Showing posts with label WAN. Show all posts
Showing posts with label WAN. Show all posts

MPLS VPN VRF Source Selection

It's been a while since I did some labs. Recently I received a comment from someone in the VRF Basics entry regarding importing the loopbacks from the CE routers to a VRF for management purposes. I'm in the middle of my BGP review but I'm curious anyway. I created a lab and tried a way and it seems I found a way how to. The feature is called VRF source selection, in which you can have multiple VRF's in an interface and VRF mapping is based on the source ip address. As we all know, CE routers usually don't have VRF's configured on them and usually for MPLS VPN setup one customer is assigned to one VRF. For MPLS Basics check my previous entry.

The diagram below shows 2 PE's and 3 CE's. I have preconfigured the PE's with BGP peering on both ipv4 and vpnv4 address-families and the necessary IP configuration with the CE's having a default route toward the directly connected PE. VPNv4 address-family on BGP by the way, is used for MPLS VPN. Configured MPLS on the link between PE1 and PE2.

Scenario:

We have 2 Customers, Customer1 and Customer2. The branch offices needs to connect to the other branches in PE2(I have created Loopback addresses for these). They need to have their own VRF's configured. Customer1 and Customer2 should have loopback0 ip addresses configured on the CE's for the NOC to use as management ip to access from their hopping server which is in ISP NOC router. VRF named "Management" should be used on the CE's. Customer's LAN networks are represented as Loopback10. The RD's of the Customers should be Customer1 - 1234:1, Customer2 - 1234:2 and Management - 1234:100. Click the image below for a bigger view.



The scenario requires 2 VRF's from every Customer CE. The Command "ip vrf forwarding" only uses one VRF per interface. We only have 1 interface and this command is not a feasible solution. We need to use VRF source selection in order to use multiple VRF's in an interface.

Provided that we already created the VRF's, first we would need to map a source IP address to a VRF. The PE will know which VRF a packet will be through the source IP.


PE1(config)#vrf selection source 1.1.1.1 255.255.255.255 vrf Management 
PE1(config)#vrf selection source 2.2.2.2 255.255.255.255 vrf Management 
PE1(config)#vrf selection source 11.11.11.11 255.255.255.255 vrf Customer1 
PE1(config)#vrf selection source 22.22.22.22 255.255.255.255 vrf Customer2  

PE2(config)#vrf selection source 3.3.3.3 255.255.255.255 vrf Management

After that, we would need to configure the interfaces in the PE's to use source selection. As mentioned, a while ago, "ip vrf forwarding" command is used if there is only one VRF used so in this scenario there is no need for the command.


PE1(config)#interface Serial1/1 
PE1(config-if)#ip vrf select source 
PE1(config-if)#ip vrf receive Customer1 
PE1(config-if)#ip vrf receive Management

PE1(config)#interface Serial1/2 
PE1(config-if)#ip vrf select source 
PE1(config-if)#ip vrf receive Customer2 
PE1(config-if)#ip vrf receive Management

PE2(config)#interface Se1/3
PE2(config)#ip vrf select source
PE2(config)#ip vrf receive Management

The commands mean that on the corresponding interfaces the VRF are activated based on the "vrf selection source" commands. It's the equivalent of "ip Vrf forwarding" command but in the sense that its for multiple vrfs.

Well now the question is, how will the VRF's know which subnets will come from what interface. Simple, through routing.:) In our case since we are not configuring dynamic routing, we will configure static vrf routes.


PE1(config)#ip route vrf Customer1 11.11.11.11 255.255.255.255 192.168.10.1 
PE1(config)#ip route vrf Customer2 22.22.22.22 255.255.255.255 192.168.20.2 
PE1(config)#ip route vrf Management 1.1.1.1 255.255.255.255 192.168.10.1 
PE1(config)#ip route vrf Management 2.2.2.2 255.255.255.255 192.168.20.2  

PE2(config)#ip route vrf Management 3.3.3.3 255.255.255.255 192.168.30.3

It's obvious that the "vrf " keyword there points to what VRF this route belongs to.:) MPLS VPN requires that the routes be learned by Multiprotocol BGP. Since these are static routes we need to redistribute them into BGP on the ipv4 VRF address-family. Output pasted below from the running config.


PE1
! 
address-family ipv4
neighbor 10.10.10.2 activate 
no auto-summary 
no synchronization
exit-address-family 
! 
address-family vpnv4
neighbor 10.10.10.2 activate 
neighbor 10.10.10.2 send-community extended 
exit-address-family 
!
address-family ipv4 vrf Management 
redistribute static metric 1 
no auto-summary  no synchronization 
exit-address-family 
!
address-family ipv4 vrf Customer2
redistribute static metric 1
 no auto-summary 
no synchronization 
exit-address-family 
!
 address-family ipv4 vrf Customer1 
redistribute static metric 1  no auto-summary  no synchronization  exit-address-family

PE2
!
 address-family ipv4 vrf Management
redistribute static metric 1
no auto-summary
no synchronization
exit-address-family

If you notice, we didn't redistribute it on the "ipv4" global address-family but instead we did it on their corresponding VRF address-families. We learned that VRF's are like separate routing tables in a single router, and that exactly is the reason why we advertise this in different address-families.

We are not done yet, remember we have 2 loopback's in PE2 representing the other sites of Customer1 and Customer2. Lets configure those.


PE2
!
interface Loopback1
 ip vrf forwarding Customer1
 ip address 111.111.111.111 255.255.255.255
!
interface Loopback2
 ip vrf forwarding Customer2
 ip address 222.222.222.222 255.255.255.255

Now let's advertise this in BGP.
!
 address-family ipv4 vrf Customer2
 no auto-summary
 no synchronization
 network 222.222.222.222 mask 255.255.255.255
 exit-address-family
 !
 address-family ipv4 vrf Customer1
 no auto-summary
 no synchronization
 network 111.111.111.111 mask 255.255.255.255
 exit-address-family


Ok, now lets check BGP peering on the VPNv4 address family. The "show ip bgp vpnv4 all summary" command will display the summary of the prefixes learned through all the VRF's.


PE1#sh ip bgp vpnv4 all sum | beg Neighbor
Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.10.10.2      4  1234      93     106       15    0    0 01:14:47        3

PE2#sh ip bgp vpnv4 all sum | beg Neighbor
Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.10.10.1      4  1234     106      93       20    0    0 01:14:56        4

Let's check the VRF routing tables on R1.


PE1#sh ip route vrf Customer1 | beg Gateway
Gateway of last resort is not set

C    192.168.10.0/24 is directly connected, Serial1/1
     111.0.0.0/32 is subnetted, 1 subnets
B       111.111.111.111 [200/0] via 10.10.10.2, 00:23:02
     11.0.0.0/32 is subnetted, 1 subnets
S       11.11.11.11 [1/0] via 192.168.10.1
PE1#sh ip route vrf Customer2 | beg Gateway
Gateway of last resort is not set

     222.222.222.0/32 is subnetted, 1 subnets
B       222.222.222.222 [200/0] via 10.10.10.2, 00:24:04
     22.0.0.0/32 is subnetted, 1 subnets
S       22.22.22.22 [1/0] via 192.168.20.2
C    192.168.20.0/24 is directly connected, Serial1/2
PE1#sh ip route vrf Management | beg Gateway
Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
S       1.1.1.1 [1/0] via 192.168.10.1
     2.0.0.0/32 is subnetted, 1 subnets
S       2.2.2.2 [1/0] via 192.168.20.2
     3.0.0.0/32 is subnetted, 1 subnets
B       3.3.3.3 [200/1] via 10.10.10.2, 01:02:10
C    192.168.10.0/24 is directly connected, Serial1/1
C    192.168.20.0/24 is directly connected, Serial1/2

We can see the routes that should be there. Now let's test the Customer1 VRF first if we achieved our objective. It should be able to reach the network 111.111.111.111/32 in PE2.


Customer1#ping 111.111.111.111 source 11.11.11.11

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 111.111.111.111, timeout is 2 seconds:
Packet sent with a source address of 11.11.11.11 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 144/168/192 ms

Cool its working! We need to specify the source ip so that it will be in the correct VRF. Network 111.111.111.111/32 is in vrf Customer1, if we don't use a source ip, by default it will use the exit interface's ip address as the source and will not be using any vrf since we don't have a source selection mapping for that. Instead it will use the "global routing table" which doesn't have entries for 111.111.111.111/32. Let's see what happens.


Customer1#ping 111.111.111.111

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 111.111.111.111, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)

As expected! Let's do a test for Customer2.


Customer2#ping 222.222.222.222 source 22.22.22.22

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 222.222.222.222, timeout is 2 seconds:
Packet sent with a source address of 22.22.22.22
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 144/173/192 ms

And for our final objective, the Loopback0 should be reachable through vrf "Management" from ISP NOC router. By the way, since we are only using one VRF for this, it was not necessary to use source selection. It's only for example sake!:) Now for the testing.


ISPNOC#ping 1.1.1.1 source 3.3.3.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 3.3.3.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 172/216/264 ms
ISPNOC#ping 2.2.2.2 source 3.3.3.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 3.3.3.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 168/231/292 ms




Success!!! Whew, I don't like long blog entries but sure this will be helpful for myself in case I forget this feature. More on route-target import and export next time. Cheers!

Thursday, July 23, 2009 | Filed Under , , , , | 3 Comments

Using Parser View In Cisco Routers

What exactly is a parser view? In simple terms, its like creating user accounts with certain filtering of commands. Parser views can be used to customize which command are allowed for a certain user depending on their privileges. Its simple to create parser views but doing the command filtering takes a while to learn.

Let's make a parser view called "user". One requirement needed is to enable first the "root" view. The hierarchy is similar to Unix/Linux wherein there should be a root. Secondly AAA must be enabled and thirdly, there should be an enable secret configured on the router.


Router#config t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#aaa new
Router(config)#aaa new-model
Router(config)#enable view root
Routerconfig)#enable secret cisco

It would need to be in the privilege exec mode to access the root view.


Router#sh parser view
No view is active ! Currently in Privilege Level Context
Router#enable view root
Password:
*May  2 00:50:51.283: %PARSER-6-VIEW_SWITCH: successfully set to view 'root'.

Router#show parser view
Current view is 'root'

Now from the root view, this is where we create all other views and define the commands that can be included or excluded per view.


Router(config)#parser view user
Router(config-view)#
*May  2 00:52:54.999: %PARSER-6-VIEW_CREATED: view 'user' successfully created.

We can set a password for the parser view "user".


Router(config-view)#secret cisco

Great! Our parser view is done. Lets say, we exclude the reload command for this view. Pretty dangerous if someone not authorize will reload the router!


Router(config-view)#commands exec exclude reload

Lets dissect what the command above does. The word command is literally for the commands allowed. "Exec" is for the privilege exec mode since reload is done on the mode and "reload" is basically the command itself. We can see its the same hierarchy as configuration.

For testing, we will go to parser view and try reloading the router.


Router#enable view user
Password:
Router#reload
 ^
% Invalid input detected at '^' marker.

Cool! Now reload command doesn't work on that mode anymore. I have my online hopping server which I configured with parser view so my friends won't do any cpu or performance intensive commands in the routers.


commands configure exclude aaa
commands exec include all telnet
commands exec include all write
commands exec include all traceroute
commands exec include all ping
commands exec include all enable
commands exec include all configure
commands exec include all send
commands exec exclude reload
commands exec exclude undebug ip packet
commands exec include undebug ip
commands exec exclude undebug all
commands exec include all undebug
commands exec include all show
commands exec include all set
commands exec exclude debug ip packet
commands exec include debug ip
commands exec exclude debug all
commands exec include all debug
commands configure exclude interface FastEthernet0/0

The router's behavior regarding parser view is that it adds command opposite to the one you excluded. Lets say for example "commands exec exclude debug ip packet". Since this command is excluded the undebug part also should be excluded. The router automatically generated this command "commands exec exclude undebug ip packet".

There you have it. Enjoy and try configuring some parser views.

Saturday, May 02, 2009 | Filed Under , , | 3 Comments

MPLS Basics

One of the great advancements to enhance WAN services is MPLS. Originally, it was created to address the problems on ATM networks and thanks to Cisco and IETF, it has evolved to what it is today.

MPLS (Multiprotocol Label Switching) is a protocol that uses labels for packet switching. MPLS is agnostic of Layer 1 or Layer 2 protocols and can be used on any type of links. It inserts a 32-bit label in between the Layer 2 and Layer 3 headers which dubbed it as a Layer 2.5 protocol. These labels number range is 0-1,048,575. Labels 0-15 for reserved purposes therefore the usuable range is 16-1,048,575. The defaul range in Cisco routers is from 16 - 100,000 which is good enough for big enterprises.

MPLS requires a running IGP routing protocol with a full routing table. CEF must also be enable because FIB (Forwarding Information Base) and adjancency tables are needed to build the LFIB (Label Forwarding Information Base). FIB is responsible for maintaning the next hops for the routes in the routing table while adjacency table is for the Layer 2 rewrite so that repetitive ARP requests will be avoided.

The process of how MPLS works starts by the routing protocol building the IP routing table. After that, based on the routing table the MPLS enabled router will now build its own mapping between destination ip to a label. Thirdly, using LDP (Label Distribution Protocol) the LSR's (Label Switch Routers or simply MPLS-enabled routers) in an MPLS networks share their assigned labels. Lastly, the LSR's build the LIB (Label Information Base), LFIB, and FIB based on the labels they received.

How to Configure MPLS in a Cisco Router

We have below a simple diagram of the network that will be used for this example. We will focus on the basics of configuration, some show commands and some "what if" scenarios.

Diagram:



Dynamips Configuration


autostart = true
ghostios = true
sparsemem = true
# MPLS Basics

[localhost]

[[7200]]
image = \Program Files\Dynamips\images\c7200-jk9o3s-mz.124-7a.bin
npe = npe-400
ram = 160

[[ROUTER R1]]
Se1/0 = R2 Se1/0
Se1/1 = R3 Se1/0

[[ROUTER R2]]
Se1/1 = R3 Se1/1

[[ROUTER R3]]

Basic Configurations

Start dynamips and apply the basic configuration below needed for this example. Just copy and paste everything below and it should be good.


R1
!
interface Serial1/0
ip address 192.168.12.1 255.255.255.0
no shut
!
interface Serial1/1
ip address 192.168.13.1 255.255.255.0
no shut

!
router ospf 1
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0

R2
!
interface Serial1/0
ip address 192.168.12.2 255.255.255.0
no shut
!
interface Serial1/1
ip address 192.168.23.2 255.255.255.0
no shut
!
router ospf 1
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0

R3
!
interface Serial1/0
ip address 192.168.13.3 255.255.255.0
no shut
!
interface Serial1/1
ip address 192.168.23.3 255.255.255.0
no shut
!
router ospf 1
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0

Enabling MPLS

Once you have done this the OSPF adjacencies should be up and running. Now what we need to do is apply the necessary MPLS command to enable MPLS on network.


R1(config)#int se1/0
R1(config-if)#mpls ip
R1(config-if)#int se1/1
R1(config-if)#mpls ip

R2(config)#int se1/0
R2(config-if)#mpls ip
R2(config-if)#int se1/1
R2(config-if)#mpls ip

R3(config)#int se1/0
R3(config-if)#mpls ip
R3(config-if)#int se1/1
R3(config-if)#mpls ip

Once you have applied the single command "mpls ip" on the both sides of the link, an LDP adjacency will be formed and will display a log shown below:


*Feb 21 04:15:51.811: %SYS-5-CONFIG_I: Configured from console by console
*Feb 21 04:15:52.135: %LDP-5-NBRCHG: LDP Neighbor 192.168.13.1:0 (2) is UP

This means that MPLS is enabled on both sides and the neighbors are exchanging label information. The LFIB, FIB and LIB are created after the neighborships are formed.

Verifying MPLS Interfaces

Inorder to get which interfaces are mpls enabled the command "show mpls interfaces" is used. Operational state is "Yes" if the command "mpls ip" is enabled on the interface.


R3#sh mpls interfaces
Interface              IP            Tunnel   Operational
Serial1/0              Yes (ldp)     No       Yes
Serial1/1              Yes (ldp)     No       Yes


Verifying LDP Neighbors

To know the LDP neighbors use "show mpls ldp neighbors". This will show the neighbors ID which is based on the highest ip address of the mpls enable interface., the LDP neighborship uptime, which interface it was discovered and the ip addresses of the MPLS enabled interfaces. Like OSPF, LDP's election of the ID is first chosen the highest ip address of the loopback interfaces and then the physical interfaces.



R3#sh mpls ldp neigh
Peer LDP Ident: 192.168.23.2:0; Local LDP Ident 192.168.23.3:0
TCP connection: 192.168.23.2.646 - 192.168.23.3.46832
State: Oper; Msgs sent/rcvd: 18/18; Downstream
Up time: 00:10:59
LDP discovery sources:
Serial1/1, Src IP addr: 192.168.23.2
Addresses bound to peer LDP Ident:
192.168.12.2    192.168.23.2
Peer LDP Ident: 192.168.13.1:0; Local LDP Ident 192.168.23.3:0
TCP connection: 192.168.13.1.646 - 192.168.23.3.26398
State: Oper; Msgs sent/rcvd: 6/6; Downstream
Up time: 00:00:39
LDP discovery sources:
Serial1/0, Src IP addr: 192.168.13.1
Addresses bound to peer LDP Ident:
192.168.12.1    192.168.13.1



Let's configure loopbacks for R1, R2 and R3. Using 1.1.1.1, 2.2.2.2 and 3.3.3.3 respectively and lets see what happends to the Peer LDP Ident.


R1#config t
R1(config)#int lo0
R1(config-if)#ip address 1.1.1.1 255.255.255.255

R2#config t
R2(config)#int lo0
R2(config-if)#ip address 2.2.2.2 255.255.255.255

R3#config t
R3(config)#int lo0
R3(config-if)#ip address 3.3.3.3 255.255.255.255

After configuring, lets first clear the ospf process on the routers. Use the "clear ip ospf process" and "clear mpls ldp neigbor" in enable mode. For some reason in Dynamips, there are no changes to the LDP ident and the OSPF router id, so its advisable to remove the OSPF process first and disabling first MPLS on the interfaces then renabling OSPF and MPLS. Now lets see what happens to the LDP Ident.


R1#sh mpls ldp neigh
Peer LDP Ident: 2.2.2.2:0; Local LDP Ident 192.168.13.1:0
TCP connection: 2.2.2.2.646 - 192.168.13.1.17752
State: Oper; Msgs sent/rcvd: 15/15; Downstream
Up time: 00:05:24
LDP discovery sources:
Serial1/0, Src IP addr: 192.168.12.2
Addresses bound to peer LDP Ident:
192.168.12.2    192.168.23.2    2.2.2.2
Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 192.168.13.1:0
TCP connection: 3.3.3.3.646 - 192.168.13.1.19721
State: Oper; Msgs sent/rcvd: 14/14; Downstream
Up time: 00:05:22
LDP discovery sources:
Serial1/1, Src IP addr: 192.168.13.3
Addresses bound to peer LDP Ident:
192.168.13.3    192.168.23.3    3.3.3.3

It's now taking the loopback ip address as the Local Ident which proves that MPLS LDP chooses the ID like how OSPF does. You can manually force the LDP id by the command "mpls ldp router-id loopback0 force" so it will take the ip address of the interfaces as its ID. In this example we us the loopback0 with is already the default ID.

MPLS Labels

Let's take a look on how MPLS labels destination IP addresses. I mentioned at the beginning that MPLS creates a label for certain destination ip addresses in the routing table. When the labels are done, it propagates the information to its neighbors so they will know what label they should put on the packet for the sending router. An analogy in the real world, we can compare this to snail mail processing. The address on the letter is the IP address and the Zip code is the Label. The central post office knows where to send the letter, by just looking at the zip code. They don't need to read the whole address. Once the letter has been sent to the local post office, its the time they read the whole address. The local post office is like the PE (Provider Edge) routers. This will be discussed in the next post.

To show the MPLS labels and how their neighbors identify the route with their own labels use the "show mpls ldp bindings" command.


R1#sh mpls ldp binding
tib entry: 1.1.1.1/32, rev 4
local binding:  tag: imp-null
remote binding: tsr: 2.2.2.2:0, tag: 19
remote binding: tsr: 3.3.3.3:0, tag: 20
tib entry: 2.2.2.2/32, rev 8
local binding:  tag: 19
remote binding: tsr: 2.2.2.2:0, tag: imp-null
remote binding: tsr: 3.3.3.3:0, tag: 21
tib entry: 3.3.3.3/32, rev 10
local binding:  tag: 20
remote binding: tsr: 2.2.2.2:0, tag: 21
remote binding: tsr: 3.3.3.3:0, tag: imp-null
tib entry: 192.168.12.0/24, rev 2
local binding:  tag: imp-null
remote binding: tsr: 2.2.2.2:0, tag: imp-null
remote binding: tsr: 3.3.3.3:0, tag: 19
tib entry: 192.168.13.0/24, rev 6
local binding:  tag: imp-null
remote binding: tsr: 2.2.2.2:0, tag: 20
remote binding: tsr: 3.3.3.3:0, tag: imp-null
tib entry: 192.168.23.0/24, rev 12
local binding:  tag: 21
remote binding: tsr: 2.2.2.2:0, tag: imp-null
remote binding: tsr: 3.3.3.3:0, tag: imp-null

Check out the first entry mark in red. The TIB is also equivalent to LIB. Tag Information Base was its old name when Label Switching was then called Tag Switching. 1.1.1.1 is the ip address entry. Local binding means what tag the router will put for the packet to destination 1.1.1.1 based on the LIB it generated. In this case we see it as imp-null meaning it will not put because this is a locally originated. Remote Binding means, the label the LDP neighbor router assigned to this subnet. TSR (Tag Switching Router) 2.2.2.2 which is router R2 assigns a label of 19 as identifier to this subnet and 3.3.3.3 which is router R3 assigns label 20 to this.

Let's take a look at the 2nd entry. For 2.2.2.2, R1 has a tag of 19 to identify this subnet but R2 has imp-null because this originates from R2. Routes originated locally to the router are never label. R3 identifies this as label 21.

MPLS LFIB

MPLS enabled routers don't label the packets before sending based on their LIB but based on the LIB's of their neighbors learned through LDP. They label it this way so that when the packet reaches their neighbor, the neighbor knows exactly this label is for and how to forward it because this label information is from the router itself. Take a look at the example below. I'll shut the link from R1 to R3 so the pacdkets destined for R3 will pass through R2. Lets also compare the LFIB before and after the shutting of links.

Before shut


After Shut



Observe the prefix 3.3.3.3, when R1 and R3 where directly connected before I shut down the link, the Outgoing tag or VC is Pop tag. This means that if R1 receives a packet destined for R3, it "pops" or removes the label and doesn't swap any label because in the LIB of R3, 3.3.3.3 has an implicit-null. After the link has been shut down, the Outgoing tag or VC now is 21. This literally means that R1 must swap a label of 21 to packets destined for 3.3.3.3. R2 in its LIB has 21 for 3.3.3.3. R2 to R3, should never be labeled because 3.3.3.3 originates from R3. Let's check the traceroute below for more proof.


R1#traceroute 3.3.3.3

Type escape sequence to abort.
Tracing the route to 3.3.3.3

1 192.168.12.2 [MPLS: Label 21 Exp 0] 88 msec 56 msec 60 msec
2 192.168.23.3 140 msec 76 msec *

The first hop is from R1 to R2. You can see clearly that it labeled 21. The 2nd hop did not display any labels.

Verifying and Configuring Label Range

A simple command to verify the label assignment range is "show mpls label range". The range of labels can also be set to your liking by using "mpls label range minrange maxrange" command.


R1#show mpls label range
Downstream Generic label region: Min/Max label: 16/100000
R1(config)#mpls label ?
protocol  Set platform default label distribution protocol
range     Label range

R1(config)#mpls label range ?
<16-1048575>  Minimum label value

R1(config)#mpls label range 100 500000 static 50 70
% Label range changes will take effect at the next reload.

In the example above, we set the range to 100 minimum and 500000 for the maximum. I saved the config and restarted the router. The changes reflect right away when R1 fully restarted. It's local bindings now start from 100.


R1#sh mpls ldp bind
tib entry: 1.1.1.1/32, rev 4
local binding:  tag: imp-null
remote binding: tsr: 2.2.2.2:0, tag: 19
tib entry: 2.2.2.2/32, rev 6
local binding:  tag: 100
remote binding: tsr: 2.2.2.2:0, tag: imp-null
tib entry: 3.3.3.3/32, rev 8
local binding:  tag: 101
remote binding: tsr: 2.2.2.2:0, tag: 21
tib entry: 192.168.12.0/24, rev 2
local binding:  tag: imp-null
remote binding: tsr: 2.2.2.2:0, tag: imp-null
tib entry: 192.168.23.0/24, rev 10
local binding:  tag: 102
remote binding: tsr: 2.2.2.2:0, tag: imp-null

MPLS Static Bindings

Using the range we configured about for the static bindings, lets configure 3.3.3.3 and statically assign a label of 65.


R1#sh mpls ldp binding
tib entry: 1.1.1.1/32, rev 4
local binding:  tag: imp-null
remote binding: tsr: 2.2.2.2:0, tag: 19
tib entry: 2.2.2.2/32, rev 6
local binding:  tag: 100
remote binding: tsr: 2.2.2.2:0, tag: imp-null
tib entry: 3.3.3.3/32, rev 12
local binding:  tag: 65
------truncated---------------


So that concludes the MPLS Basics. Cheers!

Wednesday, February 18, 2009 | Filed Under , , | 15 Comments

Certifications

Certifications

The Dreamer

A fun loving person who enjoys learning new things. Currently working as a Network Engineer supporting the global network of a Fortune 500 company. This blog serves as my notes for the labs I created for my CCIE journey. I can guarantee there are errors in my posts. If you spot them, please let me know.

Join my Facebook Page I WANT TO BE A CCIE

Donate to the Cause

My aim is to create materials for free and possibly a free lab. If you wish to help out, please send any amount. Thanks.

Join my Bandwagon

Blogs that I Read