routers and with PE routers and exchange
information about core subnetworks and loopbacks. BGP
deployment on P routers is not needed for proper MPLS VPN
operation; BGP deployment might be needed, however, to support
traditional Internet connectivity that has not yet migrated to
MPLS. PE Router Perspective
Figure shows how PE
routers exchange routes. The PE routers are the only routers in
MPLS VPN architecture that see all routing aspects of the MPLS
VPN. PE routers are able to exchange three routes:
- IPv4 VPN routes with CE routers via various routing
protocols running in the VRF tables of the PE
Note
Static routing can also be used between the CE
and PE. - VPNv4 routes via MPBGP sessions with other PE
routers
- Core routes with P routers and other PE
routers via core IGP
End-to-End Routing Update
Flow
Figure provides an overview of end-to-end routing
information flow in an MPLS VPN network. These steps describe
the stages of routing information flow. The flow goes from the
IPv4 routing updates entering the MPLS VPN backbone through
their propagation as VPNv4 routes across the backbone: Step
1 PE routers receive IPv4 routing updates from the CE
routers and install the updates in the appropriate VRF table.
Step 2 The customer routes from VRF tables are exported
as VPNv4 routes into MPBGP and propagated to other PE routers.
Step 3 The PE routers receiving MPBGP updates import
the incoming VPNv4 routes into their VRF tables based on RTs
that are attached to the incoming routes and on import RTs that
are configured in the VRF tables. Step 4 The VPNv4
routes that are installed in the VRF tables are converted to
IPv4 routes and then propagated to the CE routers. The CE
routers, PE routers, and P routers have specific requirements
for end-to-end routing information flow.
Content
4.4 Describing MPLS VPN Technology
4.4.8 MPLS VPNs and Packet Forwarding MPLS works by
prepending packets with an MPLS header, containing one or more
“labels.” This is called a label stack. You can use an MPLS
label stack to tell the egress PE router what to do with the
VPN packet. The ingress PE router labels each VPN packet with a
label uniquely identifying the egress PE router. The PE router
sends the VPN packet across the network and all the routers in
the network subsequently switch labels without having to look
into the packet itself. Figure represents an MPLS label with
two labels in the stack. Figure illustrates the concept. When
using the label stack, the ingress PE router labels the
incoming IP packet with two labels: - The top label in
the stack is the LDP label for normal frame forwarding in the
MPLS network. This label guarantees that the packet will
traverse the MPLS VPN backbone and arrive at the egress PE
router.
- The second label in the stack identifies the
egress PE router. This label tells the router how to
forward the incoming VPN packet. The second label can point
directly toward an outgoing interface. In this case, the egress
PE router performs label lookup only on the VPN packet. The
second label can also point to a VRF table. For this case, the
egress PE router first performs a label lookup to find the
target VRF table and then performs an IP lookup within the VRF
table.
- When you are implementing MPLS VPN, you need to
increase the MTU size to allow for two labels.
The
second label in the stack points toward an outgoing interface
whenever the CE router is the next hop of the VPN route. The
second label in the stack points to the VRF table for aggregate
VPN routes, VPN routes pointing to a null interface, and routes
for directly connected VPN interfaces. The two-level MPLS label
stack satisfies these MPLS VPN forwarding requirements:
- The P routers perform label switching on the LDP-assigned
label toward the egress PE router.
- The egress PE
router performs label switching on the second label (which the
router has previously assigned), and either forwards the IP
packet toward the CE router or performs another IP lookup in
the VRF table that the second label in the stack points
to.
VPN PHP
PHP, the removal of the top
label in the stack on the hop prior to the egress router, can
be performed in frame-based MPLS networks as described by
Figure . In these networks, the last P router in the label
switched path (LSP) tunnel pops the LDP label, as previously
requested by the egress PE router through LDP. The PE router
receives a labeled packet that contains only the VPN label. In
most cases, a single label lookup that is performed on that
packet in the egress PE router is enough to forward the packet
toward the CE router. The full IP lookup through the FIB is
performed only once, in the ingress PE router, even without
PHP.
Content 4.4 MPLS Lab Exercises
4.5.1 Lab 4.1 Configuring Frame Mode MPLS Lab
Activity Lab Exercise: Lab 4.1 Configuring Frame Mode MPLS
In this lab, you will configure a simple Enhanced Interior
Gateway Routing Protocol (EIGRP) network to route IP packets.
You will run Multiprotocol Label Switching (MPLS) over the IP
internetwork to fast-switch Layer 2 frames.
Content
4.4 MPLS Lab Exercises 4.5.2 Lab 4.2
Challenge Lab: Implementing MPLS VPNs (Optional) Lab
Activity Lab Exercise: Lab 4.2 Challenge Lab: Implementing
MPLS VPNs (Optional) As a network engineer at a service
provider corporation, you suggest rolling out MPLS as a new
transport technology to facilitate VPNs between customer sites
that connect through your network. Your CIO has asked you to
implement proof-of-concept in a lab environment, starting with
a small implementation of MPLS VPNs before moving up to more
moderately sized test cases. MPLS VPN technology is a powerful
technology that leverages the multiprotocol aspect of MPLS to
switch MPLS frames between VPN endpoints while hiding the
customer networks from the MPLS transport network that connects
them. In other words, the intermediate transport network has no
knowledge of the customer’s IP networks, but is still able to
label-switch frames based on information it receives from MPLS
Label Distribution Protocol (LDP) relationships. You decide to
model one of your current customer’s connections and then show
how MPLS VPNs can be used to carry customer traffic through the
provider network. The International Travel Agency currently
uses your network to connect from its corporate headquarters to
a remote branch office, so you choose this customer network to
model in your demonstration. First, set up the model of both
the service provider’s network and the agency’s network. Then
use appropriate routing and forwarding techniques to set up an
MPLS VPN between the provider edge routers to which the
customer connects. SP1, SP2, and SP3 will represent a service
provider network, and HQ and BRANCH will represent the
International Travel Agency routers at their headquarters and
at a branch site.
Content Summary This module
described how Multiprotocol Label Switching (MPLS) forwards
packets based on information that is contained in labels. The
MPLS network was explained as a network where labels are
assigned and distributed. The Label Information Base (LIB),
Forwarding Information Base (FIB), and Label Forwarding
Information Base (LFIB) tables are defined as tables where
label information is populated and stored. The two major
virtual private network (VPN) design options—overlay VPN and
peer-to-peer VPN—have many benefits and drawbacks that are
examined in detail. MPLS VPN architecture was explained in this
module as combining the best features of the overlay and
peer-to-peer VPN models.