Blogs

MPLS Notes

Introduction

MPLS is a packet-switched technology that enables the creation of virtual private networks (VPNs). MPLS uses a label-switching technique to route data packets between network nodes. Labels are attached to data packets at the ingress node, and the labels are used to forward the packets through the network to the egress node. We created a cheat sheet for MPLS that covers Label Distribute Protocol (LDP), Traffic Engineering (TE), and MPLS VPN

Pre-requisite

Networking knowledge

MPLS label :

20-bits for the label
3-bits EXP for QoS
8-bits TTL
bottom stack bit

MPLS protocols:

LDP advertises labels for IGP learned routes
MP-BGP advertises labels for BGP learned routes
RSVP is used for MPLS traffic engineering ( Mpls TE )
Segment routing

LDP Label Distribute Protocol:

LDP ONLY distribute labels for IGP prefixes
BGP will distribute labels for BGP prefixes
LDP assigns one unique local label per prefix and advertises it to all its neighbours
LDP forms neighbours with all directly connected routers
All routers learn MPLS labels for all IGP prefixes from all neighbour routers
The router will pick one label per IGP prefix, the label from the next hop router in the routing table
If the router doesn't have the label in the LFIB, it will drop the packet

Label stack:

meaning a packet can have multiple packets
we can have multiple labels, but the last label should have the BOT bit set
need to check MTU

Label Range:

all mpls labels value has 20bits: range 0 to 104857
label 0 to 15 are reserved for special operation example
Label 3 is used for penultimate hop popping(PHP)(the pop operation). The last router will send the label 3 for the before router to do a pop operation (implicit-null)
Label 0 explicit null to stop the pop operation for QoS purposes. The before the last router will send the packet with label 0 in place of popping the label on the last hope router PE, we can do #explicit-null
label 2 is the same as label 0, but for IPv6, explicit-null for IPv6
label 1 is used for MPLS OAM (operation, administration and maintenance) the packets are forced to be Forwarded in a "safe" mode forwarding bypass forwarding in ASIC, or other specific hardware forwarding label one means punt the packet to CPU for troubleshooting

MPLS TTL values:

TTL is copied from the IP header when entering the Mpls
TTL is lowered only at the top label when the operation is swap
TTL is copied down to the newly exposed label when the operation is pop -1
TTL is copied from the incoming label to all labels in a push operation
TTL is copied from incoming label to TTL field in IP header at egress LSR (unless MPLS TTL is bigger them IP TTL, this should be the case if condition one is done )

MPLS LDP

LDP has four major functions

Discovery of other LSR running LDP
- Hello, messages are sent on all links enabled for MPLS/LDP. A UDP message on port 646 and the destination IP is 224.0.0.2 with the (Hello/hold) interval is by default (5/15)
Establishing a TCP Session
- Session (TCP) establishment and maintenance of the TCP session that is established between the transport address in the hello messages on TCP port 646, the router must have a route to the transport address of the neighbour router. If you want, you can form a neighbour with the local interface, but this is not recommended
Advertise label binding (label mapping)
- label binding: advertise : prefix + label
- label withdraw: withdraw label binding: when the prefix is removed or local label changes
Advertise label binding (label mapping)
- label binding: advertise : prefix + label
- label withdraw: withdraw label binding: when the prefix is removed or local label changes

Notification (error messages)

Targeted LDP session: multi-hop LDP session; some scenarios require LDP bindings over multi-hop MPLS VPN with TE Tunnels Remote protection(remote loop-free alternate(LFA))
Fast reroute LFA with LDP with OSPF and is-is LFA
Label Advertisement Control
- Prefix suppression to advertise only the loopback or a couple of subnets
- Filter in the outgoing direction
- Filter in the incoming direction

LDP session protection

In case the link fails between the LSR and your neighbour, the TCP session won't go down if we can still reach the neighbour via another router.
When the link is flapping, it can cause problems; this feature removes the information from the LFIB (show mpls forwarding table) but keeps the information in the LIB (show mpls ldp binding), but when the protection timer expires, the neighbour is flushed.
LDP authentication ( in the TCP header option19 ) you can configure it per neighbour or per groups
LDP IGP Synchronization (if LDP is broken, igp will route around it), meaning if LDP is down, the route is removed from the routing table by increasing the metric to the maximum, so this only works if we have two paths to the destination.

Troubleshooting LDP

Verify label distribution is enabled on the interface
If LDP is configured, verify if the LDP session is up
Also, if LDP verify the database with
The prefix shouldn't have the route
Verify LFIB

MPLS TE

Advantages of MPLS Traffic Engineering

Provides efficient spreading of traffic to avoid underutilized and overutilized link
Takes into account the configuration (static) bandwidth of links
Takes link attributes into account (delay jitter)
Adapts automatically to control plane-changing bandwidth and link attributes
Source-based routing is applied as opposed to IP's destination-based routing.
Very fast convergence

Requirements

Only a link-state routing protocol (OSPF/ISIS)can be used
Topology view: Advertise by IGP you will know the routers/links/IP address/link cost, Advertise by IGP extensions bandwidth reserved / bandwidth in use by MPLS TE / affinity / MPLS TE metric
Based on this view, the head end router can then calculate the path for the MPLS TE tunnel

LSP Attributes and LSP Attribute List

Attribute flags for links that make up the LSP (affinity command)
Automatic bandwidth configuration (auto-bw command)
LSP bandwidth--global pool or subpool (bandwidth command)
Disable re-optimization of the LSP (lockdown command)
LSP priority (priority command)
Protection failure (protection command)
Record the route used by the LSP (record-route command)

Allow or restrict the use of a tunnel based :

Packets type, packet QOS marking, Source and Destination IP …

RSVP messages

RSVP uses the following types of messages to establish and remove paths for data flows, establish and remove reservation information, confirm the establishment of reservations, and report errors: Path Messages, Resv Messages, PathTear Messages, ResvTear Messages, PathErr Messages, ResvErr Messages, ResvConfirm Messages
Path Messages: Each sender host transmits path messages downstream along the routes provided by the unicast and multicast routing protocols. Path messages follow the exact paths of application data, creating path states in the routers along the way, thus enabling routers to learn the previous-hop and next-hop node for the session. Path messages are sent periodically to refresh path states.
Resv Messages: Each receiver host sends reservation request (Resv) messages upstream toward senders and sender applications. Resv messages must follow exactly the reverse path of path messages. Resv messages create and maintain a reservation state in each router along the way.
PathTear messages: remove (tear down) path states as well as dependent reservation states in any routers along a path. PathTear messages follow the same path as path messages. A PathTear typically is initiated by a sender application or by a router when its path state times out.
ResvTear messages: remove reservation states along a path. These messages travel upstream toward the senders of the session. In a sense, ResvTear messages are the reverse of Resv messages. ResvTear messages typically are initiated by a receiver application or by a router when its reservation state times out.
PathErr Messages: When path errors occur (usually because of parameter problems in a path message), the router sends a unicast PathErr message to the sender that issued the path message. PathErr messages are advisory; these messages do not alter any path state along the way.
ResvErr Messages: When a reservation request fails, a ResvErr error message is delivered to all the receivers involved. ResvErr messages are advisory; these messages do not alter any reservation state along the way.
ResvConfirm Messages: Receivers can request confirmation of a reservation request, and this confirmation is sent with a ResvConfirm message. Because of the complex RSVP flow-merging rules, a confirmation message does not necessarily provide end-to-end confirmation of the entire path. Therefore, ResvConfirm messages are an indication, not a guarantee, of potential success.

RSVP Operation

There are two general message types in RSVP, PATH and RESV. The initial request begins with a PATH message. The PATH message describes the specific flow that will use this reservation. So it includes the source and destination IP addresses, as well as the IP Protocol, such as TCP or UDP, and any port numbers. The PATH message also includes the requested average bit rate and burst size.
The PATH message is received by an upstream router or perhaps the ultimate destination. If it is received by an intermediate router, this router must analyze the request and decide whether it can honour it. Ultimately, if the request is accepted, the router will create a new PATH message, requesting the same resource reservation from the next upstream router but specifying itself as the source. PATH messages always flow from the requester toward the destination.
RESV messages flow in the opposite direction. The RESV CONFIRM messages describe the actual detailed bit rate and delay characteristics required to fulfil the PATH request. If an upstream router doesn't have the necessary resource to fulfil the request, it responds with a RESV ERROR message.