Introduction to MPLS

(Stuart G) #53

Hi Rene,
Another huge benefit of MPLS that you do not mention in your introduction is that the protocol combines L2 and L3 (or at least next hop and last hop) so the overall latency through the network is reduced significantly. This is the benefit from a customer perspective and why ISPs can charge a premium for MPLS circuits.

We have transatlantic MPLS circuits with latency of 80ms whereas over the internet we get 140ms to the same site.

I had no idea how easy it is to configure!
Stuart.

(Stuart G) #54

In the lesson CE <-> PE is BGP
PE <-> P is ospf

I tried to create a similar lab. I find that there is only a LSP if the router has a route for the destination.
So how does the P router have an LSP for 5.5.5.5 and 1.1.1.1 ?

PE1#show mpls forwarding-table 
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop    
Label      Label      or Tunnel Id     Switched      interface              
16         17         4.4.4.4/32       0             Gi0/2      192.168.23.3
17         Pop Label  192.168.34.0/24  0             Gi0/2      192.168.23.3
18         Pop Label  3.3.3.3/32       0             Gi0/2      192.168.23.3

There is no label rule for 5.5.5.5 so how do the packets get routed.
I read the page many times but I just don’t get it.

PE1 knows to send packets for 5.5.5.5 via 4.4.4.4
PE1 knows to get to 4.4.4.4 it has to send packets to 192.168.23.3

somehow MPLS gets involved in the decision. This is a recursive route. It is like MPLS is checked at each stage of the route recursion. Is that what happens or is it some sort of magic interaction between MPLS and iBGP ?

I tried to do the same thing with a static route

Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
C       1.1.1.1 is directly connected, Loopback0
     2.0.0.0/32 is subnetted, 1 subnets
D       2.2.2.2 [90/409600] via 172.16.12.2, 00:00:57, FastEthernet0/0
     3.0.0.0/32 is subnetted, 1 subnets
D       3.3.3.3 [90/435200] via 172.16.12.2, 00:12:56, FastEthernet0/0
     4.0.0.0/32 is subnetted, 1 subnets
D       4.4.4.4 [90/437760] via 172.16.12.2, 00:12:56, FastEthernet0/0
     172.16.0.0/24 is subnetted, 3 subnets
D       172.16.34.0 [90/309760] via 172.16.12.2, 00:12:57, FastEthernet0/0
D       172.16.23.0 [90/307200] via 172.16.12.2, 00:19:16, FastEthernet0/0
C       172.16.12.0 is directly connected, FastEthernet0/0
C    192.168.1.0/24 is directly connected, FastEthernet1/0
S    192.168.3.0/24 [1/0] via 172.16.34.4
R1#sh mpls for
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop    
tag    tag or VC   or Tunnel Id      switched   interface              
16     17          3.3.3.3/32        0          Fa0/0      172.16.12.2  
17     19          4.4.4.4/32        0          Fa0/0      172.16.12.2  
18     18          172.16.34.0/24    0          Fa0/0      172.16.12.2  
19     Pop tag     172.16.23.0/24    0          Fa0/0      172.16.12.2  
20     Untagged    192.168.3.0/24    0          Fa0/0      172.16.12.2  
21     Pop tag     2.2.2.2/32        0          Fa0/0      172

S 192.168.3.0/24 [1/0] via 172.16.34.4
18 18 172.16.34.0/24 0 Fa0/0 172.16.12.2
20 Untagged 192.168.3.0/24 0 Fa0/0 172.16.12.2

Why is 192.168.3.0/24 untagged ?

Stuart

1 Like
(MAODO T) #56

The article is amazing, interesting, important, … ! As a CCNP candidate ; before reading this article, I did read separately lot of articles on BGP, MPLS and GRE. Unfortunately, I really get confused on three points in the fundamental (first) part of the article. I have a question for each of the three points.

I did read somewhere that IGPs do have serious trouble with routing tables > 500.000 prefixes. Could prefixes (from BGP) be learned from PE1 to PE2 (or vice-versa) without being learned by IGP “P” routers ?

Could I base my point on the huge number of prefixes for saying that “running an IGP in a P router is a bad practice, compared to making it be IBGP” ?

I do not understand the following affirmation in the article : “The advantage is that BGP traffic between PE1 and PE2 wouldn’t be encapsulated by GRE”. How a GRE tunnel could be established between PE1 et PE2 without having GRE encapsulation everywhere on the route between PE1 and PE2 ?

(jonrandall) #57

Hi @kayoutoure,

In this article we are starting with the idea to remove BGP from the network core. This is because the core can be very large and we don’t want to have to make many manual changes each time something is modified.
Our objective is to let the PE routers talk BGP to other PE routers and remove the requirement for P routers to talk BGP. We could have many P routers in the path between two PE routers (e.g. PE-P-P-P-P-P-P-P-PE) so this would be a great optimisation.

So your first point is correct. BGP prefixes are learned from PE to PE, not via the P routers.

Regarding GRE, don’t worry about this too much. It is used as one example of how we could stop using BGP on the P routers. We are meant to consider that using MPLS in the core is similar to using GRE in the core as they are both methods of allowing PE routers to handle all the BGP routing logic and the P routers just forward data in a “dumb” way between PE routers.

The reason we see many more MPLS cores than GRE cores is that there are some extra advantages to using MPLS such as better performance in large networks but, in our lesson, they have both achieved the same thing; removing BGP from the P router core.

I hope this helps,
Jon

(MAODO T) #58

Hi Jon.

Thank you for your interesting answers.

When you say “many manual changes each time something is modified”, it does raise some existential questions in my mind.

1 - What really IBGP (Internal BGP) routers could be useful for ? Your last answers seemed to me to say that a core with IGP nodes only is a “great optimisation” compared to a core with IBGP nodes.

2 - Do MPLS provide a “DMVPN-KindOf” for a company having 10 branches and needing to tunnel between any two of them ?

PS : I would like to have the chance to read a good article explaining why “a core with IGP nodes only is a great optimisation compared to a core with some IBGP nodes”.

(Rene Molenaar) #59

Hi @kayoutoure

It might help to think about this the other way around, let’s say we don’t use MPLS but BGP on all P and PE routers. This means that:

* The P routers have to do a lookup in their routing tables for every destination.
* The P routers have to know about every destination…this means you’ll have to redistribute customer information into BGP.
* iBGP has to be a full mesh so if you add another P router in your network, you’ll have to establish neighbor adjacencies with all other iBGP routers. You can make your life a bit easier with route reflectors and confederations but it’s still a lot more work than configuring a router with an IGP like OSPF + MPLS.

There are a lot of different logical topologies you can run on top of MPLS. For example, services like E-line, E-tree and E-lan are also often used on top of MPLS.

(Rene Molenaar) split this topic #60

4 posts were merged into an existing topic: Internal BGP (Border Gateway Protocol) explained

(Rohan H) #61

Hello Rene,

Thanks for the lesson.

Please excuse me if I’m asking a dumb question. With the increase in high speed fiber links could a Service Provider use “pure Ethernet” (using technologies like vlans, tunneling, etc) in providing WAN service connectivity for its customers?
My understanding of MPLS, with its multi-protocol capability, is that it provides a means of integrating legacy technology (like frame-relay) into a newer network. Correct?

Rohan

1 Like
(Rene Molenaar) #62

Hi Rohan,

Ethernet is more often used nowadays for the WAN. I wrote a bit about this in this lesson:

For MPLS, it doesn’t matter that much what the underlying network is. MPLS does support transport of L2 frames, including frame-relay. This allows you to keep your current frame-relay routers on the customer side but replace the frame-relay provider with an MPLS network. Here’s a quick example:

In the example above, the HQ and Branch routers have Ethernet interfaces but it’s also possible to use serial interfaces with frame-relay encapsulation on those routers.

(Rohan H) #63

Thanks Rene,

I will do further reading.

But just to ensure I understand your response - “Ethernet is more often used nowadays for the WAN”. I understand this to mean that you are referring to the underlying technology.

But I am referring to “pure Ethernet” in the sense of no MPLS. I am thinking of a switched network with multiple vlan/departments on a larger scale. I hope I’m making sense.

Rohan

(Lazaros Agapides) #64

Hello Rohan

Nowadays it is true that “pure” Ethernet is used for WAN connections. This is usually referred to as Metro Ethernet referring to the Metropolitan Area Network (MAN) infrastructure that is necessary for this. This service is essentially a fibre optic cable that comes into your premises (it’s almost always fibre optics due to distance restrictions of UTP) and this connects either directly to your Ethernet interface of your switch or to a telco owned switch to which you connect your equipment. Actual Ethernet frames are sent over this connection without MPLS or other technologies running over it.

I support a fibre optic MAN in the city I live in and each customer is given a switch to connect to. They can send multiple VLANs over the Metro Ethernet connection just like you would on your own private network.

I hope this has been helpful!

Laz

(Rohan H) #65

Thanks Laz.

I am clear on the access side. But I suspected that a Service Provider could use only Ethernet to provide service end-to-end (with no mpls in the core) why I asked the question.

Rohan

(Lazaros Agapides) #66

Hello Rohan.

Yes, the ISP can use pure Ethernet end-to-end to provide WAN services without any other technologies running over that like MPLS.

I hope this has been helpful!

Laz

(Mohammad Hasanuz Zaman) #67

Hi Rene,
I have three question raises regarding MPLS …So need your assistant badly to explore it .

  1. Why cef switching technique must needed for MPLS operation ??
  2. LSP is unidirectional , What does it mean ??
  3. Untagged label , What does it mean ??Its same operation like Pop tag ??

Appreciate your crystal clear answer regarding the questions .Thx

br//zaman

(Lazaros Agapides) #68

Hello Zaman

MPLS functions on many vendors’ equipment as it is an open method of data-carrying. Cisco chooses to implement MPLS in combination with CEF because of their similarities in functions and the efficiency this introduces. Essentially, CEF functionality complements MPLS.

MPLS is like CEF because it generates a table with mappings from incoming labels to outgoing labels and next hop. CEF on the other hand generates a table mapping the incoming packets destination to the outgoing interface and next hop. Both function based on the routing table and are generated on startup, allowing for very fast switching of packets.

On Cisco devices, CEF and MPLS work together. On the ingress edge router the IP destination network of an unlabelled packet will be looked up in the CEF table which contains a mapping to the outgoing label. This is done for efficiency so that the destination doesn’t have to be looked up in the CEF table, then again in the label forwarding information base (LFIB).

A Label Switched Path (LSP) defines a path in only one direction. This means that it allows data to flow in only one direction between two endpoints. Establishing two-way communications between endpoints requires a pair of LSPs to be established, one for each direction. Because two LSPs are required for connectivity, data flowing in the forward direction may use a different path from data flowing in the reverse direction. This is a similar concept to the fact that if routing is available from point A to point B, it is not necessarily true that routing exists from point B to point A. It must be explicitly defined.

The pop label is very different than the untagged label. A popped label is when the penultimate (the second-to-last router) performs a pop of the outer label. The inner label is still there, so it forwards it based on that.

The Untagged keyword shows up in the output of the show mpls forwarding-table command. What it means is that the router has no output label associated with the forwarding equivalence class (FEC … usually an IP prefix). Since there is no output label, the router cannot perform a label swap (or pop) but has to remove the whole MPLS header.

In this case, the raw IP packet has to be forwarded based on the routing table and the prefixes found there.

I hope this has been helpful!

Laz

MPLS LDP (Label Distribution Protocol)
(Mohammad Hasanuz Zaman) #69

Hi Rene,

Hope you are doing well …
What is the difference between Frame Mode MPLS & Cell mode MPLS . Thx

br//zaman

(Rene Molenaar) #70

Hi Zaman,

Frame mode MPLS is what we use on Ethernet and some other L2 technologies. Cell mode MPLS is typically used on ATM networks. Here’s a short explanation of cell switching:

Rene

(Charalambos D) #72

Hi Rene,

For the PE1 router whats the reason for having local label 16 for the route 4.4.4.4. I mean from where is it possible to receive an mpls tag 16 for this route?

PE1#show mpls forwarding-table 
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop    
Label      Label      or Tunnel Id     Switched      interface              
16         17         4.4.4.4/32       0             Gi0/2      192.168.23.3
17         Pop Label  192.168.34.0/24  0             Gi0/2      192.168.23.3
18         Pop Label  3.3.3.3/32       0             Gi0/2      192.168.23.3
(Faisal Ahmed A) #73

Dear Rene,

Thanks for your amazing MPLS course. Now i am going through it.

We have Site-to-Site IPsec tunnel between HQ router (CISCO2951/K9) and 4 branches using CISCO1941/K9. The connection is established over point-to-point wireless links. To have wired links, we have received BGP-MPLS VPN offer from service provider.

Who will control CE devices?
Can we have CE-to-CE IPSec VPN? Can our routers be assumed to be CE devices
How can we protect our data passing through the service provider as it is financial data ?

Thanks again.

Regards,
Faisal Ahmed

(Lazaros Agapides) #74

Hello Faisal

This depends on the policy of your network provider. Some providers provision an MPLS pipe for you and you are required to plug your CE equipment onto that. Other providers give you the CE devices and they provision them according to your needs. You will have to speak with your provider to see what options they provide. So depending on the setup, your routers will either be the CE devices or they will be the devices behind the CE devices provided by the service provider.

There are several ways to provide protection over an MPLS network. If you have multiple branches as I see you do, consider using DMVPN over the MPLS network with your HQ as a hub. You can find out more information about such a configuration at this lesson as well as in subsequent lessons.

Keep in mind that the MPLS VPN that is offered by the providers just provides separation of traffic from various customers in the MPLS network and doesn’t necessarily include encryption of the data transfered. More about MPLS VPNs can be found at this lesson.

I hope this has been helpful!

Laz