MPLS VPN Label Basics – The LIB, the LFIB and the RIB(s)
08/02/2012 2 Comments
LDP, or Label Distribution Protocol, is used to advertise label bindings to peers in an MPLS network.
The Label Information Base, or LIB, contains all received labels from remote peers and is similar to the IP RIB. Not all labels received from LDP neighbors are used since there will be a best path selected and to be used for forwarding for each prefix. Forwarding decisions are based on the Label Forwarding Information Base, or LFIB, once the best path towards the next-hop LSR is determined. How this is determined is based on the close relationship between the LIB, the LFIB and the IP routing table (RIB).
For clarity, we’ll be talking about non-ATM MPLS forwarding. ATM MPLS uses different LDP discovery, label retention and distribution methods because of ATM’s unique forwarding method and encapsulation(s).
Here’s our simple MPLS topology. We have two PE routers, connecting two customer sites. We also have a route reflector to reduce the number of IBGP connections required between PE routers. This is part of my MPLS lab so the irrelevant routers and configs will be omitted.
PE1 Router ID: 10.255.255.3/32
PE2 Router ID: 10.255.255.4/32
RR Router ID: 10.255.255.2/32
Routing within the MPLS network is provided by basic single-area IS-IS.
So how does MPLS build its Label FIB? First, let’s look at the VRF’s defined for this customer. We’ll be using VRF “Red” on both PE routers:
PE1#show ip vrf Name Default RD Interfaces Red 65000:1 Fa1/0 ---- PE2#show ip vrf Name Default RD Interfaces Red 65000:1 Fa1/0
For VPNv4 routing between customer sites, MP-BGP is used to distribute label bindings for VRF routes. LDP will distribute label bindings for the Loopback0 BGP next-hop’s. OSPF is used between CE and PE routers.
On PE1, here are all the customer routes connected via Fa1/0
PE1#show ip route vrf Red ospf | in FastEthernet1/0 O IA 10.10.1.0/24 [110/2] via 10.1.1.2, 00:23:55, FastEthernet1/0 O 10.30.100.0/30 [110/101] via 10.1.1.2, 00:23:55, FastEthernet1/0 O 10.30.1.101/32 [110/2] via 10.1.1.2, 00:23:55, FastEthernet1/0
OSPF routes running in VRF Red are redistributed into MP-BGP under “address-family ipv4 vrf Red”.
PE1#show ip bgp vpnv4 rd 65000:1 10.10.1.0/24 BGP routing table entry for 65000:1:10.10.1.0/24, version 14 Paths: (1 available, best #1, table Red) Advertised to update-groups: 1 Local 10.1.1.2 from 0.0.0.0 (10.255.255.3) Origin IGP, metric 2, localpref 100, weight 32768, valid, sourced, best Extended Community: RT:65000:1 OSPF DOMAIN ID:0x0005:0x000000010200 OSPF RT:0.0.0.0:3:0 OSPF ROUTER ID:10.100.1.101:0 mpls labels in/out 25/nolabel PE1#
Here we can see the MPLS label binding that will be sent to other PE routers. PE routers with a VRF matching the same route targets will import these routes into the VRF of other sites.
In the MPLS LDP Forwarding table, an entry is created for these “local” VRF routes. That is, the routes reachable via the next-hop CE router:
PE1#show mpls forwarding-table vrf Red 10.10.1.0 Local Outgoing Prefix Bytes Label Outgoing Next Hop Label Label or VC or Tunnel Id Switched interface 25 No Label 10.10.1.0/24[V] 0 Fa1/0 10.1.1.2
This is the label that will be advertised to MP-BGP peers (in this case, reflected to PE2).
PE1 will also have a label binding for its own BGP next-hop IP address, which is the Loopback0 interface under the global routing table:
PE1#show mpls ldp bindings local 10.255.255.3 32 lib entry: 10.255.255.3/32, rev 4 local binding: label: imp-null
This is advertised as an Implicit Null label, to avoid performing two lookups (once in the LFIB and another in the RIB for its connected prefix). Core P routers will have a label binding for this prefix:
CoreP#show mpls ldp bindings local ... lib entry: 10.255.255.3/32, rev 14 local binding: label: 17
In order for the correct labels to be used for forwarding, two labels will have to be used. The top label will be used to forward packets in the core (P) MPLS network to the BGP next-hop (either the loopback of PE1 or PE2, depending on the packet destination from the CE sites). The bottom label will be used to identify the VRF and outgoing interface to route packets towards the customer router(s).
So, for customer at Site B to reach network 10.10.1.0/24 at Site A, PE2 will use the following labels:
- Label 17 for the transport label to PE1, received from MPLS core router(s); identified via RIB lookup in the VRF “Red” to identify next-hop IP address
- Label 25 for the VPN label, received from PE1 via MP-BGP; identified in the VPNv4 BGP RIB
Packet received on Fa1/0 destined for 10.10.1.1/24 from Site B router(s), performs VRF Red RIB lookup:
PE2#show ip route vrf Red ospf Routing Table: Red 10.0.0.0/8 is variably subnetted, 9 subnets, 3 masks O IA 10.10.1.0/24 [110/52] via 10.255.255.3, 00:46:32
PE2 identifies next-hop IP address, which is the BGP next-hop of PE1. Since it is traversing the MPLS network on the outgoing interface FastEthernet2/0 into the core, it needs to be labeled before transit:
PE2#show ip bgp vpnv4 rd 65000:1 10.10.1.0/24 BGP routing table entry for 65000:1:10.10.1.0/24, version 34 Paths: (1 available, best #1, table Red, RIB-failure(17)) Not advertised to any peer Local 10.255.255.3 (metric 20) from 10.255.255.2 (10.255.255.2) Origin IGP, metric 2, localpref 100, valid, internal, best Extended Community: RT:65000:1 OSPF DOMAIN ID:0x0005:0x000000010200 OSPF RT:0.0.0.0:3:0 OSPF ROUTER ID:10.100.1.101:0 Originator: 10.255.255.3, Cluster list: 10.255.255.2 mpls labels in/out nolabel/25
PE2#show mpls ldp bindings ... lib entry: 10.255.255.3/32, rev 8 local binding: label: 17 remote binding: lsr: 10.255.255.1:0, label: 17
Therefore, packets destined for customer Site A will be sent with the labels 17 and 25.
PE2#traceroute vrf Red 10.10.1.1 Type escape sequence to abort. Tracing the route to 10.10.1.1 1 10.10.1.9 [MPLS: Labels 17/25 Exp 0] 76 msec 52 msec 72 msec 2 10.1.1.1 [MPLS: Label 25 Exp 0] 84 msec 40 msec 40 msec 3 10.1.1.2 132 msec * 60 msec PE2#
Below I will attempt to illustrate the decision process and relationship between all the entries in an MPLS router to demonstrate these relationships:
- An incoming packet from Site B, destined for 10.10.1.1, is received on PE2’s VRF interface Fa1/0.
- IP lookup is performed in the VRF table “Red” and identifies next-hop IP address known via global routing table. This route was redistributed from BGP into OSPF (hence the RIB failure) via PE1 next-hop of 10.255.255.3.
- BGP RIB lookup is performed to identify the VPN label. Under the VPNv4 address family, outgoing label is 25, as advertised by PE1
- Global RIB lookup is performed for BGP next-hop learned in VRF. Actual IP next hop in the MPLS core is identified (10.10.1.9) via outgoing interface FastEthernet2/0.
- Outgoing interface is an MPLS-enabled interface. LIB lookup performed to find bound address of the MPLS core next-hop of 10.10.1.9. Based on LDP neighbor that has bound IP address 10.10.1.9, remote label received from that LDP neighbor is used for transport label to PE1 loopback.
- LFIB entry created with Label 17, outgoing interface FastEthernet2/0 with next-hop IP address of 10.10.1.9 into core MPLS network and is routed onto PE1.
Example of “show mpls ldp neighbor” displays bound addresses for core P router(s). LIB entry selected for forwarding in LFIB is based on which LDP neighbor this next-hop IP address in the global RIB is bound to. In this case, only one LDP neighbor exists:
PE2#show mpls ldp neighbor Peer LDP Ident: 10.255.255.1:0; Local LDP Ident 10.255.255.4:0 TCP connection: 10.255.255.1.646 - 10.255.255.4.34846 State: Oper; Msgs sent/rcvd: 118/119; Downstream Up time: 01:33:30 LDP discovery sources: FastEthernet2/0, Src IP addr: 10.10.1.9 Addresses bound to peer LDP Ident: 10.10.1.1 10.255.255.1 10.10.1.5 10.10.1.9 10.10.1.13 PE2#
In an MPLS VPN network, the label bindings received from remote peers (LIB), the label forwarding table (LFIB) and the various IP routing tables (VRF RIB, global RIB, BGP RIB, etc.) all work together in tandem to create the label stack used to forward packets from one VPN site to another. This is the basic forwarding paradigm of Multiprotocol Label Switching and enables service providers to provide L3VPN services to customers along with proper separation of customer routing via the use of VRF’s. References used in this post are Luc De Ghein’s MPLS Fundamentals book from Cisco Press and Cisco documentation, found at http://www.cisco.com/go/mpls.