Print

VPN MPLS Transport Options

EVPN-MPLS and IP-VPN sample topologies illustrate co-existing LDP, BGP-SR, and ISIS-SR on the core.

Figure 1. Physical Topology For ISIS-SR, LDP and BGP-SR Transport

LDP, ISIS-SR, and BGP-LU (BGP-SR) demonstrates the corresponding Label Switched Paths (LSPs) as the MPLS transport LSPs for Layer3 EVPN and IP VPN services.

EVPN Sample Topology

In the figures below Tenant-A DCI and Tenant-B DCI, the prefixes from each DC are transported over the WAN/DCI domain, maintaining the Layer 3 multi-tenancy in tenant-a and tenant-b.

Figure 2. Tenant-A DCI

Figure 3. Tenant-B DCI

To provide external connectivity from the DC into the MPLS domain, leaf-11 and leaf-12 are eBGP peering via the tenants VRFs with the border routers. Both core routers are advertising external prefixes for Internet and any remote site connectivity (default route and ip-prefixes from the other DC for the tenant). To provide connectivity within the EVPN domain, the leaf switches (leaf-21 and leaf-2) re-advertise the prefixes into the tenant’s VRF via a type-5 route advertisement, with a next-hop equal to the advertising PE.

Let us review the concepts of transport labels, advertised to provide the label switched path, or LSP, across the back-bone and the VPN, or tenant label, used by the provider edge (PE) routers to identify a particular tenant.

EVPN MPLS Sample Configuration displays BGP route updates and how the tenant VRF is transported over these transport LSPs.

IP VPN Sample Topology

Let us review the concepts of transport labels, advertised to provide the label switched path, or LSP, across the back-bone and the VPN, or tenant label, used by the Provider Edge (PE) routers to identify a particular tenant.

Figure 4. IPv4 & IPv6 VPN Sample Topology

In the figures Tenant-D IPv4 VPN and Tenant-D IPv6 VPN, the prefixes for VRF tenant-d are transported over the MPLS WAN between North Edge and South Edge routers.

Figure 5. Tenant-D IPv4 VPN

Figure 6. Tenant-D IPv6 VPN

LDP

The figure below illustrates how LDP neighbor relationships are built. First each router sends a discovery to a destination multicast address (TTL=1) 224.0.0.2 on port 646. This discovery contains the router-id and the transport IPv4 address the router wants to use. The second stage is building the TCP peering session using the transport IP addresses specified. This is normally loopback to loopback.

Figure 7. LDP Peering Establishment

Examples

  • The show mpls ldp neighbor command on the North Edge router displays more detail on TCP session establishment, and the local addresses of the LDP neighbor for which it is binding a label.

    Note: All connected interfaces are advertised as bound. However, EOS currently advertised labels for /32 addresses, and FEC filter is configured to install only x.x.x.200/32 prefixes.
    North Edge.17:51:17#show mpls ldp neighbor
    Peer LDP ID: 2.2.2.200:0; Local LDP ID: 1.1.1.200:0
     TCP Connection: 2.2.2.200:38395 - 1.1.1.200:646
     State: oper; Msgs sent/rcvd: 46/46; downstream unsolicited
     Uptime: 0:06:17
     KeepAlive expires in: 20.27 sec
     LDP discovery sources:
    Ethernet1/1
     Addresses bound to peer:
    2.2.2.200 2.2.2.2 192.168.1.177192.168.62.11
    192.168.1.181 192.168.58.12 192.168.60.11192.168.61.11
    Peer LDP ID: 3.3.3.200:0; Local LDP ID: 1.1.1.200:0
     TCP Connection: 3.3.3.200:38510 - 1.1.1.200:646
     State: oper; Msgs sent/rcvd: 42/42; downstream unsolicited
     Uptime: 0:05:51
     KeepAlive expires in: 20.02 sec
     LDP discovery sources:
    Ethernet2/1
     Addresses bound to peer:
    192.168.65.11 192.168.59.12 3.3.3.200192.168.60.12
    192.168.63.11 3.3.3.3 192.168.64.11
  • The show mpls lfib route 116384 command on the North Edge router displays the label POP and swap operations for any traffic traversing North Edge. As can be seen if traffic came in with label 116384 it would be swapped to the labels seen in the tunnel table.

    North Edge.23:38:28(config)#show mpls lfib route 116384
    MPLS forwarding table (Label [metric] Vias) - 1 routes
    MPLS next-hop resolution allow default route: False
    Via Type Codes:
    M - Mpls Via, P - Pseudowire Via,
    I - IP Lookup Via, V - Vlan Via,
    VA - EVPN Vlan Aware Via, ES - EVPN Ethernet Segment Via,
    VF - EVPN Vlan Flood Via, AF - EVPN Vlan Aware Flood Via
    Source Codes:
    S - Static MPLS Route, B2 - BGP L2 EVPN,
    B3 - BGP L3 VPN, P - Pseudowire,
    L - LDP, IP - IS-IS SR Prefix Segment,
    IA - IS-IS SR Adjacency Segment, IL - IS-IS SR Segment to LDP,
    LI - LDP to IS-IS SR Segment, BL - BGP LU,
    DE - Debug LFIB
    
     L 116384 [1], 6.6.6.200/32
    via M, 192.168.58.12, swap 132768
    payload autoDecide, ttlMode autoDecide, apply egress-acl
    interface Ethernet1/1
    via M, 192.168.59.12, swap 100000
    payload autoDecide, ttlMode autoDecide, apply egress-acl
    interface Ethernet2/1

ISIS-SR

The figure below illustrates how ISIS-SR distributes the SID index information in the ISIS TLVs and sub-TLVs

Figure 8. ISIS Neighbor Adj and TLVs


The Prefix SID index, SRGB, and ADJ SID values are populated in the sub-TLVs in the ISIS neighbor updates. Each router then builds its own database of Node (Prefix) segments (Labels) and locally assigned ADJ labels.

Examples

  • The show isis neighbors detail command on the North Edge router displays the detailed information of all ISIS neighbors.

    north-edge#show isis neighbors detail
    InstanceVRFSystem IdType InterfaceSNPAState Hold time Circuit Id
    sr_instan defaultnw-coreL2 Ethernet1/1P2P UP301D
    Area Address(es): 49.0001
    SNPA: P2P
    Advertised Hold Time: 30
    State Changed: 6d17h ago
    IPv4 Interface Address: 192.168.58.12
    IPv6 Interface Address: none
    Interface name: Ethernet1/1
    Graceful Restart: Supported
    Segment Routing Enabled
    Router ID: 2.2.2.2
    SRGB Base: 408000 Range: 4096
    Adjacency Label IPv4: 953252
    sr_instan defaultsw-coreL2 Ethernet2/1P2P UP281E
    Area Address(es): 49.0001
    SNPA: P2P
    Advertised Hold Time: 30
    State Changed: 00:06:06 ago
    IPv4 Interface Address: 192.168.59.12
    IPv6 Interface Address: none
    Interface name: Ethernet2/1
    Graceful Restart: Supported
    Segment Routing Enabled
    Router ID: 3.3.3.3
    SRGB Base: 408000 Range: 4096
    Adjacency Label IPv4: 953253
    
  • The show isis segment-routing adjacency-segments command on the North Edge router displays the locally assigned Adjacency Segment Identifier (Adj-SIDs).

    North Edge#show isis segment-routing adjacency-segments
    
    System ID: north-edge Instance: sr_instance
    SR supported Data-plane: MPLS SR Router ID: 1.1.1.111
    Adj-SID allocation mode: SR-adjacencies
    Adj-SID allocation pool: Base: 953249 Size: 16384
    Adjacency Segment Count: 5
    Flag Descriptions: F: Ipv6 address family, B: Backup, V: Value
     L: Local, S: Set
    
    Segment Status codes: L1 - Level-1 adjacency, L2 - Level-2 adjacency, P2P - Point-to-Point adjacency, LAN - 
    Broadcast adjacency
    
    Locally Originated Adjacency Segments
     Adj IP Address Local IntfSID SID Source FlagsType
    -------------------- ---------------- ------------ ---------------- ------------------------- ------
    192.168.1.154 Et36/1 953249Dynamic F:0 B:0 V:1 L:1 S:0P2P L2
    192.168.1.174 Et23/1 953250Dynamic F:0 B:0 V:1 L:1 S:0P2P L2
    192.168.58.12Et1/1 953252Dynamic F:0 B:0 V:1 L:1 S:0P2P L2
    192.168.59.12Et2/1 953253Dynamic F:0 B:0 V:1 L:1 S:0P2P L2
    192.168.1.165Et8/1 953254Dynamic F:0 B:0 V:1 L:1 S:0P2P L2
    

BGP-LU (BGP-SR)

BGP-LU Label Distribution illustrates how BGP-LU distributes the label information in BGP.

Figure 9. BGP-LU Label Distribution

BGP-SR Index and SRGB Distribution illustrates how BGP-LU distributes the Label SRGB and SID index information in BGP. This is known as BGP-SR.

Figure 10. BGP-SR Index and SRGB Distribution

The Prefix SID index, and SRGB values are populated in the TLVs in the BGP neighbor updates. Each router then builds its own database of Node (Prefix) segments (Labels).

Examples

  • The show bgp neighbor command displays BGP-SR neighbors.

    north-edge#show bgp neighbor | include BGP neighbor|Multiprotocol IPv4 MplsLabel
    
    BGP neighbor is 192.168.2.10, remote AS 64512, internal link
    Multiprotocol IPv4 MplsLabel: received
    BGP neighbor is 192.168.3.9, remote AS 64512, internal link
    Multiprotocol IPv4 MplsLabel: advertised and received and negotiated
    BGP neighbor is 192.168.3.10, remote AS 64512, internal link
    Multiprotocol IPv4 MplsLabel: advertised
    BGP neighbor is 192.168.58.12, remote AS 2, external link
    Multiprotocol IPv4 MplsLabel: advertised and received and negotiated
    BGP neighbor is 192.168.59.12, remote AS 3, external link
    
  • The show ip bgp labeled-unicast 6.6.6.66/32 detail command displays the detailed information of BGP labeled routes unicast with 6.6.6.66/32.

    north-edge(config-if-Et2/1)#show ip bgp labeled-unicast 6.6.6.66/32 detail
    BGP routing table information for VRF default
    Router identifier 1.1.1.111, local AS number 64512
    BGP routing table entry for 6.6.6.66/32
     Paths: 2 available
    2 4 6
    192.168.58.12 labels [ 200066 ] from 192.168.58.12 (2.2.2.222)
    Origin IGP, metric -, localpref 100, weight 0, valid, external, ECMP head, best, ECMP contributor
    Local MPLS label: 200066, SR Label Index: 66
    3 4 6
    192.168.59.12 labels [ 200066 ] from 192.168.59.12 (3.3.3.200)
    Origin IGP, metric -, localpref 100, weight 0, valid, external, ECMP, ECMP contributor
    Not best: ECMP-Fast configured
    Local MPLS label: 200066, SR Label Index: 66
     Advertised to 2 peers:
    192.168.3.9 192.168.59.12
    
..