In case of layer 3 VPN, two labels are normally carried by packet. But the differentiation between the labels is ipv4 and vpnv4. Ipv4 label is used for IGP and vpnv4 label is used for customer route. Normally a question comes in mind, “Is LDP responsible for both the labels”. The answer is no because LDP is only responsible for the top most label is IGP label and MP-iBGP is responsible for vpnv4 label which is present under beneath of IGP label. Even if the core network is not running LDP, but MP-iBGP is enabled from PE to PE, we can easily see the vpnv4 labels exchange. But the problem is that traffic forwarding will not happen because the core network doesn’t understand the labels.
How BGP does forward the vpnv4 label?
In the given logs, we can see that from 100.100.100.1 to 100.100.100.3 MP-iBGP tunnels are created. In the update message, under Border Gateway Protocol, we have update and path attribute messages. Path attribute is again having six different BGP attributes:-
- Origin
- AS_Path
- MED
- Local Preference
- Extended Communities
- MP Reach NLRI (Network Layer Reach ability Information)
In the depicted image, Carried Extended Communities are the route target values which we define in vrf. In this we have defined 65500:1 as route target value.
Another attribute is MP_REACH_NLRI which plays vital role in MP-iBGP. In this first value is Address Family: IPv4(1); 1 is reserved for IPv4 only. For more see RFC 1700. According to RFC 2858 Address Family Identifier is defined as
“
This field carries the identity of the Network Layer protocol
associated with the Network Address that follows. Presently
defined values for this field are specified in RFC 1700 (see
the Address Family Numbers section).”
According to RFC 2858 SAFI is defined as “Subsequent Address Family Identifier:
This field provides additional information about the type of
the Network Layer Reachability Information carried in the
attribute.”
In the given figure SAFI value is 128 because from 128 to 255 values are not being reserved by IANA. These are for private use. It means, if some vendor wants IOT with CISCO MP-iBGP then they might need to use the same SAFI (Not Sure About It).According to draft draft-ietf-l3vpn-rfc2547bis-03 section 4.3.4 SAFI 128 is used for labeled VPN IPv4 addresses.
Next field is next hop network address which is carrying the information of next hop address i.e. router id of advertising router and CISCO is using route distinguisher RD 0:0 for IGP routes. So it means by default global routing is also a part of a vrf which could be called global vrf(not sure).
Last field is Network Layer Reachability Information which is actually carrying VPNv4 label 19 also known as bottom label, route distinguisher and ipv4 prefix of vrf.
5 comments:
With a PE to PE setup, how would you get the link between the 2 PE's to understand the labels for the packet forwarding? "mpls ip" under the interface?
Yes. You have to give MPLS ip command to enable mpls. then the PE router will be able to understand the label
vikas, no need to ldp for vpnv4 labels becausevpnv4 is done by bgpv4
Thank you for sharing this article about VPN.
The problem is that traffic forwarding will not happen because the core network doesn’t understand the labels.
Shared hosting for everyone.
Post a Comment