
Index: 344105 smac: 0005.9a39.a480, dmac: 000a.8ad8.2340
mtu: 9234, vlan: 1031, dindex: 0x0, l3rw_vld: 1
packets: 109478260, bytes: 7006608640
Router# show mls cef adj ent 344105 detail
Index: 344105 smac: 0005.9a39.a480, dmac: 000a.8ad8.2340
mtu: 9234, vlan: 1031, dindex: 0x0, l3rw_vld: 1
format: MPLS, flags: 0x1000008418
label0: 0, exp: 0, ovr: 0
label1: 0, exp: 0, ovr: 0
label2: 50, exp: 0, ovr: 0
op: PUSH_LABEL2
packets: 112344419, bytes: 7190042816
Tip For additional information about Cisco Catalyst 6500 Series Switches (including configuration examples and troubleshooting information), see the documents listed on this page:
http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
Participate in the Technical Documentation Ideas forum