https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Basic MPLS

In this post I will try to clarify how to get a basic MPLS setup running. We will configure 6 routers in a lab setup and we will get some IP traffic through MPLS. The goal is not to explain all the details of MPLS, the goal is to get a setup running to see how you can get it going.

What is MPLS?

MPLS stands for Multi Protocol Label Switching. This technology allows traffic to go through a path through the network which answers to criteria you define. This definition of criteria is called Traffic Engineering. The multi protocols means it can be run on different protocols ( ethernet, sonet, …) and it can also carry different protocols, IP, IPv6, Ethernet, …

What it actually will do is add a MPLS header to the traffic. This header will be used so the routers know where the packet came from and where it has to go. Additionally it will also contain CoS, TTL and Bottom of stack information (used in the MPLS protocol).

Why MPLS

Advantages of MPLS:

  • Reduce routing lookups
  • BGP free core
  • Better link usage (not only by igp)
  • Multiple services configurable
    • L3, L2, pseudowire,…

Reduce routing lookups: The routes only need to get looked up on the edge of the network. The edge router will route the traffic to the right label switched path.

BGP free core: Because the routes only need to get lookup on the edge, it is not necessary to run BGP in the core.

Better link usage: The traffic can follow paths that do not follow the path of the IGP. You can dedicate the traffic to follow a certain path or to pass a certain router.

Multiple services configurable: MPLS supports the transport of IP traffic, Layer 2 and IPv6 are also possible. With pseudowire tunnels you can transport anything transparently.

You can also say: cause my employer / customer / … is using it 😉

Some abbreviations

So there is some MPLS / Service Provider lingo used in this article. Or any book about MPLS. Here are some of the important ones:

MPLS: Multi Protocol Label Switching
LSP: Label Switched Path
CE Router: Customer Edge Router
PE Router: Provider Edge Router
P Router: Provider (core) Router
TE: Traffic Engineering
IGP: Interior Gateway Protocol
AS: Autonomous system

Our lab

The lab consists if virtual SRX devices. I’m using an older version of the virtual SRX (vSRX) for this (firefly-perimeter 12.1X46-D25.7). I’m using the older version because it doesn’t have limitations and uses a small memory footprint. It should also work perfectly fine with newer versions.

  • 2 customers are connected to our network (I will use one device for this and configure routing instances)
    • CE AS65001 and CE AS65002
  • 2 PE routers
    • PE-11 and PE-14
  • 2 P routers
    • P-12 and P-13

MPLS Lab overview

 

Since I am running the setup on SRX devices, we need to put them in “Packet mode”. This is not required for MX devices

You do this by removing the security configuration and adding the following:

security {
    forwarding-options {
        family {
            mpls {
                mode packet-based;
            }
        }
    }
}

After committing this, the device will require a reboot.

More information here: https://kb.juniper.net/InfoCenter/index?page=content&id=KB30461

Basic setup

Basic MPLS setup consists of following elements:

  • Loopbacks configured on all your internal routers
  • IGP configured with traffic engineering
  • MPLS enabled and family mpls on your internal interfaces
  • signaling protocol (LDP or RSVP) enabled on your internal routers
  • LSP configured on the PE routers you need to pass traffic (this probably needs to be a full mesh with all PE routers on your network)

Let’s check out the example.

CE routers

So the CE’s just act as test devices. They will announce their loopback addresses to AS65000. Then we can use those addresses for testing.

The CE router does not have to know MPLS is being used inside the network it is connecting to. The CE router is just doing a BGP peering.

The ge-0/0/0 is a management interface, ge-0/0/1 connects to PE 11 and ge-0/0/2 connects to PE12.

lo0.1 is for CE65001 and lo0.2 is for 65002

system {
    host-name LAB-CE;
    root-authentication {
        encrypted-password ""; ## SECRET-DATA
    }
    services {
        ssh;
    }
}
interfaces {
    ge-0/0/0 {
        description "management interface";
        unit 0 {
            family inet {
                dhcp;
            }
        }
    }
    ge-0/0/1 {
        description "Link to PE-11";
        unit 0 {
            family inet {
                address 10.0.201.1/30;
            }
        }
    }
    ge-0/0/2 {
        description "Link to PE-14";
        unit 0 {
            family inet {
                address 10.0.205.2/30;
            }
        }
    }
    lo0 {
        unit 1 {
            family inet {
                address 10.200.1.1/32;
            }
        }
        unit 2 {
            family inet {
                address 10.200.2.1/32;
            }
        }
    }
}
policy-options {
    policy-statement bgp-as-65001 {
        term 1 {
            from {
                route-filter 10.200.1.1/32 exact;
            }
            then accept;
        }
        term 2 {
            then reject;
        }
    }
    policy-statement bgp-as-65002 {
        term 1 {
            from {
                route-filter 10.200.2.1/32 exact;
            }
            then accept;
        }
        term 2 {
            then reject;
        }
    }
}
security {
    forwarding-options {
        family {
            mpls {
                mode packet-based;
            }
        }
    }
}
routing-instances {
    CE650001 {
        instance-type virtual-router;
        interface ge-0/0/1.0;
        interface lo0.1;
        routing-options {
            router-id 10.200.1.1;
            autonomous-system 65001;
        }
        protocols {
            bgp {
                export bgp-as-65001;
                group 65000 {
                    type external;
                    neighbor 10.0.201.2 {
                        peer-as 65000;
                    }
                }
            }
        }
    }
    CE650002 {
        instance-type virtual-router;
        interface ge-0/0/2.0;
        interface lo0.2;
        routing-options {
            router-id 10.200.2.1;
            autonomous-system 65002;
        }
        protocols {
            bgp {
                export bgp-as-65002;
                group 65000 {
                    type external;
                    family inet {
                        unicast;
                    }
                    neighbor 10.0.205.1 {
                        peer-as 65000;
                    }
                }
            }
        }
    }
}

PE routers

The PE router will have the most configuration.

For the MPLS, we need the protocols mpls configured, the RSVP and enable traffic engineering in OSPF.

RSVP is the protocol that will take care of the traffic engineering and the labels. It will get it’s information from OSPF. OSPF has the traffic engineering database that RSVP relies on for information. This is however not enabled by default and needs to be enabled (in ISIS this is enabled by default).

It’s also important that the interfaces facing other MPLS routers have the family mpls configured. Otherwise they won’t forward or receive any mpls traffic.

Under MPLS we also need to configure the label switched path. This needs to be a full mesh of all the routers you want to communicate with (it’s unidirectional).

In our example we have just 2 PE routers. In the real world this would be at least all your PE routers.

system {
    host-name PE-11;
    root-authentication {
        encrypted-password ""; ## SECRET-DATA
    }
    services {
        ssh;
    }
}
interfaces {
    ge-0/0/0 {
        unit 0 {
            family inet {
                dhcp;
            }
        }
    }
    ge-0/0/1 {
        unit 0 {
            family inet {
                address 10.0.201.2/30;
            }
        }
    }
    ge-0/0/2 {
        unit 0 {
            family inet {
                address 10.0.202.1/30;
            }
            family mpls;
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 10.10.10.11/32;
            }
        }
    }
}
routing-options {
    router-id 10.10.10.11;
    autonomous-system 65000;
}
protocols {
    rsvp {
        interface ge-0/0/2.0;
    }
    mpls {
        label-switched-path PE-11-to-PE-14 {
            to 10.10.10.14;
        }
        interface ge-0/0/2.0;
    }
    bgp {
        group 65001 {
            type external;
            family inet {
                unicast;
            }
            neighbor 10.0.201.1 {
                peer-as 65001;
            }
        }
        group internal {
            type internal;
            local-address 10.10.10.11;
            export [ nhs uplink ];
            neighbor 10.10.10.14;
        }
    }
    ospf {
        traffic-engineering;
        area 0.0.0.0 {
            interface ge-0/0/2.0 {
                interface-type p2p;
            }
            interface lo0.0 {
                passive;
            }
        }
    }
}
policy-options {
    policy-statement nhs {
        then {
            next-hop self;
        }
    }
    policy-statement uplink {
        term 1 {
            from {
                route-filter 10.0.201.0/30 exact;
            }
            then accept;
        }
    }
}
security {
    forwarding-options {
        family {
            mpls {
                mode packet-based;
            }
        }
    }
}

P Routers

As you compare the configuration of the P router with the PE router, you can see the P router has a lot less configured. It just has the basic MPLS/OSPF/RSVP and no BGP configured.

system {
    host-name P-13;
    root-authentication {
        encrypted-password ""; ## SECRET-DATA
    }
    services {
        ssh;
    }
}
interfaces {
    ge-0/0/0 {
        unit 0 {
            family inet {
                dhcp;
            }
        }
    }
    ge-0/0/1 {
        unit 0 {
            family inet {
                address 10.0.203.2/30;
            }
            family mpls;
        }
    }
    ge-0/0/2 {
        unit 0 {
            family inet {
                address 10.0.204.1/30;
            }
            family mpls;
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 10.10.10.13/13;
            }
        }
    }
}
routing-options {
    router-id 10.10.10.13;
    autonomous-system 65000;
}
protocols {
    rsvp {
        interface ge-0/0/1.0;
        interface ge-0/0/2.0;
    }
    mpls {
        interface ge-0/0/1.0;
        interface ge-0/0/2.0;
    }
    ospf {
        traffic-engineering;
        area 0.0.0.0 {
            interface lo0.0 {
                passive;
            }
            interface ge-0/0/1.0 {
                interface-type p2p;
            }
            interface ge-0/0/2.0 {
                interface-type p2p;
            }
        }
    }
}
security {
    forwarding-options {
        family {
            mpls {
                mode packet-based;
            }
        }
    }
}

Verification

So to verify if all of this is working, we can use the ping on the CE routers.

But maybe more importantly, if you have to troubleshoot, first check these things:

  • Is my IGP working and do I receive the loopbacks of all my routers?
    • Is traffic engineering enabled (only for ospf)?
root@PE-11> show ospf neighbor
Address          Interface              State     ID               Pri  Dead
10.0.202.2       ge-0/0/2.0             Full      10.10.10.12      128    39

root@PE-11> show route 10.10.10/24

inet.0: 18 destinations, 18 routes (18 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.10.10.11/32     *[Direct/0] 00:53:50
                    > via lo0.0
10.10.10.12/32     *[OSPF/10] 00:53:23, metric 1
                    > to 10.0.202.2 via ge-0/0/2.0
10.10.10.13/32     *[OSPF/10] 00:53:23, metric 2
                    > to 10.0.202.2 via ge-0/0/2.0
10.10.10.14/32     *[OSPF/10] 00:53:23, metric 3
                    > to 10.0.202.2 via ge-0/0/2.0

root@PE-11> show ospf overview
Instance: master
  Router ID: 10.10.10.11
  Route table index: 0
  LSA refresh time: 50 minutes
  Traffic engineering
  Area: 0.0.0.0
    Stub type: Not Stub
    Authentication Type: None
    Area border routers: 0, AS boundary routers: 0
    Neighbors
      Up (in full state): 1
  Topology: default (ID 0)
    Prefix export count: 0
    Full SPF runs: 7
    SPF delay: 0.200000 sec, SPF holddown: 5 sec, SPF rapid runs: 3
    Backup SPF: Not Needed
    • Is RSVP working?
root@PE-11> show rsvp neighbor
RSVP neighbor: 1 learned
Address            Idle Up/Dn LastChange HelloInt HelloTx/Rx MsgRcvd
10.0.202.2            5  1/0       53:32        9   356/356  148

root@PE-11> show rsvp session
Ingress RSVP: 1 sessions
To              From            State   Rt Style Labelin Labelout LSPname
10.10.10.14     10.10.10.11     Up       0  1 FF       -   299808 PE-11-to-PE-14
Total 1 displayed, Up 1, Down 0

Egress RSVP: 1 sessions
To              From            State   Rt Style Labelin Labelout LSPname
10.10.10.11     10.10.10.14     Up       0  1 FF       3        - PE-14-to-PE-11
Total 1 displayed, Up 1, Down 0

Transit RSVP: 0 sessions
Total 0 displayed, Up 0, Down 0
  • Is mpls enabled and is the lsp coming up?
root@PE-11> show mpls interface
Interface State Administrative groups (x: extended)
ge-0/0/2.0 Up <none>

root@PE-11> show mpls lsp
Ingress LSP: 1 sessions
To From State Rt P ActivePath LSPname
10.10.10.14 10.10.10.11 Up 0 * PE-11-to-PE-14
Total 1 displayed, Up 1, Down 0

Egress LSP: 1 sessions
To From State Rt Style Labelin Labelout LSPname
10.10.10.11 10.10.10.14 Up 0 1 FF 3 - PE-14-to-PE-11
Total 1 displayed, Up 1, Down 0

Can we do the ping test?

root@LAB-CE# run ping 10.200.2.1 routing-instance CE65001 
PING 10.200.2.1 (10.200.2.1): 56 data bytes
64 bytes from 10.200.2.1: icmp_seq=0 ttl=62 time=48.475 ms
64 bytes from 10.200.2.1: icmp_seq=1 ttl=62 time=36.041 ms
64 bytes from 10.200.2.1: icmp_seq=2 ttl=62 time=35.145 ms

Conclusion

I hope you can started with a small setup to get to know MPLS. There are many great resources to find to add more features to the setup.

I would like to recommend Junipers Week one PDF about MPLS:

https://forums.juniper.net/t5/Day-One-Books-Archive/This-Week-Deploying-MPLS/ba-p/87830

Thanks for reading

Leave a Reply