1-On PE, we configure BGP address-family ipv4 vrf to create BGP peering with CE.
But, why do we need to use show bgp vpnv4 unicast to view the status.
In my opinion, something like show ip bgp vrf is more correct.
2-When I use this command on PE sh mpls forwarding-table vrf A, only the route from directly connected CE is shown. Do you know what is the reason?
3-In this configuration, if I want to practice label filtering, what is the correct IP address to allow on each MPLS router.
PE1, P, PE2: Allow only the loopback of every router ???
The show bgp vpnv4 unicast command shows us what we need. It lists anything that is related to the VPNv4 address family. Remember that in section 1.3 we created the VPNv4 address family and activated a neighbor in that address family. This is where the send-community extended keywords were added to the neighborship. So in order to show the BGP info obtained via that VPNv4 address family configuration, it is the show bgp vpnv4 unicast command that must be used.
The show ip bgp vrf doesnât seem to exist.
PE2#show ip bgp vrf ?
% Unrecognized command
PE2#show ip bgp vrf
Did you have something else in mind?
The only prefixes included in VRF CUSTOMER (I assume you used âAâ as your VRF name) are the 1.1.1.1/32 and the 5.5.5.5/32 prefixes. None of the prefixes found within the MPLS infrastructure are included in the VRFs. (Only customer prefixes are found in the VRFs).
From the point of view of PE1, only the 1.1.1.1/32 prefix is found in the MPLS forwarding table. 5.5.5.5/32 is not in the MPLS forwarding table because it is on a CE that is not directly connected.
This is by definition of MPLS. So when you show the forwarding table and you restrict it to the CUSTOMER VRF, only the 1.1.1.1/32 prefix is included.
Similarly, if you were to do the same on PE2, you will find that you only see the 5.5.5.5/32 prefix in the table, because only that prefix from within the forwarding table belongs to that VRF.
For label filtering, I suggest you take a look at this lesson and create the lab. I believe going through that lesson will resolve most if not all of your questions about this:
In this current topology we only have a single router, can you explain how it works in a real-world service provider network, where there are e.g 500 customers connected to one PE router, I understand on the PE router subinterfaces have to be created and dot1q encapsulation, 1. why is it necessary to create subinterfaces and also 2. tagging the subinterfaces at the same time? what else can you explain how the real world works when 500 customers are connected per one PE routers
A PE router will connect each customer (CE router or device) using a layer 3 interface. In this way, each customer essentially corresponds to a layer 3 interface on the PE router itself. Now those layer 3 interfaces can be physical, can be a subinterface, or can be an SVI, it really doesnât matter.
Typically an MPLS PE router will not have one physical interface per customer, especially if one PE router is serving, say, 40 or 50 end devices. In order to save money on hardware, subinterfaces are typically used. A subinterface cannot connect directly to a physical interface of a CE. There must be some device in between, like a switch.
So in such a case, you would have a physical interface on a PE connecting to a switch, using the ârouter on a stickâ topology, where you would assign IP addresses to the subinterfaces, as well as VLAN tagging to keep the links separate. This VLAN tagging is only for the purpose of the link between the PE router and the switch. The switch in turn will have one physical interface per VLAN that corresponds to a subinterface, on which the CE devices can be connected.
So the VLAN tagging is used only for the link between the PE and the intervening switch. These tags are not seen at all by the CE or by the P devices in the MPLS topology.
Hi Rene/LAz
Could you explain why VPN label which is 19 on the data packet is placed on MPLS header?
I thought VPN Labels are different from MPLS labels, VPN labels are for helping with VRF navigation not MPLS!
This is just how MPLS VPNs are implemented, by using ânestedâ MPLS headers. The VPN label is actually, by definition, the label in the inner MPLS header. Now the way in which this label value is used to identify the VRF to which the particular packet belongs is explained in detail in the Verification section of the lesson.
Hello ,
I have might be a basic understanding question about âFor VPNv4 routes however the next hop address is changed automatically because the loopback address of the other PE router will be the endpoint of the tunnel.â How is that if loopback of the PE router is endpoint makes the nexthop changed automatically ? BGP update message still has nexthop attribute unchanged isnt it.
In the example given, you can see that the next hop of the eBGP route to 1.1.1.1/32 that exists in the PE1 router is 192.168.12.1. This is the next hop for this particular route. When PE1 advertises this to PE2 via iBGP, the next-hop IP used by PE2 is the 2.2.2.2 address of PE1.
The next-hop IP has changed. This is because when you configure iBGP to share VPNv4 prefixes, you create a tunnel between the loopbacks of the PE routers. By definition and by design, BGP will change the next-hop IP to the endpoint of that tunnel. Thatâs the reason why we donât need the next hop self command.
So as most everyone has stated this is a really great lesson its part of 1-2 punch with the lesson previous to this.
I have to say though⊠dang⊠you have first and IGP OSPF in this case and then you configure MPLS/LDP on that and then you go back later and configure iBGP with ip address family for the flavor.
thats like thee different things (not mentioning the VRFs and the EBGP as well between the CE and PE routers. Alot of stuff going on!
Also can we consider Layer 3 MPLS to be a VPN? I am guessing we do because thats the name of this lesson, and then I might as well ask is all MPLS kind of considered a VPN?
Yes, it is true that to make MPLS Layer 3 VPN work, you need to incorporate many different features and concepts such as an IGP, MPLS/LDP, BGP, and then the appropriate communication between PEs and CEs⊠Add on top of that VRFs and RDs and RTs, and it can become very complicated! Thatâs why the lessons build on each other, especially in the MPLS course.
Hmm, thereâs no term called âLayer 3 MPLSâ. Remember MPLS is considered a âLayer 2.5â protocol because it operates somewhere between layers 2 and 3. The term âMPLS Layer 3 VPNâ however is what is being described in the lesson. This essentially delivers a VPN to multiple sites of the same organization over a shared medium, which is the MPLS network. Now you can consider this a VPN in the classical sense of the term since it is indeed performing the same function as a more traditional VPN. The difference is just the mechanisms by which this is achieved, specifically, using a combination of all of the above-mentioned features and operations.
P is connected with PE 1 via interface Fa0/0 with IP address 162.168.23.3.
PE1 has another directly connected interface, which connects with CE1, and has an IP Address:
192.168.12.2
Addresses bound to peer LDP Ident:
192.168.12.2 192.168.23.2 2.2.2.2
CE1 - PE1 PE1 - P PE1 Lo0
Great. When I check below (second half of the same output):
Peer LDP Ident: 4.4.4.4:0; Local LDP Ident 3.3.3.3:0
TCP connection: 4.4.4.4.52817 - 3.3.3.3.646
State: Oper; Msgs sent/rcvd: 10/11; Downstream
Up time: 00:02:02
LDP discovery sources:
FastEthernet0/1, Src IP addr: 192.168.34.4
Addresses bound to peer LDP Ident:
192.168.34.4 192.168.45.4 4.4.4.4
PE2 - P PE2 - CE2 PE2 Lo0
Is there any reason why it appears like that for the direction P - CE2?
How is that section interpreted by the router P ?
In the output of this command, the Addresses bound to peer LDP Ident: portion of the output lists the address that might appear as the ânext hopâ addresses in the local routing table. These are used to maintain the Label Forwarding Information Base (LFIB).
There doesnât seem to be any noticeable order in which these addresses are listed. In this particular topology, they are all of the IP addresses of the LDP neighbors, those addresses that can be reached via the listed LDP discovery sources. It is simply a list, with no significance to the order with which those addresses appear.
Take a look at the following Cisco command reference for this particular show command:
In it, you will see additional examples of this output where in some cases there are dozens of addresses listed in this section, without any apparent order.
The show mpls l2transport vc command shows information about Any Transport over MPLS (AToM) virtual circuits (VCs) and static pseudowires that have been enabled to route Layer 2 packets on a router. Information in the output includes the local and remote interfaces of the routers terminating the VC, the VC ID, status, and the local circuit ID.
More information about this command can be found here:
The show xconnect command displays information about xconnect attachment circuits and pseudowires. Specifically, it displays information including segment 1 and segment 2 states. More information about this particular command can be found here:
These commands are related because the display similar information, but you can think of the show xconnect command as a command displaying information at a lower layer while the show mpls l2transport vc command shows information at a higher layer.
Hello Laz ,
this Text is in Topology above :::âOur PE1 router knows that in order to reach 5.5.5.5, it has to use 192.168.23.3 as the next hop (P router). In order to get there, we will use transport label value 17. This packet will be forwarded to the P router which checks its own forwarding table to figure out what to do with it.â
my Question is : The P Router use here Label 17 and this Label is locally for prefix 4.4.4.4 , the destination address in Packet is 5.5.5.5 and The P Router does not have this Network in MPLS Forwarding Table And use The Lable of Prefix 4.4.4.4 !!. can You please explain me how does The Packet Forwarding here occur ?
Above you can see how the packet travels from CE1 to CE2:
The CE1 router sends a normal IP packet to the PE1 router.
The PE1 router will add two labels to it:
First it will add the VPN label (19) which PE2 can use to determine to which VRF this packet will belong.
The second label is the transport label (17) that is used to get this packet through the core of the service provider network.
The P router will receive the packet, looks at the transport label, pops it and forwards the packet to the PE2 router.
The PE2 router will look at the VPN label and decides that this is for VRF CUSTOMER. It will remove the label and forwards the IP packet to the CE2 router.
So how does P know to reach 4.4.4.4? Well, instead of using the VRF routing table, when using VPNv4, based on the transport label, the router knows to use the global routing table to figure out where 4.4.4.4/32 is. On the P router, you can see in the lesson that the prefix 4.4.4.4 is associated with label 17. This is removed before forwarding (using the global routing table) and the packet reaches PE2 successfully. Based now on the inside label of 19, it knows that this packet belongs to the customer VRF for CE2, and forwards it successfully.
This is an exception for VPNv4, based on the transport label the router knows to use the global routing table to figure out where 4.4.4.4/32 is. Hereâs a good way to see both labels and the logic of the PE1 router how it will reach the next hop:
FINALLY! Someone spelled it out plainly. I have been looking for this answer for ages and no one could tell my WHY a VRF would break the rules and do a recursive routing lookup into the global table for itâs next hop.
Thank you very much! I just barely joined the forum and have already found answers to my questions.
Great to hear that you found what youâre looking for! We hope you continue to find the site and the forum useful for your certification and professional endeavors.
