Introduction:
This lab introduces you how to build a frame-mode MPLS network step by step. To really understand MPLS, you need a solid understanding of Layer 3 routing. This lab also provides some basic routing protocols as RIPv2 and BGP (iBGP,eBGP). More importantly, you'll learn how to configure, verify and troubleshoot a simple MPLS in frame-mode.
To understand how frame-mode MPLS works, it is neccessary to graps some basic concepts of MPLS.
- MPLS label stack: The MPLS label stack is a total of 32 bits. The label itself is 20 bits. The label stack is placed between the Layer 2 header and the Layer 3 payload and is referred to as a shim header.
- MPLS architecture: The MPLS architecture is divided into two planes: control and forwarding. The control plane is responsible for binding labels to routes, or more specifically, to FECs. The forwarding plane (also known as the data plane) operates like a big cache by maintaining the FIB and LFIB. The control plane builds the bindings and the forwarding plane actually uses those bindings to switch packets. Don’t forget, CEF must be enabled for MPLS to work.
- MPLS operation: Packets enter the service provider network as unlabeled IP. An edge-LSR imposes a label and forwards the newly labeled packet to the next LSR along an LSP. Each LSR along the LSP label-switches the packet. The next-to-last router in the path pops the label through a mechanism called penultimate hop popping.
- MPLS applications: First of all, MPLS changes network design by eliminating the need for an overlay. Performance is improved because packets are switched instead of routed. QoS can be implemented end to end by having an edge-LSR classify packets and map a value to the Experimental (EXP) field of the MPLS label stack. Traffic engineering is made possible through label stacking and traffic-engineered tunnels.
Requirements:
1. Customer sites:
- Peer1 and Peer2 (Non-MPLS-enabled routers): BGP.
- H/W: Peer1 and Peer2 are Cisco Routers c3745.
2. Service Provider sites:
- Atlanta, Raleigh (Edge-LSRs): RIPv2, BGP, MPLS: s0/0, s0/3 for Atlanta and Raleigh router respectively.
- Core (LSRs): RIPv2, MPLS: s0/0, s0/1.
- H/W: Atlanta, Core, and Raleigh are Cisco Routers c3745.
Configuration
1. Customer sites:
- Customers including Peer1 and Peer2 are connected each other via service provider network.
- On Peer1 router:
Peer1#show running-config
Building configuration...
Current configuration : 2453 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Peer1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LbLV$J5dewPBIGzBhoRLXHc3ZB1
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
no ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
interface Loopback0
ip address 192.168.1.1 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
ip address 192.168.3.5 255.255.255.252
no fair-queue
clock rate 2000000
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
interface Serial0/2
no ip address
shutdown
clock rate 2000000
!
interface Serial0/3
no ip address
shutdown
clock rate 2000000
!
interface Serial0/4
no ip address
shutdown
clock rate 2000000
!
interface Serial0/5
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial2/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
!
interface FastEthernet3/0
!
interface FastEthernet3/1
!
interface FastEthernet3/2
!
interface FastEthernet3/3
!
interface FastEthernet3/4
!
interface FastEthernet3/5
!
interface FastEthernet3/6
!
interface FastEthernet3/7
!
interface FastEthernet3/8
!
interface FastEthernet3/9
!
interface FastEthernet3/10
!
interface FastEthernet3/11
!
interface FastEthernet3/12
!
interface FastEthernet3/13
!
interface FastEthernet3/14
!
interface FastEthernet3/15
!
interface Vlan1
no ip address
!
router bgp 65001
no synchronization
bgp log-neighbor-changes
redistribute connected
neighbor 192.168.3.6 remote-as 65000
no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
password console
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
password telnet
login
!
!
end
- Peer2 router is configured similarly.
2. Service provider sites:
a. Network edge (Atlanta, Raleigh):
- On Atlanta router:
Atlanta#show running-config
Building configuration...
Current configuration : 2697 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Atlanta
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$Pz1z$08P6j51mxrlM5OHcGHUc8.
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
interface Loopback0
ip address 204.134.83.1 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
description ***Link to Core router****
ip address 204.134.83.5 255.255.255.252
mpls ip
no fair-queue
clock rate 2000000
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
description ***Link to Peer1****
ip address 192.168.3.6 255.255.255.252
clock rate 2000000
!
interface Serial0/2
no ip address
shutdown
clock rate 2000000
!
interface Serial0/3
no ip address
shutdown
clock rate 2000000
!
interface Serial0/4
no ip address
shutdown
clock rate 2000000
!
interface Serial0/5
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial2/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
!
interface FastEthernet3/0
!
interface FastEthernet3/1
!
interface FastEthernet3/2
!
interface FastEthernet3/3
!
interface FastEthernet3/4
!
interface FastEthernet3/5
!
interface FastEthernet3/6
!
interface FastEthernet3/7
!
interface FastEthernet3/8
!
interface FastEthernet3/9
!
interface FastEthernet3/10
!
interface FastEthernet3/11
!
interface FastEthernet3/12
!
interface FastEthernet3/13
!
interface FastEthernet3/14
!
interface FastEthernet3/15
!
interface Vlan1
no ip address
!
router rip
version 2
network 204.134.83.0
!
router bgp 65000
no synchronization
bgp log-neighbor-changes
neighbor 192.168.3.5 remote-as 65001
neighbor 204.134.83.3 remote-as 65000
neighbor 204.134.83.3 update-source Loopback0
neighbor 204.134.83.3 next-hop-self
no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
password console
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
password telnet
login
!
!
end
- On Customer sites:
Check the connection between Peer1 router and Peer2 router.
Peer1#ping 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/16/52 ms
Peer2#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/20/28 ms
1. Customer sites:
- Customers including Peer1 and Peer2 are connected each other via service provider network.
- On Peer1 router:
Peer1#show running-config
Building configuration...
Current configuration : 2453 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Peer1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LbLV$J5dewPBIGzBhoRLXHc3ZB1
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
no ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
interface Loopback0
ip address 192.168.1.1 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
ip address 192.168.3.5 255.255.255.252
no fair-queue
clock rate 2000000
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
interface Serial0/2
no ip address
shutdown
clock rate 2000000
!
interface Serial0/3
no ip address
shutdown
clock rate 2000000
!
interface Serial0/4
no ip address
shutdown
clock rate 2000000
!
interface Serial0/5
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial2/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
!
interface FastEthernet3/0
!
interface FastEthernet3/1
!
interface FastEthernet3/2
!
interface FastEthernet3/3
!
interface FastEthernet3/4
!
interface FastEthernet3/5
!
interface FastEthernet3/6
!
interface FastEthernet3/7
!
interface FastEthernet3/8
!
interface FastEthernet3/9
!
interface FastEthernet3/10
!
interface FastEthernet3/11
!
interface FastEthernet3/12
!
interface FastEthernet3/13
!
interface FastEthernet3/14
!
interface FastEthernet3/15
!
interface Vlan1
no ip address
!
router bgp 65001
no synchronization
bgp log-neighbor-changes
redistribute connected
neighbor 192.168.3.6 remote-as 65000
no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
password console
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
password telnet
login
!
!
end
2. Service provider sites:
a. Network edge (Atlanta, Raleigh):
- On Atlanta router:
Atlanta#show running-config
Building configuration...
Current configuration : 2697 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Atlanta
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$Pz1z$08P6j51mxrlM5OHcGHUc8.
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
interface Loopback0
ip address 204.134.83.1 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
description ***Link to Core router****
ip address 204.134.83.5 255.255.255.252
mpls ip
no fair-queue
clock rate 2000000
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
description ***Link to Peer1****
ip address 192.168.3.6 255.255.255.252
clock rate 2000000
!
interface Serial0/2
no ip address
shutdown
clock rate 2000000
!
interface Serial0/3
no ip address
shutdown
clock rate 2000000
!
interface Serial0/4
no ip address
shutdown
clock rate 2000000
!
interface Serial0/5
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial2/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
!
interface FastEthernet3/0
!
interface FastEthernet3/1
!
interface FastEthernet3/2
!
interface FastEthernet3/3
!
interface FastEthernet3/4
!
interface FastEthernet3/5
!
interface FastEthernet3/6
!
interface FastEthernet3/7
!
interface FastEthernet3/8
!
interface FastEthernet3/9
!
interface FastEthernet3/10
!
interface FastEthernet3/11
!
interface FastEthernet3/12
!
interface FastEthernet3/13
!
interface FastEthernet3/14
!
interface FastEthernet3/15
!
interface Vlan1
no ip address
!
router rip
version 2
network 204.134.83.0
!
router bgp 65000
no synchronization
bgp log-neighbor-changes
neighbor 192.168.3.5 remote-as 65001
neighbor 204.134.83.3 remote-as 65000
neighbor 204.134.83.3 update-source Loopback0
neighbor 204.134.83.3 next-hop-self
no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
password console
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
password telnet
login
!
!
end
- Raleigh router is configured similarly.
b. Core Network(Core router):
- On Core router:
Core#show running-config
Building configuration...
Current configuration : 2479 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Core
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$89de$B7vQleRf2j/qaB.AGvejF0
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
interface Loopback0
ip address 204.134.83.2 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
description ***Link to Raleigh POP router***
ip address 204.134.83.9 255.255.255.252
mpls ip
no fair-queue
clock rate 2000000
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
description ***Link to Atlanta POP router***
ip address 204.134.83.6 255.255.255.252
mpls ip
clock rate 2000000
!
interface Serial0/2
no ip address
shutdown
clock rate 2000000
!
interface Serial0/3
no ip address
shutdown
clock rate 2000000
!
interface Serial0/4
no ip address
shutdown
clock rate 2000000
!
interface Serial0/5
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial2/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
!
interface FastEthernet3/0
!
interface FastEthernet3/1
!
interface FastEthernet3/2
!
interface FastEthernet3/3
!
interface FastEthernet3/4
!
interface FastEthernet3/5
!
interface FastEthernet3/6
!
interface FastEthernet3/7
!
interface FastEthernet3/8
!
interface FastEthernet3/9
!
interface FastEthernet3/10
!
interface FastEthernet3/11
!
interface FastEthernet3/12
!
interface FastEthernet3/13
!
interface FastEthernet3/14
!
interface FastEthernet3/15
!
interface Vlan1
no ip address
!
router rip
version 2
network 204.134.83.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
password console
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
password telnet
login
!
!
end
Core#show running-config
Building configuration...
Current configuration : 2479 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Core
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$89de$B7vQleRf2j/qaB.AGvejF0
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
interface Loopback0
ip address 204.134.83.2 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
description ***Link to Raleigh POP router***
ip address 204.134.83.9 255.255.255.252
mpls ip
no fair-queue
clock rate 2000000
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
description ***Link to Atlanta POP router***
ip address 204.134.83.6 255.255.255.252
mpls ip
clock rate 2000000
!
interface Serial0/2
no ip address
shutdown
clock rate 2000000
!
interface Serial0/3
no ip address
shutdown
clock rate 2000000
!
interface Serial0/4
no ip address
shutdown
clock rate 2000000
!
interface Serial0/5
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial2/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
!
interface FastEthernet3/0
!
interface FastEthernet3/1
!
interface FastEthernet3/2
!
interface FastEthernet3/3
!
interface FastEthernet3/4
!
interface FastEthernet3/5
!
interface FastEthernet3/6
!
interface FastEthernet3/7
!
interface FastEthernet3/8
!
interface FastEthernet3/9
!
interface FastEthernet3/10
!
interface FastEthernet3/11
!
interface FastEthernet3/12
!
interface FastEthernet3/13
!
interface FastEthernet3/14
!
interface FastEthernet3/15
!
interface Vlan1
no ip address
!
router rip
version 2
network 204.134.83.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
password console
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
password telnet
login
!
!
end
Verification:
Check the connection between Peer1 router and Peer2 router.
Peer1#ping 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/16/52 ms
Peer1#telnet 192.168.2.1
Trying 192.168.2.1 ... Open
User Access Verification
Password:
Peer2>
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/20/28 ms
Peer2#telnet 192.168.1.1
Trying 192.168.1.1 ... Open
User Access Verification
Password:
Peer1>
- On service provider sites:
Check the connectivity between Atlanta router and Raleigh router:
Atlanta#ping 204.134.83.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 204.134.83.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/12 ms
Good jobs! Now, check the connectivity between Atlanta router and Peer2 router:
Atlanta#ping 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Yup! what's going on? Why is Peer1 able to ping Peer2, but Atlanta router can't?
Troubleshooting:
Well, to know the answer for this situation, it is required to deal with routing protocols and which routes are known by network devices.
- Peer1's routing table:
Peer1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
192.168.1.0/32 is subnetted, 1 subnets
C 192.168.1.1 is directly connected, Loopback0
192.168.2.0/32 is subnetted, 1 subnets
B 192.168.2.1 [20/0] via 192.168.3.6, 01:38:48
192.168.3.0/30 is subnetted, 2 subnets
B 192.168.3.8 [20/0] via 192.168.3.6, 01:38:48
C 192.168.3.4 is directly connected, Serial0/0
Obviously, the packet destined from Peer 1 to Peer 2 arrives at the Atlanta POP router. Does the Atlanta POP router have a path to get to the loopback of Peer 2 (192.168.2.1)? Yes. There’s a BGP route to 192.168.2.1 with a next hop address of 204.134.83.3 (Raleigh).
How does the Atlanta POP router get the packet to the Raleigh POP router?
It sends it as a labeled packet, or a tagged packet. Indeed, let's take a look on the Atlanta's forwarding table:
Raleigh#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
204.134.83.0/24 is variably subnetted, 5 subnets, 2 masks
C 204.134.83.8/30 is directly connected, Serial0/3
R 204.134.83.1/32 [120/2] via 204.134.83.9, 00:00:27, Serial0/3
C 204.134.83.3/32 is directly connected, Loopback0
R 204.134.83.2/32 [120/1] via 204.134.83.9, 00:00:27, Serial0/3
R 204.134.83.4/30 [120/1] via 204.134.83.9, 00:00:27, Serial0/3
192.168.1.0/32 is subnetted, 1 subnets
B 192.168.1.1 [200/0] via 204.134.83.1, 03:55:53
192.168.2.0/32 is subnetted, 1 subnets
B 192.168.2.1 [20/0] via 192.168.3.10, 06:29:41
192.168.3.0/30 is subnetted, 2 subnets
C 192.168.3.8 is directly connected, Serial0/1
B 192.168.3.4 [200/0] via 204.134.83.1, 03:55:54
Troubleshooting:
Well, to know the answer for this situation, it is required to deal with routing protocols and which routes are known by network devices.
- Peer1's routing table:
Peer1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
192.168.1.0/32 is subnetted, 1 subnets
C 192.168.1.1 is directly connected, Loopback0
192.168.2.0/32 is subnetted, 1 subnets
B 192.168.2.1 [20/0] via 192.168.3.6, 01:38:48
192.168.3.0/30 is subnetted, 2 subnets
B 192.168.3.8 [20/0] via 192.168.3.6, 01:38:48
C 192.168.3.4 is directly connected, Serial0/0
Peer1 can ping Peer2 because there is a BGP route to get Peer2 with a next hop address 192.168.3.6 which is s0/1 interface of Atlanta router. Now, take a look on Atlanta's routing table.
Atlanta#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
204.134.83.0/24 is variably subnetted, 5 subnets, 2 masks
R 204.134.83.8/30 [120/1] via 204.134.83.6, 00:00:01, Serial0/0
C 204.134.83.1/32 is directly connected, Loopback0
R 204.134.83.3/32 [120/2] via 204.134.83.6, 00:00:01, Serial0/0
R 204.134.83.2/32 [120/1] via 204.134.83.6, 00:00:01, Serial0/0
C 204.134.83.4/30 is directly connected, Serial0/0
192.168.1.0/32 is subnetted, 1 subnets
B 192.168.1.1 [20/0] via 192.168.3.5, 04:34:34
192.168.2.0/32 is subnetted, 1 subnets
B 192.168.2.1 [200/0] via 204.134.83.3, 02:00:57
192.168.3.0/30 is subnetted, 2 subnets
B 192.168.3.8 [200/0] via 204.134.83.3, 02:00:57
C 192.168.3.4 is directly connected, Serial0/1
Obviously, the packet destined from Peer 1 to Peer 2 arrives at the Atlanta POP router. Does the Atlanta POP router have a path to get to the loopback of Peer 2 (192.168.2.1)? Yes. There’s a BGP route to 192.168.2.1 with a next hop address of 204.134.83.3 (Raleigh).
How does the Atlanta POP router get the packet to the Raleigh POP router?
It sends it as a labeled packet, or a tagged packet. Indeed, let's take a look on the Atlanta's forwarding table:
Atlanta#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 204.134.83.2/32 0 Se0/0 point2point
17 Pop tag 204.134.83.8/30 0 Se0/0 point2point
18 17 204.134.83.3/32 0 Se0/0 point2point
To get Raleigh router, what is the outbound label? 17. What is the outbound interface? Serial 0/0. What is the neighboring device connected via Serial 0/0? The Core router. Now, let's check the Releigh router's routing table.
Core#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
204.134.83.0/24 is variably subnetted, 5 subnets, 2 masks
C 204.134.83.8/30 is directly connected, Serial0/0
R 204.134.83.1/32 [120/1] via 204.134.83.5, 00:00:13, Serial0/1
R 204.134.83.3/32 [120/1] via 204.134.83.10, 00:00:08, Serial0/0
C 204.134.83.2/32 is directly connected, Loopback0
C 204.134.83.4/30 is directly connected, Serial0/1
Core#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
204.134.83.0/24 is variably subnetted, 5 subnets, 2 masks
C 204.134.83.8/30 is directly connected, Serial0/0
R 204.134.83.1/32 [120/1] via 204.134.83.5, 00:00:13, Serial0/1
R 204.134.83.3/32 [120/1] via 204.134.83.10, 00:00:08, Serial0/0
C 204.134.83.2/32 is directly connected, Loopback0
C 204.134.83.4/30 is directly connected, Serial0/1
Does the Core router have a route in its routing table to forward a packet to Peer 2 (192.168.2.1)? No. Without MPLS, or tag switching, the packet would be dropped right here. The Core router only knows about the IGP (RIP in this example) routes. The Core router does not forward the packet, but instead it does label switching. The output of the Core router's forwading table is as follows:
Core#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 204.134.83.1/32 2915 Se0/1 point2point
17 Pop tag 204.134.83.3/32 3038 Se0/0 point2point
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 204.134.83.1/32 2915 Se0/1 point2point
17 Pop tag 204.134.83.3/32 3038 Se0/0 point2point
What happens to the packet? Well, from the Atlanta POP router, the packet is sent with a tag of 17. By observing the output of the show mpls forwarding-table command on the Core router, you can see that an inbound labeled packet of 17 arriving at the Core router has its label popped and is forwarded as unlabeled IP out interface Serial 0/0. So here at the Core router, there is no routing, only switching of labeled, or tagged packets. You can think of Pop tag as meaning, "The next hop router needs to do a L3 lookup on the packet, so don't send this traffic as labeled, but instead send it as unlabeled IP traffic".
Now let’s move on to the Raleigh POP router. An unlabeled IP packet arrives destined for network 192.168.2.1. The Raleigh POP router’s routing table is as follows:
Now let’s move on to the Raleigh POP router. An unlabeled IP packet arrives destined for network 192.168.2.1. The Raleigh POP router’s routing table is as follows:
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
204.134.83.0/24 is variably subnetted, 5 subnets, 2 masks
C 204.134.83.8/30 is directly connected, Serial0/3
R 204.134.83.1/32 [120/2] via 204.134.83.9, 00:00:27, Serial0/3
C 204.134.83.3/32 is directly connected, Loopback0
R 204.134.83.2/32 [120/1] via 204.134.83.9, 00:00:27, Serial0/3
R 204.134.83.4/30 [120/1] via 204.134.83.9, 00:00:27, Serial0/3
192.168.1.0/32 is subnetted, 1 subnets
B 192.168.1.1 [200/0] via 204.134.83.1, 03:55:53
192.168.2.0/32 is subnetted, 1 subnets
B 192.168.2.1 [20/0] via 192.168.3.10, 06:29:41
192.168.3.0/30 is subnetted, 2 subnets
C 192.168.3.8 is directly connected, Serial0/1
B 192.168.3.4 [200/0] via 204.134.83.1, 03:55:54
Does the Raleigh POP router have a path to get to the loopback (192.168.2.1) of Peer 2? Yes, there’s a BGP route to 192.168.2.1. What is the outbound interface? Serial 0/1.The packet arrives on Peer 2. Peer 2 needs to send a response to the ping. The routing table of Peer 2 is as follows:
Peer2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
192.168.1.0/32 is subnetted, 1 subnets
B 192.168.1.1 [20/0] via 192.168.3.9, 04:02:13
192.168.2.0/32 is subnetted, 1 subnets
C 192.168.2.1 is directly connected, Loopback0
192.168.3.0/30 is subnetted, 2 subnets
C 192.168.3.8 is directly connected, Serial0/0
B 192.168.3.4 [20/0] via 192.168.3.9, 04:02:13
Does the Peer 2 router have a path to get back to Peer 1? Yes. The entire process you just observed will now be repeated in reverse.
To sum up the path from Peer1 to Peer2:
Peer1#traceroute 192.168.2.1
Type escape sequence to abort.
Tracing the route to 192.168.2.1
1 192.168.3.6 16 msec 16 msec 0 msec
2 204.134.83.6 [MPLS: Label 17 Exp 0] 12 msec 0 msec 0 msec
3 204.134.83.10 4 msec 28 msec 8 msec
4 192.168.3.10 [AS 65002] 12 msec 12 msec 4 msec
What if you are on the Atlanta POP router and you try a ping to Peer 2 (192.168.2.1)?
Atlanta#ping 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
It fails as we knew in the verification section. Why does this ping fail? Because the source address (204.134.83.5) is unknown to Peer 2. Observe the traceroute command as executed on the Atlanta POP router:
Atlanta#traceroute 192.168.2.1
Type escape sequence to abort.
Tracing the route to 192.168.2.1
1 204.134.83.6 [MPLS: Label 17 Exp 0] 0 msec 0 msec 0 msec
2 204.134.83.10 0 msec 0 msec 0 msec
3 * * *
4 * * *
Let’s illustrate by changing how the ping command is used. This time I’m going to source the ping from an interface that Peer 2 knows about:
Atlanta#ping
Protocol [ip]:
Target IP address: 192.168.2.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 192.168.3.6
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.3.6
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
To sum up the path from Peer1 to Peer2:
Peer1#traceroute 192.168.2.1
Type escape sequence to abort.
Tracing the route to 192.168.2.1
1 192.168.3.6 16 msec 16 msec 0 msec
2 204.134.83.6 [MPLS: Label 17 Exp 0] 12 msec 0 msec 0 msec
3 204.134.83.10 4 msec 28 msec 8 msec
4 192.168.3.10 [AS 65002] 12 msec 12 msec 4 msec
The L3 unlabeled packet from Peer1 handed to Atlanta router (192.168.3.6). The Atlanta router doesn't route instead it switches the packet out its interface with label 17 to Core router (204.134.83.6). The inbound labeled packet of 17 arriving at the Core router has its label popped and is forwarded as unlabeled IP out Serial 0/0 interface to Raleigh router (204.134.83.10). This L3 unlabeld packet handed from Raleigh router to Peer2 (192.168.3.10).
Atlanta#ping 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
It fails as we knew in the verification section. Why does this ping fail? Because the source address (204.134.83.5) is unknown to Peer 2. Observe the traceroute command as executed on the Atlanta POP router:
Atlanta#traceroute 192.168.2.1
Type escape sequence to abort.
Tracing the route to 192.168.2.1
1 204.134.83.6 [MPLS: Label 17 Exp 0] 0 msec 0 msec 0 msec
2 204.134.83.10 0 msec 0 msec 0 msec
3 * * *
4 * * *
How far does the traceroute command get? Only to the Raleigh POP router. Peer 2 has no way to respond to the source.
Let’s illustrate by changing how the ping command is used. This time I’m going to source the ping from an interface that Peer 2 knows about:
Atlanta#ping
Protocol [ip]:
Target IP address: 192.168.2.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 192.168.3.6
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.3.6
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Peer 2 knows about the 192.168.3.4 network including source IP address 192.168.3.6. Take a look at Peer 2’s routing table:
Peer2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
192.168.1.0/32 is subnetted, 1 subnets
B 192.168.1.1 [20/0] via 192.168.3.9, 04:36:24
192.168.2.0/32 is subnetted, 1 subnets
C 192.168.2.1 is directly connected, Loopback0
192.168.3.0/30 is subnetted, 2 subnets
C 192.168.3.8 is directly connected, Serial0/0
B 192.168.3.4 [20/0] via 192.168.3.9, 04:36:24
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
192.168.1.0/32 is subnetted, 1 subnets
B 192.168.1.1 [20/0] via 192.168.3.9, 04:36:24
192.168.2.0/32 is subnetted, 1 subnets
C 192.168.2.1 is directly connected, Loopback0
192.168.3.0/30 is subnetted, 2 subnets
C 192.168.3.8 is directly connected, Serial0/0
B 192.168.3.4 [20/0] via 192.168.3.9, 04:36:24
Confused yet? The best way to test to make sure that everything works is to do a ping from one CE device to another CE device in this case is from Peer1 to Peer2. If it works, then MPLS or tag switching is enabled and working properly. If the ping fails, you don’t have a complete LSP through the service provider network. Let me show you what a failure looks like. I’ve disabled label switching on the Core router, which means that there isn’t a complete LSP between the Atlanta and Raleigh POP routers.
Core#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Core(config)#no ip cef
Let’s ping from Peer 1 to the loopback (192.168.2.1) of Peer 2.
Peer1#ping 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Peer1#traceroute 192.168.2.1
Type escape sequence to abort.
Tracing the route to 192.168.2.1
1 192.168.3.6 16 msec 0 msec 0 msec
2 * * *
3 * * *
It fails, right? Right! There is no LSP between the Atlanta and Raleigh POP routers
How far does the packet get? Only to the Atlanta POP router. Let’s enable label switching on the Core router and try the ping command again from Peer 1 to the loopback (192.168.2.1) of Peer 2.
Core(config)#ip cef
Peer1#ping 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/10/44 ms
Now that label switching has been enabled again on the Core router, everything works because there is an end-to-end LSP between the Atlanta and Raleigh POP routers.
Peer1#traceroute 192.168.2.1
Type escape sequence to abort.
Tracing the route to 192.168.2.1
1 192.168.3.6 20 msec 0 msec 0 msec
2 204.134.83.6 [MPLS: Label 17 Exp 0] 0 msec 8 msec 8 msec
3 204.134.83.10 4 msec 12 msec 0 msec
4 192.168.3.10 [AS 65002] 16 msec 0 msec 0 msec
Obviously, by executing traceroute command from customer sites we can see all the service provider devices. From service provider's perspective, this is non-secure practice. We need to hide service provider devices to customers by executing the no mpls ip propagate-ttl on every device in the service provider network. Once this command is enabled on each and every service provider router, a client only sees the ingress and egress PE routers (Atlanta and Raleigh router), not all the P devices (Core router).
Atlanta#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Atlanta(config)#no mpls ip propagate-ttl
Core#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Core(config)#no mpls ip propagate-ttl
Raleigh#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Raleigh(config)#no mpls ip propagate-ttl
Now, The output of the traceroute command on Peer 1 to the loopback of Peer 2 is as follows:
Peer1#trace 192.168.2.1
Type escape sequence to abort.
Tracing the route to 192.168.2.1
1 192.168.3.6 0 msec 0 msec 0 msec
2 204.134.83.10 24 msec 0 msec 0 msec
3 192.168.3.10 [AS 65002] 4 msec 28 msec 0 msec
What’s missing from the traceroute output without the no mpls ip propagate-ttl command? The Core router. To return the network to its original configuration, you need to use the mpls ip propagate-ttl command.
Conclusions:
Frame-mode MPLS label distribution is called independent control with unsolicited downstream.
When a new FEC appears on an LSR, a label is immediately bound to it. This is called independent control. Once a new label is bound to the FEC, the LSR tells its neighbors about it without them having to ask. This is called unsolicited downstream. You have learned about how frame-mode MPLS works as well its configuration, verification and troubleshooting. Moreover, you also learned how to hide service provider devices to customer sites for the security purpose.
No comments:
Post a Comment