cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7263
Views
10
Helpful
4
Replies

MPLS VPN (Inner label)

jhonny.eriksson
Level 1
Level 1

Hello,

I've searched through numerous documentations on the subject but I just can’t understand how the inner label gets added from the LFIB to the correct vpnv4 prefix.

First the router (PE / Ingress-LSR) learns a prefix from the CE which ends up in the VRF RIB. Running MPLS the router allocates a local label for the prefix and stores it together with the next-hop and outgoing interface in the LFIB. If I stop here and reflect on LFIB table I have learned that it's global. It stores a label a next-hop and an outgoing interface. BGP is now enabled, and as I assume (another question I have) a per VRF IPv4 table is created. So, the router should have a BGP table for each VRF when you enable address-family ipv4 vrf. But when you enable MP-BGP the router creates a global VPNv4 table with all re-defined VPNv4 prefixes which is to be advertised to the other PE routers.

So now I have the global LFIB tables which only reference is the outgoing interface, next-hop and label. And I have the global VPNv4 table which lists the VPNv4 prefix, NEXT_HOP PA (which should actually be null 0 since the route was redistributed into BGP? The receiving router will set NEXT_HOP_PA to the advertising routers update-source though) and the COMMUNITY_PA set to the RT export.

How does the router know which label to add to which VPNv4 prefix? (i.e what maps the label to the vpnv4 prefix?) The label itself doesn't really say which VRF it came from? The next-hop could be the same IP? It would be the outgoing interface then, whatever VRF that interfaces are assigned to could map the label to the VPNv4 prefix by RD. But I can't find any reference to that.

My 2nd question which is not really related to the first but... When I enable an IPv4 address family for any other protocol I can show the specific protocol table for that VRF (for example show ip eigrp vrf <vrf-name>).

However, with BGP that’s not the case. When I run the same command, show ip bgp ipv4 I am unable to pick VRF but I have to look at the vpnv4 table with the VPNv4 prefixes. Why is that BGP does not seem to have a separate IPv4 table for each VRF as the other IGPs do?

Very grateful for help understanding this complex process.

1 Accepted Solution

Accepted Solutions

Hi,

Ok, let's stay on the egress PE.

Let's see if this makes sense:

For every prefix in every VRF routing table, we make a corresponding vpnv4 prefix (RD is added to the IPv4 prefix).

BGP on the egress PE then assigns a label to that vpnv4 prefix.

The PE router then pushes this entry into the LFIB, with that label as incoming label (and also the label operation and next-hop).

BGP advertises the vpnv4 prefix + MPLS label to all other PE routers.

The wrong reasoning you make is that you think that there is a global FIB entry that also holds that label, which then needs to be found by BGP somehow.

Hopefully this makes sense.

Thanks,

Luc

View solution in original post

4 Replies 4

Luc De Ghein
Cisco Employee
Cisco Employee

Hi,

I've searched through numerous documentations on the subject but I just cant understand how the inner label gets added from the LFIB to the correct vpnv4 prefix.

LDG > It does not. The label is allocated by the egress PE to the vpnv4 prefix. LFIB is not involved.

First the router (PE / Ingress-LSR) learns a prefix from the CE which ends up in the VRF RIB. Running MPLS the router allocates a local label for the prefix and stores it together with the next-hop and outgoing interface in the LFIB.

LDG > Correct.

If I stop here and reflect on LFIB table I have learned that it's global. It stores a label a next-hop and an outgoing interface.

LDG > Correct. That label is put into the LFIB as incoming (or local) label.

BGP is now enabled, and as I assume (another question I have) a per VRF IPv4 table is created. So, the router should have a BGP table for each VRF when you enable address-family ipv4 vrf. But when you enable MP-BGP the router creates a global VPNv4 table with all re-defined VPNv4 prefixes which is to be advertised to the other PE routers.

LDG > Correct.

So now I have the global LFIB tables which only reference is the outgoing interface, next-hop and label. And I have the global VPNv4 table which lists the VPNv4 prefix, NEXT_HOP PA (which should actually be null 0 since the route was redistributed into BGP? The receiving router will set NEXT_HOP_PA to the advertising routers update-source though) and the COMMUNITY_PA set to the RT export.

LDG > Correct.

How does the router know which label to add to which VPNv4 prefix? (i.e what maps the label to the vpnv4 prefix?) The label itself doesn't really say which VRF it came from? The next-hop could be the same IP? It would be the outgoing interface then, whatever VRF that interfaces are assigned to could map the label to the VPNv4 prefix by RD. But I can't find any reference to that.

LDG> Now you jump to the ingress PE. Above, you described what the egress PE does.

LDG> The egress PE advertises the vpnv4 prefix (prefix + RD + Route Targets) and MPLS label to the ingress PE.

LDG> Indeed, the MPLS label does not identify the VRF, that is what the Route Targets do, at least to which VRFs the prefix is imported into, and from which VRF it was exported.

My 2nd question which is not really related to the first but... When I enable an IPv4 address family for any other protocol I can show the specific protocol table for that VRF (for example show ip eigrp vrf ).

However, with BGP thats not the case. When I run the same command, show ip bgp ipv4 I am unable to pick VRF but I have to look at the vpnv4 table with the VPNv4 prefixes. Why is that BGP does not seem to have a separate IPv4 table for each VRF as the other IGPs do?

LDG > "show ip bgp vpnv4 vrf <>" will give you BGP prefixes per VRF.

Very grateful for help understanding this complex process.

LDG > You're welcome.

Luc

Wow, Luc De Ghein! Thank you so much for your answer. I so much appricate your book "MPLS Fundamentals"! Its always my no.1 reference for MPLS and has helped me a lot with my studies.

I think I might have been a little bit unclear in my question though. I'll try to re-phrase it.

How does the router know which label to add to which advertised VPNv4 prefix? (i.e what maps the label to the vpnv4 prefix?).

So I am still on the Egress-LSR but wondering how the label (being in the global FIB with no information, except outgoing interface) links to the correct VPNv4 prefix. The VPNv4 prefix gets advertised with VPNv4-Prefix (IPv4 table prefix plus RD), COMMUNITY PA (RT Export) and NEXT_HOP (Update-source), Label (?).

With the LFIB being global. How is the mapping done?

Thanks!

BR Jhonny Eriksson

Hi,

Ok, let's stay on the egress PE.

Let's see if this makes sense:

For every prefix in every VRF routing table, we make a corresponding vpnv4 prefix (RD is added to the IPv4 prefix).

BGP on the egress PE then assigns a label to that vpnv4 prefix.

The PE router then pushes this entry into the LFIB, with that label as incoming label (and also the label operation and next-hop).

BGP advertises the vpnv4 prefix + MPLS label to all other PE routers.

The wrong reasoning you make is that you think that there is a global FIB entry that also holds that label, which then needs to be found by BGP somehow.

Hopefully this makes sense.

Thanks,

Luc

I did setup a lab and the debug pretty much verified exactly what you summarized.

Thank you so much for your explanation. Now I feel more confident going back to my CCIE studies