Professional Documents
Culture Documents
Free Resources
View Archives
Tunnels Explained
26 MPLS
Posted by Brian McGahan, CCIE #8593, CCDE #2013::13 in CCIE R&S,CCIE SP,CCIP,MPLS,MPLS
CCIE Bloggers
Search
Aug
21 Comments
Search
Submit
Tw eet
Categories
Select Category
In this blog post were going to discuss the fundamental logic of how MPLS tunnels allow applications such as
L2VPN & L3VPN to work, and how MPLS tunnels enable Service Providers to run what is known as the BGP Free
Core. In a nutshell, MPLS tunnels allow traffic to transit over devices that have no knowledge of the traffics final
destination, similar to how GRE tunnels and site-to-site IPsec VPN tunnels work. To accomplish this, MPLS tunnels
use a combination of IGP learned information, BGP learned information, and MPLS labels.
In normal IP transit networks, each device in the topology makes a routing decision on a hop-by-hop basis by
comparing the destination IP address of the packet to the routing or forwarding table. In MPLS networks, devices
make their decision based on the MPLS label contained in the packet that is received. In this manner, MPLS
enabled Label Switch Routers (LSRs for short) do not necessarily need IP routing information about all
destinations, as long as they know how to forward traffic based on an MPLS label. To demonstrate how this
process works, well examine the above topology in two sample cases, first with normal IP packet forwarding, and
secondly with IP packet forwarding plus MPLS.
In this topology R4, R5, and R6 represent the Service Provider network, while SW1 and SW2 represent customers
that are using the Service Provider for transit. In each example case, the goal of our scenario will be to provide IP
packet transport between the 10.1.7.0/24 network attached to SW1, and the 10.1.8.0/24 network attached to SW2.
CCIE Bloggers
R4#
interface Loopback0
ip ospf 1 area 0
!
interface FastEthernet0/0
ip address 10.1.47.4 255.255.255.0
interface FastEthernet0/1
ip address 10.1.45.4 255.255.255.0
ip ospf 1 area 0
Voice
Security
Popular Posts
R5#
Congratulations to Brian
interface FastEthernet0/0
ip ospf 1 area 0
!
interface FastEthernet0/1
Updates
Next, lets examine the hop-by-hop packet flow as traffic moves between the 10.1.7.0/24 and 10.1.8.0/24 networks,
starting at SW1 towards SW2, and then back in the reverse direction. Note that verification should be done in both
directions, as packet flow from the source to destination is independent of packet flow from the destination back to
the source.
On SW1, the prefix 10.1.8.0 is learned via BGP from R4, with a next-hop of 10.1.47.4. Next, SW1 performs a
second recursive lookup on the next-hop to see which interface must be used for packet forwarding.
The result of this lookup is that SW1 should use interface Vlan47, which connects towards R4. Assuming that
underlying IP address to MAC address resolution is successful, packets going to 10.1.8.0 should be properly
routed towards R4. Next, the lookup process continues on R4.
R4 is learning the prefix 10.1.8.0 via iBGP from R6, with a next-hop value of 10.1.6.6, R6s Loopback0 interface.
R4 must now perform an additional recursive lookup to figure out what interface 10.1.6.6 is reachable out.
R4 knows 10.1.6.6 via OSPF from R5, which uses interface FastEthernet0/1. Assuming layer 2 connectivity is
working properly, packets towards 10.1.8.0 are now routed to R5, and the lookup process continues.
R5 is learning the prefix 10.1.8.0 via iBGP from R6, with a next-hop of 10.1.56.6. A recursive lookup on the nexthop, as seen below, indicates that R5 should use interface FastEthernet0/1 to forward packets towards 10.1.8.0.
R6 is learning the prefix 10.1.8.0 via EBGP from SW2, with a next-hop of 10.1.68.8.
A recursive lookup on 10.1.68.8 from R6 dictates that interface FastEthernet0/1 should be used to forward traffic
on to SW2.
SW2s lookup for 10.1.8.0 indicates that the destination is directly connected, and packets are routed to the final
destination. For return traffic back to 10.1.7.0, a lookup occurs in the reverse direction similar to what we saw
above, starting as SW2, and moving to R6, R5, R4, and then finally SW1.
This example shows how the hop-by-hop routing paradigm works in IPv4 networks. While this type of design works,
one of the limitations of IPv4 forwarding is that all devices in the transit path must have routing information for all
destinations they are forwarding packets towards. If AS 100 was used for Internet transit in this example, each
router in the transit path would need 300,000+ routes in their routing tables in order to provide transit to all
Internet destinations. This is just one of the many applications for which MPLS can be helpful. By introducing
MPLS into this design, the need for large routing tables can be avoided in the core of the Service Provider
network.
R4#
mpls label protocol ldp
!
interface FastEthernet0/1
mpls ip
!
router bgp 100
no neighbor 10.1.45.5 remote-as 100
R5#
mpls label protocol ldp
!
interface FastEthernet0/0
mpls ip
!
interface FastEthernet0/1
mpls ip
!
no router bgp 100
R6#
mpls label protocol ldp
!
interface FastEthernet0/0
mpls ip
!
router bgp 100
no neighbor 10.1.56.5 remote-as 100
Once MPLS is enabled inside AS 100, BGP can be disabled on R5, and the additional BGP peering statements
removed on R4 and R6. The end result of this change is surprising for some, as seen below.
Although R5 no longer has a route to the prefixes 10.1.7.0/24 or 10.1.8.0/24, it can still provide transit for traffic
between them. How is this possible you may ask? The key is that an MPLS tunnel has now been formed between
the ingress and egress routers of the Service Provider network, which are R4 and R6 in this case. To see the
operation of the MPLS tunnel, well follow the same lookup process as before, but now R4, R5, and R6 will add an
additional MPLS label lookup.
Below SW1 looks up the route for 10.1.8.0/24, and finds that it recurses to R4s next-hop value reachable via the
Vlan47 interface.
Next, R4 receives packets for this destination and performs its own lookup.
Like before, R4 finds the route via BGP from R6, with a next-hop of 10.1.6.6. R4 must now perform a recursive
lookup on 10.1.6.6 to find the outgoing interface to reach R6.
R4s recursive lookup finds the outgoing interface FastEthernet0/1 with a next-hop of 10.1.45.5. In normal IP
forwarding, the packet would now be sent to the interface driver for layer 2 encapsulation. However in this case,
R4 first checks to see if the interface FastEthernet0/1 is MPLS enabled, as seen below.
IP
Tunnel
FastEthernet0/1
Yes (ldp)
No
No
No
Yes
Since interface FastEthernet0/1 is running MPLS via Label Distribution Protocol (LDP), R4 now consults the MPLS
Label Forwarding Information Base (LFIB) to see if there is an MPLS label assigned to the next-hop were trying to
reach, 10.1.6.6.
Outgoing
Prefix
Bytes Label
Outgoing
Label
Label or VC
or Tunnel Id
Switched
interface
Next Hop
16
Pop Label
10.1.56.0/24
Fa0/1
10.1.45.5
17
17
10.1.6.6/32
Fa0/1
10.1.45.5
18
18
10.1.68.0/24
Fa0/1
10.1.45.5
R4 finds an entry for 10.1.6.6/32 in the LFIB, and uses the outgoing label value of 17. This means that for traffic
going to 10.1.8.0/24, the label 17 will be added to the packet header. In reality this lookup process occurs as one
step, which is the lookup in the CEF table. The below output of the CEF table for the final destination on R4
shows that label 17 will be used, because it is inherited from the next-hop of 10.1.6.6.
Now that the MPLS label lookup is successful, the packet is label switched to R5, which leads us to the key step in
this example. When R5 receives the packet, it sees that it has an MPLS label in the header. This means that R5
performs a lookup in the MPLS LFIB first, and not in the regular IP routing table. Specifically R5 sees the label
number 17 coming in, which has a match in the LFIB as seen below.
Local
Outgoing
Prefix
Bytes Label
Outgoing
Next Hop
Label
Label or VC
or Tunnel Id
Switched
interface
16
Pop Label
10.1.4.4/32
15447
Fa0/0
10.1.45.4
17
Pop Label
10.1.6.6/32
15393
Fa0/1
10.1.56.6
18
Pop Label
10.1.68.0/24
Fa0/1
10.1.56.6
The local label 17 is associated with the destination 10.1.6.6/32. Although our packets are going to the final
destination 10.1.8.0/24, knowing how to get towards the next-hop 10.1.6.6/32 is sufficient for R5, because we
know that R6 actually does have the route for the final destination. Specifically R5s operation at this point is to
remove the label 17 from the packet, and continue to forward the packet towards R6 without an additional label.
This operation is known as the pop operation, or label disposition. This occurs because R5 sees the outgoing
label as no label, which causes it to remove any MPLS labels from the packet, and continue forwarding it.
On the return trip for packets from 10.1.8.0/24 back to 10.1.7.0/24, R6 adds the label 16 and forwards the packet
to R5, then R5 removes the label 16 and forwards the packet to R4. This can be inferred from the LFIB and CEF
table verifications below.
Outgoing
Prefix
Bytes Label
Outgoing
Label
Label or VC
or Tunnel Id
Switched
interface
Next Hop
16
16
10.1.4.4/32
Fa0/0
10.1.56.5
17
Pop Label
10.1.45.0/24
Fa0/0
10.1.56.5
Next Hop
Outgoing
Prefix
Bytes Label
Outgoing
Label
Label or VC
or Tunnel Id
Switched
interface
16
No Label
10.1.4.4/32
17606
Fa0/0
10.1.45.4
17
No Label
10.1.6.6/32
17552
Fa0/1
10.1.56.6
18
Pop Label
10.1.68.0/24
Fa0/1
10.1.56.6
To see this operation in action, we can send traffic from 10.1.7.0/24 to 10.1.8.0/24, and look at the debug mpls
packet output on R5.
The beauty of this MPLS design is that for any new routes AS 7 or AS 8 advertise into the network, AS 100 does
not need to allocate new MPLS labels in the core. As long as MPLS transport is established between the BGP
peering address of the Provider Edge routers (R4 and R6 in this case), traffic for any destinations can transit over
the Service Providers network without the core needing any further forwarding information.
IP
Tunnel
FastEthernet0/1
Yes (ldp)
No
No
No
Yes
Outgoing
Prefix
Bytes Label
Outgoing
Label
Label or VC
or Tunnel Id
Switched
interface
Next Hop
16
Pop Label
10.1.56.0/24
Fa0/1
10.1.45.5
17
17
10.1.6.6/32
Fa0/1
10.1.45.5
18
18
10.1.68.0/24
Fa0/1
10.1.45.5
We recently created a new self-paced MPLS course, which walks the learner step by step from concept to
implementation for MPLS and L3 VPNs. Click here for more information.
Tags: ccie, exam, lab, MPLS
Download this page as a PDF
About Brian McGahan, CCIE #8593, CCDE #2013::13:
Brian McGahan w as one of the youngest engineers in the w orld to obtain the CCIE, having achieved his first CCIE in
Routing & Sw itching at the age of 20 in 2002. Brian has been teaching and developing CCIE training courses for over 8
years, and has assisted thousands of engineers in obtaining their CCIE certification. When not teaching or developing
new products Brian consults w ith large ISPs and enterprise customers in the midw est region of the United States.
Find all posts by Brian McGahan, CCIE #8593, CCDE #2013::13 | Visit Website
Travis
This is one of the best entry-level explanations of MPLS Ive seen, which most of them are lacking at best. As always quality stuff,
thanks!
Reply
August 26, 2010 at 2:17 pm
Yandy
haha, got me.. thought you were going to cover things like pseudowires and or vpls or TE tunnels type stuff with the word tunnels in
it.
Nice post none the less, most people always seem to miss the basics.
Reply
August 26, 2010 at 5:01 pm
Melvin Reyes
beautiful..
Reply
August 26, 2010 at 6:56 pm
MO
Thanks Brian!
I was traveling along with the packet in both scenarios
Wonderful explanation of MPLS!!
Reply
August 26, 2010 at 6:57 pm
Joshua Walton
Superb!
Reply
August 26, 2010 at 10:25 pm
clucas
Hi,
Thanks for this really interesting post.
Regards,
Christophe
Reply
August 26, 2010 at 11:13 pm
Deepak Arora
Hey Brian.
Its good to see you back in action again here
Any New OLS from you on the way too ?
Reply
August 27, 2010 at 1:41 am
Jawad Siddiqui
Awesome explaination! I loved to read it. Thanks Brian.
Reply
August 27, 2010 at 2:08 am
Reply
August 27, 2010 at 2:21 am
Zabeel Musa
Excellent post and nicely broken down.
Thanks!
Reply
August 27, 2010 at 8:38 am
Amit Chopra
Without reading this artical I can say CHAMP is BACK !!!!!
love u sir
Reply
August 28, 2010 at 11:35 pm
Asif Vanoo
Nice one
regards
Asif
Reply
August 30, 2010 at 2:12 am
MCL.Nicolas
Thanks Brian for the explanation and for the emails.
It seems clear to me now !
Next post MPLS VPN ?
Reply
September 9, 2010 at 10:29 pm
Gaurav
Nice post !
Can we have similar posts on L2 VPNs as well ?
Thnx
Gaurav
Reply
December 13, 2010 at 4:26 am
Manu
Wonderful post !!
Can we expect post on MPLS Tunnels and OSPF over unnumbered interfaces from you ?
Reply
November 2, 2011 at 12:34 pm
Arun Nair
Hi Brian,
One question: What if my networks from remote PE come and settle in a vrf in the local PE?? How does the next hop look-up help as
I would not have a route to that, right?
Can you enlighten me on this?
Reply
November 3, 2011 at 6:31 pm
Reply
December 4, 2011 at 7:45 am
Al
I think I answered my own question as I was typing it, but just to verify
In the non-mpls example, if there was no BGP full mesh and the PE routers were peering through an IGP, Id imagine that client
traffic would come into the cloud, hit the P router in the middle and get dropped, since it would have no clue where to send it. Am I
understanding this correctly?
Reply
December 5, 2011 at 5:29 pm
Reply
July 19, 2012 at 11:52 am
Rajath
Absolutely fantastic! You can make even a 12yr old understand it. Have you authored any books for CCNP preparation or can you
suggest me some good ones please
-Regards
Reply
July 19, 2012 at 7:20 pm
Reply
Leave a Reply
Name (required)
Submit Comment
twitter.com/inetraining
pdfcrowd.com