Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1151
Views
20
Helpful
11
Replies

How does Cisco Egress PE do VPN label lookup against VRF?

Go to solution
Mustafa Nassef
Level 1
Level 1

‎05-16-2022 11:53 PM

Hello everyone,

I need a very specific answer about how egress PE processes the VPN label and get the correct VRF so afterwards it will do another IP lookup for the destination IP address.

Assuming Per-VRF VPN label allocation.

 

Which table or which decoding method the PE does for the VPN label to get the correct VRF that the traffic destined to it.

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Harold Ritter
Spotlight
Spotlight
In response to Mustafa Nassef

‎05-17-2022 07:53 AM - last edited on ‎05-20-2022 05:49 AM by Community Manager

Hi @Mustafa Nassef ,

 

With per-vrf label allocation, an aggregate label will be installed in the LFIB. When a packet is received with that label, the label is removed and the IP packet is looked up against the appropriate VRF table. Packets are then forwarded accordingly.

 

RP/0/0/CPU0:PE1#sh mpls for 
Tue May 17 15:02:02.606 UTC
Local Outgoing Prefix Outgoing Next Hop Bytes 
Label Label or ID Interface Switched 
------ ----------- ------------------ ------------ --------------- ------------
24000 Pop 192.168.100.3/32 Gi0/0/0/1 192.168.23.3 7174 
24002 24001 192.168.100.4/32 Gi0/0/0/1 192.168.23.3 10752 
24003 Aggregate test: Per-VRF Aggr[V] \test 520 
RP/0/0/CPU0:PE1#

 

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

View solution in original post

11 Replies 11

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎05-17-2022 12:00 AM

check this document may help you understand:

 

https://www.ciscopress.com/articles/article.asp?p=1081501&seqNum=4

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Mustafa Nassef
Level 1
Level 1
In response to balaji.bandi

‎05-17-2022 12:18 AM

Thank you for your reply.

This document assumes the other option of VPN label allocation (Per-prefix) as follows:

 

"Then PE2 looks up the inner label 3333 in the LFIB, noting the pop action as well, along with the outgoing interface. So PE2 forwards the unlabeled packet out interface S0/1/0."

 

What I was asking about was the other approach of Per-VRF allocation in which the whole VRF including all its routes are assigned to one VPN label.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to Mustafa Nassef

‎05-17-2022 03:33 AM - last edited on ‎05-20-2022 05:48 AM by Community Manager

you config RT under VRF 
any VPNv4 from other MP-iBGP or MP-eBGP have RT with prefix 

the router do filter

RT import same MP-iBGP MP-eBGP RT <- prefix use 

 

RT import not same MP-iBGP MP-eBGP RT <- prefix NOT use 

Go to solution
Mustafa Nassef
Level 1
Level 1
In response to MHM Cisco World

‎05-17-2022 07:05 AM

Thanks for your reply.

What you are mentioning is the control plane and what I asked for was data plane. Traffic forwarding not updates exchanging process.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to Mustafa Nassef

‎05-17-2022 07:46 AM - edited ‎05-17-2022 12:30 PM

this answer is correct, please find below comment

0 Helpful

Go to solution
Harold Ritter
Spotlight
Spotlight
In response to Mustafa Nassef

‎05-17-2022 07:53 AM - last edited on ‎05-20-2022 05:49 AM by Community Manager

Hi @Mustafa Nassef ,

 

With per-vrf label allocation, an aggregate label will be installed in the LFIB. When a packet is received with that label, the label is removed and the IP packet is looked up against the appropriate VRF table. Packets are then forwarded accordingly.

 

RP/0/0/CPU0:PE1#sh mpls for 
Tue May 17 15:02:02.606 UTC
Local Outgoing Prefix Outgoing Next Hop Bytes 
Label Label or ID Interface Switched 
------ ----------- ------------------ ------------ --------------- ------------
24000 Pop 192.168.100.3/32 Gi0/0/0/1 192.168.23.3 7174 
24002 24001 192.168.100.4/32 Gi0/0/0/1 192.168.23.3 10752 
24003 Aggregate test: Per-VRF Aggr[V] \test 520 
RP/0/0/CPU0:PE1#

 

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

Go to solution
Mustafa Nassef
Level 1
Level 1
In response to Harold Ritter

‎05-20-2022 04:16 AM

Thank you so much, you hit the nail on the head.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎05-17-2022 08:15 AM - edited ‎05-17-2022 08:15 AM

good Q friend please find answer from cisco 
""Packet-Forwarding Process

This is the packet-forwarding process in a multi-VRF-CE-enabled network:

  • When the switch receives a packet from a VPN, the switch looks up the routing table based on the input policy label number. When a route is found, the switch forwards the packet to the PE.

  • When the ingress PE receives a packet from the CE, it performs a VRF lookup. When a route is found, the router adds a corresponding MPLS label to the packet and sends it to the MPLS network.

  • When an egress PE receives a packet from the network, it strips the label and uses the label to identify the correct VPN routing table. Then it performs the normal route lookup. When a route is found, it forwards the packet to the correct adjacency.

  • When a CE receives a packet from an egress PE, it uses the input policy label to look up the correct VPN routing table. If a route is found, it forwards the packet within the VPN.""

     

     

    https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9600/software/release/17-7/configuration_guide/rtng/b_177_rtng_9600_cg/configuring_multi_vrf_ce.html

  •  
0 Helpful

Go to solution
Mustafa Nassef
Level 1
Level 1
In response to MHM Cisco World

‎05-20-2022 04:20 AM

Hello bro,

I really thank you for the time you make to reply my post.

I fully understand the MPLS label exchange and data traffic forwarding process. From the answer you got there a part that I was asking about " it strips the label and uses the label to identify the correct VPN routing table." This specific part. I wanted to know how exactly this is done, which table it will look and find the VPN label pointing to the correct VRF.

 

Check the answer for my question and you will get what I mean. Someone answered.

Go to solution
MHM Cisco World
VIP
VIP
In response to Mustafa Nassef

‎05-20-2022 05:10 AM

@Harold Ritter answer always superior,

And for myself always learning from his comments.

@Harold Ritter big thanks from me.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎05-17-2022 09:26 AM

Hi Friend 
your Question make me think and I do LAB and find the answer 
CE1-PE1-P-PE2-CE2

in each of PE1 and PE2 there are two entry type in show mpls forwarding-table 
1- no label [v] this for the CE connect to each of PE 
2- label for LO pf other PE, i.e. PE1 have label for LO of PE2 using for MP-BGP

the trick part there is POP label this confuse me 
but when I do lab I find answer 

when ping from CE1 to CE2 
the PE1 add TWO LABEL 
the upper is Label of LO pf PE2
the lower is Label of destination 

when traffic reach P the label is POP but which one ??
the Upper one, not lower. 
upper one which point to LO of PE2 


NOW PE2 receive traffic with only one Label 
lower label which check it and fins exactly the VRF for it by checking the IP address add to Label entry.

this how PE2 can forward traffic depend on label.

0 Helpful
Customers Also Viewed These Support Documents