CCIE Routing Protocol Part3MPLS VPNWord格式.docx

1、MPLS Label Distribution: For Cell-mode: Label Space（ Per-interface）, Label Generate/Distribute/Allocation（DownStream-on-demand/Ordered Control mode） and Label retention（Conservative label retention mode-only keep requested label）For Frame-Mode: Label Space（ Per-platform）, Label Generate/Distribute/A

2、llocation（Unsolicited DownStream/Independent control mode） and Label retention（liberal label retention mode-keep all received but only one be used）For Cisco Router: Per-platform/Unsolicited DownStream/independent Control/Liberal label retention For Cisco ATM: per-interface/Downstream-on-demend distr

3、ibute/independent control/conservation label retention/ordered controlFor Router with ATM interface: like ATM, just use conservative or liberal label retention.LDP: uses UDP/TCP 646 , TDP uses TCP 711LDP Hello using UDP packet to 224.0.0.2（ all Router Multicast address） with TTL=1 to find neighbor.t

4、hen use TCP to establish the session from Higher IP to lower ip and then initialization session for message exchange then exchange message after this, keepalive, and Router buildup Label map table.Label Tables:FEC: FEC is used to describe the packets that are forwarded based on a common charateristi

5、c such as Destination address/subnet, Qos class . , Label is assigned to a FEC.LSP: Label Switched Path, That is a sequence of LSRs that forward labeled packets through a certain FEC. it is uni-directional.FIB/RIB: Destination subnet and Next-hopLIB: Learn from downstream neighbor about ip prefix wi

6、th its label, based on this mapping, generate a local significant label and announce this label and ip prefix to upstream neighbor via LDPLFIB: It is a table inculdes: local label（ which be advertised to upstream） map with learn label（ which is learn from downstream）. if learn FEC from two LSRs, loc

7、al LSR select one of them based on FIB.MPLS loop detection:LDP loop detection build into IGP loop detect and TTL . by default, on ingress, TTL copy from IP packets TTL, at egress, Label TTL copied to IP header TTL field. if TTL=0, drop packet.MPLS convergence:when a link failure, IGP convergence and

8、 then MPLS convergencewhen the link recovery, Routing protocol rebuild RT and at this time, label switching should be broken until LFIB and FIB rebuild.MPLS MTU:because add labels, the frame size is bigger than normal, 1500B ip packet + 3 labels （ 4 times of 3 is 12 B）So the MTU should be 1512B or f

9、or ethernet switch supports Jumbo Frame（Giant Frame）.MPLS TE:requirement: 1: every LSR have to see the entire topology of the Network, 2: In this topology, LSR needs additional resource information for links, such as available resource and constrainsSo, only extension OSPF and ISIS fit for these req

10、uirements.Then. LSR uses RSVP-TE and CR-LDP to establish traffic engineering tunnels and propagate labels, each ELSR must be able to create an LSP tunnel on demand.RSVP-TE:There are two message types: PATH（ Tear/Error） and RESV（Tear/Error）ERO/RRO: ERO Explicit Routing Object, Downstream direction（ l

11、ike AS_PATH, that is LSP hop by hop list） to info each LSR to check and reserve resource, there are two ERO, one is strict and other is loose. strict means this Hop must bypass and this Hop and its last Hop must connect directly. RRO is Record Route Object, it is upstreamResource Information DataBas

12、e, it is a extend network topology with resource, by CSPF（ use LSA 9,10 to carry TE-relevent link attribute） and ISIS-TE（ new TLVs, TLV22, TLV134, TLV 135）Priority and Preemption （ Setup priority and holding priority）:Multiple LSP tunnels will be established, setup based on higher priority first, If

13、 the link resource is not insufficient, existing LSP tunnel with lower holding priority could be released resource for higher setup priority tunnel means preemption. MPLS TE have two labels: top label points to the endpoint of traffic engineering tunnel, the second lable points to destination.MPLS V

14、PN （peer to peer VPN）:There are two types VPN, one is Overlay VPN , SP provides Virtual Point-to-point links between CEs, such as （ layer-1:T1/ISDN/SONET; Layer-2:FR/ATM/X.25; layer-3: GRE, IPSec）one is Peer2Peer VPN:SP participates in Customer routing and separate forwarding table for each customer

15、.Control Plane: （ Global Routing Table / BackBone IGP Table / VRF table / VPNv4 Routing Table / RD / RT ）VRF table: IPv4 prefix, VRF routing table is isolated between each other, setup VRF at PE connecting to CEVPNv4 Routing Table: VPNv4 prefix are propagated across the MPLS-VPN Network to peer PE b

16、y MP-iBGP,so VPNv4 prefix must be unique in the whole MPLS network.RD（route distinguisher）: 64bits, MPLS VPN use add RD to make each IPv4 prefix to become a unique VNPv4 prefix. So allow CE Routes address overlap. RD is not the identifier of the VPN, So same VPN, allow to have different RDs. for exa

17、mple: RD type is ASN:nn or IP:nn, the first one is prefer. if a VRF ipv4 prefix is 10.1.1.0/24, RD is 65001:11, so VPNv4 prefix is 65001:11:10.1.1.0/24RT（ Router targets）: using BGP extended attribute （Community）, it will be propagated by MP-iBGP update. when the route prefix is redistributed from V

18、RF routing table into MP-iBGP, add export RT, to identify this route belong to which of VPN. At the receiver PE, compare vpnv4 prefixs community（ Export RT/Import RT） with local setting which is Import RT, if match, receive the vpnv4 prefix and convert to VRF ipv4 prefix, if not match, reject it. So

19、 MPLS-VPN using RD and RT to complete the route prefix uniqueness and identifier of VPN and propagate these prefix using MP-iBGP between two PEs. a VPNv4 prefix allow to carry multiple RTs （ Import RTs and Export RTs）. Import RT means which VPNv4 prefix will be accepted ; Export RT means to whom wil

20、l this VPNv4 prefix be allowed to send.Data Plane: The Core is BGP free, So only PEs run MP-iBGP, Only PEs know the VPNv4 prefix, P do not know them.So there are two labels, Top label used to forward packet to Peer PE, and the Bottom label used to identify VPN. For the Top labels, All PEs and Ps run

21、 IGP and LDP or RSVP-TE. Core IGP create a global routing table（ ipv4 prefix） and generate LFIB at all Ps and PEs. This is Top label to ensure packet will be switching from ingress PE to egress PE. The Bottom Label: it is vpn label, be advertised by MP-iBGP, When VPNv4 prefix be propagated from one

22、PE to peer PE, Peer PE decide which VRF these prefix belong to. At Ingress PE, it add two labels （ Global IGP label as the top label; VPN label as the bottom label）at the egress PE, It can map label to VPNv4 prefix , this label is VPN label, and this PE advertised the label along with the VPNv4 pref

23、ix to all possible ingress PEs, This label contained in the NLRI field of BGP.MP-iBGP: all PEs run MP-iBGP. so if there are many PEs, you should setup RR and use RT to let RR know all VPNv4 prefix. that means RR will receive all VPNv4 prefix.Or you can subdivide the VPNv4 prefix into groups and setu

24、p several RRs or RR groups to carry one of those subsets.When a PE redistribute VRF ipv4 prefix into MP-iBGP :1: Add RD2: Modify the next-hop to REs RID3: Add VPN label based on VPNv4 prefix4: Add RTsMPLS-VPN PE-CE Routing : Static Routing/connected between PE and CEredistribute Connected routes int

25、o BGP, Let remote PE know these connected IP, when ping from CE to CE, ping successfully. So if ping with a specified ip as source, you must make sure Remote device（PE or CE） know it to guarantee reply packet successfully. Router bgp 65001.address-family ipv4 vrf Cus_Aredistribute connected neighbor

26、 10.10.10.2 remote as 65001neighbor 10.10.10.2 activeFor static:ip route vrf Cus_A 10.100.0.0 255.255.0.0 10.10.10.2 5router bgp 65001redistribute staticRIPv2 Between PE and CEip vrf Cus_Ard 1:1route-traget export 1: import 1:router ripno auto-summaryversion 2network 10.0.0.0redistribute bgp 65001de

27、fault-metric 2redistribute ripOSPF between PE and CEQ1: usually, the MPLS-VPN as a Super-BackBone area, so CE send OSPF LSA3 to PE, which is a intra-summary route at PE, then PE redistribute these routes into BGP, then remote PE redistribute BGP into OSPF again. at Remote PE, these former LSA3 had been changed to LSA5 because red