Release: Document Revision: 5.3 01.01 www.nortel.com NN46240-506 324560-A Rev01
Release: 5.3 Publication: NN46240-506 Document Revision: 01.01 Document status: Standard Document release date: 30 March 2009 Copyright 2009 Nortel Networks All Rights Reserved. Printed in Canada, India, and the United States of America LEGAL NOTICE While the information in this document is believed to be accurate and reliable, except as otherwise expressly agreed to in writing NORTEL PROVIDES THIS DOCUMENT "AS IS" WITHOUT WARRANTY OR CONDITION OF ANY KIND, EITHER EXPRESS OR IMPLIED. The information and/or products described in this document are subject to change without notice. Nortel, the Nortel logo, and the Globemark are trademarks of Nortel Networks. All other trademarks are the property of their respective owners. ATTENTION For information about the safety precautions, read "Safety messages" in this guide. For information about the software license, read "Software license" in this guide.
Contents About this document...1 1 MPLS overview...1-1 1.1 Introduction...1-2 1.1.1 Basic MPLS concepts...1-2 1.1.2 MPLS network structure...1-4 1.1.3 MPLS architecture...1-5 1.1.4 MPLS and routing protocols...1-6 1.1.5 References...1-7 1.2 MPLS applications...1-7 1.2.1 MPLS-based VPN...1-7 1.2.2 MPLS-based QoS...1-8 2 Basic MPLS configuration...2-1 2.1 Introduction...2-3 2.1.1 Label distribution and management...2-3 2.1.2 LSP tunnel and label stack...2-4 2.1.3 PHP...2-5 2.1.4 TTL processing in MPLS...2-6 2.1.5 MPLS ping and traceroute...2-6 2.1.6 Basic LDP concepts...2-7 2.1.7 Working mechanism of LDP...2-8 2.1.8 Basic LDP operations...2-9 2.1.9 LDP loop detection...2-11 2.1.10 LDP Fast Reroute...2-11 2.1.11 LDP Graceful Restart...2-11 2.1.12 References...2-12 2.2 Configuring basic MPLS capability...2-13 2.2.1 Establishing the configuration task...2-13 2.2.2 Configuring the LSR ID...2-14 2.2.3 Enabling MPLS...2-14 2.2.4 Checking the configuration...2-15 2.3 Adjusting MPLS parameters...2-15 Issue 5.3 (30 March 2009) Nortel Networks Inc. i
2.3.1 Establishing the configuration task...2-15 2.3.2 Configuring PHP...2-16 2.3.3 Setting the MPLS MTU of the interface...2-17 2.3.4 Configuring the interval for collecting MPLS statistics...2-17 2.3.5 Configuring the load balancing mode of MPLS Layer 3 forwarding...2-18 2.3.6 Configuring FRR on the load balancing mode...2-18 2.3.7 Checking the configuration...2-19 2.4 Configuring static LSPs...2-19 2.4.1 Establishing the configuration task...2-19 2.4.2 Configuring the ingress for a static LSP...2-20 2.4.3 Configuring the transit for a static LSP...2-21 2.4.4 Configuring the egress for a static LSP...2-21 2.4.5 Checking the configuration...2-21 2.5 Configuring MPLS LDP...2-22 2.5.1 Establishing the configuration task...2-22 2.5.2 Enabling LDP...2-23 2.5.3 Setting parameters for LDP discovery...2-24 2.5.4 Setting parameters for LDP sessions...2-25 2.5.5 Configuring label distribution and retention mode...2-26 2.5.6 Configuring loop detection...2-27 2.5.7 Configuring LDP MD5 authentication...2-28 2.5.8 Configuring LDP MTU signaling...2-29 2.5.9 Checking the configuration...2-29 2.6 Configuring the LDP multi-instance...2-30 2.6.1 Establishing the configuration task...2-30 2.6.2 Configuring LDP multi-instance...2-31 2.6.3 Checking the configuration...2-32 2.7 Configuring the policy for establishing LSPs...2-32 2.7.1 Establishing the configuration task...2-32 2.7.2 Configuring the policy for triggering LSP setup...2-33 2.7.3 Configuring the policy for establishing transit LSPs...2-33 2.8 Shielding the MPLS hop count...2-34 2.8.1 Establishing the configuration task...2-34 2.8.2 Configuring MPLS IP TTL propagation...2-35 2.8.3 Configuring the path taken by ICMP response packets...2-36 2.9 Configuring LDP FRR...2-36 2.9.1 Establishing the configuration task...2-36 2.9.2 Enabling LDP FRR...2-37 2.9.3 Allowing BFD to modify the PST...2-38 T 2.9.4 Checking the configuration...2-38 2.10 Configuring LDP GR...2-39 2.10.1 Establishing the configuration task...2-39 ii Nortel Networks Inc. Issue 5.3 (30 March 2009)
2.10.2 Enabling LDP GR...2-39 2.10.3 Configuring LDP GR parameters...2-40 2.10.4 Testing LDP GR...2-41 2.11 Iterating the nonlabel public network route to the LSP...2-42 2.11.1 Establishing the configuration task...2-42 2.11.2 Iterating the nonlabel public network route to the LSP...2-43 2.11.3 Checking the configuration...2-43 2.12 Maintaining MPLS...2-44 2.12.1 Resetting LDP...2-44 2.12.2 Clearing MPLS statistics...2-44 2.12.3 Configuring MPLS ping or traceroute...2-44 2.12.4 Enabling MPLS LSP trapping...2-45 2.12.5 Debugging MPLS...2-45 2.13 Configuration examples...2-46 2.13.1 Example of configuring static LSPs...2-46 2.13.2 Example of configuring LDP sessions...2-54 2.13.3 Example of configuring LSPs by using LDP...2-57 2.13.4 Example of configuring transit LSPs through the prefix list...2-61 2.13.5 Example of configuring LDP FRR...2-66 2.13.6 Example of configuring LDP GR...2-73 3 MPLS TE configuration...3-1 3.1 Introduction...3-3 3.1.1 TE and MPLS TE...3-3 3.1.2 Basic MPLS TE concepts...3-4 3.1.3 Implementation of MPLS TE...3-4 3.1.4 CR-LSP...3-6 3.1.5 CR-LDP...3-8 3.1.6 RSVP-TE...3-8 3.1.7 RSVP authentication extension...3-12 3.1.8 Traffic forwarding...3-13 3.1.9 Fast Reroute...3-15 3.1.10 Automatic FRR...3-16 3.1.11 CR-LSP backup...3-17 3.1.12 Diff-Serv-Aware TE...3-17 3.1.13 References...3-18 3.2 Configuring basic MPLS TE capability...3-18 3.2.1 Establishing the configuration task...3-18 3.2.2 Enabling MPLS TE...3-19 3.2.3 Creating an MPLS TE tunnel...3-20 3.3 Configuring static MPLS TE tunnels...3-21 3.3.1 Establishing the configuration task...3-21 Issue 5.3 (30 March 2009) Nortel Networks Inc. iii
3.3.2 Configuring an MPLS TE tunnel using static CR-LSP...3-22 3.3.3 Configuring the ingress of static CR-LSP...3-23 3.3.4 Configuring the transit of static CR-LSP...3-23 3.3.5 Configuring the egress of static CR-LSP...3-24 3.3.6 Checking the configuration...3-24 3.4 Configuring the MPLS TE tunnel using CR-LDP...3-25 3.4.1 Establishing the configuration task...3-25 3.4.2 Configuring link bandwidth...3-26 3.4.3 Configuring OSPF TE...3-27 3.4.4 Configuring IS-IS TE...3-27 3.4.5 Configuring the MPLS TE explicit path...3-28 3.4.6 Configuring constraints for the MPLS TE tunnel...3-30 3.4.7 Configuring CSPF...3-30 3.4.8 Establishing the MPLS TE tunnel using CR-LDP...3-31 3.4.9 Checking the configuration...3-31 3.5 Configuring the MPLS tunnel using RSVP-TE...3-32 3.5.1 Establishing the configuration task...3-32 3.5.2 Configuring the link bandwidth...3-34 3.5.3 Configuring OSPF TE...3-34 3.5.4 Configuring IS-IS TE...3-35 3.5.5 Configuring MPLS TE explicit path...3-36 3.5.6 Configuring constraints for the MPLS TE tunnel...3-37 3.5.7 Configuring CSPF...3-38 3.5.8 Establishing the MPLS TE tunnel using RSVP-TE...3-38 3.5.9 Checking the configuration...3-39 3.6 Configuring advanced RSVP-TE features...3-41 3.6.1 Establishing the configuration task...3-41 3.6.2 Configuring the RSVP Hello extension...3-42 3.6.3 Configuring the RSVP resource reservation style...3-43 3.6.4 Configuring RSVP timers...3-43 3.6.5 Configuring the RSVP refresh mechanism...3-44 3.6.6 Enabling the reservation confirmation mechanism...3-45 3.6.7 Configuring RSVP authentication...3-45 3.6.8 Configuring the handshake function...3-46 3.6.9 Configuring the message window function...3-46 3.6.10 Checking the configuration...3-47 3.7 Adjusting the establishment of CR-LSP...3-48 3.7.1 Establishing the configuration task...3-48 3.7.2 Configuring CSPF tiebreaking...3-49 3.7.3 Configuring route pinning...3-50 3.7.4 Configuring the administrative group and affinity property...3-50 3.7.5 Configuring reoptimization for CR-LSP...3-51 iv Nortel Networks Inc. Issue 5.3 (30 March 2009)
3.7.6 Checking the configuration...3-52 3.8 Adjusting the establishment of the MPLS TE tunnel...3-52 3.8.1 Establishing the configuration task...3-52 3.8.2 Configuring loop detection...3-53 3.8.3 Configuring the route record and label record...3-54 3.8.4 Configuring tunnel reestablishment parameters...3-54 3.8.5 Configuring the tunnel priority...3-55 3.8.6 Checking the configuration...3-55 3.9 Influencing traffic forwarding...3-56 3.9.1 Establishing the configuration task...3-56 3.9.2 Configuring the failed link timer...3-57 3.9.3 Configuring flooding thresholds...3-57 3.9.4 Configuring metrics for path calculation...3-58 3.9.5 Configuring the IGP shortcut...3-59 3.9.6 Configuring forwarding adjacency...3-60 3.9.7 Configuring the type of traffic forwarded by the tunnel...3-61 3.10 Configuring MPLS TE Fast Reroute...3-62 3.10.1 Establishing the configuration task...3-62 3.10.2 Enabling Fast Reroute on the ingress of the primary LSP...3-63 3.10.3 Configuring bypass tunnels on the PLR...3-64 3.10.4 Configuring node protection...3-64 3.11 Configuring automatic FRR...3-65 3.11.1 Establishing the configuration task...3-65 3.11.2 Enabling Auto FRR in the MPLS view...3-67 3.11.3 Enabling Auto FRR in the interface view...3-67 3.11.4 Configuring Auto FRR on the ingress of the tunnel...3-68 3.11.5 Checking the configuration...3-69 3.12 Configuring the backup CR-LSP...3-69 3.12.1 Establishing the configuration task...3-69 3.12.2 Configuring the backup CR-LSP...3-70 3.12.3 Checking the configuration...3-71 3.13 Maintaining MPLS TE...3-71 3.13.1 Clearing the running information...3-71 3.13.2 Resetting the tunnel interface...3-71 3.13.3 Debugging MPLS TE...3-72 3.14 Configuration examples...3-72 3.14.1 Example of establishing an MPLS TE tunnel using static CR-LSP...3-73 3.14.2 Example of establishing an MPLS TE tunnel using RSVP-TE...3-79 3.14.3 Example of establishing an MPLS TE tunnel using CR-LDP...3-88 3.14.4 Example of configuring the handshake and the message window...3-99 3.14.5 Example of configuring tunnel properties...3-105 3.14.6 Example of configuring Fast Reroute...3-118 Issue 5.3 (30 March 2009) Nortel Networks Inc. v
3.14.7 Example of configuring Auto FRR...3-131 3.14.8 Example of configuring CR-LSP backup...3-139 3.14.9 Example of configuring MPLS TE in BGP/MPLS IP VPN...3-146 3.14.10 Example of configuring an inter-area tunnel...3-158 A Glossary... A-1 B Acronyms and abbreviations...b-1 Index... i-1 vi Nortel Networks Inc. Issue 5.3 (30 March 2009)
Figures Figure 1-1 Label encapsulation structure...1-2 Figure 1-2 Label encapsulation location in a packet...1-3 Figure 1-3 MPLS network structure...1-5 Figure 1-4 Architecture of MPLS...1-6 Figure 1-5 MPLS and routing protocols...1-7 Figure 1-6 MPLS-based VPN...1-8 Figure 2-1 LSP tunnel...2-5 Figure 2-2 Label distribution process...2-8 Figure 2-3 Application of iterating the non-label public network route to the LSP...2-42 Figure 2-4 Networking of configuring static LSPs...2-46 Figure 2-5 Networking diagram of LDP session configuration...2-54 Figure 2-6 Networking diagram of configuring transit LSPs through the prefix list...2-61 Figure 2-7 Networking diagram of configuring LDP FRR...2-67 Figure 2-8 Networking diagram of configuring LDP GR...2-74 Figure 3-1 Schematic diagram of make-before-break...3-9 Figure 3-2 Establishing an LSP tunnel...3-10 Figure 3-3 Basic principle of handshake...3-12 Figure 3-4 Schematic diagram of IGP shortcut and forwarding adjacency...3-14 Figure 3-5 Schematic diagram of FRR link protection...3-15 Figure 3-6 Schematic diagram of FRR node protection...3-16 Figure 3-7 Relationship between the global bandwidth and the subpool bandwidth...3-18 Figure 3-8 Networking diagram of static CR-LSP configuration...3-73 Figure 3-9 Networking diagram of the MPLS TE tunnel configured by RSVP-TE...3-79 Figure 3-10 Networking diagram of the MPLS TE tunnel configured by CR-LDP...3-89 Figure 3-11 Networking diagram of the RSVP authentication...3-100 Figure 3-12 Networking diagram of configuring tunnel properties...3-105 Issue 5.3 (30 March 2009) Nortel Networks Inc. vii
Figure 3-13 Networking diagram of MPLS TE FRR configuration...3-118 Figure 3-14 Example of configuring Auto FRR...3-131 Figure 3-15 Networking diagram of CR-LSP backup...3-140 Figure 3-16 Networking diagram of MPLS TE configuration in the VPN...3-147 Figure 3-17 Networking diagram of configuring an MPLS TE tunnel using RSVP-TE...3-158 viii Nortel Networks Inc. Issue 5.3 (30 March 2009)
Tables Table 1-1 Fields in a label...1-3 Issue 5.3 (30 March 2009) Nortel Networks Inc. ix
Contents About this document...1 Issue 5.3 (30 March 2009) Nortel Networks Inc. i
About this document About this document Overview This section describes the organization of this document, product version, intended audience, conventions, and update history. Related versions The following table lists the product versions related to this document. Product name Version Nortel Secure Router 8000 Series 1.0 Intended audience This document is intended for the following audience: network operators network administrators network maintenance engineers Organization This document consists of three chapters and is organized as follows. Chapter Description 1 MPLS overview This chapter describes the architecture and application of Multiprotocol Label Switching (MPLS). Issue 5.3 (30 March 2009) Nortel Networks Inc. 1
About this document Nortel Secure Router 8000 Series Chapter 2 Basic MPLS configuration 3 MPLS TE configuration Appendix A Glossary Appendix B Acronyms and abbreviations Description This chapter describes the fundamentals of MPLS forwarding and Label Distribution Protocol (LDP), the policy of establishing the static Label Switched Path (LSP), the dynamic LSP, the Border Gateway Protocol (BGP)/MPLS virtual private network (VPN) and LSP, and the basic MPLS configuration procedures and examples. This chapter describes the fundamentals of MPLS traffic engineering (TE) and provides configuration procedures and examples for the static CR-LSP tunnel, the MPLS TE tunnel based on dynamic signaling protocol, the end-to-end protection route, partial protection through Fast Reroute (FRR), traffic forwarding of the BGP/MPLS IP VPN through the TE tunnel, and adjusting the traffic dynamically through LDP over TE. This appendix contains a glossary of frequently used terms. This appendix lists frequently used acronyms and abbreviations. Conventions Symbol conventions This section describes the symbol and text conventions used in this document. Symbol Description Indicates a hazard with a high level of risk that, if not avoided, can result in death or serious injury. Indicates a hazard with a medium or low level of risk that, if not avoided, can result in minor or moderate injury. Indicates a potentially hazardous situation that, if not avoided, can cause equipment damage, data loss, and performance degradation, or unexpected results. Indicates a tip that may help you solve a problem or save time. Provides additional information to emphasize or supplement important points of the main text. 2 Nortel Networks Inc. Issue 5.3 (30 March 2009)
About this document General conventions Convention Times New Roman Boldface Italic Courier New Description Normal paragraphs are in Times New Roman font. Names of files, directories, folders, and users are in boldface. For example, log on as the user root. Book titles are in italics. Terminal display is in Courier New font. Command conventions Convention Boldface Italic Description The keywords of a command line are in boldface. Command arguments are in italics. [ ] Items (keywords or arguments) in square brackets [ ] are optional. { x y... } Alternative items are grouped in braces and separated by vertical bars. You select one item. [ x y... ] Optional alternative items are grouped in square brackets and separated by vertical bars. You select one item or no item. { x y... } * Alternative items are grouped in braces and separated by vertical bars. You can select a minimum of one item or a maximum of all items. &<1-n> The parameter before the ampersand sign (&) can be repeated 1 to n times. A line starting with the number sign () contains comments. GUI conventions Convention Boldface Description Buttons, menus, parameters, tabs, windows, and dialog box titles are in boldface. For example, click OK. > Multilevel menus are in boldface and separated by the right-angled bracket sign (>). For example, choose File > Create > Folder. Issue 5.3 (30 March 2009) Nortel Networks Inc. 3
About this document Nortel Secure Router 8000 Series Keyboard operation Format Key Key 1+Key 2 Key 1, Key 2 Description Press the key. For example, press Enter and press Tab. Press the keys concurrently. For example, Ctrl+Alt+A means press the three keys concurrently. Press the keys in sequence. For example, Alt, A means press the two keys in sequence. Mouse operation Action Click Double-click Drag Description Select and release the primary mouse button without moving the pointer. Press the primary mouse button twice quickly without moving the pointer. Press and hold the primary mouse button and move the pointer to a new position. Update history Updates between document versions are cumulative. Therefore, the latest document version contains all updates made to previous versions. Updates in Issue 01 (2008-06-06) This is the first commercial release of this document. 4 Nortel Networks Inc. Issue 5.3 (30 March 2009)
Contents 1 MPLS overview...1-1 1.1 Introduction...1-2 1.1.1 Basic MPLS concepts...1-2 1.1.2 MPLS network structure...1-4 1.1.3 MPLS architecture...1-5 1.1.4 MPLS and routing protocols...1-6 1.1.5 References...1-7 1.2 MPLS applications...1-7 1.2.1 MPLS-based VPN...1-7 1.2.2 MPLS-based QoS...1-8 Issue 5.3 (30 March 2009) Nortel Networks Inc. i
Figures Figure 1-1 Label encapsulation structure...1-2 Figure 1-2 Label encapsulation location in a packet...1-3 Figure 1-3 MPLS network structure...1-5 Figure 1-4 Architecture of MPLS...1-6 Figure 1-5 MPLS and routing protocols...1-7 Figure 1-6 MPLS-based VPN...1-8 Issue 5.3 (30 March 2009) Nortel Networks Inc. iii
Tables Table 1-1 Fields in a label...1-3 Issue 5.3 (30 March 2009) Nortel Networks Inc. v
1 MPLS overview 1 MPLS overview About this chapter The following table shows the contents of this chapter. Section Description 1.1 Introduction This section describes the concepts, networking, and architecture of Multiprotocol Label Switching (MPLS). 1.2 MPLS applications This section describes the applications of MPLS. Issue 5.3 (30 March 2009) Nortel Networks Inc. 1-1
1 MPLS overview Nortel Secure Router 8000 Series 1.1 Introduction This section describes the concepts that you need to know before you configure MPLS: Basic MPLS concepts MPLS network structure MPLS architecture MPLS and routing protocols References 1.1.1 Basic MPLS concepts While forwarding packets, Multiprotocol Label Switching (MPLS) analyzes the IP packet header only at the network edge and not at every hop. This differs from traditional IP routing and increases the forwarding speed and saves processing time. MPLS originates from Internet Protocol version 4 (IPv4). The core technique of MPLS is applied to multiple network layer protocols, including Internet Protocol version 6 (IPv6), Internet Packet Exchange (IPX), Appletalk, DECnet, and Connectionless Network Protocol (CLNP). Forwarding Equivalence Class Label MPLS is a high-performance forwarding technology that takes packets with the same forwarding mode as a class. This type of class is called the Forwarding Equivalence Class (FEC). Packets of the same FEC are treated alike in the MPLS network. The source address, destination address, source port, destination port, protocol type, virtual private network (VPN), or any of combination of these determines an FEC. For example, packets that are transmitted to the same destination through the longest match algorithm belong to an FEC. A label is a short identifier of a fixed length with local significance. It is used to uniquely identify an FEC. The label assigned to the packet represents an FEC. In some cases, different labels are assigned to an FEC, but only a single label represents it. A label is 4 bytes long and is contained in the packet header, excluding the topology information. Figure 1-1 shows the label encapsulation structure. Figure 1-1 Label encapsulation structure 0 19 22 23 31 Label Exp S TTL A label contains four fields as described in Table 1-1. 1-2 Nortel Networks Inc. Issue 5.3 (30 March 2009)
1 MPLS overview Table 1-1 Fields in a label Field Description Length Label Exp S TTL Represents the label value, and is used as the pointer for forwarding. Reserved and used for experiments. It is generally used as Class of Service (CoS). Represents a label stack. The value 1 refers to the bottom layer label. Represents the Time To Live (TTL), and has the same meaning as the TTL in the IP packet. 20 bits 3 bits 1 bit 8 bits The label is a connection identifier, similar to the Asynchronous Transfer Mode (ATM) Virtual Path Identifier/ Virtual Channel Identifier (VPI/VCI) and the Frame Relay Data Link Connection Identifier (DLCI). If the link layer protocol has a label field, the label is encapsulated in the field. If the link layer protocol has no label field, the label resides between Layer 2 and Layer 3 like a shim. The label, therefore, can be supported by any link layer protocol. Figure 1-2 shows the label encapsulation location in a packet. Figure 1-2 Label encapsulation location in a packet Ethernet/PPP header Label Ethernet/SONET/SDH packet Layer 3 data ATM header Label ATM packet in frame mode Layer 3 data Label Switched Router A Label Switched Router (LSR) is a basic component of the MPLS network, and all LSRs support MPLS. An LSR has two components: Label Distribution Protocol Control part: Allocates labels, selects routes, creates the label-forwarding information base, and sets up or deletes a Label Switched Path (LSP). Forwarding part: Forwards received packets according to the entries in the label-forwarding base. Label Distribution Protocol (LDP) is the control protocol of MPLS. It is similar to the signaling protocol in a traditional network. Issue 5.3 (30 March 2009) Nortel Networks Inc. 1-3
1 MPLS overview Nortel Secure Router 8000 Series Label Switched Path LDP is responsible for packet classification, label distribution, LSP establishment, and maintenance. MPLS supports the following label distribution protocols: specially defined protocols for label distribution, such as LDP and Constraint-based Routing LDP (CR-LDP) extended existent protocols that support label distribution, such as Border Gateway Protocol (BGP) and Resource Reservation Protocol (RSVP) The router supports the protocols mentioned above and the static LSP. A Label Switched Path (LSP) refers to the path along which an FEC is MPLS network. transmitted in the The LSP functions as a unidirectional path from the ingress to the egress, similar to the ATM or Frame Relay (FR) virtual circuit. Each node in the path is an LSR. Two neighboring LSRs are called the upstream LSR and the downstream LSR, according to the data transmission direction. The types of LSPs are as follows: Static LSP: The administrator configures static LSPs. Dynamic LSP: The routing protocol and the label distribution protocol generate dynamic LSPs. 1.1.2 MPLS network structure Figure 1-3 shows the LSRs in the MPLS network. The network consisting of LSRs is called an MPLS domain. An edge LSR, also called Label Edge Router (LER), is located at the edge of the domain and has a neighboring LSR that does not run MPLS. The LSR located inside the domain is called a core LSR. The core LSR can be either a router that supports MPLS or an ATM LSR upgraded from an ATM switch. MPLS runs between the LSRs in the domain, and IP runs between an LER and a router outside the domain. The LSRs along which labeled packets are transmitted form an LSP. The ingress LER is called ingress, the egress LER is called egress, and the intermediate LER is called transit. 1-4 Nortel Networks Inc. Issue 5.3 (30 March 2009)
1 MPLS overview Figure 1-3 MPLS network structure Ingress Egress MPLS Core Switch (LSR) MPLS Edge Router(LER) Label Switched Path (LSP) Figure 1-3 shows the MPLS working process. The details are as follows: 1. LDP establishes a label map for the preferred FECs in each LSR through the routing table generated by traditional routing protocols like Open Shortest Path First (OSPF) and Intermediate System-Intermediate System (IS-IS). 2. The ingress receives a packet, determines its FEC, and adds a label to the packet. This packet is called the MPLS labeled packet. 3. The transits forward the packet according to its label and the label forwarding information base without any Layer 3 processing. 4. The egress strips off the label and continues the forwarding for delivery. MPLS is a tunnel technique rather than a service or application. It is a routing and forwarding platform that combines label switched forwarding with network layer routing. It supports multiple upper-layer protocols and services, and guarantees security during the transmission of information. 1.1.3 MPLS architecture MPLS architecture comprises the following: The control plane, which is connectionless and implemented through the current IP network. The forwarding plane, which is also known as the data plane and is connection-oriented. It uses the Layer 2 network such as ATM or FR. MPLS uses a short label of a fixed length to encapsulate packets. The data with the label is fast-forwarded on the data plane. The powerful, flexible routing function of the IP network is used on the control plane to meet the demands of new applications. Figure 1-4 shows the architecture of MPLS. Issue 5.3 (30 March 2009) Nortel Networks Inc. 1-5
1 MPLS overview Nortel Secure Router 8000 Series Figure 1-4 Architecture of MPLS Control Plane IP Routing Protocol Routing Information Base (RIB) Label Information Base(LIB) MPLS IP Routing Protocol Forwarding Plane Label Forwarding Information Base(LFIB) On the forwarding plane, core LSRs forward only labeled packets, whereas LERs forward both labeled packets and IP packets. The labeled packets use the Label Forwarding Information Base (LFIB), and the IP packets use the Forwarding Information Base (FIB). 1.1.4 MPLS and routing protocols Establishing the LSP by the routing table When LDP establishes an LSP in the hop-by-hop manner, it specifies the next hop according to the routing table on the LSR. The information in the routing table is collected by the routing protocol, such as Interior Gateway Protocol (IGP) and BGP. LDP uses only the routing information. Supporting label distribution by the extension of existing protocols The extension of existing protocols, such as BGP and RSVP, also supports the distribution of MPLS labels. Supporting MPLS applications by the extension of routing protocols In some MPLS applications, it is necessary to extend the routing protocols. For example, the MPLS-based VPN application requires the extension of BGP so that BGP supports the sending of VPN routing information. MPLS-based traffic engineering (TE) requires the extension of OSPF or IS-IS to carry the link status information. Figure 1-5 shows the relationship between MPLS and routing protocols. 1-6 Nortel Networks Inc. Issue 5.3 (30 March 2009)
1 MPLS overview Figure 1-5 MPLS and routing protocols ISIS OSPF LDP CR-LDP RSVP-TE TEDB LSP Management (LSPM) MPLS Forwarding 1.1.5 References For more information about MPLS, see RFC 3031 (Multiprotocol Label Switching Architecture). 1.2 MPLS applications With the development of the Application Specific Integrated Circuit (ASIC) technology, the route searching speed does not hinder network growth. This means that MPLS no longer has distinct advantages in improved forwarding speed. MPLS, however, combines the powerful Layer 3 routing function of IP networks and the high-efficiency forwarding mechanism of traditional Layer 2 networks. It is connection-oriented on the forwarding plane, which is similar to the forwarding mode of the existing Layer 2 networks. These characteristics allow seamless connection of IP networks and Layer 2 networks such as the ATM network and the FR network. MPLS also offers a better solution to applications such as Quality of Service (QoS), TE, and VPN. 1.2.1 MPLS-based VPN For traditional VPNs, the transmission of data between private networks and public networks is usually performed through tunneling protocols such as Generic Routing Encapsulation (GRE), Layer 2 Tunneling Protocol (L2TP), and Point-to-Point Tunneling Protocol (PPTP). The LSP itself is a tunnel on the public network. The implementation of VPNs using MPLS has an advantage. The MPLS-based VPN connects the geographically dispersed branches of a private network by using the LSP, forming a united network. The MPLS-based VPN also supports interconnection between different VPNs. Figure 1-6 shows the basic structure of an MPLS-based VPN: The Customer Edge (CE) can be a router, a switch, or a host. The Provider Edge (PE) is a router residing in the backbone network. Issue 5.3 (30 March 2009) Nortel Networks Inc. 1-7
1 MPLS overview Nortel Secure Router 8000 Series Figure 1-6 MPLS-based VPN PE3 CE3 VPN branch 3 CE1 PE1 VPN branch 1 Backbone network PE2 CE2 VPN branch 2 1.2.2 MPLS-based QoS The PE manages VPN users, sets up LSP connections between PEs, and assigns routes for each branch of users of the same VPN. Usually the route allocation between PEs is performed by LDP or the extended BGP. The MPLS-based VPN supports IP address space overlap between different branches and interconnection between different VPNs. Compared to traditional routes, VPN routes are added with the branch and VPN distinguisher information. Therefore, it is necessary to extend BGP to carry the VPN routing information. The router supports MPLS-based TE and differentiated services (Diff-serv) features. It ensures effective network utilization and implements differentiated services according to the priorities of streams. Thus, the router provides voice and video streams with low delay, low packet loss, and stable bandwidth guarantee. Because it is difficult to perform TE over the entire network, the Diff-serv model of QoS is commonly implemented in actual networking solutions. The Diff-serv model maps a service to a certain service class at the network edge according to the QoS requirement of the service. The Differentiated Service (DS) field (derived from the TOS field) in the IP packet uniquely identifies the service. Each node in the backbone network then performs the preset service policies. Service policies are applied to diversified services according to the field to ensure QoS. The QoS classification and label mechanism in the Diff-serv model is similar to MPLS label distribution. MPLS-based Diff-serv is implemented by integrating Diff-serv distribution into MPLS label distribution. NOTE This document describes MPLS basics and MPLS TE. 1-8 Nortel Networks Inc. Issue 5.3 (30 March 2009)
1 MPLS overview For information about MPLS VPN configuration, see Nortel Secure Router 8000 Series Configuration Guide - VPN (NN46240-507). For information about MPLS QoS configuration, see Nortel Secure Router 8000 Series Configuration Guide - QoS (NN46240-508). Issue 5.3 (30 March 2009) Nortel Networks Inc. 1-9
Contents 2 Basic MPLS configuration...2-1 2.1 Introduction...2-3 2.1.1 Label distribution and management...2-3 2.1.2 LSP tunnel and label stack...2-4 2.1.3 PHP...2-5 2.1.4 TTL processing in MPLS...2-6 2.1.5 MPLS ping and traceroute...2-6 2.1.6 Basic LDP concepts...2-7 2.1.7 Working mechanism of LDP...2-8 2.1.8 Basic LDP operations...2-9 2.1.9 LDP loop detection...2-11 2.1.10 LDP Fast Reroute...2-11 2.1.11 LDP Graceful Restart...2-11 2.1.12 References...2-12 2.2 Configuring basic MPLS capability...2-13 2.2.1 Establishing the configuration task...2-13 2.2.2 Configuring the LSR ID...2-14 2.2.3 Enabling MPLS...2-14 2.2.4 Checking the configuration...2-15 2.3 Adjusting MPLS parameters...2-15 2.3.1 Establishing the configuration task...2-15 2.3.2 Configuring PHP...2-16 2.3.3 Setting the MPLS MTU of the interface...2-17 2.3.4 Configuring the interval for collecting MPLS statistics...2-17 2.3.5 Configuring the load balancing mode of MPLS Layer 3 forwarding...2-18 2.3.6 Configuring FRR on the load balancing mode...2-18 2.3.7 Checking the configuration...2-19 2.4 Configuring static LSPs...2-19 2.4.1 Establishing the configuration task...2-19 2.4.2 Configuring the ingress for a static LSP...2-20 2.4.3 Configuring the transit for a static LSP...2-21 2.4.4 Configuring the egress for a static LSP...2-21 Issue 5.3 (30 March 2009) Nortel Networks Inc. i
2.4.5 Checking the configuration...2-21 2.5 Configuring MPLS LDP...2-22 2.5.1 Establishing the configuration task...2-22 2.5.2 Enabling LDP...2-23 2.5.3 Setting parameters for LDP discovery...2-24 2.5.4 Setting parameters for LDP sessions...2-25 2.5.5 Configuring label distribution and retention mode...2-26 2.5.6 Configuring loop detection...2-27 2.5.7 Configuring LDP MD5 authentication...2-28 2.5.8 Configuring LDP MTU signaling...2-29 2.5.9 Checking the configuration...2-29 2.6 Configuring the LDP multi-instance...2-30 2.6.1 Establishing the configuration task...2-30 2.6.2 Configuring LDP multi-instance...2-31 2.6.3 Checking the configuration...2-32 2.7 Configuring the policy for establishing LSPs...2-32 2.7.1 Establishing the configuration task...2-32 2.7.2 Configuring the policy for triggering LSP setup...2-33 2.7.3 Configuring the policy for establishing transit LSPs...2-33 2.8 Shielding the MPLS hop count...2-34 2.8.1 Establishing the configuration task...2-34 2.8.2 Configuring MPLS IP TTL propagation...2-35 2.8.3 Configuring the path taken by ICMP response packets...2-36 2.9 Configuring LDP FRR...2-36 2.9.1 Establishing the configuration task...2-36 2.9.2 Enabling LDP FRR...2-37 2.9.3 Allowing BFD to modify the PST...2-38 T 2.9.4 Checking the configuration...2-38 2.10 Configuring LDP GR...2-39 2.10.1 Establishing the configuration task...2-39 2.10.2 Enabling LDP GR...2-39 2.10.3 Configuring LDP GR parameters...2-40 2.10.4 Testing LDP GR...2-41 2.11 Iterating the nonlabel public network route to the LSP...2-42 2.11.1 Establishing the configuration task...2-42 2.11.2 Iterating the nonlabel public network route to the LSP...2-43 2.11.3 Checking the configuration...2-43 2.12 Maintaining MPLS...2-44 2.12.1 Resetting LDP...2-44 2.12.2 Clearing MPLS statistics...2-44 2.12.3 Configuring MPLS ping or traceroute...2-44 2.12.4 Enabling MPLS LSP trapping...2-45 ii Nortel Networks Inc. Issue 5.3 (30 March 2009)
2.12.5 Debugging MPLS...2-45 2.13 Configuration examples...2-46 2.13.1 Example of configuring static LSPs...2-46 2.13.2 Example of configuring LDP sessions...2-54 2.13.3 Example of configuring LSPs by using LDP...2-57 2.13.4 Example of configuring transit LSPs through the prefix list...2-61 2.13.5 Example of configuring LDP FRR...2-66 2.13.6 Example of configuring LDP GR...2-73 Issue 5.3 (30 March 2009) Nortel Networks Inc. iii
Figures Figure 2-1 LSP tunnel...2-5 Figure 2-2 Label distribution process...2-8 Figure 2-3 Application of iterating the non-label public network route to the LSP...2-42 Figure 2-4 Networking of configuring static LSPs...2-46 Figure 2-5 Networking diagram of LDP session configuration...2-54 Figure 2-6 Networking diagram of configuring transit LSPs through the prefix list...2-61 Figure 2-7 Networking diagram of configuring LDP FRR...2-67 Figure 2-8 Networking diagram of configuring LDP GR...2-74 Issue 5.3 (30 March 2009) Nortel Networks Inc. v
2 Basic MPLS configuration 2 Basic MPLS configuration About this chapter The following table shows the contents of this chapter. Section Description 2.1 Introduction This section describes Multiprotocol Label Switching (MPLS) principles and concepts. 2.2 Configuring basic MPLS capability This section describes how to enable the basic MPLS capability. 2.3 Adjusting MPLS parameters This section describes how to configure MPLS Penultimate Hop Popping (PHP), MPLS Maximum Transmission Unit (MTU), and the load balancing mode. 2.4 Configuring static LSPs This section describes how to configure the static Label Switched Path (LSP). 2.5 Configuring MPLS LDP This section describes how to configure MPLS Label Distribution Protocol (LDP). 2.6 Configuring the LDP This section describes how to configure the LDP multi-instance multi-instance. 2.7 Configuring the policy for This section describes how to configure the policy of establishing LSPs establishing the LSP. 2.8 Shielding the MPLS hop This section describes how to process the MPLS Time count To Live (TTL). 2.9 Configuring LDP FRR This section describes how to configure LDP Fast Reroute (FRR). 2.10 Configuring LDP GR This section describes how to configure LDP Graceful Restart (GR). 2.11 Iterating the nonlabel public network route to the LSP This section describes how to allow IP traffic to be forwarded through MPLS. Issue 5.3 (30 March 2009) Nortel Networks Inc. 2-1
2 Basic MPLS configuration Nortel Secure Router 8000 Series Section Description 2.12 Maintaining MPLS This section describes how to maintain MPLS. 2.13 Configuration examples This section provides MPLS configuration examples. 2-2 Nortel Networks Inc. Issue 5.3 (30 March 2009)
2 Basic MPLS configuration 2.1 Introduction This section describes the concepts that you need to know before you configure the basic MPLS capability: Label distribution and management LSP tunnel and label stack PHP TTL processing in MPLS MPLS ping and traceroute Basic LDP concepts Working mechanism of LDP Basic LDP operations LDP loop detection LDP Fast Reroute LDP Graceful Restart References NOTE The router supports LDP Graceful Restart (GR). For information about GR, see Nortel Secure Router 8000 Series Configuration Guide - Reliability (NN46240-511). The router supports MPLS on Ethernet interfaces and POS interfaces. 2.1.1 Label distribution and management Label advertisement mode Label distribution control In the MPLS architecture, the downstream LSR binds a label to a particular FEC and then notifies the upstream LSR. That is, the downstream LSR assigns labels and distributes the labels from downstream to upstream. The two MPLS label advertisement modes are as follows: Downstream Unsolicited (DU) In DU mode, an LSR does not require a label request from upstream when distributing a label. Downstream-on-Demand (DoD) In DoD mode, an LSR must have received a label request from upstream when distributing a label. Before establishing an LSP, the two neighboring upstream and downstream LSRs must agree on the label advertisement mode. The label distribution control mode is the time policy used by the LSR to assign labels when establishing LSPs. The two label control modes are as follows: Issue 5.3 (30 March 2009) Nortel Networks Inc. 2-3
2 Basic MPLS configuration Nortel Secure Router 8000 Series Label retention mode Independent label distribution control In independent label distribution control mode, each LSR advertises label mappings to the LSRs connected with it at any time. This mode can cause upstream labels to be distributed before downstream labels are received. Ordered label distribution control In ordered label control mode, the LSR sends a label mapping message upstream only when the LSR receives a label mapping message for a specific FEC or when it serves as the egress of LSP. In label retention mode, when an LSR identifies that its neighbor is not the next hop to an FEC, the LSR handles the label bound to an FEC. The two label retention modes are as follows: Liberal label retention mode In liberal label retention mode, the LSR keeps the label mapping received from the neighboring LSR whether or not its neighbor is the next hop. Conservative label retention mode In conservative label retention mode, the LSR keeps the label mapping received from the neighboring LSR only when the LSR identifies that its neighbor is the next hop. A change in network topology can lead to a change of the next-hop neighbor: If liberal label retention mode is used, the LSR can use the labels sent from the next-hop or non-next-hop neighbors to recreate LSPs. This, however, requires more memory and label space. If conservative label retention mode is used, the LSR keeps the labels sent from only the next-hop neighbors. This saves the memory and label space. The LSP is recreated, however, at a lower speed. The conservative label retention mode is usually used together with the DoD mode in LSRs with limited label space. Nortel recommends that you use a combination of DU, ordered label distribution control, and liberal label retention mode. Labeled packets forwarding On the ingress, packets entering the network are classified into various FECs by their characteristics. This classification is based on the destination IP address prefix or host address. Packets belonging to the same FEC have the same label and pass through the same path in the MPLS domain. The LSR assigns a label for an incoming packet, and then forwards it through a specified interface. 2.1.2 LSP tunnel and label stack LSP tunnel MPLS supports the LSP tunnel. On an LSP, the LSR Ru and LSR Rd are upstream and downstream for each other. The path between the LSR Ru and LSR Rd, however, may not be a part of the path provided by the routing protocol. MPLS allows the establishment of a new LSP path between the LSR Ru and the LSR Rd. The LSR Ru is the starting point and the LSR Rd is the ending point of this LSP. The LSP between the LSR Ru and the LSR Rd is referred to as the LSP tunnel. 2-4 Nortel Networks Inc. Issue 5.3 (30 March 2009)
2 Basic MPLS configuration The tunnel is classified into two types: If the path along which the tunnel passes and the path obtained from the routing protocol are consistent, the tunnel is called a hop-by-hop routed tunnel. If the two paths are not consistent, the tunnel is called an explicitly routed tunnel. Figure 2-1 LSP tunnel Level 1 R1 R2 R3 R4 Level 2 R21 R22 Multilevel label stack 2.1.3 PHP As shown in Figure 2-1, LSP <R2 R21 R22 R3> is a tunnel between R2 and R3. When a packet is sent through an LSP tunnel that is more than one layer, multilevel labels form the label stack. The push and pop operations are conducted for the label stack on the ingress and the egress of each LSP. There is no limit on the depth of the label stack in MPLS. The labels are organized in the label stack according to the last-in-first-out rule, and MPLS processes the labels from the top of the stack. If the depth of the label stack of a packet is n, the label on the bottom of the stack is a Level 1 label, and the label on the top of the stack is a Level n label. An unlabeled packet is regarded as a packet with an empty label stack; that is, the depth of the label stack is null. As shown in Figure 2-1 the label stack of the packet sent from R1 to R4 is as follows: The packet has a one-level label between R1 and R2. When it enters the LSP <R2, R1 R22 R3> tunnel, the packet has two-level labels. The Level 2 label at the top of the stack is used to direct the packet to R3. When the packet arrives at R3, its Level 2 label is popped. The Level 1 label is used to direct the packet to R4. In the MPLS network, the LSR forwards the packet according to its label. On the egress, the label is removed and the packet is forwarded as an IP packet. In certain MPLS applications, the egress requires only IP forwarding, and the MPLS label has no significance for forwarding. In this case, use Penultimate Hop Popping (PHP) to pop the label at the penultimate node. This saves label operations on the egress. The PHP feature is configured on the egress. The label distribution mode is selected based on the support of PHP by the penultimate node. According to RFC 3032 (MPLS Label Stack Encoding): Issue 5.3 (30 March 2009) Nortel Networks Inc. 2-5
2 Basic MPLS configuration Nortel Secure Router 8000 Series Label value 0 stands for IPv4 explicit null label. This value is valid only when it appears at the bottom of the label stack. When a packet is assigned an explicit null label, the egress pops the label and forwards the packet as an IP packet without searching the label routing table. Label value 3 stands for implicit null label. This value does not appear in the label stack. When an LSR is distributed an implicit null label, it does not use this value to replace the original value, but performs the pop operation directly. 2.1.4 TTL processing in MPLS TTL propagation ICMP response packet The MPLS label comprises an 8-bit Time To Live (TTL) field that is similar to the TTL field in an IP header. The TTL can prevent route loops and can also be used in the traceroute function. As described in RFC 3031, an LSR node copies the TTL value of the IP packet or that of the upper-layer label to the TTL field of the added label. When the LSR forwards a labeled packet, the TTL value of the label at the top of the label stack is decreased by one. When the label is out of the label stack, the LSR copies the TTL value at the top of the stack to the IP packet or the lower-layer label. Before the LSP traverses the non-ttl LSP segment formed by ATM-LSRs or FR-LSRs, the TTL should be uniformly processed. This is because the LSRs within the domain cannot process the TTL. That is, the value of the length in this non-ttl LSP segment should decrease by one when the packet enters the segment. In MPLS VPN applications, you can hide the MPLS backbone network structure for security reasons. The router supports different TTL propagation settings for VPN packets and public network packets. In the MPLS VPN, the backbone routers cannot relay VPN packets over MPLS. When the TTL of an MPLS packet expires, an ICMP response packet is forwarded along the LSP to the egress. The egress continues to relay the ICMP response packet based on IP routing. This increases the network traffic and the packet forwarding delay. For the MPLS packets with a single label, the router allows the Internet Control Message Protocol (ICMP) response packet to be sent back using the IP route directly or the LSP when the TTL expires. 2.1.5 MPLS ping and traceroute In MPLS, the MPLS control plane establishes an LSP. It cannot, however, detect the error when an LSP fails to forward data. This causes difficulty in network maintenance. The MPLS ping or traceroute function helps to detect errors in the LSP and locate the fault. Similar to IP ping or traceroute, MPLS ping or traceroute uses an MPLS echo request and MPLS echo reply to detect the availability of an LSP. These two kinds of messages are transmitted in User Datagram Protocol (UDP) format with the port number 3503. The MPLS echo request message carries FEC information to be detected, and is sent along the LSP like other data packets with the same FEC. In this manner, the LSP is detected. 2-6 Nortel Networks Inc. Issue 5.3 (30 March 2009)
2 Basic MPLS configuration For MPLS ping, the echo request message should reach the egress of the LSP, and then the control plane of the egress determines whether this LSR is the egress of the FEC. For MPLS traceroute, the echo request message is sent to every transit. Then, the control plane of the transit determines if this LSR is a transit of the LSP. When the message reaches the egress, the destination address contained in the IP header of the echo request message is set as an address on the 127.0.0.0/8 network segment (loopback address of this LSR), and the TTL is set to 1. This avoids further forwarding. 2.1.6 Basic LDP concepts LDP peers LDP session LDP message LDP defines various messages in label distribution and the related processes. The LSR directly maps the routing information of the network layer to the data link layer and establishes an LSP by using LDP. To enable label switching on all intermediate nodes in the network, you can establish an LSP between two LSRs that are enabled with LDP and terminate it at the egress of the network. For more information about LDP, see RFC 3036 (LDP Specification). LDP peers are two LSRs with an LDP session that exchange labels or FEC mappings through LDP. The LDP peers obtain each other s label information through an LDP session. In an LDP session, LSRs exchange messages on advertising and releasing labels. The two types of LDP sessions are as follows: Local LDP session: an LDP session between two LSRs that are directly connected. Remote LDP session: an LDP session between two LSRs that are indirectly connected. LDP involves four types of messages: Discovery message: used to notify or maintain the existing LSRs in the network. Session message: used to establish, maintain, or terminate a session between LDP peers. Advertisement message: used to create, modify, or delete a label for an FEC. Notification message: used to provide suggestive messages or error notifications. To assure the reliability of LDP message transmission, UDP is used only in the discovery phase. Session messages, advertisement messages, and notification messages are all transported through Transmission Control Protocol (TCP). Label space and LDP identifier A label space is the value range of labels that are allocated to LDP peers. You can specify a label space for each interface of an LSR (per-interface label space) or for the entire LSR (per-platform label space). An LDP identifier identifies a specified LSR label space. It is a 6-byte value in the following format: Issue 5.3 (30 March 2009) Nortel Networks Inc. 2-7
2 Basic MPLS configuration Nortel Secure Router 8000 Series <LSR ID>: <label space number> The IP address of four bytes is used to represent the LSR ID and the remaining two bytes are used for the label space number. 2.1.7 Working mechanism of LDP Figure 2-2 shows the process of LDP label distribution. Figure 2-2 Label distribution process LSP1 Ingress A LSP2 Label Request Label Mapping B C D Egress Ingress Label Request E F G Label Mapping MPLS LSR MPLS LER I H Egress LDP Session On an LSP, along the data transmission direction, neighboring LSRs are called the upstream LSR and downstream LSR. As shown in Figure 2-2, B on LSP1 is the upstream LSR of C. Labels are distributed in two modes: DoD and DU. The main difference between these two modes is whether the label mapping distribution requires the upstream request or is initialized by the downstream. DoD mode In the DoD mode, a label is distributed in the following manner: The upstream sends a label request message containing FEC descriptive information to the downstream. The downstream distributes a label for this FEC, and then sends the label mapping message with the label to the upstream. When the downstream LSR sends back the label mapping message depends on its label control mode as follows: In ordered mode, the message is sent back to its upstream LSR when the downstream has received a label mapping message for the FEC from its downstream LSR. 2-8 Nortel Networks Inc. Issue 5.3 (30 March 2009)