How Routers Forward Packets

(1)

Autumn 2010

MULTIPROTOCOL LABEL

SWITCHING (MPLS) AND MPLS

VPNS

(2)

How Routers Forward Packets

Process switching

Hardly ever used today

Router looking inside the packet, at the ip address, comparing it to its routing table. See what the next hop ip address is, eventually performing an arp lookup.

Fast switching

First packet will be process switched – chances are big that there will be more packets going to the same destination.

So, most recent destinations are entered in the cache

The router wont have to look at the routing table, combining ip with mac, for the subsequent packets.

Had some fallbacks, didnt support ”per packet load sharing” (requires multiple cache entries).

Topology-driven switching

Cisco Express Forwarding (CEF)

Eliminates the ”first packet problem”

Prebuilds the cache by making ”a copy” of the routing table and creating the FIB – Forwarding Information

Moves all routes into the cache.

Also creates an adjacency table that premaps all next hops. The mac addresses are also added to this table by consulting the arp cache.

Adds the feature of per packet load sharing.

(3)

(4)

MPLS

What is Multi Protocol Label Switching?

CEF is the fundamental switching path for MPLS. Without CEF, MPLS forwarding does not

occur. MPLS forwarding relies heavily on the IP routing table and the CEF architecture.

Therefore, MPLS VPN relies on CEF because MPLS VPN depends on MPLS for successful

operation.

MPLS is a switching mechanism that assigns labels, or numbers, to packets and

then uses those labels to forward packets. The labels are assigned at the edge of

the MPLS network, and forwarding inside the MPLS network is based solely on

labels.

the MPLS network, and forwarding inside the MPLS network is based solely on

labels.

The content of the label may vary

Destination network

Level of Quality of Service

The Label Distribution Protocol (LDP) is often used to establish MPLS and

handle the labels. Tag Distribution Protocol (TDP) is a Cisco proprietary protocol

managing the same thing.

(5)

The Label

LABEL

EXP

BS

TTL

DATA

PR

IP

L2

L1

MAC (L2)

32 bits

Labels

(6)

MPLS Example

20.0.0.0 /8

MPLS DOMAIN

Exchanging routes

Assigning labels

Sharing labels

Building tables

20.0.0.0 /8

20.0.0.0 =25

MPLS DOMAIN

Router B

NON-MPLS

Router A

NON-MPLS

(7)

MPLS Example - Z-router

20.0.0.0 /8

20.0.0.0 =30

MPLS DOMAIN

Network

Next Hop

20.0.0.0 Y

Router Y

Network

LSR

Label

20.0.0.0 Local

35

20.0.0.0 Y

30 Label

Action

Next hop

(8)

Tables

Network

Next Hop

20.0.0.0 Y

15.0.0.0 H

Network

LSR

Label

20.0.0.0 Local

35

20.0.0.0 Y

30 Label

Action

hop

35

30 Y

Routing Table

_{Label Information Base LIB}

Label Forwarding

Information Base LFIB

15.0.0.0 H

16.0.0.0 O

20.0.0.0 Y

30

15.0.0.0 Local

36

15.0.0.0 Y

12

40 untagged

Y

50 pop

B

Network

Next Hop

Label

20.0.0.0 Y

-15.0.0.0

H

-16.0.0.0

O

(9)

LIB FIB LFIB... FBI?

Confused? ;-)

LIB – Label Information Base - whenever a

labeled packet comes this table will be referred

FIB – Forwarding Information Base -whenever a

nonlabeled packet comes this table will be

referred

nonlabeled packet comes this table will be

referred

LFIB- Label Forwarding Information Base - Any

route in the LFIB will also be in the LIB, but not

the other way around.

(10)

Functions of Label Switching

Routers (LSRs)

Control Plane

Controls the routing information exchange and the label

exchange between adjacent devices.

Exchanges routing information via “normal” routing protocols

Exchanges label information using Label Distribution Protocol

(LDP)

Sets up framework for how everything is going to be forwarded.

Data Plane – where the action occurs

Also known as the forwarding plane, this plane controls

forwarding based on either destination addresses or labels. – L3

or L2 information

Router becomes “almost like a switch”

If there’s no label, it will work as “normal”. (CEF)

(11)

(12)

Label Switching Routers

EDGE LSR

LSR

IP header MPLS header L2 header

IP header L2 header IP header L2 header

EDGE LSR

LSR

LSR – forwarding packets

(13)

”Core router” Primary

(14)

(15)

MPLS Terminology

MPLS, Multiprotocol Label Switching

LDP (Label Distribution Protocol)

(16)

Penultimate Hop Popping

<-15.0.0.0 = pop

15.0.0.0 = 20

Y

Label

Action

Next hop

20 Pop

Z

Y LFIB

(17)

(18)

(19)

(20)

(21)

Two traditional categories

of VPNs

Overlay VPNs

Point-to-Point

Circuits between customer sites

Virtual Links – Layer 1, 2

Becomes expensive to buy virtual circuits for many sites

Links / Virtual Circuits

Peer-to-Peer VPNs

Service Provider

becoming a part of your network

Managing routing between parts of the organization

”Bringing our tables into their”

Private addresses from different customers will be a problem

No NAT

Customers will be using the same private addresses sometimes.

(22)

MPLS VPNs - overview

Provider is forwarding routes between the sites.

Virtual Route Forwarding allows you to run Separate Routing tables and

forwarding tables per customer.

Eliminates the problem of using the same address-space since VRFs make them

look like they are different routing tables.

PE routers – Provider Edge, like Edge LSR.

P routers – doing ”core business”. Wont see any routes.

Routing information packets are encapsulated using ”tags”.

Performed by PE routers. Customer one may tag it with a ”1”.

PE routers remove tags and propagate routes out to the customer 1.

(23)

(24)

Route Distinguisher (tag)

and Route Target

Route distinguisher (RD)

64-bit tag identifies customer route advertisements

May be any number the service provider chooses to use.

Keeps customer routes unique

Route Target (RT)

Additional field to allow customers to participate in

multiple VPNs.

“VRFs use the route target attribute to control the

import and export of VPNv4 routes through iBGP. The

route target is an extended BGP community that

(25)

The problem with overlaping

customer addresses

BGP/MPLS VPN support a mechanism that

converts nonunique IP addresses into globally

unique addresses by combining the use of

VPN-IPV4 address family with the

(26)

VPN-IPv4

A VPN-IPv4 address is a 12-byte quantity

composed of an 8-byte Route Distinguisher

(RD) followed by a 4-byte IPv4 address prefix.

(27)

Multiprotocol BGP Extensions

(MP-BGP)

Conventional BGP4 was originally designed

to carry routing information only for the IPv4

address family.

Realizing this limitation, the IETF is

standardizing the Multiprotocol Extensions

for BGP4.

The extensions allow BGP4 to carry routing

information for multiple Network Layer

(28)

BGP/MPLS VPN can use up to three different

types of BGP extended community attributes

The route target attribute identifies a collection of

sites (VRFs) to which a PE router distributes

routes. A PE router uses this attribute to constrain

the import of remote routes into its VRFs.

The VPN-of-origin attribute

(29)

(30)

The MPLS part

CE routers should not be MPLS

VPN-aware; they should run

standard IP routing software.

PE routers must support MPLS

VPN services and traditional

Internet services. To make the

MPLS VPN solution scalable,

Customer

EIGRP

MPLS VPN solution scalable,

P routers must not carry VPN

routes.

Multi Protocol BGP within the SP

(31)

The MPLS part

The top label in the stack is the LDP label for normal frame forwarding in the MPLS network. This label guarantees that the packet will traverse the MPLS VPN backbone and arrive at the egress PE router.

The second label in the stack identifies the egress PE router. This label tells the router how to forward the incoming VPN packet. The second label can point directly toward an outgoing interface. In this case, the egress PE router performs label lookup only on the VPN packet. The second label can also point to a VRF table. For this case, the egress PE router first performs a label lookup to find the target VRF table and then performs an IP lookup within the VRF table.

When you are implementing MPLS VPN, you need to increase the MTU size to allow for two labels.