cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8389
Views
21
Helpful
21
Replies

MPLS VPN Label

jemekeren
Level 1
Level 1

Hi...when connection customer to customer in vpn mpls there is a label in mpls packet that identify customer. how and the label is generated. is the mbgp process that create them? or the ldp? please correct me... is the label unidirectional too? means that from need 2 unique vpn label to support 2 way direction? tx u friend..

21 Replies 21

jemekeren
Level 1
Level 1

hmm...how about rd? what is it used for? how is relate to vpn label? is both routing update and general packet(ping,http) also need vpn label? i get confusion to understand all of them. i need detail step-by-step how vpn label/routing update/rd,vrf work in harmony. would you please let me know how to understand them in easy way? tx u very much...

Harold Ritter
Spotlight
Spotlight

Jimmy,

By default, a different label is allocated for each prefix advertised via BGP VPNv4. These labels are sometimes referred to as VPN labels. The VPN label is inserted in the BGP update, whic is distributed to the other PEs, either directly or via a route reflector). Note that a second label is required for the traffic to get from the ingress to the egress PE. This second label can be learnt via LDP, RSVP or can just be statically configured. Once the traffic gets to the egress PE, the VPN label is used to forward the packets to the proper VRF interface.

As for your second question, the VPN label is assigned by destination prefix (FEC) and is therefore unidirectional.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

tx for answer but i am still unclear about what makes or the mechanism inside pe router so that label X must be assosicated with someone vrf. do you have documentation that explain kind question like mine? please helps. tx very much

sorry..BTW what is relations between rd and my question above?(vpn label) tx :)

Hi there,

If you can acquire "MPLS Fundamentals by Luc De Ghein, CCIE No. 1897" book it would be great.

In brief RD (Route Distinguisher) is a 64bits added to the IPv4 address of the VPN customer to create the VPNv4 address (VPN IPv4 address) as a globally unique address to permit address space overlapping between VPN customers.

On the other hand the MPLS VPN label is 32bits associated with each customer route in order to be used to forward the packet to its desired destination. And yes the label is unidirectional.

About how the label is distributed, for MPLS VPN there is something called a label stack which means that the packet has a stack of at least 2 labels, the Top Label is the egress PE label (exchanged via LDP) while the other label is the VPN label (exchanged via MBGP). --> The logic implies that you need to reach the egress PE and further the desired VPN destination.

HTH, please rate if it does

Mohammed Mahmoud.

thanks mohammamed, your answer is really helps but in what case does the vpn label need to be assigned/tagged on the data/frame? i am sure if the case is when regular data flow between customer. the question is does it apply too when in routing update? so rip/ospf packet will have vpn label? tx in advanced.. cheers.

Hi jimmy,

A VPN label (propagated via MBGP) is the second label in stack if we are talking about MPLS VPN, the TOP label is for the Egress PE router, any packet that need to be forwarded between the customer VPN sites needs to be tagged via the whole stack (Top label + VPN label), any other packets forwarded between the provider routers (has nothing to do with the customer VPN) will only have the Top label (which is exchanged via LDP).

HTH, please rate if it does,

Mohammed Mahmoud.

Hi Mohammedmahmoud..how are you? regarding to what you said last time "On the other hand the MPLS VPN label is 32bits associated with each customer route in order to be used to forward the packet to its desired destination. And yes the label is unidirectional." I still wonder why there is many vpn label even inside the customer? why dont vpn label is same for all route in the same customer? am i wrong? My question is does the vpn label value on the PE is same for vrf? or does the vpn label value on the PE is different for every routing/routing entry even in the same vrf/customer? For Example on PE router A has 2 vrf, vrf customerA and vrf customerB. how many vpn label for vrf customer A? is it one? or many? tx and have a nice day ;)

Hi Jimmy,

Been a long time, how are you doing, i hope fine :)

Just to recap, MPLS VPN packets uses a label stack with the top label (LDP label pointing to the egress PE router) and the VPN label as the bottom label.

The VPN label must be put on by the ingress PE router to indicate to the egress PE router which VRF the packet belongs to. The MP-iBGP is used to advertise the VPN label (also referred to as the BGP label) that is associated with the vpnv4 prefix.

A VPN label usually indicates the next hop that the packet should be forwarded onto on the egress PE router which means the CE router as the next hop of the packet, and thus each VRF table will have as many VPN labels as number of the CE routers or next-hops.

I hope that i've been informative, and have a nice day yourself.

HTH, please do rate all helpful replies,

Mohammed Mahmoud.

Hi

A little off the topic, but when the egress PE strips the VPN label and the next hop is actually back into the MPLS network , what does the PE do with the packet? does it re-apply the new VPN and LSP labels? or does it drop the packet?

I am trying to understand wheither a VRF 'hairpin' situation could occur.

thanks

Graeme

Hi,

No on the egress PE, the VPN label is striped and the packet is forwarded out the VRF outgoing interface, the packet used this VPN label in the first place as it indicates the desired destination, thus the scenario you are talking about can't exist with MPLS VPN.

HTH,

Mohammed Mahmoud.

hi @mohammedmahmoud ,

Isn't this Supposed to be P routers + VPN label ?

as in below?

Then egress PE pops label?

nwekechampion_0-1689223976875.png

 

Hello @nwekechampion ,

what you see in the traceroute is the effect of PHP = Penultimate Hop Popping the penultimate device in the path the last P node removes the TOP label because from its point of view the egress PE has advertised in LDP its own loopback address as an implicit null ( label = 3 ipv4 implicit null). As a result of this the last PE node reiceves a packet with only the VPN label and it has just to lookup it to find the correct exit VRF and CE interface.

Hope to help

Giuseppe

 

Hi @Giuseppe Larosa ,

Thanks so much

I was just clarifying based on @mohammedmahmoud comment earlier, it would seem that the labels being switched on the path to the PE are the P labels + vpns (mp-bgp's) and PE pops LDPs and forwards to MP-bgp vpn.

So basically labels ==> P + Mp-bgp(vpnv4) --> P (PHP pops label) --> Send to PE with VRF ?

 

Could you confirm please?

Review Cisco Networking for a $25 gift card