cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5653
Views
26
Helpful
19
Replies

MPLS labels

Malik222
Level 1
Level 1

Hello!

I'm preparing a small MPLS L3VPN lab to study for SPCORE. I got stuck at LDP - label filtering and advertising... Having difficulties understanding where the label filtering is supposed to be enabled in my lab... And what labels do I need to advertise? I deployed OSPF between the loopbacks of all of my routers and enabled LDP. But now I'm confused:
1. ) If I want to deploy an L3VPN service is it enough if I advertise only the PE loopback prefixes/label bindings? Or do all the loopbacks have to be advertised + all the other links?
2.) If I want to filter labels where is the most appropriate place? on the P? or on all devices?

BR,
Malik

 

1 Accepted Solution

Accepted Solutions

Harold Ritter
Spotlight
Spotlight

Hi Malik,

 

1. ) If I want to deploy an L3VPN service is it enough if I advertise only the PE loopback prefixes/label bindings? Or do all the loopbacks have to be advertised + all the other links?

 

Yes, it is definitely sufficient to advertise loopback interface addresses only (/32).

 

2.) If I want to filter labels where is the most appropriate place? on the P? or on all devices?

 

You can enable filtering on all devices with the following syntax:

 

no mpls ldp advertise-labels
mpls ldp advertise-labels for 1

!
access-list 1 permit 192.168.100.0 0.0.0.255

***** permit only the range for your loopback interface addresses *****

access-list 1 deny any

 

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

View solution in original post

19 Replies 19

"1. ) If I want to deploy an L3VPN service is it enough if I advertise only the PE loopback prefixes/label bindings? Or do all the loopbacks have to be advertised + all the other links?"

 

Hi we config IP MPLS under the interface between PE-P and hence the Label will exchange the label is exchange between direct connect peer.

Harold Ritter
Spotlight
Spotlight

Hi Malik,

 

1. ) If I want to deploy an L3VPN service is it enough if I advertise only the PE loopback prefixes/label bindings? Or do all the loopbacks have to be advertised + all the other links?

 

Yes, it is definitely sufficient to advertise loopback interface addresses only (/32).

 

2.) If I want to filter labels where is the most appropriate place? on the P? or on all devices?

 

You can enable filtering on all devices with the following syntax:

 

no mpls ldp advertise-labels
mpls ldp advertise-labels for 1

!
access-list 1 permit 192.168.100.0 0.0.0.255

***** permit only the range for your loopback interface addresses *****

access-list 1 deny any

 

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

Hey thank you very much!


The first part is completely clear! I can just advertise the loopbacks of PE, and leave the P's out.

 

A quick follow up question the the second part:

If I do the advertise-labels for on the P, why do I still get the local labels on the PE routers - for the labels that I blocked there? Is it because the IGP is advertising those prefixes forward? So it is best practice to block do advertise-labels on all routers in the MPLS?

TY, Malik

Hi Malik,

 

If I do the advertise-labels for on the P, why do I still get the local labels on the PE routers - for the labels that I blocked there? Is it

> because the IGP is advertising those prefixes forward?

 

This is due to the LDP behavior on IOS. IOS will allocate a local label for every route received from the IGP.

 

> So it is best practice to block do advertise-labels on all routers in the MPLS?

 

Yes, it is best practice for LDP to only advertise the loopback interface address (/32).

 

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

If we talk about l3vpn, then loopback dont have label, the label in P is for the next hop that P use to reach loopback.

Hi Mahmood,

 

LDP will allocate a label for every prefix in the RIB, including the /32 assigned the loopback interface addresses.

 

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

Hi Friend 
https://ccieblog.co.uk/mpls/ordered-lsp-control-vs-independent

this make me mention how MPLS LDP label is assign.
Next hop is necessary for Ordered but  for Independent it will assign label for all Prefix connect.

Hi @MHM Cisco World Referring to your this old post, in my Lab the loopback interface of LSR is not assigning any local Label. label its Purely no label.

As you said the same is happening.

So as far I know and understand that.

1. In loopback interface you cannot enable "mpls ip"

2.The LSR (let say LSR-1) will not assign any "Local label" on his own loopback prefix, though for neighbor LSR(lets say LSR-2) the loop back ip of LSR-1 will show as "no Label" because LSR-1 send  "Generic Label: 3"  value to LSR-2. But in LDP binding on LSR-2 will not show  any "implicit null" against LSR-1 loopback prefix.

3. Also LSR-1 will not assign any Local label on directly other connected interface prefix but it will send "Generic Label: 3" value to his neighbor LSR-2. And  in LSR-2 LDP binding will show "implicit null" against LSR-1 loopback prefix(not between LSR-1 & 2). 

Above is tested in LAB, now where I am making mistake in understanding ? After read this solution bit confuse. @MHM Cisco World @Harold Ritter 

NOTE: its not L3VPN and loop back ip is /24 prefix.

please can see your topology 

Hi @MHM Cisco World Thanks. Below is simple MPLS LDP topology where no VPN present. Only LDP is playing.

TangoAlfa_0-1689236227724.png

output of router: 3.3.3.3
-----------------------------
LSR-PR-R2#sho mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
303 No Label 4.4.4.4/32 0 Et1/3 10.10.30.2

LSR-PR-R2#sho mpls ldp bindings 4.4.4.4 32
lib entry: 4.4.4.4/32, rev 12
local binding: label: 303
remote binding: lsr: 2.2.2.2:0, label: 206
LSR-PR-R2#

in both case(pop label, No Label) it sends GL3 hope it is expected. but if its is mpls ip enable then it marking as pop and if it mpls not enable then it send no Label.

TangoAlfa_1-1689236809797.png

 

first you confuse here 

mpls ip

<<- this command not have any effect in label or not the prefix, it only enable LDP protocol in that link 
since LO is not connect to any neighbour this command is not available  for LO.
I run lab 
all prefix either label or POP 
no label meaning there is something wrong usually 
check if prefix is appear in RIB or not ?

Screenshot (949).png

Hi @MHM Cisco World I am really sorry if I make confuse you. 

But "No Label"  means not something wrong. your Loop back ip is /32 but if you make it /24 then it will be no Label definitely. Even if your LSR learn any prefix  from non LSR then in that case also your outgoing Label will be "no Label".

its tested in LAB if it is wrong then its a IOS bugs. Very simple topology tested.

You use ospf to connect four routers' if Yes 

Then only add 

ip ospf network point-to-point 

Under LO and see it label.

@MHM Cisco World reference to my above point 2 and 3, let me correct one thing what I have observe that LSR-1 is assigning Label on his own loopback interface prefix and locally connected interface prefixes both and that is "implicit null" Label which will not reflect in your LFIB it will be show in LIB and that is why LSR-2 is getting PoP Label as remote Label. And if any prefix learned from non mpls that will be as no label because far end not generating any Label.