RE: MPLS VPN simple question

From: Roman Rodichev (roman@iementor.com)
Date: Tue Mar 03 2009 - 20:54:40 ARST


Peter, just like Scott said, since your P router is an RR, you don't "no bgp
default route-target filter", because it's automatically disabled. In your
case with or without "no bgp default route-target filter", the VPNv4
prefixes will show up in the LFIB. It shows up in the LFIB simply because
that P router resets the next-hop and creates new VPNv4 label for the VPNv4
prefix. Consequently, the actual reason for the prefix to show up in the
LFIB is so that the router can swap incoming VPNv4 label with an outgoing
VPNv4 label (and potentially push another IPv4 label on top). If you examine
the LFIB for that "RD:prefix" the Local Tag is the incoming VPNv4 label and
Outgoing tag is either an outgoing VPNv4 PE label or an IGP LDP label to
reach the PE loopback. That output doesn't show both outgoing labels if
there are two of them. You have to do "show mpls for detail" to see "tag
stack". In your case it should be just one outgoing label, because PE is
directly connected to your P-RR-ASBR router. I think you confused people
initially by calling your P router a P router, you should have said that
it's also an RR and an ASBR.

I digress..

Remember that diagram in the books that show boxes and arrows with LFIB,
FIB, LIB, RIB, etc? If an IP packet enters the data plane, FIB is used to
forward the packet. If an MPLS frame enters the data plane, LFIB is used to
forward the packet.

On your P router, a labeled frame enters the router and the top label is the
VPNv4 label. LFIB must know how to forward that frame with that incoming
label.

On your PE router, an IP packet enters the VRF CE interface and therefore
LFIB doesn't need to know about that prefix. It's FIB's job (show ip cef) to
know how to forward the packet and what label stack to push on the packet.

Roman Rodichev
5xCCIE #7927 (R&S, Security, Voice, Storage, Service Provider)
Instructor, Content Developer
ieMentor Corporation http://www.iementor.com
Y!M: roman7927

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Peter Svidler
Sent: Tuesday, March 03, 2009 3:27 PM
To: 'Ahamed Sadayan-Abdul-Hutha (asadayan)'; smorris@internetworkexpert.com
Cc: ccielab@groupstudy.com
Subject: RE: MPLS VPN simple question

ok i think i need to elaborate more here :)
 
the P router is a VPNv4 RR inside AS , it does not have any VRF created .
 
I am peering VPNv4 with another AS from that P router so typically to get
the
prefixes move , i have to disable vpnv4 route-target filter .
 
my very specific question is , WHY the VPNv4 prefixes get installed in the
MPLS forwarding table ( appended with the RD ) and do not remain the VPNv4
table ???.. i understand it should appear in the VPNv4 table ..but why in
the
MPLS forwarding table ???
 
 
 
 
 
 
 

--- On Tue, 3/3/09, Scott Morris <smorris@internetworkexpert.com> wrote:

From: Scott Morris <smorris@internetworkexpert.com>
Subject: RE: MPLS VPN simple question
To: "'Peter Svidler'" <doubleccie@yahoo.com>, "'Ahamed Sadayan-Abdul-Hutha
(asadayan)'" <asadayan@cisco.com>
Cc: ccielab@groupstudy.com
Date: Tuesday, March 3, 2009, 4:11 PM

The short question I would ask you... Unless your P router is acting as a
route reflector for VPNv4 (at which point the ARF is automatically
disabled), why in the world would you peer BGP, specifically that address
family, with your P routers?

PE to PE is where you want things.

As long as you have an LSP between the PE's, all the P router needs to care
about is that next-hop reachability to reach the PE ID. No VRF-specific
information is necessary and it should NOT be seeing the vpn labels. The
problem is that it's trying, then not doing very well until you disable
ARF!

Take your P router out of the equation unless you have some burning issue to
need it.

Just my two cents.

Scott

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Peter Svidler
Sent: Tuesday, March 03, 2009 3:42 PM
To: Ahamed Sadayan-Abdul-Hutha (asadayan)
Cc: ccielab@groupstudy.com
Subject: RE: MPLS VPN simple question

Hi Ahmed ,
thanks for your answer .

my concern is that when i disable the default vpnv4 route-filter , the
prefixes are installed on the P router LFIB ( the mpls forwarding table )
even
though there is no VRF created on this router , the only difference is that
those prefixes are installed in the mpls forwarding table with the RD
appended to the prefixes .

if you have a setup you can try it ..it is always like that ..my question is
why?? ..should not those prefixes only remain the vpnv4 table ??

--- On Tue, 3/3/09, Ahamed Sadayan-Abdul-Hutha (asadayan)
<asadayan@cisco.com>
wrote:

From: Ahamed Sadayan-Abdul-Hutha (asadayan) <asadayan@cisco.com>
Subject: RE: MPLS VPN simple question
To: "Peter Svidler" <doubleccie@yahoo.com>
Date: Tuesday, March 3, 2009, 3:34 PM

Hi Peter,

The VRF routes learned from the remote PE's can be seen using the
command sh ip ro vrf < vrf name>.
If you disable route-target filter, you will see the vpnv4 prefixes on
the P router also, That is way to import all the vrf routes if you don't
have any vrf configured.
But you should see only on vpnv4 tabel only not on the mpls tabel.
Unless if you are leaking those routes to the global tabel.

Thanks
Ahamed

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Peter Svidler
Sent: Tuesday, March 03, 2009 2:18 AM
To: ccielab@groupstudy.com
Subject: MPLS VPN simple question

folks,
I have simple setup of 3 routers of a service provider, 2 PE's and 1 P
router

on the PE's there is one VRF created and receiving some prefixes from
CEs

when i establish the VPNv4 session inside the provider network , the
prefixes appears in the MPLS table with [v] which means it is inisde the
VRF and that is ok .

my question is , why the other end prefixes does not appear on the PE ?

also when i disable the route-target filter option on the P router , the
VPN prefixes of both PE's appears in the MPLS table ...shoud not it
remain in the
vpnv4 table only ??

thanks

Blogs and organic groups at http://www.ccie.net



This archive was generated by hypermail 2.1.4 : Mon Apr 06 2009 - 06:44:03 ART