WHY MPLS ?????

Before MPLS, the most popular WAN protocols were Frame Relay and ATM. These two protocols (on the
particular Frame Relay Switch and ATM switch provided the services at Layer 2 towards the Layer 3
Customers. With the popularity of the internet, IP became the most popular protocol. Then VPNs were
created over these WAN protocols.Customer leased ATM links and Frame Relay links or used leased
lines and built their own private network over it.

These kind of networks are referred to as Overlay Networks.

The Service Providers can deploy two major VPN moodels to provide services to their customers:

Overlay VPN model

Peer-to-peer VPN model

Overlay VPN Model:

The service provider provides a point-to-point links (virtual circuits) accross his network between the
routers of the customer.The Customer routers form routing peering between them directly accross the
links from the service provider and the routers and switches of the SP carries the customer data accross
the SP network. SP doesnot do peering with the customer and hence doesnot know about the route of
the customer.

These services (links) were provided by TDM,E1,E3,SONET,SDH,X.25,Frame Relay or ATM.

Eg:
Here in the service providers network are the frame relay switches that set up the virtual circuits
between the customer routers on the edge of the frame relay network & all the four routers of the
customer does peering with each other.

The Overlay services can also be provided to the customers at Layer 3, by creating GRE tunnels in which
tunnels are build in the Overlay on IP.

Basic GRE Configuration Example:

int tunnel 100

description TULIP GRE

bandwidth 2048

ip address 10.10.10.1 255.255.255.252

tunnel source 71.5.124.35

tunnel destination 71.3125.3

We can also use IPsec over GRE tunnels if the customer want security for his traffic.

Peer-to-Peer VPN Model:

The SP routers carry the customer data as well as does peering with the customer routers at Layer 3. The
result is that one routing protocol neighborship or adjacency exists between the customer and the
service provider. In order to provide the Isolation to the customer the service provider is required to
configure access-list (filter list) or route lists. This model requires a lot of provisioning headache because
adding or removing one more customer at a particular PE needed a lot of configuration changes.MPLS
VPNs feature of the MPLS made peer-to-peer model much easier. The isolation of customer is easily
achieved in MPLS VPNs by using the concept of Virtual Routing Forwarding(VRF).

Vrf’s ensure that the routing information from the different customers are kept separate and the MPLS
in the backbone ensure that the packets are forwarded based on the Label information and not the
information in the IP header.

Advantages of Peer-to-peer VPN:

It reduces the number of links to be provided to the customer as in the overlay for N customers we need
N-1 links.
Another benefit is that the SP need to do the provisioning only between PE & CE routers.Whereas in
overlay the SP needs to provision the link between the site. It does reduces a lot cost of the SP.

Disadvantages of Peer-to-peer VPN:

The customer is expected to share the routing responsibility with the SP

The edge devices of the SP have an added burden.

MPLS VPNs over the Peer-to-peer Model secnario.

Now with MPLS VPNs adding one more customer on a PE in done by just doing peering with the
customer router without creating many virtual circuits as with the Overlay Model or by configuring
packet filters or route filters with the Peer-to-Peer Model.

MPLS allow the service provider to run its core network without the burden of running BGP. As to
forward the normal IP packet the router should have all the routing prefixes in its routing table so the SP
will have to run BGP on all its routers which will eat up a lot of processing power of the devices and will
also affect the control plane of the resources. When we run MPLS in our network all the packets are
forwarded on the basis of Label and each label associate with an egress router rather than the IP
address of the destination. Hence the core routers doesn’t have any need to run BGP. BGP is configured
only on the edge routers as these routers need to check the destination IP address. Every BGP prefix on
the ingress router has a BGP next hop IP address which is the IP address of the egress MPLS router. The
label that is associated with an IP packet is the label that is associated with this BGP next hop IP address.
Hence each BGP next hop IP address must be known to all the core routers and this is achieved by
running IGP in the network.

In TULIP we run OSPF for this purpose.

TULIP BGP:

In Tulip there are 9 peer groups as shown in the diagram, total they equals to 696 routers. There are two
Route Reflectors in the network one in Delhi and the second is in Mumbai. These route reflectors
reflects all the bgp routes of all the peering routers. All the bgp routes are learnt via these two route
reflectors, the path via Mumbai RR is preferred (71.5.254.62). In the daigram Delhi RR is shown to be
connected to all the peer groups, similarly the Mumbai RR is also connected to all the peer groups. Both
these Router Reflectors form an IBGP neighbor with all the 696 BGP routers in the AS forming a TCP
connection with all of them. All the routes to reach all the peer group members are learned via OSPF.
Implementation of MPLS in Cisco IOS started in 1998. BGP/MPLS VPNs standard was released in 1999.

The router forwards packets in the following three ways:

1-Process switching: If the packet is sent for the first time then ARP broadcast is sent to get the mac-
address of the router which is at the next hop and the packet is forwarded accordingly. Then for all the
consecutives packets the router does the recursive look-up in the routing table and forwards the
packet.These look-ups are slow.

2- Fast Switching: After the first packet is sent, the routing information is stored in the cache memory,
so for all the other consecutive packets between the two hosts, the router doesn’t follow the process
switching (recursive look-up), instead the router forwards it directly. Thus it increases the speed hence it
is known as fast switching.

In fast switching per packet load sharing is not used and if access-lists are configured then the router
gets fed up.
3- CEF (Cisco Express Forwarding): If we enable cef then the router pre-builds the cache, instead of
waiting for the first packet to come and do the recursive lookup. In CEF Forward Information Base(FIB)
table is created, this is a separate table. Or we can say it is the replica of the routing table. After FIB is
created the router doesn’t looks into the routing table.

One more table known as Adjacency table is build and both the tables are stored in the cache memory.
In the ADJ table all the next hop IP addresses are pre mapped to the next hop mac-addresses. So all the
routing table comes at layer 2, hence it is as fast as switch. Looking at these tables requires a lot of
processing power hence VIB cards are used. Now all the Cisco high end routers which support CEF are
coming with the VIB cards already installed in it.

The one disadvantage of using CEF is that it is Cisco’s proprietary, hence can’t be enabled on the non
cisco devices. So for other routers which are not cisco, CEF is not going to happen thus MPLS comes into
picture.

MPLS is an Industry Standard Mechanism in which forwarding decisions are based on the layer 2 labels.

Router divides itself into two planes:

Control Plane- Where L3 routing protocol exists along with the Label Exchange Protocol (LDP).

Sets up the frame work as how the packets will be forwarded.

Data Plane- This is also known as the forwarding plane. Sends data based on L3or L2 information and
takes care of label swapping.

Placement of the label in the packet:

Mpls Label:

Label bits are for the label value.

Experimental bits are left for the vendors for experiments like Qos & Tos.

Bottom of Stack(S) is only 1 bit- indicated whether the label is last or not.

0 indicted not the last label & 1 indicates the last label.

Time to live is an 8 bit field.

The router are termed in MPLS as Label Switch Routers or Edge Label Switch Routers.

Label Switch Router (LSR) are also known as Provider Router (P). It sits in the core of the network and its
primary job is to switch the labels.

Edge LSR’s arealso known as Provider Edge Routers (PE) router. It sits at the edge of the network and
perform adding labels to all the incoming packets & stripping labels for the outgoing packets.

Label Distribution Protocol (LDP):

Dedicated for sending labels everywhere. Labels can be distributed in two ways:

1 Piggyback the Labels on an Existing IP Routing Protocol. Means we can use IGP (such as EIGRP,OSPF)
to distribute the labels along with the IP routes. This is an advantage as the routing and the label
distribution will be in sync. Implementing this is easy with Distant vector routing Protocol like EIGRP
because each router will originate a prefix from its routing table then the router will just bind a label to
that prefix. Wheras with Link state routing protocols like OSPF its difficult to achieve because all the link
state updates are forwarded within the area unchanged. For MPLS to work each router is expected to
distribute the label for each IGP prefix-even the routers that are not the originators of that prefix. To do
this Link state routing protocols need to be enhanced which is usually avoided. However everyone
prefers a separate protocol for distributing the labels.
2 Running a separate Protocol for Label Distribution.

The following are the protocols used for this purpose:

Tag Distribution Protocol(TDP)

Label Distribution Protocol(LDP)

Resource Reservation Protocol(RSVP).

TDP is cisco proprietary and was designed for the testing purpose hence it is not used now, RSVP is
mostly used for traffic engineering purpose the most popular is to use LDP.

Forwarding Information Base is the routing table stored in cache memory.

Label Information Base: This table holds labels matched to network address. Eg 20.0.0.0->50 on A , 60
on B, 70 on C and so on. This table is build with the help of LDP.

Label Forwarding Information Base(LFIB): This table is the main table and indicates which label should go
in which direction.

Basic example of MPLS.

Command to check the LFIB is show mpls forwarding-tabel

show mpls forwarding-tabel [ ip address ] detail

show mpls forwarding-tabel vrf [name]

to check the adjacency table

sh adjacency detail

to check the mpls mtu

sh mpls interface fastethernet0/1 detail

to check the LDP hello & hold packets are sent properly which is used to form adjacency

sh mpls ldp discovery detail

to check which interfaces are running ldp

sh mpls interfaces

to check the discovery and session timers of LDP

sh mpls ldp parameters

to check the next hop of the LSR or mpls router

sh mpls ldp neighbor detail

to check the routing and label bindings that are stored in LIB

sh mpls ldp bindings

sh mpls ldp bindings [ ip address subnet mask]

another way to check for the bindings is

sh mpls ip binding

Configuring a VRF

ip vrf cust-one
rd 1:1
route-target export 1:1
route-target import 1:1
!
interface Serial5/1
ip vrf forwarding cust-one
ip address 10.10.4.1 255.255.255.0
!
Router#show ip route vrf cust-one

Route-Distinguisher (rd):

Is a 64 bit value prepended to IPv4 address which keeps the customers route unique.

Route-Target(rt):

Additional field is there to allow customer to participate in multiple VPN’s. Defined as import and export
values, best example is internet. RT allows multiple VPNs i.e. a number of different customers can use
the same internet.

Also with the help of RT we can allow two different customers to communicate with each other, best
example is VOIP in between two different organization.

MPLS Actual Process:

Router builds the routing table.

The MPLS enabled routers assign labels to each route.

The routers advertise their labels to other LSR’s.

All LSR’s build their FIB, LIB’s & FLIB’s.

20.0.0.0 network will be advertised to all the router via routing protocol and every router will assign a
label to that network, but when the packet comes it will go directly through the routing protocol
because the routers have not shared their labels. Hence we use LDP.

Pneultimate Hop Proccessing(PHP):

PHP is introduced to remove two lookup at the router A, LFIB and the routing table.

Router A advertises to router B and router C that I am 50 and I am the end of the trail here and both the
routers will make an entry that the router A is the end of 50. So now both routers B & C will pop the
label when they see that the label is 50 before sending it to A.

Now the router A doesn’t looks into LFIB and directly sends the packet by looking at the FIB(Routing
table).

Configuring MPLS:

First step is to activate CEF

Enabling interfaces for MPLS

Turning on the LDP

Increasing the MTU of interfaces

Verification

Consider the following example where we are going to configure MPLS on the two routers.

As discussed ,Mpls needs routing protocol to be running in the network.

So check wether we have enabled an IGP in the network and all the network routes are distributed
properly. It can be done by the command

sh ip protocol—this will show the information about the IGP like OSPF.

Then turn on CEF on the cisco devices- CEF and MPLS are configured on particular outgoing interfaces
and not in the global configuration mode because they will increase the FIB tables.

RouterA#

config t

ip cef

int fa0/1

ip route-cache cef

exit

after this check your FIB is developed in the cache—sh ip cef details

now enable mpls

int fa0/1

mpls ip

mpls label protocol ldp

exit
after this command the mpls router starts assigning label to every single network in cache.

Increasing the MTU.

By default mtu size is 1500 bytes, but when labels start sticking in the packet size increases, so to avoid
fragmentation we increase the mtu.

int fa0/1

mpls mtu 1512—this is recommended because each label is of 32 bit (4 byte) and in a packet max three
labels can be applied 4+4+4=12 byte.

If we have switches in our network we will have to enable jumbo frames on the switches.