Monthly Archives: June 2013

ISP LAB (MPLS Cloud) – Part3

Posted on by No Comments ↓

As mentioned in ISP LAB Topology – Part1 before getting into the configuration part we will give a brief about the technologies/protocols used in our task. In our first task ISP LAB (Implementing IGP) – Part 2 we configured the ISP routers to advertise their loopback addresses using ISIS (Layer3 routing protocol used as IGP) so that all ISP routers have an identical LSDB (Link State Data Base) and can reach each others loopback addresses. lets validate our reachability inside the ISP network on the core router P1 for example:

P1 ISIS neghbors
P1#show isis neighbors
System Id      Type Interface   IP Address      State Holdtime Circuit Id
PE01           L2   Fa1/0       10.1.10.1       UP    24       P1.02
P2             L2   Fa2/0       10.10.20.20     UP    21       P1.04
P3             L2   Fa1/1       10.10.30.30     UP    23       P1.03

P1 is maintaining level-2 neighborships with PE01, P2 and P3

P1 routing table
P1#show ip route | i L2
       i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
i L2     1.1.1.1 [115/20] via 10.1.10.1, 03:08:56, FastEthernet1/0
i L2     2.2.2.2 [115/30] via 10.10.30.30, 03:08:56, FastEthernet1/1
i L2     3.3.3.3 [115/30] via 10.10.30.30, 03:08:46, FastEthernet1/1
i L2     10.1.20.0/24 [115/20] via 10.10.20.20, 03:08:56, FastEthernet2/0
i L2     10.2.30.0/24 [115/20] via 10.10.30.30, 03:08:56, FastEthernet1/1
i L2     10.3.30.0/24 [115/20] via 10.10.30.30, 03:08:56, FastEthernet1/1
i L2     10.20.30.0/24 [115/20] via 10.10.30.30, 03:08:56, FastEthernet1/1
i L2     20.20.20.20 [115/20] via 10.10.20.20, 03:08:56, FastEthernet2/0
i L2     30.30.30.30 [115/20] via 10.10.30.30, 03:08:56, FastEthernet1/1

The routing table of P1 (showing only ISIS level-2 routes), so lets pick 2 routes and try to reach

Sending ICMP (Ping) packets to PE02 and P2
P1#ping 2.2.2.2Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/54/112 ms
P1#ping 20.20.20.20Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.20.20.20, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/26/56 ms

Now we are sure that P1 – and all routers respectively – has routes to every router in the network and can reach it.
The previous validation is for being sure that everything is OK before building the MPLS network which rely on the IGP (ISIS in our case) to build LSPs (Label Switched Paths).

MPLS flows are connection oriented & only defines the forwarding mechanism that rely on other two separate protocols (IGP & LDP) to establish the LSPs. For more details it is recommended to read MPLS Summary & MPLS Study Notes [Part1].

We finished the first step by implementing the IGP and we need to implement the signalling protocol LDP (Label Distribution Protocol) to close the circuit.

LDP function is that for each router to assigns local labels for it’s own and connected routes/prefixes such as Loopback addresses, then distribute these labels to the LDP neighbors, and the neighbors do the same operation for both received labels and local routes/prefixes till reaching the edge of the network, and now the LSPs are build correctly.

First of all we need to instruct the router to use LDP instead of TDP (Tag Distribution Protocol – Cisco only):

P1 LDP configuration
P1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
P1(config)#mpls label protocol ?
ldp  Use LDP (default)
tdp  Use TDP
P1(config)#mpls label protocol ldp

It is just a simple piece of  configuration, now we have two ways for enabling MPLS on all routers:
1st: Configuring MPLS for each interface connected to an ISP router.
2nd: Configuring MPLS automatic configuration on all enabled IGP interfaces.

First way is just doing “mpls ip” command under all ISP connected interfaces, but obviously there is a scalability problem and human errors could appear if we forgot to enable an interface and this interface is chosen as the best path by the IGP so we will have a broken LSP which will drop all packets the going through.

Second one is the most recommended because you will just do it once per router and also you will have no broken LSPs because all IGP enabled interfaces are also MPLS enabled, for more details also it is recommended to use MPLS LDP-IGP Synchronization to avoid such problems that could happen due to slow convergence or whatever.

Lets take a look at the two ways of configuration:

1st way (one command per interface)
P1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
P1(config)#int fa 1/0
P1(config-if)#mpls ip
2nd way (one command per router)
P1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
P1(config)#router isis abc
P1(config-router)#mpls ldp autoconfig

I believe that everyone of you will prefer to chose the second way PLUS synchronization

MPLS LDP SYNC
P1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
P1(config)#router isis abc
P1(config-router)#mpls ldp sync

Lets check if everything is OK with our configuration:

LDP Neighbors
P1#show mpls ldp neighbor
Peer LDP Ident: 20.20.20.20:0; Local LDP Ident 10.10.10.10:0
TCP connection: 20.20.20.20.45861 – 10.10.10.10.646
State: Oper; Msgs sent/rcvd: 236/234; Downstream
Up time: 03:11:52
LDP discovery sources:
FastEthernet2/0, Src IP addr: 10.10.20.20
Addresses bound to peer LDP Ident:
10.1.20.20      10.20.30.20     10.10.20.20     20.20.20.20
Peer LDP Ident: 30.30.30.30:0; Local LDP Ident 10.10.10.10:0
TCP connection: 30.30.30.30.54795 – 10.10.10.10.646
State: Oper; Msgs sent/rcvd: 236/234; Downstream
Up time: 03:11:50
LDP discovery sources:
FastEthernet1/1, Src IP addr: 10.10.30.30
Addresses bound to peer LDP Ident:
10.10.30.30     10.20.30.30     10.2.30.30      10.3.30.30
30.30.30.30
Peer LDP Ident: 1.1.1.1:0; Local LDP Ident 10.10.10.10:0
TCP connection: 1.1.1.1.646 – 10.10.10.10.56795
State: Oper; Msgs sent/rcvd: 234/235; Downstream
Up time: 03:11:49
LDP discovery sources:
FastEthernet1/0, Src IP addr: 10.1.10.1
Addresses bound to peer LDP Ident:
10.1.10.1       10.1.20.1       1.1.1.1

Generally the output of “show mpls ldp neighbor” on Cisco IOS devices shows many information about the LDP neighbors, UP Time, TCP port (646 for LDP and 711 for TDP), interface and addresses bounded to the peer/neighbor.
Lets see what this output shows us: The LDP neighbors of P1 which are P2 (20.20.20.20), P3(30.30.30.30) and PE01(1.1.1.1) and my local LDP ID (10.10.10.10) is used for the connectivity, also the output shows that all neighbors are using TCP 646 to establish the LDP connection which is TRUE.

MPLS Forwarding table LFIB(Label Forwarding Information Base)
PE01#show mpls forwarding-table
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop
Label      Label      or Tunnel Id     Switched      interface
16         Pop Label  10.10.10.10/32   0             Fa1/0      10.1.10.10
17         Pop Label  20.20.20.20/32   0             Fa1/1      10.1.20.20
18         22         30.30.30.30/32   0             Fa1/0      10.1.10.10
           16         30.30.30.30/32   0             Fa1/1      10.1.20.20
19         Pop Label  10.10.20.0/24    0             Fa1/0      10.1.10.10
           Pop Label  10.10.20.0/24    0             Fa1/1      10.1.20.20
20         Pop Label  10.10.30.0/24    0             Fa1/0      10.1.10.10
21         Pop Label  10.20.30.0/24    0             Fa1/1      10.1.20.20
22         25         10.2.30.0/24     0             Fa1/0      10.1.10.10
           19         10.2.30.0/24     0             Fa1/1      10.1.20.20
23         26         10.3.30.0/24     0             Fa1/0      10.1.10.10
           20         10.3.30.0/24     0             Fa1/1      10.1.20.20
24         28         2.2.2.2/32       0             Fa1/0      10.1.10.10
           24         2.2.2.2/32       0             Fa1/1      10.1.20.20
25         27         3.3.3.3/32       0             Fa1/0      10.1.10.10
           23         3.3.3.3/32       0             Fa1/1      10.1.20.20

The output shows the Local Label that is advertised by the local router to its neighbors, the Outgoing Label which is received by the Next Hop and the local router uses to reach the destination by binding it to the packet and forward the labeled packet to the Outgoing interface.
If the Outgoing Label shows “Pop Label” it means that the local router is the PHP (Penultimate Hop Popping) router and the destination is local or directly connected to the Next Hop.

Traceroute from PE01 to PE02
PE01#traceroute 2.2.2.2Type escape sequence to abort.
Tracing the route to 2.2.2.2  1 10.1.20.20 [MPLS: Label 24 Exp 0] 80 msec
    10.1.10.10 [MPLS: Label 28 Exp 0] 68 msec
    10.1.20.20 [MPLS: Label 24 Exp 0] 64 msec
  2 10.10.30.30 [MPLS: Label 17 Exp 0] 64 msec
    10.20.30.30 [MPLS: Label 17 Exp 0] 36 msec
    10.10.30.30 [MPLS: Label 17 Exp 0] 72 msec
  3 10.2.30.2 56 msec *  84 msec

The output of the Traceroute from PE01 to PE02 shows that we are using labels along the path till the Penultimate hop is popping up the top most label of the stack – only one label per stack in our case – before sending it to the last hop/destination.

Now we have a ready network for implementing applications and services for the customers, and this network is IP/MPLS based, so keep your eyes opened for a very interesting part about MP-BGP in the next task.

Enjoy,