Solved: Re: MPLS PHP

Tushar Gawai · ‎05-14-2019

In above pic, R2 & R7 are PE routers.

I can ping from R1's loopback from R8's loopback & vice-versa. However, I can see MPLS control plane is broken.

R1#traceroute 8.8.8.8 source lo0
Type escape sequence to abort.
Tracing the route to 8.8.8.8
VRF info: (vrf in name/id, vrf out name/id)
1 10.0.0.2 12 msec 16 msec 8 msec
2 20.0.0.3 [MPLS: Labels 21/28 Exp 0] 76 msec 100 msec 88 msec
3 35.0.0.5 [MPLS: Labels 17/28 Exp 0] 88 msec 92 msec 80 msec
4 50.0.0.6 [MPLS: Labels 16/28 Exp 0] 88 msec 76 msec 68 msec
5 70.0.0.7 [MPLS: Label 28 Exp 0] 144 msec 52 msec 64 msec
6 70.0.0.8 100 msec 108 msec 76 msec
R1#

Can't see MPLS label for 60.0.0.0 network. Similarly I can't see label for 20.0.0.0 network.

R8#traceroute 1.1.1.1 source lo0
Type escape sequence to abort.
Tracing the route to 1.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 70.0.0.7 12 msec 4 msec 16 msec
2 60.0.0.6 [MPLS: Labels 22/30 Exp 0] 72 msec 44 msec 84 msec
3 50.0.0.5 [MPLS: Labels 23/30 Exp 0] 68 msec 92 msec 80 msec
4 35.0.0.3 [MPLS: Labels 18/30 Exp 0] 76 msec 44 msec 60 msec
5 10.0.0.2 [AS 1] [MPLS: Label 30 Exp 0] 160 msec 40 msec 64 msec
6 10.0.0.1 [AS 1] 48 msec 104 msec 56 msec
R8#

R5#sh mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 No Label 40.0.0.6/32 0 Gi3/0 50.0.0.6
17 16 7.7.7.7/32 6935 Gi3/0 50.0.0.6
18 Pop Label 6.6.6.6/32 1458 Gi3/0 50.0.0.6
19 Pop Label 60.0.0.0/8 0 Gi3/0 50.0.0.6
20 16 40.0.0.4/32 0 Gi4/0 35.0.0.3
21 17 4.4.4.4/32 1836 Gi4/0 35.0.0.3
22 Pop Label 3.3.3.3/32 0 Gi4/0 35.0.0.3
23 18 2.2.2.2/32 8184 Gi4/0 35.0.0.3
25 Pop Label 20.0.0.0/8 0 Gi4/0 35.0.0.3
26 Pop Label 30.0.0.0/8 0 Gi4/0 35.0.0.3
R5#

Why PHP happening 1 hop early?

On all routers except R1 & R8, config is:
router ospf 1
mpls ldp autoconfig & network command.

Please troubleshoot.

Giuseppe Larosa · ‎05-14-2019

Hello Tushar,

a) if you can ping from R1's loopback to R8 loopback this means the forwarding plane is fine and the LSP is correct.

Traffic in a L3 VPN cannot travel end to end if the LSPs are broken.

b) let's examine using your network diagram the first traceroute output in your original post:

! I add a comment on the right of each hop

R1#traceroute 8.8.8.8 source lo0
Type escape sequence to abort.
Tracing the route to 8.8.8.8
VRF info: (vrf in name/id, vrf out name/id)
1 10.0.0.2 12 msec 16 msec 8 msec              ! R2 PE interface access link in VRF
2 20.0.0.3 [MPLS: Labels 21/28 Exp 0] 76 msec 100 msec 88 msec ! R3 link in MPLS cloud two labels
3 35.0.0.5 [MPLS: Labels 17/28 Exp 0] 88 msec 92 msec 80 msec   ! R5 link in MPLS cloud two labels
4 50.0.0.6 [MPLS: Labels 16/28 Exp 0] 88 msec 76 msec 68 msec ! R6 link to R5 in MPLS cloud two labels
5 70.0.0.7 [MPLS: Label 28 Exp 0] 144 msec 52 msec 64 msec   ! R7 VRF access link to CE R8 one label but pop occurred in R6
6 70.0.0.8 100 msec 108 msec 76 msec   ! final destination CE R8 router no labels at all
R1#

I don't see R5 performing PHP, we actually see a single label coming back from R7 with source 70.0.0.7.

In the MPLS cloud the MPLS packets have their own TTL field in MPLS topmost label that expires.

The only "unexpected" in the traceoute is the fact that the R6-R7 link is hidden. But R7 is the egress PE.

The P routers answer back by using the interface in the path to the source.

The PE router answers back from the VRF access link, because it processes an MPLS packet with a single label with TTL=1 it extracts the IP packet inside copies the MPLS TTL to the IP packet header and then decrements to 0.

Hope to help

Giuseppe

View solution in original post

Giuseppe Larosa · ‎05-14-2019

Hello Tushar,

>> Why PHP happening 1 hop early?

From the output of traceroute commands that you have provided we can understand how R1 and R8 are CE routers.

So R1 and R8 are not MPLS aware and not part of the MPLS cloud.

So PHP happens on R6 even if the traceroute shows a single label coming back from IP address 70.0.0.7 that is the PE R7 address in VRF.

I don't think you have a real issue here.

The way the routers behave with traceroute , MPLS and PHP in action is influenced by some commands about mpls propagate-ttl.

With default settings a CE router can see intermediate hops in the MPLS clould but this can be hidden.

The fact the packet expires on PE R7 after the POP is related to how implementation is done.

R6 sends out an MPLS probe packet with a single label and with TTL=1 in the MPLS shim header, and then the packet is discarded by R7 just before sending out VRF interface. So the PE R7 sends back an ICMP unreached TTL expired with source = 70.0.0.7 in VRF.

I agree this hides the IP subnet between R6 and R7. But it is not an issue.

Hope to help

Giuseppe

Tushar Gawai · ‎05-14-2019

Is that mean, traceroute shows correct LSP path?
Check out the output from R5. Its pooping the label.

Giuseppe Larosa · ‎05-14-2019

Hello Tushar,

a) if you can ping from R1's loopback to R8 loopback this means the forwarding plane is fine and the LSP is correct.

Traffic in a L3 VPN cannot travel end to end if the LSPs are broken.

b) let's examine using your network diagram the first traceroute output in your original post:

! I add a comment on the right of each hop

R1#traceroute 8.8.8.8 source lo0
Type escape sequence to abort.
Tracing the route to 8.8.8.8
VRF info: (vrf in name/id, vrf out name/id)
1 10.0.0.2 12 msec 16 msec 8 msec              ! R2 PE interface access link in VRF
2 20.0.0.3 [MPLS: Labels 21/28 Exp 0] 76 msec 100 msec 88 msec ! R3 link in MPLS cloud two labels
3 35.0.0.5 [MPLS: Labels 17/28 Exp 0] 88 msec 92 msec 80 msec   ! R5 link in MPLS cloud two labels
4 50.0.0.6 [MPLS: Labels 16/28 Exp 0] 88 msec 76 msec 68 msec ! R6 link to R5 in MPLS cloud two labels
5 70.0.0.7 [MPLS: Label 28 Exp 0] 144 msec 52 msec 64 msec   ! R7 VRF access link to CE R8 one label but pop occurred in R6
6 70.0.0.8 100 msec 108 msec 76 msec   ! final destination CE R8 router no labels at all
R1#

I don't see R5 performing PHP, we actually see a single label coming back from R7 with source 70.0.0.7.

In the MPLS cloud the MPLS packets have their own TTL field in MPLS topmost label that expires.

The only "unexpected" in the traceoute is the fact that the R6-R7 link is hidden. But R7 is the egress PE.

The P routers answer back by using the interface in the path to the source.

The PE router answers back from the VRF access link, because it processes an MPLS packet with a single label with TTL=1 it extracts the IP packet inside copies the MPLS TTL to the IP packet header and then decrements to 0.

Hope to help

Giuseppe

Tushar Gawai · ‎05-14-2019

Hello Giuseppe,
Thanks a lot for the explanation.

Still one last question is bothering me.
From the original post:
R5#sh mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 No Label 40.0.0.6/32 0 Gi3/0 50.0.0.6
17 16 7.7.7.7/32 6935 Gi3/0 50.0.0.6
18 Pop Label 6.6.6.6/32 1458 Gi3/0 50.0.0.6
19 Pop Label 60.0.0.0/8 0 Gi3/0 50.0.0.6 <<<<< What this means? &
20 16 40.0.0.4/32 0 Gi4/0 35.0.0.3
21 17 4.4.4.4/32 1836 Gi4/0 35.0.0.3
22 Pop Label 3.3.3.3/32 0 Gi4/0 35.0.0.3
23 18 2.2.2.2/32 8184 Gi4/0 35.0.0.3
25 Pop Label 20.0.0.0/8 0 Gi4/0 35.0.0.3 <<<<< What this means?
26 Pop Label 30.0.0.0/8 0 Gi4/0 35.0.0.3
R5#

Giuseppe Larosa · ‎05-14-2019

Hello Tushar,

thanks for your kind remarks.

The PHP behaviour applies to each single IP prefix.

With default configuration LDP will provide a label binding not only for loopbacks but also for all other links.

When looking at the MPLS forwarding table of R5, R5 is a P router for some prefixes and can be the penultimate hop router for other prefixes.

This is the case for the following lines:

18 Pop Label 6.6.6.6/32 1458 Gi3/0 50.0.0.6
19 Pop Label 60.0.0.0/8 0 Gi3/0 50.0.0.6 <<<<< What this means? &

The first line says that for prefix 6.6.6.6/32 the locally assigned label is 18 and the outgoing interface is Gi3/0 and the next hop out that interface is 50.0.0.6.

The second line says that for prefix 60.0.0.0/8 the locally assigned label is 19 and the outgoing interface is Gi3/0 and the next hop out that interface is 50.0.0.6

Both of these two IP prefixes are advertised by R6 with label = IPv4 implicit-null = 3 by R6 in LDP.

The only strange field is the prefix length /8 what network mask is on the link between R6-R7 ?

The same notes are valid for prefixes advertised by R3:

25 Pop Label 20.0.0.0/8 0 Gi4/0 35.0.0.3 <<<<< What this means?
26 Pop Label 30.0.0.0/8 0 Gi4/0 35.0.0.3

22 Pop Label 3.3.3.3/32 0 Gi4/0 35.0.0.3

In real networks for scalability purposes MPLS LDP labels are allocated and advertised only for loopbacks but this requires additional commands like mpls ldp advertise for <ACL>

With default settings all links that are also advertised by the IGP (OSPF in your case) are also assigned a label and advertised in LDP.

Hope to help

Giuseppe

Tushar Gawai · ‎05-14-2019

Only loopbacks have mask of 32, rest have mask of 8.

Thank you very much Giuseppe!!!!