NETWORK NOTES : MPLS

Showing posts with label MPLS. Show all posts

Thursday, June 4, 2015

MPLS LDP session protection

MPLS LDP Session Protection

A common problem in networks is flapping links,

The impact is pretty severe though, because the routing protocol and LDP can take time to rebuild the neighborship. LDP has to rebuild the LDP session and must exchange the label bindings again.

To avoid having to rebuild the LDP session

altogether, you can protect it. When the LDP session between two directly connected LSRs is protected, a targeted LDP session is built between the two LSRs. When the directly connected link does go down between the two LSRs, the targeted LDP session is kept up as long as an alternative path exists between the two LSRs.

The global command to enable LDP Session Protection is this:

mpls ldp session protection [vrf vpn-name] [for acl] [duration seconds]

The access list (acl) you can configure lets you specify the LDP peers that should be protected.

For the protection to work, need to enable it on both the LSRs(at least on one)

need to enable it on both the LSRs

mpls ldp discovery targeted-hello accept

********************************

Before applying the config

R1#sh mpls ldp neighbor fa1/1 detail

Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 192.168.0.1:0

TCP connection: 3.3.3.3.646 - 192.168.0.1.48353

Password: not required, none, in use

State: Oper; Msgs sent/rcvd: 15/18; Downstream; Last TIB rev sent 63

Up time: 00:01:55; UID: 10; Peer Id 1;

LDP discovery sources:

FastEthernet1/1; Src IP addr: 13.0.0.3

holdtime: 15000 ms, hello interval: 5000 ms

Addresses bound to peer LDP Ident:

172.16.0.3 3.3.3.3 33.33.33.33 13.0.0.3

Peer holdtime: 180000 ms; KA interval: 60000 ms; Peer state: estab

Now configuration must be done on all routers

access-list 5 permit 2.2.2.2

access-list 5 permit 3.3.3.3

mpls ldp session protection for 5

mpls ldp discovery targeted-hello accept

access-list 5 permit 192.168.0.1

access-list 5 permit 3.3.3.3

mpls ldp session protection for 5

mpls ldp discovery targeted-hello accept

access-list 5 permit 2.2.2.2

access-list 5 permit 1.1.1.1

mpls ldp session protection for 5

mpls ldp discovery targeted-hello accept

Show commands

R1#sh mpls ldp neighbor fa1/1 detail

Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 192.168.0.1:0

TCP connection: 3.3.3.3.646 - 192.168.0.1.40131

Password: not required, none, in use

State: Oper; Msgs sent/rcvd: 13/16; Downstream; Last TIB rev sent 67

Up time: 00:00:27; UID: 26; Peer Id 1;

LDP discovery sources:

FastEthernet1/1; Src IP addr: 13.0.0.3

holdtime: 15000 ms, hello interval: 5000 ms

Targeted Hello 192.168.0.1 -> 3.3.3.3, active;

holdtime: infinite, hello interval: 10000 ms

Addresses bound to peer LDP Ident:

172.16.0.3 3.3.3.3 33.33.33.33 13.0.0.3

Peer holdtime: 180000 ms; KA interval: 60000 ms; Peer state: estab

Clients: Dir Adj Client

LDP Session Protection enabled, state: Ready

acl: 5, duration: 86400 seconds

Now flap the int fa1/1

R1(config-if)#

R1(config-if)#shut

R1(config-if)#

*Jun 4 11:06:22.729: %LDP-5-SP: 3.3.3.3:0: session hold up initiated

R1#sh mpls ldp neighbor 3.3.3.3 detail

Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 192.168.0.1:0

TCP connection: 3.3.3.3.646 - 192.168.0.1.37230

Password: not required, none, in use

State: Oper; Msgs sent/rcvd: 14/13; Downstream; Last TIB rev sent 71

Up time: 00:00:37; UID: 57; Peer Id 1;

LDP discovery sources:

Targeted Hello 192.168.0.1 -> 3.3.3.3, active;

holdtime: infinite, hello interval: 10000 ms

Addresses bound to peer LDP Ident:

172.16.0.3 3.3.3.3 33.33.33.33 13.0.0.3

Peer holdtime: 180000 ms; KA interval: 60000 ms; Peer state: estab

Clients: Dir Adj Client

LDP Session Protection enabled, state: Protecting

acl: 5, duration: 86400 seconds

holdup time remaining: 86395 seconds

see the state is protecting

R1(config)#int fa1/1

R1(config-if)#no shut

R1(config-if)#

*Jun 4 11:06:44.857: %LDP-5-SP: 3.3.3.3:0: session recovery succeede

LDP inbound label Filtering

MPLS LDP Inbound Label Binding Filtering

This can limit the number of label bindings stored in the LIB of the router

Command syntax.

Mpls ldp neighbor [vrf vpn-name] nbr-address labels accept acl

Task:-In R1 we will filter out 33.0.0.0 /8 ( Prefix coming from R3)----

Label binding before applying the config

R1#show mpls ldp bindings | be 33.0.0.0

lib entry: 33.0.0.0/8, rev 47

local binding: label: 20

remote binding: lsr: 2.2.2.2:0, label: 19

R1#sh mpls forwarding-table | in 33.0.0.

20 19 33.0.0.0/8 0 Fa1/0 192.168.0.2

Configuration on R1

R1#

access-list 3 deny 33.0.0.0

access-list 3 permit any

mpls ldp neighbor 2.2.2.2 labels accept 3

See there is no remote binding for 33.0.0.0/8

R1#show mpls ldp bindings | be 33.0

lib entry: 33.0.0.0/8, rev 47

R1#sh mpls forwarding-table | in 33.0.0.

20 No Label 33.0.0.0/8 0 Fa1/0 192.168

Tuesday, June 2, 2015

Label Distribution Protocol

To get packets across a label switched path (LSP) through the MPLS network, all LSRs must run
a label distribution protocol and exchange label bindings.

LDP as four major function.

■ The discovery of LSRs that are running LDP
When two LSRs are running LDP and they share one or more links between them, they should
discover each other by means of Hello messages.

■ Session establishment and maintenance
Establish a session across a TCP connection. Across this TCP connection

■ Advertising of label mappings
LDP advertises the label mapping messages between the two LDP peers

■ Housekeeping by means of notification
LDP provides the means to notify the LDP neighbor of some advisory and error messages by sending notification messages

LDP Operation.

The Discovery of LSRs That Are Running LDP

LSRs that are running LDP send LDP Hello messages on all links that are LDP enabled. These are all the interfaces with mpls ip configured on them. First, however, you must enable CEF with the global ip cef command.

*Jun 3 09:45:46.387: ldp: Sent init msg to 2.2.2.2:0 (pp 0x0)

*Jun 3 09:45:46.391: ldp: Sent keepalive msg to 2.2.2.2:0 (pp 0x0)

*Jun 3 09:45:46.627: %LDP-5-NBRCHG: LDP Neighbor 2.2.2.2:0 (1) is UP

R1(config-if)#

*Jun 3 09:45:46.639: ldp: Sent address msg to 2.2.2.2:0 (pp 0x6ACE80C8)

*Jun 3 09:45:46.643: ldp: Begin: Msg-Packing-5 to 2.2.2.2:0 (pp 0x6ACE80C8)

*Jun 3 09:45:46.647: ldp: Sent label mapping msg to 2.2.2.2:0 (pp 0x6ACE80C8)

*Jun 3 09:45:46.651: ldp: Sent label mapping msg to 2.2.2.2:0 (pp 0x6ACE80C8)

*Jun 3 09:45:46.655: ldp: Sent label mapping msg to 2.2.2.2:0 (pp 0x6ACE80C8)

*Jun 3 09:45:46.659: ldp: End: Msg-Packing-5 to 2.2.2.2:0 (pp 0x6ACE80C8)

LDP Hello messages are UDP messages that are sent on the links to the “all routers on this subnet” multicast IP address—in other words, to the 224.0.0.2 group IP multicast address. The UDP port used for LDP is 646.

To discover whether the LSR sends and receives LDP Hellos, the Hello interval, and the Hold time, use the show mpls ldp discovery [detail] command

R1#sh mpls ldp discovery detail

Local LDP Identifier:

1.1.1.1:0

Discovery Sources:

Interfaces:

FastEthernet1/0 (ldp): xmit/recv

Enabled: Interface config

Hello interval: 5000 ms; Transport IP addr: 1.1.1.1

LDP Id: 2.2.2.2:0; no host route to transport addr

Src IP addr: 192.168.0.2; Transport IP addr: 2.2.2.2

Hold time: 15 sec; Proposed local/peer: 15/15 sec

Reachable via 2.0.0.0/8

Password: not required, none, in use

Clients: IPv4

************* R2 ****************

R2#sh mpls ldp discovery detail

Local LDP Identifier:

2.2.2.2:0

Discovery Sources:

Interfaces:

FastEthernet0/0 (ldp): xmit/recv

Enabled: Interface config

Hello interval: 5000 ms; Transport IP addr: 2.2.2.2

LDP Id: 3.3.3.3:0; no host route to transport addr

Src IP addr: 172.16.0.3; Transport IP addr: 3.3.3.3

Hold time: 15 sec; Proposed local/peer: 15/15 sec

Reachable via 3.0.0.0/8

Password: not required, none, in use

Clients: IPv4

FastEthernet0/1 (ldp): xmit/recv

Enabled: Interface config

Hello interval: 5000 ms; Transport IP addr: 2.2.2.2

LDP Id: 1.1.1.1:0; no host route to transport addr

Src IP addr: 192.168.0.1; Transport IP addr: 1.1.1.1

Hold time: 15 sec; Proposed local/peer: 15/15 sec

Reachable via 1.0.0.0/8

Password: not required, none, in use

Clients: IPv4

R2#

The default value for the holdtime keyword is 15 seconds for link Hello messages, and the default value for the interval keyword is 5 seconds

If the two LDP peers have different LDP Hold times configured, the smaller of the two values is used as the Hold time for that LDP discovery source

show mpls interfaces show which interfaces are running LDP,

R2#sh mpls interfaces

Interface IP Tunnel BGP Static Operational

FastEthernet0/0 Yes (ldp) No No No Yes

FastEthernet0/1 Yes (ldp) No No No Yes

LSRs that are running LDP have an LDP Identifier, or LDP ID. This LDP ID is a 6-byte field that consists of 4 bytes identifying the LSR uniquely and 2 bytes identifying the label

space that the LSR is using, as

Local LDP Identifier:

2.2.2.2:0

last two bytes are 0, the label space is the platform-wide or per-platform label space.

If they are non-zero, a per-interface label space is used

LDP id can be changed as

R1(config)#mpls ldp router-id fa1/0 force

R1#sh mpls ldp discovery

Local LDP Identifier:

192.168.0.1:0 earlier it was 1.1.1.1

Discovery Sources:

Interfaces:

FastEthernet1/0 (ldp): xmit/recv

LDP Id: 2.2.2.2:0; no host route

R1#

Earlier …..Local LDP Identifier:

1.1.1.1:0

Discovery Sources

In force keyword , immediately LDP id get changed.

***The MPLS LDP router ID needs to be present in the routing table of the LDP

neighboring routers, If it is not, the LDP session is not formed.

LDP Session Establishment and Maintenance.

If two LSRs have discovered each other by means of the LDP Hellos, they attempt to establish an LDP session between them. One LSR tries to open a TCP connection—to TCP port 646—to the other LSR. If the TCP connection is set up, both LSRs negotiate LDP session parameters by exchanging LDP Initialization messages.

LDP negotiate on below parameter.

■ Timer values

■ Label distribution method

■ Virtual path identifier (VPI)/virtual channel identifier (VCI) ranges for Label Controlled ATM (LC-ATM)

■ Data-link connection identifier (DLCI) ranges for LC-Frame Relay

After the LDP session has been set up, it is maintained by either the receipt of LDP packets or a periodic keepalive message.

Timers can be configured as

R1(config)#mpls ldp holdtime ?

<15-65535> Holdtime in seconds

The local TCP port used is 46034, and the remote TCP port used is 646. The session Hold time is 180 seconds, and the

LDP Neighbor Hold Time and KA Interval

R1#sh mpls ldp neighbor 2.2.2.2 detail

Peer LDP Ident: 2.2.2.2:0; Local LDP Ident 192.168.0.1:0

TCP connection: 2.2.2.2.646 - 192.168.0.1.46034

Password: not required, none, in use

State: Oper; Msgs sent/rcvd: 12/11; Downstream; Last TIB rev sent 25

Up time: 00:03:27; UID: 6; Peer Id 1;

LDP discovery sources:

FastEthernet1/0; Src IP addr: 192.168.0.2

holdtime: 15000 ms, hello interval: 5000 ms

Addresses bound to peer LDP Ident:

172.16.0.2 192.168.0.2 2.2.2.2

Peer holdtime: 180000 ms; KA interval: 60000 ms; Peer state: estab

Capabilities Sent:

[Dynamic Announcement (0x0506)]

[Typed Wildcard (0x050B)]

Capabilities Received:

[Dynamic Announcement (0x0506)]

[Typed Wildcard (0x050B)]

Parameters can be confirmed by

R1#sh mpls ldp parameters

LDP Feature Set Manager: State Initialized

……

Protocol version: 1

Session hold time: 180 sec; keep alive interval: 60 sec

Discovery hello: holdtime: 15 sec; interval: 5 sec

Discovery targeted hello: holdtime: 90 sec; interval: 10 sec

Downstream on Demand max hop count: 255

LDP for targeted sessions

LDP initial/maximum backoff: 15/120 sec

LDP loop detection: off

LDP tcp sessions use LDP id to establish session but it can be changed with

mpls ldp discovery transport-address {interface | ip-address}

This transport IP address is advertised in the LDP Hellos that are sent on the

LDP-enabled interfaces.

Transport address must be accessible

R1(config)#int fa1/0

R1(config-if)#mpls ldp discovery transport-address 11.11.11.11

R2(config)#int fa0/1

R2(config-if)#mpls ldp discovery transport-address 22.22.22.22

R1#sh mpls ldp discovery detail

Local LDP Identifier:

192.168.0.1:0

Discovery Sources:

Interfaces:

FastEthernet1/0 (ldp): xmit/recv

Enabled: Interface config

Hello interval: 5000 ms; Transport IP addr: 11.11.11.11

LDP Id: 2.2.2.2:0; no host route to transport addr

Src IP addr: 192.168.0.2; Transport IP addr: 22.22.22.22

Hold time: 15 sec; Proposed local/peer: 15/15 sec

Reachable via 22.0.0.0/8

Password: not required, none, in use

Clients: IPv4

R1#

Advertising of Label Mappings

■ Unsolicited Downstream (UD) versus Downstream-on-Demand (DoD) advertisement mode

■ Liberal Label Retention (LLR) versus Conservative Label Retention (CLR) mode

■ Independent LSP Control versus Ordered LSP Control mode

LDP peer distributes the label bindings unsolicited to its LDP peers.

However, the label bindings are a set of (LDP Identifier, label) per prefix. An LDP router receives multiple label bindings for each prefix—namely, one per LDP peer. All these label bindings are stored in the LIB of the router.

only one label from all the advertised label bindings from all the LDP neighbors of this

LSR should be used as outgoing label in the LFIB for that prefix

bound addresses

label bindings are advertised as (LDP Identifier, label) without the IP addresses of the interfaces. This means that to find the outgoing label for a particular prefix, you must map to the LDP Identifier the IP address of the interface—pointing back to this LSR—on the downstream LSR. You can only do this if each LDP peer advertises all its IP addresses. These IP addresses are advertised by the LDP peer with Address messages and withdrawn with Withdraw Address messages. They are called the bound addresses for

the LDP peer

R2#sh mpls ldp nei detail

Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 2.2.2.2:0

TCP connection: 3.3.3.3.13426 - 2.2.2.2.646

Password: not required, none, in use

State: Oper; Msgs sent/rcvd: 726/724; Downstream; Last TIB rev sent 33

Up time: 10:24:28; UID: 2; Peer Id 1;

LDP discovery sources:

FastEthernet0/0; Src IP addr: 172.16.0.3

holdtime: 15000 ms, hello interval: 5000 ms

Addresses bound to peer LDP Ident:

172.16.0.3 3.3.3.3

Peer holdtime: 180000 ms; KA interval: 60000 ms; Peer state: estab

Peer LDP Ident: 192.168.0.1:0; Local LDP Ident 2.2.2.2:0

TCP connection: 11.11.11.11.646 - 22.22.22.22.35321

Password: not required, none, in use

State: Oper; Msgs sent/rcvd: 24/23; Downstream; Last TIB rev sent 33

Up time: 00:12:11; UID: 8; Peer Id 0;

LDP discovery sources:

FastEthernet0/1; Src IP addr: 192.168.0.1

holdtime: 15000 ms, hello interval: 5000 ms

Addresses bound to peer LDP Ident:

1.1.1.1 192.168.0.1 11.11.11.11

Example of LIB

R2#sh mpls ldp bindings

lib entry: 1.0.0.0/8, rev 2

local binding: label: 16

remote binding: lsr: 3.3.3.3:0, label: 16

lib entry: 1.1.1.1/32, rev 30

remote binding: lsr: 192.168.0.1:0, label: imp-null

lib entry: 2.0.0.0/8, rev 12

remote binding: lsr: 3.3.3.3:0, label: 17

remote binding: lsr: 192.168.0.1:0, label: 16

lib entry: 2.2.2.2/32, rev 4

local binding: label: imp-null

lib entry: 3.0.0.0/8, rev 6

local binding: label: 17

remote binding: lsr: 192.168.0.1:0, label: 17

lib entry: 3.3.3.3/32, rev 14

remote binding: lsr: 3.3.3.3:0, label: imp-null

lib entry: 11.0.0.0/8, rev 29

local binding: label: 18

remote binding: lsr: 3.3.3.3:0, label: 19

lib entry: 11.11.11.11/32, rev 32

remote binding: lsr: 192.168.0.1:0, label: imp-null

lib entry: 22.0.0.0/8, rev 33

remote binding: lsr: 192.168.0.1:0, label: 19

remote binding: lsr: 3.3.3.3:0, label: 20

lib entry: 22.22.22.22/32, rev 27

local binding: label: imp-null

show mpls ip binding

The advantage of the command show mpls ip binding is that it also shows which label from all possible remote bindings is used to forward traffic by indicating inuse

R1# show mpls ip binding

1.0.0.0/8

out label: 16 lsr: 2.2.2.2:0

1.1.1.1/32

in label: imp-null

2.0.0.0/8

in label: 16

2.2.2.2/32

out label: imp-null lsr: 2.2.2.2:0

3.0.0.0/8

in label: 17

out label: 17 lsr: 2.2.2.2:0 inuse

11.0.0.0/8

out label: 18 lsr: 2.2.2.2:0

11.11.11.11/32

in label: imp-null

22.0.0.0/8

in label: 19

22.22.22.22/32

out label: imp-null lsr: 2.2.2.2:0

172.16.0.0/24

out label: imp-null lsr: 2.2.2.2:0

172.16.0.0/16

in label: 18

192.168.0.0/24

in label: imp-null

out label: imp-null lsr: 2.2.2.2:0

R1#

Label binding for 3.0.0.0/24 in R1

R1#sh mpls ldp bindings 3.0.0.0 255.0.0.0

lib entry: 3.0.0.0/8, rev 8

local binding: label: 17

remote binding: lsr: 2.2.2.2:0, label: 17

LDP Authentication

LDP sessions are TCP sessions. TCP sessions can be attacked by spoofed TCP segments. To protect LDP against such attacks, use Message Digest 5 (MD5) authentication.

R1(config)#mpls ldp neighbor 2.2.2.2 password cisco

*Jun 3 20:21:29.164: %TCP-6-BADAUTH: No MD5 digest from 22.22.22.22(29055) to 11.11.11.11(646)

R2(config)#mpls ldp neighbor 192.168.0.1 password cisco

R1.

*Jun 3 20:22:48.216: %LDP-5-NBRCHG: LDP Neighbor 2.2.2.2:0 (1) is UP

Forwarding Labeled packet in MPLS

“Forwarding labeled packets is quite different from forwarding IP packets”

We will continue with How labeled packets are forwarded in MPLS networks, how forwarding labeled packets is different from forwarding IP packets, how labeled packets are load-balanced, and what a label switching router (LSR) does with a packet with an unknown label.

IP Lookup Versus Label Lookup

When a router receives an IP packet, the lookup done is an IP lookup. In Cisco IOS, this means that the packet is looked up in the CEF table. When a router receives a labeled packet, the lookup is done in the LFIB of the router.

The router knows that it receives a labeled packet or an IP packet by looking at the protocol field in the Layer 2 header

See IP-to-label forwarding case

R1#sh ip cef 3.3.3.3 detail

3.3.3.3/32, epoch 0

local label info: global/16

1 RR source [no flags]

nexthop 192.168.0.2 FastEthernet1/0 label 16

Here,IP packets that enter the LSR destined for 3.3.3.3/32 go out on interface FastEthernet1/0 after being imposed with the label 16

The next hop of this packet is 192.168.0.2 - R2

The IP-to-label forwarding is done at the imposing LSR

In Cisco IOS, CEF switching is the only IP switching mode that you can use to label packets

LFIB

This is an example of the label-to-label forwarding case.for 3.3.3.3

R1#sh mpls forwarding-table

Local Outgoing Prefix Bytes Label Outgoing Next Hop

Label Label or Tunnel Id Switched interface

16 16 3.3.3.3/32 0 Fa1/0 192.168.0.2

17 Pop Label 2.2.2.2/32 0 Fa1/0 192.168.0.2

The local label (or tag) is the label that this LSR assigns and distributes to the other LSRs

Label 16 swap with Label 16..(Label is locally significant)

if this LSR receive a packet with Top label 17, it will remove all label and forward this as an IP packet.

17 Pop Label 2.2.2.2/32 0 Fa1/0 192.168.0.2

If the detail key word is specified, you can see all the labels that change in the label stack

R1#sh mpls forwarding-table 3.3.3.3 detail
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 16 3.3.3.3/32 0 Fa1/0 192.168.0.2
MAC/Encaps=14/18, MRU=1500, Label Stack{16}
CA0114D80006CA0014D8001C8847 00010000
No output feature configured
R1#

Example of an Entry in the LFIB for an MPLS VPN Prefix

R1#sh mpls forwarding-table vrf A
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
21 No Label 10.0.0.0/24[V] 1458 aggregate/A
27 No Label 5.5.5.5/32[V] 1068 Fa0/0 10.0.0.5

The CEF adjacency table, however, determines the outgoing data link encapsulation.The
adjacency table provides the necessary Layer 2 information to forward the packet to the next-hop
LSR

R1#sh adjacency detail

Protocol Interface Address
IP FastEthernet0/0 10.0.0.5(12)
13 packets, 1194 bytes
epoch 0
sourced in sev-epoch 0
Encap length 14
CA040A800008CA0014D800080800
ARP
IP FastEthernet0/1 10.0.0.4(12)
84 packets, 9760 bytes
epoch 0
sourced in sev-epoch 0
Encap length 14
CA0302C80006CA0014D800060800
ARP
IP FastEthernet1/0 192.168.0.2(14)
0 packets, 0 bytes
epoch 0
sourced in sev-epoch 0
Encap length 14
CA0114D80006CA0014D8001C0800
ARP
TAG FastEthernet1/0 192.168.0.2(5)
129 packets, 12446 bytes
epoch 0
sourced in sev-epoch 0
Encap length 14
CA0114D80006CA0014D8001C8847
ARP
R1#
R1#

These are the operation...

■ Pop—The top label is removed. The packet is forwarded with the remaining label stack or as an unlabeled packet.

■ Swap—The top label is removed and replaced with a new label.

■ Push—The top label is replaced with a new label (swapped), and one or more labels are added (pushed) on top of the swapped label.

■ Untagged/No Label—The stack is removed, and the packet is forwarded unlabeled.

■ Aggregate—The label stack is removed, and an IP lookup is done on the IP packet.

..................................................................................

Unknown Label

In normal operation, an LSR should receive only a labeled packet with a label at the top of the stack that is known to the LSR, because the LSR should have previously advertised that label.However, it is possible for something to go wrong in the MPLS network and the LSR to start receiving labeled packets with a top label that the LSR does not find in its LFIB. The LSR can theoretically try two things: strip off the labels and try to forward the packet, or drop the packet.

The Cisco LSR drops the packet

Reserved Labels

Labels 0 through 15 are reserved labels. An LSR cannot use them in the normal case for forwarding packets. An LSR assigns a specific function to each of these labels. Label 0 is the explicit NULL label, whereas label 3 is the implicit NULL label.

Implicit NULL Label

The implicit NULL label is the label that has a value of 3. An egress LSR assigns the implicit NULL label to a FEC if it does not want to assign a label to that FEC, thus requesting the upstream LSR to perform a pop operation.

In normal operation,Edge LSR will perform two look up one Label Lookup and second one IP lookup , The solution for this double lookup is to have the egress LSR signal the last but one (or penultimate) LSR in the label switched path (LSP) to send the packets without a label.

The use of implicit NULL at the end of an LSP is called penultimate hop popping (PHP)

The egress LSR signals the penultimate LSR to use implicit NULL by not sending a regular label, but by sending the special label with value 3.The result is that the egress LSR receives an IP packet and

only needs to perform an IP lookup to be able to forward the packet

label 3 will never be seen as a label in the label stack of an MPLS packet

Note:---The use of implicit NULL is widespread and not confined only to the above example . It could be that the packets have two or three or more labels in the label stack. Then the implicit NULL label used at the egress LSR would signal the penultimate hop router to pop one label and send the labeled packet with one label less to the egress LSR.

Explicit NULL Label

in implicit null label The packet is forwarded with one label less than it was received by the penultimate LSR or unlabeled if it was received with only one label.
Besides the label value, the label also holds the Experimental (EXP) bits. When a label is removed, the EXP bits are also removed. Because the EXP bits are exclusively used for quality of service (QoS), the QoS part of the packet is lost when the top label is removed

The explicit NULL label is the solution to this problem, because the egress LSR signals the IPv4 explicit NULL label (value 0) to the penultimate hop router

The egress LSR then receives labeled packets with a label of value 0 as the top label. The LSR cannot forward the packet by looking up the value 0 in the LFIB because it can be assigned to multiple FECs. The LSR just removes the explicit NULL label. After the LSR removes the explicit NULL label, another lookup has to occur, but the advantage is that the router can derive the QoS information of the received packet by looking at the EXP bits of the explicit NULL label

EXP bits value can be copied to the precedence or DiffServ bits when performing PHP and thus preserve the QoS information. Or, if the label stack has multiple labels and the top label is popped off, we can copy EXP bits value to the EXP field of the new top label.

Router Alert Label

The Router Alert label is the one with value 1. This label can be present anywhere in the label stack except at the bottom. When the Router Alert label is the top label, it alerts the LSR that the packet needs a closer look. Therefore, the packet is not forwarded in hardware, but it is looked at by a software process.

Unreserved Labels

Except for the reserved labels of 0 through 15, you can use all the label values for normal packet forwarding. Because the label value has 20 bits, the labels from 16 through 1,048,575 (220 – 1) are used for normal packet forwarding. In Cisco IOS, the default range is 16 through 100,000

R1#show mpls label range

Downstream Generic label region: Min/Max label: 16/100000

TTL behavior

Time To Live (TTL) is a well-known mechanism thanks to IP. In the IP header is a field of 8 bits that signifies the time that a packet still has before its life ends and is dropped.
TTL is usually 255 and is then decremented by 1 at each hop. If the TTL reaches 0, the

packet is dropped.

In MPLS, the usage of the TTL field in the label is the same as the TTL in the IP header. When an IP packet enters the MPLS cloud—such as on the ingress LSR—the IP TTL value is copied (after being decremented by 1) to the MPLS TTL values of the pushed label(s).
At the egress LSR, the label is removed, and the IP header is exposed again.

The IP TTL value is copied from the MPLS TTL value in the received top label after decrementing it by 1.

TTL Behavior in the Case of Label-to-Label

If the operation that is performed on the labeled packet is a swap, the TTL of incoming label –1 is copied to the swapped label

If the operation that is performed on the labeled packet is to push one
or more labels, the received MPLS TTL of the top label –1 is copied to the swapped label and all pushed labels.

If the operation is pop, the TTL of the incoming label –1 is copied to the newly
exposed label unless that value is greater than the TTL of the newly exposed label, in which case the copy does not happen

Thursday, June 4, 2015

MPLS LDP session protection

LDP inbound label Filtering

MPLS LDP Inbound Label Binding Filtering

Tuesday, June 2, 2015

Label Distribution Protocol

Saturday, May 30, 2015

Forwarding Labeled packet in MPLS