Category Archives: MPLS

Configuration of Routed Pseudowire (Mpls over routed pseudowire) in XR

Overview:
Routed pseudowire provides the ability to route layer 3 in addition to the layer 2 bridge frames to and from pseudowire. Routed pseudowire is configured by assigning IP address under the bridge domain interface (BDI) in addition to the vfi command. Multiprotocol Label Switching (MPLS), Label Distribution Protocol (LDP), and Border Gateway Protocol(BGP) configurations are supported over routed pseudowire BDI.

Restriction:

• IPv6 traffic is not supported over routed pseudowire.
• Loop Free Alternate/Remote Loop Free Alternate feature is not supported over routed pseudowire.
• Bidirectional Forwarding (BFD) is not supported over routed pseudowire.
• Precision Time Protocol (PTP) is not supported over routed pseudowire.
• QoS is not supported over routed pseudowire.
• Multicast is not supported over routed pseudowire.
• Virtual Router Redundancy Protocol (VRRP) and Hot Standby Redundancy Protocol (HSRP) is not supported over routed pseudowire.
• Access control lists (ACL) is not supported over routed pseudowire.

Configuration:

Configuration Reference:
https://www.cisco.com/c/en/us/td/docs/routers/ncs4200/configuration/guide/mpls/16-8-1/b-mp-l2-vpns-16-8-1-ncs4200/b-mp-l2-vpns-16-8-1-ncs4200_chapter_01100.pdf
https://null.53bits.co.uk/index.php?page=rpw-routed-pseudowire

Advertisements

MPLS over Routed Pseudowire

routedpseudowirerpw12292018

Routed pseudowire provides the ability to route layer 3 in addition to the layer 2 bridge frames to and from
pseudowire. Routed pseudowire is configured by assigning IP address under the bridge domain interface(BDI) in addition to the vfi command.
Multiprotocol Label Switching (MPLS), Label Distribution Protocol (LDP), and Border Gateway Protocol
(BGP) configurations are supported over routed pseudowire BDI.

Reference

Connection between bridge-domain and BDI in IOS-XE is made by setting the bridge-domain ID to the same value as the BDI number. Below is an example/conversion of configurations of XR/XE.

XR configuration:
interface GigabitEthernet0/0/0/0
description INTERFACE TO CE
l2transport
!
interface BVI1
description L3 GW ON BRIDGE DOMAIN
ipv4 address 10.0.0.254 255.255.255.0
!
l2vpn
bridge group X
bridge-domain X
interface GigabitEthernet0/0/0/0
!
neighbor 192.9.9.9 pw-id 10
!
!
!
!
end

XE configuration:

Let’s say we have topology:
PE1 (gigabitethernet2 – Service Instance 10) —-(GigabitEthernet2) CE1

PE1 and CE1 are directly connected, PE1 will have a BDI (equivalent to BVI in XR world) to be the gateway of CE1 on the subnet 10.0.0.0/24, where PE1 has 10.0.0.254/25 and CE1 has 10.0.0.1/24. Configuration below from PE1:

hostname PE1
!
l2vpn vfi context L2VPN_SERVICE_10
vpn id 10
!
bridge-domain 10
member GigabitEthernet2 service-instance 10
member vfi L2VPN_SERVICE_10
member 192.9.9.9 10 encapsulation mpls
!
!
interface GigabitEthernet2
description TO CUSTOMERS
no ip address
negotiation auto
service instance 10 ethernet
description TO CE1
encapsulation untagged
snmp ifindex persist
!
!
interface BDI10
description L2 GW CE1 – BRIDGE DOMAIN 10 / SERVICE INSTANCE 10
ip address 10.0.0.254 255.255.255.0
!
end

Ethernet over MPLS AToM

## Loopback & ISIS Configuration
# CSR01
router isis 1
net 00.0000.0000.0010.00
is-type level-2-only

int loop 0
ip address 9.9.9.9 255.255.255.255
ip router isis 1
int g1
ip router isis 1

# R1
router isis 1
net 00.0000.0000.0001.00
is-type level-2-only

int loop 0
ip address 1.1.1.1 255.255.255.255
ip router isis 1
int g2/0
ip router isis 1
int g3/0
ip router isis 1

# R4
router isis 1
net 00.0000.0000.0004.00
is-type level-2-only

int loop 0
ip address 4.4.4.4 255.255.255.255
ip router isis 1
int g2/0
ip router isis 1
int g3/0
ip router isis 1

# R5
router isis 1
net 00.0000.0000.0005.00
is-type level-2-only

int loop 0
ip address 5.5.5.5 255.255.255.255
ip router isis 1
int g2/0
ip router isis 1
int g3/0
ip router isis 1

# CSR01
router isis 1
net 00.0000.0000.0012.00
is-type level-2-only

int loop 0
ip address 8.8.8.8 255.255.255.255
ip router isis 1
int g1
ip router isis 1

## MPLS Configuration
NOTE: Make sure that “IP CEF” is enabled and loopback is being the source for mpls discovery.

# CSR01
mpls label protocol ldp
int g1
mpls ip

# R1
mpls label protocol ldp
int g2/0
mpls ip
int g3/0
mpls ip

# R4
mpls label protocol ldp
int g2/0
mpls ip
int g3/0
mpls ip

# R5
mpls label protocol ldp
int g2/0
mpls ip
int g3/0
mpls ip

# CSR01
mpls label protocol ldp
int g1
mpls ip

Verify: show mpls interface
show that MPLS is running and label protocol.
Are we running Traffic Engineering/RSVP, BGP or Static label bindings.
is MPLS running?
Show mpls ldp neighbor
# mpls ldp router-id Loopback force

MPLS Control and Data Plane

Q: Watching MPLS vod 3 I understand that the MPLS VPN label aids the PE into which CE to send a packet. On the other hand the route-target tells the PE into which vrf table certain prefixes have to be imported. It looks redundant, so the route-target happens at the control plane and the mpls vpn label at the data plane…
Still it not clear to me how this second (MPLS VPN) label is generated and how it get exactly exchanged and how it relates to the route-target. I would appreciate if you can elaborate more on this.

A: Correct, the route-target is used in the control plane of VPNv4 BGP to control which VPN (VRF) a route belongs to. The control plane also generates the MPLS labels. Specifically there are two labels that are significant in MPLS L3VPN, the Transport Label and the VPN Label. The Transport Label is normally generated by LDP, and tells the MPLS core which PE the traffic should be routed to. The VPN Label is generated by VPNv4 BGP, and tells the PE which CE the traffic should be routed to. The actual routing of the packets happens in the Forwarding (Data) Plane, but the labels are derived via the Control Plane.

Check these videos for more detailed explanations and examples:
MPLS Layer 3 VPNs and VPNv4 BGP
MPLS Layer 3 VPN Verification & Troubleshooting

Q: I think (correct me if I am wron) that key point is that the transport happens in global so a vpn label is needed so that the PE knows to which vrf to switch and continue forwarding the vpn4 address to the CE device. This is indeed an example to show the difference between the data and control plane since for this to work the routes in the vrf table alone is not enough.

A: Correct. When the packet is received on the PE router from the P routers (MPLS cloud), it comes in on an interface in the global routing table. Since you can have the same IP prefix in multiple VRF tables, the PE router would not know which VRF table to do the routing lookup in without the VPN label.

http://blog.ine.com/2011/06/15/control-plane-vs-data-plane/

Multiple RD/RT on same VRF

“You probably know the basic principles of MPLS/VPN and BGP route selection (read my MPLS/VPN books or watch my Enterprise MPLS/VPN webinar if you need more details). Best MPLS/VPN routes are selected using (approximately) this algorithm:

BGP routing process performs best path selection in the VPNv4 table using the standard set of BGP path selection rules.
The IPv4 parts of the best-path VPNv4 prefixes with the route targets matching local VRFs are inserted into the VRF routing tables (where they compete with routes learned through per-VRF routing protocols based on their administrative distance);
Per-VRF FIB is built from the VRF routing table (more details in RIBs and FIBs)
The first step in this process (BGP best path selection) cannot work correctly if the prefixes in VPNv4 table are not comparable. Remember: we have to compare the whole VPNv4 prefix as different customers might have overlapping address spaces.

The BGP process thus has to make local copies of those BGP paths that have RDs different from the local RD value to make them comparable to local BGP paths (for example, routes received from a CE-router through an EBGP session). The BGP paths received from other PE-routers are imported (BGP process creates a copy with the local value of the RD) and then used in the BGP best path selection process.”

Summary
If you offer a simple VPN service, the use a single RD and RT value for a simple VPN is still be best advice I can give you. If you plan to support multipath load sharing or fast failover, the per-PE-per-VRF RD is the way to go till Cisco and Juniper implement BGP Add Paths functionality for VPNv4 prefixes.

http://blog.ipspace.net/2012/07/bgp-route-replication-in-mplsvpn-pe.html

MPLS/Vpnv4 Issue

1. VPNv4 routes exist in the vrf table , but can’t ping it (From CE-CE)
A: In order for L3VPN ping to work you need to verify the MPLS forwarding plane.
First of all, you need to verify that between each pair of PE nodes you have complete and correct LSPs with destination the remote PE loopback.

https://supportforums.cisco.com/t5/mpls/vpnv4-routes-exist-in-the-vrf-table-but-can-t-ping-it/td-p/2858891

2. Outgoing label = No label
A: Start troubleshooting from the core. Try pinging mpls.

https://supportforums.cisco.com/t5/mpls/outgoing-label-no-label/td-p/2675788

3. MPLS LDP Neighbor problem
A: Make sure that LDP ID is reachable in each LDP member.

https://supportforums.cisco.com/t5/mpls/mpls-ldp-neighbor-problem/td-p/1219073

4. BGP VPNv4 NoNeg State
https://ieoc.com/discussion/28475/sh-bgp-vpnv4-uni-all-sum-for-lab1-t4-1-my-output
https://puck.nether.net/pipermail/cisco-nsp/2004-May/010021.html

LDP vs TDP

LDP is quite similar to TDP.

LDP is standardized by IETF.
LDP has more features such as abort, MD5 authentication, notification, backoff logic etc.
LDP is the default with this global config – mpls ldp protocol ldp
LDP Neighbors are discovered via LDP Hellos (like most of the routing protocols)
LDP Hellos are sent to 224.0.0.2 (All routers)
LDP hellos are sent to UDP port = 646 (Neighbor discovery)
LDP hellos are sent only after both #mpls ip and #mpls label protocol ldp are configured on an interface ** unless you have the global command in.

LDP/TDP operates in three steps –
Neighbor Discovery
Session establishment
Label Distribution/exchange
Once labels are exchanged, LIB is built
LIB and FIB together helps to build LFIB

TDP is the default on Cisco routers
TDP Neighbors are discovered via TDP Hellos (like most of the routing protocols)
TDP Hellos are sent to 255.255.255.255
TDP hellos are sent to UDP port = 711
TDP hellos are sent only after �mpls ip� is configured on an interface

Ldp and tdp can coexist but you cannot mix them on an interface i.e. R1 s1/0 connects to R2 s2/0. In this scenario you MUST have either LDP or TDP on each interface, otherwise they will not for a neighbourship.