Sunday, January 15, 2017

CCIE SPv4 - MPLS L3 VPN - Label Modes

Software versions:
IOS XE 15.5
IOS XR 5.3

The topology for this demo:
In this post we will take a look at the different label allocation modes that are available. Normally when a CE advertises a route to a PE, that PE allocates a unique label per learned prefix. This is the default mechanism used. We'll take a look at R1 and XR3s label allocation techniques.

R1#sh bgp vpnv4 unicast vrf BGP labels | in  131.0.0.13
   13.13.13.0/24    131.0.0.13      28/nolabel
   131.0.0.0/24     131.0.0.13      35/nolabel
   192.168.10.0     131.0.0.13      44/nolabel
   192.168.11.0     131.0.0.13      45/nolabel
   192.168.12.0     131.0.0.13      47/nolabel
                    131.0.0.13      nolabel/nolabel

R1#sh bgp vpnv6 unicast vrf BGP labels | in 2131:CC1E::13
   2131:CC1E::/64   2131:CC1E::13   50/nolabel
   FC00::13/128     2131:CC1E::13   51/nolabel
   FC00:213::13/128 2131:CC1E::13   nolabel/nolabel
   FC00:1013::/64   2131:CC1E::13   29/nolabel
   FC00:1113::/64   2131:CC1E::13   40/nolabel
   FC00:1213::/64   2131:CC1E::13   30/nolabel

RP/0/0/CPU0:XR3#sh bgp vpnv4 unicast vrf BGP labels | in 113.0.0.14
Sun Jan 15 21:14:22.264 UTC
*> 113.0.0.0/24       113.0.0.14      nolabel         24016
*> 172.16.10.0/24     113.0.0.14      nolabel         24023
*> 172.16.11.0/24     113.0.0.14      nolabel         24024
*> 172.16.12.0/24     113.0.0.14      nolabel         24025

RP/0/0/CPU0:XR3#sh bgp vpnv6 unicast vrf BGP labels | in 2113:cc1e::14
Sun Jan 15 21:17:17.882 UTC
*> 2113:cc1e::/64     2113:cc1e::14   nolabel         24015
*> fc00:10::/64       2113:cc1e::14   nolabel         24026
*> fc00:11::/64       2113:cc1e::14   nolabel         24027
*>                    2113:cc1e::14   nolabel         24028

As you can see, each prefix gets its own label. For the average design, this works but if you have to scale that, you will run into scalability issues down the road. Let's take a look at optimizing this capability.

On the IOS PEs
mpls label mode vrf BGP protocol bgp-vpnv4 per-vrf

On the XR PEs
vrf BGP
  address-family ipv4 unicast
   label mode per-vrf

R1(config)#do sh bgp vpnv4 unicast vrf BGP labels | in 131.0.0.13
   13.13.13.0/24    131.0.0.13      IPv4 VRF Aggr:57/nolabel
   131.0.0.0/24     131.0.0.13      IPv4 VRF Aggr:57/nolabel
   192.168.10.0     131.0.0.13      IPv4 VRF Aggr:57/nolabel
   192.168.11.0     131.0.0.13      IPv4 VRF Aggr:57/nolabel
   192.168.12.0     131.0.0.13      IPv4 VRF Aggr:57/nolabel
                    131.0.0.13      nolabel/nolabel

As you can see, each prefix now gets 1 aggregate label, Ok, cool, but now from a routing perspective, this doesn't really help us, we now have to do recursion.

R1#sh mpls forwarding-table labels 57 detail
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop
Label      Label      or Tunnel Id     Switched      interface
57         Pop Label  IPv4 VRF[V]      0             aggregate/BGP
        MAC/Encaps=0/0, MRU=0, Label Stack{}
        VPN route: BGP
        No output feature configured

R1#sh ip cef vrf BGP 192.168.10.0
192.168.10.0/24
  nexthop 131.0.0.13 GigabitEthernet1.1020


RP/0/0/CPU0:XR3#sh bgp vpnv4 unicast vrf BGP labels | in 113.0.0.14
Sun Jan 15 21:28:53.575 UTC
*> 113.0.0.0/24       113.0.0.14      nolabel         24029
*> 172.16.10.0/24     113.0.0.14      nolabel         24029
*> 172.16.11.0/24     113.0.0.14      nolabel         24029
*> 172.16.12.0/24     113.0.0.14      nolabel         24029

RP/0/0/CPU0:XR3#sh mpls forwarding labels 24029 detail
Sun Jan 15 21:30:17.019 UTC
Local  Outgoing    Prefix             Outgoing     Next Hop        Bytes
Label  Label       or ID              Interface                    Switched
------ ----------- ------------------ ------------ --------------- ------------
24029  Aggregate   BGP: Per-VRF Aggr[V]   \
                                      BGP                          0
     Updated Jan 15 21:28:37.186
     MAC/Encaps: 0/0, MTU: 0
     Label Stack (Top -> Bottom): { }
     Packets Switched: 0


RP/0/0/CPU0:XR3#sh cef vrf BGP 113.0.0.14
Sun Jan 15 21:31:17.875 UTC
113.0.0.14/32, version 0, internal 0x1020001 0x0 (ptr 0xa13bb974) [2], 0x0 (0xa139ec68), 0x0 (0x0)
 Updated Jan  7 14:50:58.061
 local adjacency 113.0.0.14
 Prefix Len 32, traffic index 0, Adjacency-prefix, precedence n/a, priority 15
   via 113.0.0.14, GigabitEthernet0/0/0/0.1020, 6 dependencies, weight 0, class 0 [flags 0x0]
    path-idx 0 NHID 0x0 [0xa1044100 0x0], Internal 0xa190e0cc, parent-ifh 0x200
    next hop 113.0.0.14
    local adjacency


So now we need to receive traffic in from the core, pop the label, determine the VRF the label is associated with, then figure out what interface is in that VRF. Once all that is figured out, we can then proceed to switch the packet to the outgoing interface and do the L2 header rewrite. Not a ton of extra work, but extra none the less, there is a newer solution though, Per CE. We'll test this out with IPv6.

IOS PEs
mpls label mode vrf BGP protocol bgp-vpnv6 per-ce

On the XR PEs
vrf BGP
  address-family ipv4 unicast
   label mode per-ce


R1#sh bgp vpnv6 unicast vrf BGP labels | in 2131:CC1E::13
   2131:CC1E::/64   2131:CC1E::13   26/nolabel
   FC00::13/128     2131:CC1E::13   26/nolabel
   FC00:213::13/128 2131:CC1E::13   nolabel/nolabel
   FC00:1013::/64   2131:CC1E::13   26/nolabel
   FC00:1113::/64   2131:CC1E::13   26/nolabel
   FC00:1213::/64   2131:CC1E::13   26/nolabel

R1#sh mpls forwarding-table labels 26 detail
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop
Label      Label      or Tunnel Id     Switched      interface
26         No Label   nh-id(1)         0             Gi1.1020   FE80::20C:29FF:FE44:53CF
        MAC/Encaps=0/0, MRU=1504, Label Stack{}
        No output feature configured

As you can see, the LFIB outputs are different, which now indicates a label value, 26, and it shows an outgoing interface, G1.1020 and an IPv6 next hop. This is exactly the purpose of CEF.

We can also verify this at the VRF level.

R1#sh vrf detail BGP | in label|ipv4|ipv6
Address family ipv4 unicast (Table ID = 0x1):
  VRF label distribution protocol: not configured
  VRF label allocation mode: per-vrf (Label 57)
Address family ipv6 unicast (Table ID = 0x1E000001):
  VRF label distribution protocol: not configured
  VRF label allocation mode: per-ce

We can verify the next hops as well.

R1#sh bgp vpnv6 unicast vrf BGP nexthops
 # Paths   Nexthop Address
Route Distinguisher: 20:50693 (default for vrf BGP)
      23   ::FFFF:192.168.1.3
       9   ::FFFF:192.168.1.5
      11   ::FFFF:192.168.1.6
      18   ::FFFF:192.168.1.13
       5   2131:CC1E::13 (FE80::20C:29FF:FE44:53CF) (BGP)
       9   ::FFFF:192.168.1.11
       2   2131:CC1E::13 (STATIC)

The drawback to these enhancements is loss of visibility in the MPLS core for counters, we could see bytes switched on the PEs for a given prefix. Now only the aggregate label has an increment. 

This is before the ping/trace.
R1#sh mpls forwarding-table interface Gi1.1020
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop
Label      Label      or Tunnel Id     Switched      interface
26         No Label   nh-id(1)         0             Gi1.1020   FE80::20C:29FF:FE44:53CF

R1#sh mpls forwarding-table labels 57
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop
Label      Label      or Tunnel Id     Switched      interface
57         Pop Label  IPv4 VRF[V]      0             aggregate/BGP

R13#ping vrf BGP 172.16.11.14 source 192.168.11.13
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.11.14, timeout is 2 seconds:
Packet sent with a source address of 192.168.11.13
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/9/26 ms


R13# traceroute vrf BGP ipv6
Target IPv6 address: FC00:11::14
Source address: FC00:1013::13
Insert source routing header? [no]:
Numeric display? [no]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Priority [0]:
Port Number [0]:
Type escape sequence to abort.
Tracing the route to FC00:11::14

  1 2131:CC1E::1 2 msec 2 msec 1 msec
  2 FC00::112 [MPLS: Labels 24009/24027 Exp 0] 9 msec 6 msec 5 msec
  3 2016:12:13::13 [MPLS: Label 24027 Exp 0] 20 msec 20 msec 30 msec
  4 2113:CC1E::14 [AS 143] 25 msec 14 msec 15 msec

This is after the ping/trace.
R1#sh mpls forwarding-table interface Gi1.1020
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop
Label      Label      or Tunnel Id     Switched      interface
26         No Label   nh-id(1)         1590          Gi1.1020   FE80::20C:29FF:FE44:53CF

R1#sh mpls forwarding-table labels 57
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop
Label      Label      or Tunnel Id     Switched      interface
57         Pop Label  IPv4 VRF[V]      590           aggregate/BGP

The last option for us is the all AFS on all VRFs.

IOS PEs
mpls label mode all-vrfs protocol all-afs vrf-conn-aggr

IOS XR doesn't support this variant, only the Per-VRF , per-CE and per-prefix are supported. You can apply these policies with an RPL. XR documentation states that if label mode is in use, per-vrf mode is used to allocate labels for connected, aggregate and local prefixes. 

R1#sh bgp vpnv4 unicast vrf BGP labels | in /20
   192.168.0.0/20   0.0.0.0         IPv4 VRF Aggr:57/aggregate(BGP


R1#sh mpls forwarding-table labels 57
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop
Label      Label      or Tunnel Id     Switched      interface
57         Pop Label  IPv4 VRF[V]      1770          aggregate/BGP

Thanks for stopping by!
Rob Riker, CCIE #50693

Posted by at
Labels: , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)