BRKMPL 3124
BRKMPL 3124
BRKMPL 3124
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Agenda
Fundamentals
Troubleshooting LDP Issues
Troubleshooting MPLS LSP
Troubleshooting MPLS L3 VPNs
Troubleshooting 6VPE
Inter-AS MPLS VPNs
Conclusion
Introduction
Housekeeping
Who am I?
Who are you?
Service Provider
Enterprise
Enterprises using MPLS
Studying for CCIE
Advanced Class
Assume MPLS Operational Experience
Basic configuration
Show commands
Understand basic MPLS concepts
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
MPLS Fundamentals
MPLS Fundamentals
MPLS Architecture
MPLS has two major components:
1. Control plane: Exchanges Layer 3 routing information and labels
2. Forwarding plane: Forwards packets based on labels
Control plane contains complex mechanisms to exchange routing information,
such as OSPF, EIGRP, IS-IS, and BGP, and to exchange labels, such as TDP,
LDP, BGP, and RSVP.
Forwarding plane forwards packets based on CEF
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
MPLS Fundamentals
Terminologies
RIB is the Routing Information Base that is analogous to the IP routing table.
FIB aka CEF is Forwarding information base that is derived from the IP routing
table.
LIB is Label Information Base that contains all the label bindings learned via
LDP
LFIB is Label Forwarding Information Base that is derived from FIB entries and
corresponding LIB entries.
FEC ( Forwarding Equivalence Class)
Group of IP packets forwarded in the same manner (e.g. over same forwarding path)
A FEC can represent a: Destination IP prefix, VPN ID, ATM VC, VLAN ID, Traffic
Engineering tunnel, Class of Service.
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
MPLS Fundamentals
MPLS Architecture Incoming IP
Packet
Incoming
MPLS Packet
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
MPLS Fundamentals
MPLS Label: Label Format
MPLS uses a 32-bit label field that is inserted between Layer 2 and Layer 3
headers
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Label = 20 bits
COS/EXP = Class of Service, 3 bits
S = Bottom of Stack, 1 bit
TTL = Time to Live (Loop detection)
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
MPLS Fundamentals
MPLS: Ethertype
Ethertype 0x0800 refers to IP
Ethertype 0x8847 refers to MPLS
Based on the Ethertype, the packet is handed over to the appropriate
processing engine on the router
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
MPLS Fundamentals
MPLS Label: The Label Stack
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
MPLS Fundamentals
MPLS Label: The Label Stack
MPLS L3 VPNs (two labels: The top label points to the egress router and the
second label identifies the VPN.)
MPLS TE with Fast Reroute (FRR) (two or more labels: The top label is for
the backup tunnel and the second label points to the primary tunnel
destination.)
MPLS VPNs combined with MPLS TE / FRR (three labels)
Carrier Supporting Carrier (CSC) with MPLS TE / FRR (four labels)
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
MPLS Fundamentals
Label Switch Path (LSP)
LSP follows IGP shortest path LSP diverges from IGP shortest path
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
MPLS Fundamentals
Facts Check - Question
Which protocols have signaling and labeling capabilities?
OSPF / IS-IS
RSVP
LDP / TDP
BGP
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Troubleshooting LDP Issues
Troubleshooting LDP Issues
MPLS LDP Configuration
IOS / IOS XE IOS XR NX-OS
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Troubleshooting LDP Issues
LDP Neighborship
LDP neighborship is formed on TCP port 646
Discovery Mechanism:
Basic Discovery Multicast UDP hellos for directly connected neighbors
Extended Discovery Targeted Unicast UDP hellos for non-directly connected
neighbors
Parameters
Session Keepalive = 60 sec. & Hold time = 180 Sec.
Discover Hello interval = 5 sec. and Hold Time = 15 sec.
Can be viewed using the command show mpls ldp parameters
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Troubleshooting LDP Issues
LDP Neighborship Negotiation
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Troubleshooting LDP Issues
Verifying LDP Neighborship
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Troubleshooting LDP Issues
Reachability and ACL verification
Ensure reachability between the LDP router IDs
PE1#ping 192.168.11.11 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.11.11, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1
..... Check Routing
Success rate is 0 percent (0/5) Configuration
Verify no ACL in path blocking TCP port 646 and other Multicast traffic for LDP
Hellos.
PE1#telnet 192.168.11.11 646 /source-interface lo0
Trying 192.168.11.11, 646 ... Verify ACLs in the path or
% Destination unreachable; gateway or host down on the routers itself
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Troubleshooting LDP Issues
LDP Router-id
If router-id is not set manually, router checks all operational interfaces on the
router(including loopbacks) and chooses the highest IP address as the LDP
router-id.
LDP_ID should be hardcoded via
mpls ldp router-ID <interface>
The above configuration will not help unless:
<interface> is UP when LDP gets started
Existing LDP_ID (usually an interface) is shut
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Troubleshooting LDP issues
Verifying LDP Connection
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Troubleshooting LDP issues
Problem with xmit / recv
Lo0=192.168.1.1 Lo0=192.168.11.11
PE1 P1
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Troubleshooting LDP issues
LDP No Route Problem
Lo0=192.168.1.1 Lo0=192.168.11.11
PE1 P1
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Troubleshooting LDP issues
Problem due to Summarization
PE1 P1
PE1#show mpls ldp neighbor 192.168.11.11 PE2#sh mpls ldp neighbor 192.168.1.1
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Troubleshooting LDP Issues Also good to check show
mpls ldp trace discovery
MPLS LDP Trace on IOS XR
RP/0/0/CPU0:PE2#show mpls ldp trace peer last 20
0/0/CPU0 t1 [PEER]:506: VRF(0x60000000): Peer(192.168.11.11:0): Peer FSM: Stepped, pp=0x102d9548, event=0, state
0 -> 1
0/0/CPU0 t1 [PEER]:3262: VRF(0x60000000): Release Peer(192.168.11.11:0): rsn 'TCP connection closed' ('Success')
0/0/CPU0 t1 [PEER]:3625: Peer(192.168.11.11:0): Unsupported/Unknown TLV (type 0x506, U/F 1/0) rcvd in INIT msg
0/0/CPU0 t1 [PEER]:506: VRF(0x60000000): Peer(192.168.11.11:0): Peer FSM: Stepped, pp=0x102d9520, event=0, state
0 -> 1
0/0/CPU0 t1 [PEER]:3625: Peer(192.168.11.11:0): Unsupported/Unknown TLV (type 0x506, U/F 1/0) rcvd in INIT msg
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Troubleshooting LDP Issues
LDP & IGP Sync
When a link comes up, LDP and IGP compete to converge; Labeled traffic drops
if IGP wins.
When LDP session on a link drops, IGP may continue forwarding labeled traffic
to that link and cause traffic dropped.
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Troubleshooting LDP Issues
LDP & IGP Sync Solution
Link up:
If LDP peer is reachable (alternate route exists), defer IGP adjacency on the link.
If LDP peer is not reachable (no alternate route), IGP advertise max-metric to reach
neighbor through the link.
LDP session down:
IGP advertises max-metric to reach neighbor through the link.
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Troubleshooting LDP Issues
LDP & IGP Sync
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Troubleshooting LDP Issues
LDP & IGP Sync
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Troubleshooting LDP Issues
LDP Session Protection
Problem:
I. When a link flaps (for a short time),
II. LDP hello adjacency over the link flaps
III. LDP session is torn down then re-setup
IV. LDP re-exchanges label bindings when LDP session is setup (i.e. LDP
re-convergence).
Solution:
When LDP session supported by link hello is setup, create a targeted hello to
protect the session.
When link is down, the targeted hello remains through other path and keeps
the LDP session up.
When link restores, re-discover neighbors, re-program forwarding.
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Troubleshooting LDP Issues
LDP Session Protection
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Troubleshooting MPLS LSP
Troubleshooting MPLS LSP
Reasons for LSP to Break
MP-IBGP VPNv4
LDP + IGP
172.16.11.0/24 10.1.111.0/24 10.1.211.0/24 172.16.22.0/24
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Troubleshooting MPLS LSP
Label Information Base (LIB)
LIB stores local and remote bindings
Local Binding:
Prefix in own routing table + local label
One binding
Remote Binding:
Prefix + remote label received from LDP neighbor
Holds LDP router-id
One binding per LDP neighbor
LIB stores all labels from all LDP (BGP) neighbors, even the ones that are not
used for packet forwarding (now)
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Troubleshooting MPLS LSP
Looking at the LIB
RTR#show mpls ldp bindings detail
tib entry: 10.1.1.0/30, rev 10
local binding: tag: imp-null
Advertised to:
10.1.2.2:0 10.1.2.6:0 10.1.2.4:0
remote binding: tsr: 10.1.2.2:0, tag: imp-null
remote binding: tsr: 10.1.2.6:0, tag: 12304
remote binding: tsr: 10.1.2.4:0, tag: 12305
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Troubleshooting MPLS LSP
Label Forwarding Information Base (LFIB)
The LFIB stores local and remote labels for prefixes that are used to forward
packets
Prefixes that are used = prefixes in routing table (RIB)
Labels are derived from LIB
LDP TDP
prefix, next-hop and in-
label, out-label prefix + next-hop
LIB LFIB RIB
(prefix, LDP Ident, get in- and out-label for (prefix,next-hop, (prefix, next-hop)
label) (prefix, next-hop) in-label, out-label)
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Troubleshooting MPLS LSP
Building the LFIB
P1#show ip route 3.3.3.4
Routing entry for 3.3.3.4/32
* 10.1.2.1, from 10.1.2.1, 13:28:32 ago, via Ethernet0/0
P1#show mpls ldp neighbor 10.1.2.1
Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 2.2.2.2:0
P1#show mpls ldp binding 3.3.3.4 255.255.255.255
lib entry: 3.3.3.4/32, rev 18
remote binding: lsr: 3.3.3.3:0, label: imp-null
P1#show mpls forwarding 3.3.3.4
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
20 Pop Label 3.3.3.4/32 0 Et0/0 10.1.2.1
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Troubleshooting MPLS LSP
MPLS OAM
Defined in RFC 4379
LSP Ping and Traceroute provide ability to monitor MPLS Label Switched Paths
and quickly isolate MPLS forwarding problems.
Two messages
MPLS Echo Request:
MPLS labeled IPv4 or IPv6 UDP packet
MPLS Echo Reply IPv4 or IPv6 UDP packet
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Troubleshooting MPLS LSP
LSP Ping (ping mpls . . . )
Simple and efficient mechanism to detect data plane failures in MPLS LSPs
Verify data plane against the control plane
Sending echo request and receiving echo reply
Verify that packets belonging to a FEC exit the LSP on the correct egress LSR
Modelled after the well known IP ping and traceroute
Ping verifies connectivity, traceroute verifies path
LSP Ping/trace leave the LSR with the correct label stack for the LSP to be
tested
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Troubleshooting MPLS LSP
Packet Format
Version Number Must Be Zero
Senders Handle
Sequence Number
TLV
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Troubleshooting MPLS LSP
Packet Format
Version number: 1
Message Type
MPLS Echo Request
MPLS Echo Reply
Reply Mode
1 Do not reply
2 Reply via an IPv4/IPv6 UDP packet
3 Reply via an IPv4/IPv6 UDP packet with Router Alert
4 Reply via application level control channel
Timestamp
Time-of-day in seconds and microseconds
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Troubleshooting MPLS LSP
Reply Modes
Reply Mode Do Not Reply
This mode is useful for a keepalive application running at the remote end
Such an application would trigger state changes if it does not receive
a LSP ping packet within a predefined time
An MPLS echo request with do not reply may also be used by the receiving
router to log gaps in the sequence numbers and/or maintain delay/jitter statistics
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Troubleshooting MPLS LSP
Reply Modes
Reply Mode Reply via an IPv4 UDP Packet
The Reply via UDP packet implies that an IP V4 UDP packet should be sent in
reply to an MPLS echo request
This will be the most common reply mode for simple LSP pings sent to
periodically poll the integrity of an LSP
This is the default reply mode
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Troubleshooting MPLS LSP
Reply Modes
Reply Mode Reply via an IPv4 UDP Packet with Router Alert
In this mode when the destination router replies it appends a label of 1 to the
packet
This forces all the intermediate routers, on the way back, to process switch the
reply
This mode is CPU intensive and should generally be used if the reply fails for
reply with IPv4 UDP packet
This mode is useful when we have inconsistency between IP and MPLS
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
Troubleshooting MPLS LSP
Return Codes
Value Meaning
0 The Error Code Is Contained in the Error Code TLV
Replying Router Is one of the Downstream Routers, and Its Mapping for this FEC on the
6 Received Interface Is the Given Label
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Troubleshooting MPLS LSP
MPLS Echo Request
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Troubleshooting MPLS LSP
MPLS Ping (Operational Theory)
We use the same label stack as used by the LSP and this makes the echo to be
switched inband of LSP
The IP header destination address field of the echo request is a 127/8 address
An Echo reply, which may or may not be labelled, has the egress interface IP
address as the source; destination IP address/port are copied from the echo-
requests source address/port
Presence of the 127/8 address in the IP header destination address field causes
the packet to be consumed by any routers trying to forward the packet using the
ip header
In this case P1 would not forward the echo-req to PE1 but rather consumes the
packet and sends a reply to PE2 accordingly
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Troubleshooting MPLS LSP
MPLS Ping Packet Capture
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Operation
MPLS OAM Caveats
For LSP ping we generate an MPLS echo request
The payload includes the LDP/RSVP/L2 Circuit sub-TLV depending on the LSP
we use
Echo request is appropriately labelled and sent out
Ping mode: MPLS TTL = 255
Traceroute mode: TTL = 1, 2 ,3 etc.
MPLS Echo Request always has FEC Stack TLV
The LSP ping sender sets the return code to 0.
The replying router would set it accordingly based on the table shown previously
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Troubleshooting MPLS LSP
TTL Field in Labels
Only the TTL field in the label at the top of the stack counts
The outgoing TTL value is only a function of the incoming TTL value
Outgoing TTL is one less than incoming TTL
If outgoing TTL = 0, packet is not forwarded (not even stripped and forwarded
as an IP packet)
When an IP packet is first labelled, the TTL field is copied from the IP header to
the MPLS header (after being decremented by 1)
When the label stack is removed, the outgoing TTL value is copied to the TTL
field in the IP header
Unless MPLS TTL > IP TTL
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
Troubleshooting MPLS LSP
Operation
Receiving LSR checks that label stack of received packet matches with the
received FECs in FEC Stack
MPLS Echo Reply is sent in response to MPLS Echo Request
Destination IP address is source IP address of Echo Request
IP TTL = 255
Reply Mode: (You do not control if return packet is sent over IP or MPLS)
IPv4
IPv4 with Router Alert (IP Option)
If over MPLS, then Router Alert Label as topmost label is added in the label stack
Hardware forwarding bypassed; packet is sent to RP process level forwarding
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
Traceroute in MPLS Network
In Prefix Output Out In Prefix Output Out
Label Interface Label Label Interfac Label
e
- 172.16.2.2/32 Y 19 24008 24008 172.16.2.2/32 Y -
16 172.16.1.1/32 X - - 172.16.1.1/32 X 22 16
Y Y
PE1 X P1 X PE2
192.168.1.1/32 192.168.2.2/32
CE1 CE2
22 192.168.1.1/32 X pop
172.16.1.1/32 19 192.168.2.2/32 Y pop 172.16.2.2/32
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
Troubleshooting MPLS LSP
Traceroute in MPLS Network
Aggregate Outgoing
Label 19, TTL=1 Label, IP Lookup
done in CEF for VRF
Label 24008 Label 24008,
TTL=255
172.16.2.2 172.16.2.2 172.16.2.2
TTL=2 TTL=1 TTL=255, ICMP
UDP port 35678 UDP port 35678 TTL Exceeded
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
Troubleshooting MPLS LSP
MPLS Trace Hiding
This command prohibits the copying of the TTL from the IP header to the MPLS
shim header and vice versa (TTL is set to 255)
It should be configured on the routers that do the label imposement (LSR edge
routers), which is the PE routers.
Providers like to use it so that the customers see the MPLS network as one hop
when tracerouting
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
Troubleshooting MPLS LSP
MPLS Trace Hiding
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
Troubleshooting MPLS LSP
MPLS Trace with no mpls ip propagate-ttl on PE routers
Aggregate Outgoing
Label 19, TTL=1 Label
udp port
Label 24008 Label 24008,
35678?
TTL=255
172.16.2.2 172.16.2.2 172.16.2.2 172.16.2.2
TTL=2 TTL=1 TTL=1 TTL=1
UDP port 35678 UDP port 35678 UDP port 35678 UDP port 35678
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
Troubleshooting MPLS LSP
What happens when CEF disabled?
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
Troubleshooting MPLS LSP
MPLS Forwarding Plane Outgoing Labels
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Troubleshooting MPLS LSP
MPLS Forwarding Plane: Outgoing Labels
Untagged
Convert the incoming MPLS packet to an IP packet and forward it.
Pop
Pop the top label from the label stack present in an incoming MPLS packet
and forward it as an MPLS packet.
If there was only one label in the stack, then forward it as an IP packet. SAME
as imp-null label.
Aggregate
Convert the incoming MPLS packet to an IP packet and then do a FIB lookup
for it to find out the outgoing interface.
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
Troubleshooting MPLS LSP
MPLS Forwarding Plane - Lookup
Three cases in the MPLS forwarding:
1) Label Imposition - IP to MPLS conversion
2) Label swapping - MPLS to MPLS
3) Label disposition - MPLS to IP conversion
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
Troubleshooting MPLS LSP
MPLS Forwarding Plane: Loadsharing
MPLS Loadsharing (due to multiple paths to a prefix) is no different from that of
IP
Hashing-algorithm is still the typical FIB based i.e per-dest loadsharing by
default **
So the show commands are still relevant
Show ip cef exact-route <source> <dest> etc.
But the <dest> must be known in the FIB table, otherwise the command wont
work.
Wont work on P routers for the VPN prefixes.
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Troubleshooting MPLS LSP
MPLS Forwarding Plane: MTU Setting
mpls mtu <bytes> can be applied to an interface to change the
MPLS MTU size on the interface
MPLS MTU size is checked by the router
while converting an IP packet into a labeled packet or transmitting a labelled
packet
Label imposition(s) increases the packet size by 4 bytes/label, hence the
outgoing packet size may exceed interface MTU size, hence the need
to tune MTU
mpls mtu <bytes> command has no effect on interface or IP MTU size.
By default, MPLS MTU = interface MTU
MPLS MTU setting doesnt affect MTU handling for IP-to-IP packet switching
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
Troubleshooting MPLS LSP
MPLS Forwarding Plane: MTU Setting
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
Troubleshooting MPLS LSP
MPLS Forwarding Plane: Show Commands
show mpls forwarding
Shows all LFIB entries (vpn, non-vpn, TE etc.)
show mpls forwarding <prefix>
LFIB lookup based on a prefix
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
Troubleshooting MPLS LSP
MPLS Forwarding Plane: Show Commands
R2#show mpls forwarding 10.13.1.11 detail
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
45 51 10.13.1.11/32 0 Fa1/1/1 10.13.7.33
MAC/Encaps=14/18, MRU=1500, Tag Stack{51}
0003FD1C828100044E7548298847 00033000
No output feature configured
Per-packet load-sharing
R2#
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
Troubleshooting MPLS L3 VPNs
Troubleshooting MPLS L3 VPNs
Nodes and their Roles
PE Provider Edge router, connects to P and CE routers
Maintains separate routing table per VRF (RD)
Uses MP-BGP to exchange VRF routing information (RD + RT)
Performs LFIB and FIB lookups, label imposition and disposition
Exchanges IGP and LDP labels with the core
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
Troubleshooting MPLS L3 VPNs
L3VPN by Parts
The Core:
BGP between PEs
LDP
IGP (mainly to get between PEs)
The Edge:
Any routing protocol between the PE and CE
LDP + IGP
CE CE
PE PE
P
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
Troubleshooting MPLS L3 VPNs
VRF Overview
VRF = VPN Routing Forwarding instance
Isolated routing table, kind of like a VM
Easiest to think of each VRF like a different physical box
Interfaces are assigned to a VRF
Everything not in a VRF is in the global (routing table)
In MPLS-VPN each customer has a VRF
VRFs for customers, global for the Provider
vrf mpls
Customer ISP
Network
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
Troubleshooting MPLS L3 VPNs
VRF Overview
Because each RIB is isolated, overlapping address are allowed
VRF-aware features add vrf <name> to commands
Commands without VRF keyword reference the global RIB
e0 e1
ip vrf forwarding red ip vrf forwarding red
ip address 1.1.1.1/24 ip address 2.2.2.2/24
e2
ip address 1.1.1.1/24
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
Troubleshooting MPLS L3 VPNs
VRF Overview
e0 e1
ip vrf forwarding red ip vrf forwarding red
ip address 1.1.1.1/24 ip address 2.2.2.2/24
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
Troubleshooting MPLS L3 VPNs
MP-BGP (Multi Protocol BGP)
MP-BGP extends BGP to carry more than just IPv4 prefixes
Introduced address family style configuration
Allows for IPv6, MPLS and other information in same BGP session
When session is established the capabilities are negotiated
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
Troubleshooting MPLS L3 VPNs
MP-BGP: Address-Families
Address-family vpnv4, ipv4 unicast vrf introduced
vpnv4 AFI for PE to PE (label information)
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
Troubleshooting MPLS L3 VPNs
MP-BGP: Advertising CE Routes
BGP maintains a table for each AFI (vpnv4, ipv4, vrf)
CE routes are placed into the vpnv4 BGP table
BGP routes in a vrf AFI are automatically turned into vpnv4 routes
If BGP is not PE-CE protocol routes must be redistributed into ipv4 vrf AFI
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
Troubleshooting MPLS L3 VPNs
RTs and RDs: Creating the VRF
VRFs have 3 parts:
1. VRF name (case sensitive)
2. Route Distinguisher (RD)
3. Route Target(s) (RT)
ip vrf red
RD and RT are for MPLS; RD must always rd 100:100
route-target import 200:200
be defined route-target export 201:201
RD must be unique to the VRFs on the
local PE
If there is no MPLS, called VRF-lite
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
Troubleshooting MPLS L3 VPNs
Understanding RDs
Route Distinguisher
Every CE route from all VRFs are placed in a
single VPNv4 table
How are routes from one VRF distinguished
from another VRF? ip vrf red
By prepending the RD to the route to create a rd 1:1
route-target import 200:200
VPNv4 route route-target export 201:201
Only used to make routes unique VPNv4
prefixes
IPv4 Route: 192.168.1.0/24
RD: 100:100
VPNv4 Route: 100:100:192.168.10/24
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
Troubleshooting MPLS L3 VPNs
Understanding the RT
Route Target
RT is a BGP extended community (extra
information on the update)
ip vrf red
route-target export adds the rd 1:1
community to the outbound update route-target import 100:100
route-target import defines which route-target import 200:200
routes to bring into the VRF route-target export 201:201
Multiple imports and exports allowed route-target export 44:313
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
Troubleshooting MPLS L3 VPNs
RT in Action
ip vrf red
rd 1:1
route-target import 100:100
route-target export 201:201
66:66:2.2.2.0/24
RT: 100:100 VRF Red RIB
44:44:3.3.3.0/24
RT: 100:100
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
Troubleshooting MPLS L3 VPNs
MP-BGP: Advertising CE Routes
ip vrf test
rd 1:1
route-target export 123:456
Route Target
RD
Prefix
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
Troubleshooting MPLS L3 VPNs
Example Topology
MP-IBGP VPNv4
LDP + IGP
172.16.11.0/24 10.1.14.0/24 10.1.24.0/24 172.16.22.0/24
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
Troubleshooting MPLS L3 VPNs
Verify VPNv4 Neighborship
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
Troubleshooting MPLS L3 VPNs
Verify PE to PE LSP
IOS-PE#ping mpls ipv4 2.2.2.2 255.255.255.255
Sending 5, 100-byte MPLS Echos to 2.2.2.2/32,
timeout is 2 seconds, send interval is 0 msec:
Type escape sequence to abort.
.....
Success rate is 0 percent (0/5)
RP/0/0/CPU0:XR-PE(config)#mpls oam
RP/0/0/CPU0:XR-PE(config-oam)#commit
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
Troubleshooting MPLS L3 VPNs
Verify VPN Labels and Prefix
IOS-PE#show bgp vpnv4 unicast vrf ABC 172.16.1.1
BGP routing table entry for 1:1:172.16.1.1/32, version 23
Paths: (1 available, best #1, table ABC)
Advertised to update-groups:
5
Refresh Epoch 1
65001
172.16.11.2 (via vrf ABC) from 172.16.11.2 (172.16.1.1)
Origin IGP, metric 0, localpref 100, valid, external, best
Extended Community: RT:1:1 Local VPN Label
mpls labels in/out 24/nolabel
rx pathid: 0, tx pathid: 0x0
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
Troubleshooting MPLS L3 VPNs
Verifying VPN Label on Remote PE
RP/0/0/CPU0:XR-PE#show bgp vpnv4 unicast vrf ABC 172.16.1.1
BGP routing table entry for 172.16.1.1/32, Route Distinguisher: 2:2
Last Modified: May 30 16:57:21.986 for 00:18:10
65001
1.1.1.1 (metric 3) from 4.4.4.4 (1.1.1.1)
Received Label 24 Remote VPN Label
Origin IGP, metric 0, localpref 100, valid, internal, best, group-best,
import-candidate, imported
Received Path ID 0, Local Path ID 1, version 36
Extended community: RT:1:1
Originator: 1.1.1.1, Cluster list: 4.4.4.4
Source AFI: VPNv4 Unicast, Source VRF: default, Source
Route Distinguisher: 1:1
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
Troubleshooting MPLS L3 VPNs
Verifying Labels (The Easy Way)
IOS-PE#show bgp vpnv4 unicast vrf ABC labels
Network Next Hop In label/Out label
Route Distinguisher: 1:1 (ABC)
172.16.1.1/32 172.16.11.2 24/nolabel
172.16.2.2/32 2.2.2.2 nolabel/24006
172.16.11.0/30 0.0.0.0 16/nolabel(ABC)
172.16.22.0/30 2.2.2.2 nolabel/24005
In Label represents local label and Out Label represents remote label
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 91
Troubleshooting MPLS L3 VPNs
Verifying CEF (FIB, and LFIB) - IOS
IOS-PE#show ip cef vrf ABC 172.16.2.2 detail
172.16.2.2/32, epoch 0, flags [rib defined all labels]
recursive via 2.2.2.2 label 24006()
nexthop 10.1.14.4 GigabitEthernet0/2 label 17()
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
Troubleshooting MPLS L3 VPNs
Verifying CEF (FIB, and LFIB) - IOS
P1#show mpls forwarding-table labels 17
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
17 Pop Label 2.2.2.2/32 1690 Gi0/2 10.1.24.2
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 93
Troubleshooting MPLS L3 VPNs
Verifying CEF (FIB, and LFIB) IOS XR
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 94
Troubleshooting MPLS L3 VPNs
Verifying CEF (FIB, and LFIB) IOS XR
RP/0/0/CPU0:XR-PE#show mpls forwarding labels 24000
Mon May 30 18:39:05.368 UTC
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
24000 16 1.1.1.1/32 Gi0/0/0/0 10.1.24.4 540
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 95
Troubleshooting MPLS L3 VPNs
Verifying Hardware Programming IOS XR
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 96
Troubleshooting MPLS L3 VPNs
Case Study MPLS Traffic Not Forwarded
Customer reported traffic forwarding issue to the VRFs attached to a newly
configured PE2 router
The PE1 router has the VPN label which is being shared with the remote PE2
router
MP-IBGP VPNv4
LDP + IGP
172.16.11.0/24 10.1.14.0/24 10.1.24.0/24 172.16.22.0/24
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 98
Troubleshooting MPLS L3 VPNs
Findings
The MPLS PING failed
MPLS Trace dropped on P-1 router
Show mpls forwarding <PE2-loopback> output shows no label as outgoing label
P-1# show mpls forwarding 3.3.3.3
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
17 No Label 3.3.3.3/32 476193 Et0/0 23.23.23.2
Verified that LDP was enabled between the two routers but there was no
bindings
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 99
Troubleshooting MPLS L3 VPNs
Resolution
P-1(config)#no mpls ldp advertise-labels
P-1(config)#mpls ldp advertise-labels for LOOPBACK_ACL
The P-1 router had an ACL to limit the allocation of labels for certain prefixes
Sometimes, there are too many prefixes in the core due to which the labels get
exhausted
To prevent such situations, LDP is configured to allocate labels for certain prefixes but
not all.
PE2 loopback address was added in the ACL which fixed the problem
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 100
6VPE Troubleshooting
Troubleshooting 6VPE
Reference Topology
IPv4 192.168.1.1/32
IPv6 2001:DB8::1/128
AS 100
Service Provider Core
PE1 IPv4 IGP
MPLS
IPv4 192.168.2.2/32
IPv6 2001:DB8::2/128
IPv4 192.168.5.5/32
IPv6 2001:DB8::6/128 IPv6 2001:DB8::7/128
IPv6 2001:DB8::5/128
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 102
Troubleshooting 6VPE
VRF Configuration
IPv6 enabled VRFs are configured in the same way as IPv4 VRFs
On Cisco IOS, use command vrf definition to configure both IPv4 and IPv6
capable VRFs
vrf definition ABC vrf ABC
rd 1:1 address-family ipv6 unicast
address-family ipv6 unicast import route-target
route-target import 1:1 1:1
route-target export 1:1 2:2
route-target import 2:2 export route-target
address-family ipv4 unicast 1:1
. . . address-family ipv4 unicast
interface Gi0/0 . . .
vrf forwarding ABC interface Gi0/0/0/0
ipv6 address xx:xx:xx::y/64 vrf ABC
ipv6 address xx:xx:xx::y/64
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 103
6VPE Configuration Cisco IOS
router bgp 100
bgp router-id 192.168.1.1
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 192.168.4.4 remote-as 100
neighbor 192.168.4.4 update-source Loopback0
!
address-family vpnv6
neighbor 192.168.4.4 activate
neighbor 192.168.4.4 send-community extended
neighbor 192.168.4.4 next-hop-self
!
address-family ipv6 vrf red
neighbor 2001:DB8:0:16::6 remote-as 200
neighbor 2001:DB8:0:16::6 activate
exit-address-family
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 104
6VPE Configuration IOS XR
router bgp 100
bgp router-id 192.168.2.2
address-family vpnv6 unicast
!
neighbor 192.168.4.4
remote-as 100
update-source Loopback0
address-family vpnv6 unicast
next-hop-self
!
vrf red
rd 100:1
address-family ipv6 unicast
!
neighbor 2001:db8:0:26::6
remote-as 200
address-family ipv6 unicast
route-policy pass in
route-policy pass out
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 105
Troubleshooting 6VPE
Verifying Control Plane
Since both control plane and data plane works in opposite direction, verify the
IPv6 VPN prefix on PE5.
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 106
Troubleshooting 6VPE
Verifying Control Plane
Verify the VPNv6 prefix in BGP along with the local label
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 107
Troubleshooting 6VPE
Verifying Control Plane
The remote IOS PE - PE1, receives the VPNv6 prefix as the out label of 23.
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 108
Troubleshooting 6VPE
Verifying Control Plane
RP/0/0/CPU0:PE2#show bgp vpnv6 unicast vrf red 2001:db8::7/128
BGP routing table entry for 2001:db8::7/128, Route Distinguisher: 100:1
Last Modified: Feb 4 22:46:29.408 for 1d05h
Paths: (1 available, best #1)
Not advertised to any peer
Path #1: Received by speaker 0
Not advertised to any peer
300
192.168.5.5 (metric 3) from 192.168.4.4 (192.168.5.5)
Received Label 23
Origin IGP, metric 0, localpref 100, valid, internal, best, group-best,
import-candidate, imported
Received Path ID 0, Local Path ID 1, version 5
Extended community: RT:100:1
Originator: 192.168.5.5, Cluster list: 192.168.4.4
Source VRF: default, Source Route Distinguisher: 100:5
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 109
Troubleshooting 6VPE
Verifying Data Plane
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 110
Troubleshooting 6VPE
Verifying Data Plane on IOS XR
RP/0/0/CPU0:PE2#show cef vrf red ipv6 2001:db8::7/128
2001:db8::7/128, version 7, internal 0x5000001 0x0 (ptr 0xa140c5f4) [1],
0x0 (0x0), 0x208 (0xa14db230)
Updated Feb 4 22:46:29.731
Prefix Len 128, traffic index 0, precedence n/a, priority 3
via ::ffff:192.168.5.5, 3 dependencies, recursive [flags 0x6000]
path-idx 0 NHID 0x0 [0xa176b0bc 0x0]
recursion-via-/128
next hop VRF - 'default', table - 0xe0000000
next hop ::ffff:192.168.5.5 via ::ffff:192.168.5.5:0
next hop 10.1.24.4/32 Gi0/0/0/1 labels imposed {19 23}
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 111
Verifying Ingress Hardware Programming IOS XR
PE2#show cef vrf red ipv6 2001:db8::7/128 hardware ingress detail loc0/0/CPU0
2001:db8::7/128, version 7, internal 0x5000001 0x0 (ptr 0xa140c5f4) [1],
0x0 (0x0), 0x208 (0xa14db230)
Updated Feb 4 22:46:29.730
[1 type 1 flags 0x48089 (0xa14f5398) ext 0x0 (0x0)]
LW-LDI[type=0, refc=0, ptr=0x0, sh-ldi=0x0]
gateway array update type-time 1 Feb 4 22:46:29.730
LDI Update time Feb 4 22:46:29.730
via ::ffff:192.168.5.5, 3 dependencies, recursive [flags 0x6000]
path-idx 0 NHID 0x0 [0xa176b0bc 0x0]
recursion-via-/128
next hop VRF - 'default', table - 0xe0000000
next hop ::ffff:192.168.5.5 via ::ffff:192.168.5.5:0
next hop 10.1.24.4/32 Gi0/0/0/1 labels imposed {19 23}
Ingress platform showdata is not available.
Load distribution: 0 (refcount 1)
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 112
Verifying Egress Hardware Programming IOS XR
PE2#show cef vrf red ipv6 2001:db8::7/128 hard egr det loc 0/0/CPU0
2001:db8::7/128, version 7, internal 0x5000001 0x0 (ptr 0xa140c5f4) [1],
0x0 (0x0), 0x208 (0xa14db230)
[1 type 1 flags 0x48089 (0xa14f5398) ext 0x0 (0x0)]
LW-LDI[type=0, refc=0, ptr=0x0, sh-ldi=0x0]
gateway array update type-time 1 Feb 4 22:46:29.730
LDI Update time Feb 4 22:46:29.730
via ::ffff:192.168.5.5, 3 dependencies, recursive [flags 0x6000]
path-idx 0 NHID 0x0 [0xa176b0bc 0x0]
recursion-via-/128
next hop VRF - 'default', table - 0xe0000000
next hop ::ffff:192.168.5.5 via ::ffff:192.168.5.5:0
next hop 10.1.24.4/32 Gi0/0/0/1 labels imposed {19 23}
Egress platform showdata is not available.
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 113
Troubleshooting 6VPE / MPLS
Verifying Counters on Interface
Verify the interface counters for mpls forwarding
If there is forwarding problem, check the counters and ensure they are not
increasing.
Initiate the VPNv6 prefix ping and verify the counters again to see if they
increased
RP/0/0/CPU0:PE2#show interface gigabitethernet0/0/0/1 accounting
GigabitEthernet0/0/0/1
Protocol Pkts In Chars In Pkts Out Chars Out
IPV4_UNICAST 261333 20337753 46929 2305821
IPV6_UNICAST 21017 2062274 20995 1964348
MPLS 10 1180 14426 968553
ARP 84 5040 84 3528
IPV6_ND 13296 1193736 10306 742016
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 114
Inter-AS MPLS VPNs
Inter-AS MPLS VPNs
Flavors
Previous section VPNs within Single-AS boundary
Inter-AS MPLS VPN VPNs spanning across multiple AS boundaries
Types:
Option 1 Back to Back VRF
Option 2 Inter-Provider VPNs using ASBR-to-ASBR approach
A. Next-Hop-Self Method
B. Redistribute Connected Method
C. Multi-hop EBGP between ASBRs
Option 3 MP-EBGP between RR and EBGP between ASBR
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 116
Inter-AS MPLS VPNs
Option 1 - Back-to-Back VRF Method
CE1 CE2
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 117
Inter-AS MPLS VPNs
Option 2a ASBR-to-ASBR with Next-Hop-Self Method
172.16.1.1 v1
RR-P1 RR-P2
MP-eBGP
PE1 PE2
AS100 AS200
PE-ASBR1 PE-ASBR2
Lo0-11.11.11.11/32 Lo0-22.22.22.22/32
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 118
Inter-AS MPLS VPNs
Option 2a ASBR-to-ASBR with Next-Hop-Self Method
Both ASBRs allocate VPN labels for prefixes received from the other AS.
When MP-eBGP peering is configured between ASBRs, below configuration is
done to complete LSP
mpls bgp forwarding on Cisco IOS devices
no bgp default route-target filter configured on ASBR not having
VRF configured.
Default behavior deny vpnv4 prefixes that are not imported in any local VRF
On XR retain route-target all
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 119
Inter-AS MPLS VPNs
Option 2b ASBR-to-ASBR with Redistribute Connected Method
172.16.1.1 v1
RR-P1 RR-P2
MP-eBGP
PE1 PE2
AS100 AS200
PE-ASBR1 PE-ASBR2
Lo0-11.11.11.11/32 Lo0-22.22.22.22/32
CE1 No LDP or IGP required on the link between the two ASBRs. CE2
172.16.1.1 Configure no bgp default route-target filter on ASBRs 172.16.2.2
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 120
Inter-AS MPLS VPNs
Option 2b ASBR-to-ASBR with Redistribute Connected Method
Redistribute the link between ASBR into IGP in local AS
Required on both ASBR routers.
Both ASBRs allocate VPN labels for prefixes received from the other AS.
VPN label V1 is advertised from AS100 towards ASBR-PE2 in AS200.
Since the NH changes on ASBR-PE2, ASBR-PE2 swaps that label with V2 and
advertises it towards the core.
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 121
Inter-AS MPLS VPNs
Option 2c ASBR-to-ASBR with Multi-Hop EBGP between ASBRs Method
172.16.1.1 v1
RR-P1 RR-P2
PE1 MP-eBGP
PE2
AS100 AS200
PE-ASBR1 PE-ASBR2
Lo0-11.11.11.11/32 Lo0-22.22.22.22/32
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 122
Inter-AS MPLS VPNs
Option 2c ASBR-to-ASBR with Multi-Hop EBGP between ASBRs Method
Loopback to loopback MP-EBGP peering between ASBRs.
IGP or static route required between the ASBR link
Both ASBRs allocate VPN labels for prefixes received from the other AS.
VPN label V1 is advertised from AS100 towards ASBR-PE2 in AS200.
Since the NH changes on ASBR-PE2, ASBR-PE2 swaps that label with V2 and
advertises it towards the core.
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 123
Inter-AS MPLS VPNs
Option 3 Multi-Hop MP-EBGP between RR and EBGP between ASBRs
MP-eBGP
RR-P1 RR-P2
eBGP +
Send-label
PE1 PE2
AS100 AS200
PE-ASBR1 PE-ASBR2
Lo0-11.11.11.11/32 Lo0-22.22.22.22/32
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 124
Inter-AS MPLS VPNs
Option 3 Multi-Hop MP-EBGP between RR and EBGP between ASBRs
RR & ASBR loopbacks are advertised via EBGP on ASBR
The remote ASBR redistributes the received loopbacks into local IGP
MP-EBGP peering configured between RRs on each AS
Configure neighbor next-hop-unchanged
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 125
Complete Your Online Session Evaluation
Give us your feedback to be
entered into a Daily Survey
Drawing. A daily winner will
receive a $750 Amazon gift card.
Complete your session surveys
through the Cisco Live mobile
app or from the Session Catalog
on CiscoLive.com/us.
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 126
Continue Your Education
Demos in the Cisco campus
Walk-in Self-Paced Labs
Table Topics
Meet the Engineer 1:1 meetings
Related sessions
BRKMPL-3124 2016 Cisco and/or its affiliates. All rights reserved. Cisco Public 127
Thank you