How many labels for VPN in MPLS ?
How many labels for VPN in MPLS ?
MPLS protocol uses labels to forward traffic between point A and B. These labels are binded to FECs and distributed on the network by means of different protocols like (LDP, RSVP, BGP-LS, SPRING).
LDP (Label Distribution Protocol “RFC5036”) is still by far the widely used protocol among them and was developed to do label distribution unlike RSVP and BGP.
In this article we will discuss how LDP binds labels to FECs and how it distributes these labels on the network.
As stated above the main goal of LDP is to distribute labels on the network so once activated on the routers LDP will try to discover directly connected peers by sending multicast messages to UDP port number 646 but it allows for discovery of remote peers using targeted hello messages that span multiple hops for some specific use cases.
Once a peer is discovered, a TCP session is established to it using the port 646 in a way to stat the exchange of Label/FEC bindings based on the features and mode that are negotiated between the peers.
To establish LSPs, LDP relies on IGP protocols and LSPs are always following the best path to destination which means that the two protocols have to work on tandem and kept synchronized to avoid any traffic loop or blackhole situation.
Label retention mode:
Label Retention means what labels a router have to conserve for a given FEC. Should a router conserve labels coming from different routers even if are not all in the forwarding path? or should it conserve only labels from the IGP best next hop router to destination and discard the rest?
The first option is called Liberal Retention and the second option is called Conservative label retention.
To explain the difference between these two modes, let’s use the diagram below:
Assuming that all links have the same cost hence to reach Loopback 0 from R1 the path “R1″>”R2″>”R4″>”R5” will be used.
From here we can raise to points :
The first remark is about retention mode. In LDP we have to mode:
Within today network, Routers come with large memory capacity to handle a large label space so the Liberal retention mode is the widely used mode.
The second remark is about the mode of label distribution:
Based on RFC3031: ” the decision to bind a particular label L to a particular FEC F is made by the LSR which is DOWNSTREAM with respect to that binding. The downstream LSR then informs the upstream LSR of the binding. Thus, labels are “downstream-assigned”, and label bindings are distributed in the “downstream to upstream” direction ” If we apply the RFC above to our diagram when “R4” receives label “L1” to loopback 0 from “R5” it assigns a label “L2” and sends it downstream to “R3” and “R2” then R2 expect that for all traffic going to Loopback 0 be tagged with “L2” label in the incoming interface before it swaps the label to “L1” and send it upstream to “R5”. This method is called downstream allocation In the other side should “R4” send label for the Loopback0 to “R3” and “R2” (unsolicited label distribution) or only for routers ask for them (On demand label distribution)?. Having known about the unwanted blackhole situation that will be raised if the second option has been used. The vast majority of vendors prefer the first mode of label distribution. So, the label distribution mode used by LDP is called downstream unsolicited.
Bin Packing Problem ? What is Bin Packing ? I will explain in this post Bin Packing Problem in MPLS Traffic Engineering.
What is attachment circuit in MPLS VPN ? Definitions are important in networking, if there are alternative usages of the definition, better to know them all for effective communication.
Unique RD per PE per VRF is a deployment option in MPLS Layer 3 VPN.
Is Inter-AS MPLS VPNs commonly deployed ? In real-life deployment which Inter-AS MPLS VPN Option is most common ? What are the use cases of Inter-AS MPLS VPNs ? This is not a theory post , I will share practical information with you. Read more
In this post I will explain MPLS Layer 3 VPN deployment by providing a case study. This deployment mainly will be for green field environment where you deploy network nodes and protocols from scratch. This post doesn’t cover migration from Legacy transport mechanisms such as ATM and Frame Relay migration as it is covered in the separate post on the website. Read more
In this article, MP-BGP will not be explained since it has been explained here earlier in detail.
When BGP is used as a PE-CE routing protocol between the customer and its MPLS Layer 3 VPN Provider, it is important to say that there is no need to redistribute on the Service Provider PE. All the other routing protocol require redistribution from MP-BGP into the routing protocol and vice versa.
In this post, I will explained what are the design considerations when BGP is used as PE-CE routing protocol in MPLS Layer 3 VPN and the how you can mitigate possible routing loop problems.
Last but not least, I will share when CE (Customer Equipment) is multihomed to two PEs (Provider Edge Device), what would be the design considerations if BGP is used in MPLS Layer VPN. Read more
For the purpose of high availability, critical locations of company A – a customer of VPN service provider – is connected to two different carriers. However, this connectivity requires an important design consideration.
Companies don’t always have high availability. What’s more, there is always a concern of budget and complexity with the high availability even though a number of factors need to be considered during network design.
If the applications of the company do not require high availability, dual carrier or two links to the same carrier is not necessary.
Multihoming refers to a connection to the two different carriers/service providers even though two routers via two links to the same provider is not considered multihomed.
Couple days before I received an email from one of my readers ( Ahmet Eris ) related with his design. He designed a network infrastructure for his customer and wanted me to take a look as well.
But I realized that Ahmet has some misunderstanding on the usage of MPLS layer 2 VPNs and I thought just briefly mentioning about it can help to my other readers as well. Read more
RFC 2547 defines standard MPLS VPN to carry customer prefixes over the MPLS backbone.
In February 2006 RFC 4364 was published for Inter AS VPNs which is known as Multi AS VPNs. RFC 4364 obsoleted RFC 2547 and defined many other applications for MPLS VPNs such as CSC which is also known as Carrier Supporting Carrier with the Cisco terminology and Carrier of Carrier with the Juniper definition.
With basic Layer 3 MPLS VPN , Enterprise customers can carry their prefixes from multiple sites over SP backbone . It is multi point to multipoint connection. With the ATOM based MPLS solution which is Cisco’s E-Line solution , customer sites are connected as point to point and with VPLS multipoint to multipoint.
Basic difference with the VPLS and IP/VPN from customer point of view , with VPLS all attached sites share the same L3 network.Service Provider acts as a big switch for the customer. IP/MPLS VPNs use different IP address at each site.
With the IP/VPN also known as BGP or L3 VPN , customer runs IP routing protocol or static route with the Service provider and Customer equipment which is known as CE don’t see other CE as connected like in VPLS or ATOM based MPLS.
Depending on expectations of the customer from the Service Provider , for the MPLS L3/VPN case, customer can run any of the IGP routing protocols including EIGRP, OSPF, IS-IS , BGP or static route. You may want to talk with your Service Provider before you decide since some Service Providers don’t service every routing protocols. Most of them if not all supports BGP.
If customer wants very granular policy control, dual homed site connectivity, and customer network stuff well trained , best choice would be BGP.
In the past fast convergence was an issue with BGP and maybe still with the vanilla BGP configuration, recent enhancements allow BGP to converge super fast thanks to BGP Fast Reroute Mechanism which is BGP PIC.
All IGP protocol’s metric information can be carried over SP MPLS backbone end to end. In this case SP core behaves differently. For OSPF there is Superbackbone and for ISIS there is L3 backbone concepts. This is out of the scope of this post so I will not explain further.But if you want to learn and interested please comment, so I definitely write about them.
One another caveat for PE-CE protocol , for almost all protocol , if customer has backdoor link to another customer site, loop or suboptimal path usage may occur. We prefer generally MPLS link when it is necessary to have low latency , secure , reliable connection compare to Internet based option.
If customer has backup Internet link (Not MPLS but maybe DSL, 3G/LTE, Satellite,Microwave, Cable) and its requirement is low latency , predictable delay variation which is called as jitter , reliable and secure ( Relative ) connection, probably wants to use MPLS connection as primary and Internet connection as a backup although LTE is much cheaper and provides very high bandwidth nowadays and started to take its place as a primary connection on some networks or part of the network such as remote offices.
Inter AS Option A is the easiest, most flexible, most secure Inter autonomous system MPLS VPN technology.
In the below topology VPN Customers A and B are connected to two different service providers via MPLS Layer 3 VPN. In order to have end to end MPLS VPN service, Service Providers use special mechanisms. In this article, I will explain the most basic one which is Inter-AS Option A, though there are many other things you need to know about Inter-AS Option A.
Our aim is to carry all the customer routes between the service providers.
There are many different ways of handling this case. In this post, I will explain Inter AS Option A MPLS/VPN, also known as VRF-to-VRF approach.
Figure 1: Inter-AS OptionA
I will use the topology depicted in fig. 1 throughout this post to explain Inter AS Option A operation.
In the above diagram, we have two service providers and the two customers which require Inter-AS MPLS VPN service.
The PE routers that connect the two providers are also known as ASBR (Autonomous System Boundary Router).
Inter AS Option A: an ASBR router in one Autonomous System attaches directly to an ASBR router in another Autonomous System.
The two ASBR routers are attached to multiple sub-interfaces; at least one of the VPNs whose routes need to be passed from one AS to the other AS is attached. In addition, those sub interfaces associate with the VRF table.
For each customer, service providers could use separate physical connection, instead of sub interface. However, doing that would not produce optimal result for resource utilization.
PE routers connected to the CE devices run MP-IBGP, either through full mesh or through RR (route reflector).
Inter AS Option A allows ASBR routers to keep all the VRFs for customers who require Inter AS service.
SP-A and SP-B ASBR routers maintain VPN forwarding table in LFIB. Furthermore, they keep routing information in RIB and FIB.
Compared to other AS options, ASBRs have high memory usage in Inter AS Option A.
However, other Inter AS VPN options do not have these capabilities.
ASBRs can either run the same routing protocol with the customer on the VRFs or use just EBGP.
For example if the requirement for customer A, is to keep routing information, such as metric end to end, SP-A and SP-B runs same routing protocol on the ASBRs and the PE devices where the Customer CE device is attached to.
SP-A and SP-B: Inter AS Option A will have to manage redistribution at the ASBRs because the routes appear to the ASBR as BGP route from remote PEs. For customer A, those routes need to be redistributed from BGP to Customer A PE-CE Routing protocol, and from the Customer A PE-CE routing protocol to BGP.
ASBRs associate each such sub-interface with a VRF.
Inter AS Option A does not require MPLS at the ASBRs unlike the other Inter AS options.
Since we need to have a separate VRF and sub interface for each customer VPN, separate routing protocol, dealing with redistribution for each protocol, it is operationally cumbersome thus hard to scale.
Among all other Inter AS options since there is only IP routing between the AS, Option A is considered as most secure one.
In addition, it is the easiest option to implement between the AS because Option A does not require another control plane mechanism between service provider ASBRs such as LDP, BGP+label, or BGP-VPNv4.
Between the service providers on ASBRs, either IGP protocols or EBGP is used.
Since only IP traffic passes (Not MPLS) between the service providers, most granular QoS implementation is achieved with Option A. (Per sub-interface and IP DSCP vs. MPLS EXP)
For all Inter AS Options, it is very common that customers have to trust to the service provider for data integrity, confidentiality, and availability.
MPLS does not encrypt the packets because if a customer need end-to-end encryption, the user can deploy an IPSEC.
Below Inter AS MPLS VPN Options Comparison Table gives you most comprehensive analysis. In real life and also for the design exams it will be very useful since the comparison are done from the design point of view.
Inter AS MPLS VPN Options Comparison
Do you use MPLS VPN service? Is it from one provider or multiple providers?
Let’s talk about your design in the comment section.