Chapter 4: A Virtualization Technologies Primer: Theory

Cisco Press

1 2 3 4 5 Page 4
Page 4 of 5

In a normal routing scenario, when a router needs to forward a packet, it finds the outgoing interface by looking for a matching IP address prefix in the routing table. The actual interface used for forwarding corresponds to the shortest path to the IP destination, as defined by the routing policy. Other administrative policies, such as QoS and security, may affect the choice of interface. This collection of criteria used for forwarding decisions is more generally referred to as a Forward Equivalency Class (FEC). The classification of a packet to FEC is done on each router along the IP path and happens independently of the other routers in the network.

MPLS decouples packet forwarding from the information in the IP header. An MPLS router forwards packets based on fixed-length labels instead of matching on a variable-length IP address prefix. The label is a sort of shortcut for an FEC classification that has already happened. Where the label comes from is discussed later in this section, but for now, it is enough to say that the labels are calculated based on the topology information in the IP routing table. RFC 3031 puts it like this:

In MPLS, the assignment of a particular packet to a particular FEC is done just once, as the packet enters the network. The FEC to which the packet is assigned is encoded as a short fixed length value known as a "label." When a packet is forwarded to its next hop, the label is sent along with it; that is, the packets are "labeled" before they are forwarded.

In the MPLS forwarding paradigm, once a packet is assigned to a FEC, no further header analysis is done by subsequent routers; all forwarding is driven by the labels.

Before looking at this in more detail, we need to introduce some definitions:

  • Label switching router (LSR)—A router that switches based on labels. An LSR swaps labels. Unlike a traditional router, an LSR does not have to calculate where to forward a packet based on the IP packet header (which is a simplified way of saying it does not do FEC classification when it receives a packet). An LSR uses the incoming label to find the outgoing interface (and label). LSRs are also called provider (P) routers.

  • Edge LSR—A router that is on the edge of an MPLS network. The edge LSR adds and removes labels from packets. This process is more formally called imposition and disposition (and also pushing and popping, because labels are said to go on a stack). Edge LSRs are often referred to as provider edge (PE) routers.

  • Customer edge (CE)—An IP router that connects to the PE device. The CE performs IP forwarding. The PE and CE form routing protocol adjacencies.

Figure 4-10 illustrates MPLS-based forwarding, showing each of the different types of router from the preceding list.

figure 4.10

Figure 4-10

MPLS Forwarding

As a packet flows across the network shown in Figure 4-10, it is processed by each hop as follows:

  1. At the edge of the network, as shown in Figure 4-10, edge LSR A classifies a packet to its FEC and assigns (or imposes) label 17 to the packet. A label is of local significance on that interface just like an ATM VPI/VCI or a Frame Relay DLCI.

  2. In the core, LSRs, such as LSR C and LSR B, swap label values. LSR C removes the old label, 17 in the example shown in Figure 4-10, and imposes the new one, 22. The values of the ingress label and interface are used to find the values of the egress label and interface.

  3. Note - Not all MPLS forwarding modes use incoming interface. Frame mode, used in certain L2VPN services, just uses the incoming label as the same label value is advertised to all peers

  4. LSR B, as the second-last hop in the MPLS network, removes the outermost label from the label stack, which is called penultimate hop popping (PHP). So, packets arrive at edge LSR D without any label, and standard IP routing is used to forward the packet. The process of removing a label is also called disposition. PHP avoids recursive lookups on edge LSR D.

  5. After the label is removed, the packet is forwarded using standard IP routing.

Now the difference with standard IP forwarding should be clearer. FEC classification is done when a packet enters the MPLS network, not at every hop. An LSR needs to look only at the packet's label to know which outgoing interface to use. There can be different labels on an LSR for the same IP destination. Saying the same thing in a different way, there can be multiple LSPs for the same destination.

A key point to understand is that the control plane is identical in both the IP and MPLS cases. LSRs use IP routing protocols to build routing tables, just as routers do. An LSR then goes the extra step of assigning labels for each destination in the routing table and advertising the label/FEC mapping to adjacent LSRs. ATM switches can also be LSRs. They run IP routing protocols, just as a router LSR does, but label switch cells rather than packets.

What is missing from this description is how label information is propagated around the network. How does LSR A in Figure 4-10 know what label to use? MPLS networks use a variety of signaling protocols to distribute labels:

  • LDP—Used in all MPLS networks

  • iBGP—Used for L3 VPN service

  • RSVP—Used for Traffic Engineering

  • Directed LDP—Used for L2VPN service, such as VPLS

Label Distribution Protocol (LDP), which runs over tcp/646, is used in all MPLS networks to distribute labels for all prefixes in the nodes routing table. Referring again to Figure 4-10, LSR D and LSR B would bring up a LDP session (LSR B would have another session with LSR C and so forth). LSR D is connected to the customer network and advertises this prefix to all its routing peers. LSR D also sends a label to LSR B for the network. When LSR B's routing protocol converges and it sees as reachable, it sends label 22 to LSR C. This process continues until LSR A receives a label from LSR C.

The complete end-to-end set of labels from LSR A to LSR D form an LSP. An LSP is unidirectional. There is another LSP, identified by a different set of labels, for return traffic from LSR D to LSR A.

Understand that two operations must complete for the LSP from LSR A to to be functional:

  • The backbone routing protocol must converge so that LSR A has a route to

  • LDP must converge so that labels are propagated across the network.

Figure 4-10 does not show a numeric value for the label between LSR B and LSR D. In fact, as already discussed, the packet on this link has no label at all, because of PHP. Never-theless, LSR D does still advertise a special value in LDP, called an implicit null (which has a reserved value of 3), so that LSR B performs PHP.

Note - In fact, LSR D might use several special label values for the prefix, such as the aggregate or explicit null.

After LSR A has all the information it needs to forward data across the MPLS network, it encapsulates outgoing packets in a shim header, shown in Figure 4-11 and defined in RFC 3032, which is inserted between the Layer 2 and Layer 3 headers. Encapsulation stacks are defined in different RFCs for Ethernet, ATM, PPP, and other media.

Figure 4.11

Figure 4-11

MPLS Shim Header

The MPLS header is simple, as you can see in Figure 4-11. The label itself defines a flat, 20-bit address space. The EXP bits are defined as Experimental, but are in fact used for QoS. MPLS QoS is explained in more detail in the MPLS QoS section of this chapter. The S bit is set on the lowest label when there is more than one label on a packet, which is called a stack. The Time-To-Live (TTL) is analogous to the IP TTL.

Many MPLS applications, such as virtual private networking (VPN) and fast reroute (FRR), involve multiple layers, or stacks, of labels. However, an LSR forwards on the basis of the top, or outer, label values only and never looks at the inner ones.

The FIB Revisited

Label switching adds a forwarding path on a router. The FIB and RIB discussed previously in this chapter contain only IP prefixes. LDP stores labels in a Label Information Base (LIB), and the label values are added to the existing forwarding information in a Label Forwarding Information Base (LFIB). The LDP should have an entry for every non-BGP route in the routing table and all the labels advertised by LDP neighbors. The LFIB is built using a combination of the FIB and LIB. For a given prefix, if there is label in the LIB that is received from the LDP peer address as determined by the FIB, that label is installed in the LFIB and is used for forwarding.

It is important to understand that the LFIB does not replace the FIB. MPLS creates an alternative path through the router. However, IP packets continue to be forwarded using the FIB, and certain special label values can make a router do an FIB lookup.

Cisco IOS LSP Example

Figure 4-12 shows a simple MPLS topology. All routers are running MPLS on their interfaces, with LDP advertising labels to adjacent devices. The core routing protocol is Open Shortest Path First (OSPF), used on all interfaces. The configuration of each device is virtually identical, with the only MPLS-specific commands being activation of LDP (instead of TDP, an earlier alternative) and label switching on each interface, using the mpls ip command (which, for historical reasons, shows up in the output as tag-switching ip). Example 4-15 shows the configuration for R103 in case you want to try this at home.

Figure 4.12

Figure 4-12

MPLS Network Topology

Example 4-15 R103 Configuration

mpls label protocol ldp
interface Ethernet0/0
 ip address
 tag-switching ip
interface Ethernet1/0
 ip address
 tag-switching ip

Three show commands enable you to see the mapping of routes from LIB to LFIB. Examples 4-16 through 4-18 give the output of each one in turn and trace labels used to reach R101's loopback address,, from R105. To avoid repetitive output command, we focus on R103 and R102.

Example 4-16 R103 show ip route output

R103#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set is subnetted, 1 subnets
O [110/21] via, 00:12:25, Ethernet0/0 is subnetted, 1 subnets
C is directly connected, Ethernet0/0 is subnetted, 1 subnets
O [110/20] via, 00:12:25, Ethernet0/0 is subnetted, 1 subnets
C is directly connected, Ethernet1/0 is subnetted, 1 subnets
O [110/20] via, 00:12:25, Ethernet1/0 is subnetted, 1 subnets
O [110/30] via, 00:12:25, Ethernet1/0

There is a one-to-one mapping between the content of the routing table in Example 4-16 and the LIB of Example 4-17. The LFIB, shown in Example 4-18, only contains labels for LSPs that cross the device. If an MPLS packet arrives with an unknown label, it is dropped.

Example 4-17 R103 Label Information Base

R103#show mpls ldp bindings 
 tib entry:, rev 10
    local binding: tag: 17
    remote binding: tsr:, tag: 17
    remote binding: tsr:, tag: imp-null
 tib entry:, rev 8
    local binding: tag: imp-null
    remote binding: tsr:, tag: 16
    remote binding: tsr:, tag: imp-null
 tib entry:, rev 12
    local binding: tag: 18
    remote binding: tsr:, tag: 18
    remote binding: tsr:, tag: 18
 tib entry:, rev 14
    local binding: tag: 19
    remote binding: tsr:, tag: 19
    remote binding: tsr:, tag: 19
 tib entry:, rev 5
    local binding: tag: imp-null
    remote binding: tsr:, tag: imp-null
    remote binding: tsr:, tag: 16
 tib entry:, rev 6
    local binding: tag: 16
    remote binding: tsr:, tag: imp-null
    remote binding: tsr:, tag: 17

Example 4-18 R103 Label Forwarding Information Base

R103#show mpls forwarding-table 
Local Outgoing   Prefix         Bytes tag  Outgoing   Next Hop  
tag   tag or VC  or Tunnel Id   switched   interface       
16    Pop tag  0         Et1/0 
17    Pop tag     0         Et0/0  
18    18     0         Et1/0 
19    19  \
                                 0         Et0/0

Figure 4-12 shows the label values advertised by each LSR for prefix Example 4-18 shows how this label information appears in R103's LIB. There are three entries for

  • local binding—The router's own, called local, which is advertised to downstream neighbors

  •, tag: 19—The label advertised by the upstream router R102

  •, tag: 19—The label advertised by the downstream router SP107

In the LFIB in Example 4-18, there is a single entry for It means that R103 will forward a packet received with value 19 onto interface Ethernet0/0. R103 also swaps the label value. It is just a coincidence that the same values are used for the same IP prefix on different routers. Labels have local significance.

Figure 4-12 shows that router R102 receives an implicit null label from R101 and so performs PHP with label value 19 and forwards an IP packet on interface Ethernet0/0.

1 2 3 4 5 Page 4
Page 4 of 5
SD-WAN buyers guide: Key questions to ask vendors (and yourself)