Pop-Label for /32 Label-IPv4 BGP Routes

This chapter describes the pop-label for /32 label-IPv4 BGP routes.

Topics in this chapter include:

Applicability

This chapter was initially written based on SR OS Release 15.0.R5, but the CLI in the current edition is based on SR OS Release 23.7.R2.

Pop label for /32 label-IPv4 BGP routes is supported in SR OS Release 15.0.R1 and later.

Overview

Labeled IPv4 routes are used in seamless MPLS and in VPRN inter-AS model C scenarios. In these scenarios, transport tunnels run through multiple domains, where the area border routers (ABRs) or autonomous system border routers (ASBRs) effectively stitch LDP/RSVP tunnels to BGP tunnels. For inter-AS model C, the domain is an autonomous system (AS); for seamless MPLS, the domain is a part of an autonomous system. In either case, an end-to-end transport tunnel can be considered as a concatenation of multiple transport tunnels; as illustrated in Stitching RSVP/LDP tunnels to BGP tunnels.

Figure 1. Stitching RSVP/LDP tunnels to BGP tunnels

Pop-label for /32 label-IPv4 routes allows operators to save on resources used in the network (less swap ingress label mapping entries in the data path) and can be implemented at the border routers (ABR or ASBR) for /32 label-IPv4 BGP routes that are originated by exporting static, OSPF, or IS-IS routes from the route table into BGP.

Pop label for /32 label-IPv4 BGP routes provides a tighter coupling between the LDP/RSVP-TE and the BGP tunnels stitched at the ABR or ASBR, as follows:

  1. By implementing an accept policy action (without the advertise-label pop modifier) for the /32 addresses in a route-table-import policy. The router advertises a /32 label-IPv4 route with a label that is swapped when an LDP/RSVP-TE is available, and withdrawn when the last LDP/RSVP-TE tunnel to that /32 prefix goes down. This applies to PEs with services, but should not be applied for route reflectors (RRs) when VPN addresses will be exchanged across EBGP sessions, because withdrawing labels for RRs would break the exchange of VPN routes. For the use of the route-table-import command, see the Separate BGP RIBs for Labeled Routes chapter.

  2. By implementing the accept policy action with the advertise-label pop modifier for some system addresses in a route-table-import policy. The router advertises a /32 label-IPv4 route with a label that is popped rather than swapped, in case no LDP/RSVP-TE tunnel is available to that /32 prefix. This particularly applies to infrastructure nodes, for example off-data-path RRs, which do not participate in MPLS. RRs in different ASs, for example, still must be able to peer with each other through a multi-hop EBGP session, for the exchange of VPN routes belonging to the different services.

The advertise-label pop modifier can be used for the label-IPv4 redistribution of /32 prefixes of:

  • OSPF and IS-IS routes

  • Static routes:

    • Direct next-hop

    • Indirect next-hop

    • Blackhole

Redistributing /32 blackhole static routes does not require the advertise-label pop modifier; the label-IPv4 route is always advertised to the peer AS, and popped by the data plane.

The configuration in this chapter describes the redistribution of /32 prefixes for IS-IS routes. The redistribution of /32 routes for OSPF and the different static route types is similar.

Configuration

Example topology shows the example topology, depicting the inter-AS scenario also used in the "Inter-AS VPRN Model C" chapter. PE-1 and PE-5 host VPRN service "VPRN-1", with 10.0.1.1/32 and 10.0.1.5/32 being the loopback addresses for this service on PE-1 and PE-5, respectively. In AS 64496, RR-3 is the IPv4 VPN RR, and ASBR-4 is the label-IPv4 RR toward clients PE-1 and PE-2. In AS 64497, RR-7 is the IPv4 VPN RR, and ASBR-8 is the label-IPv4 RR toward clients PE-5 and PE-6. IS-IS is the IGP for AS 64496 and 64497, and ASBR-4 and ASBR-8 are their respective ASBRs. Additionally, and in support for model C, the RR-3 and RR-7 RRs require a multi-hop IPv4 VPN EBGP connection.

Figure 2. Example topology

The initial configuration includes:

  1. Cards, MDAs, and ports.

  2. Router interfaces.

  3. IS-IS as IGP on all interfaces within AS 64496 and AS 64497 (alternatively, OSPF can be used).

  4. LDP configured between PE-1, PE-2, and ASBR-4 in AS 64496, and between PE-5, PE-6, and ASBR-8 in AS 64497. The RR-3 and RR-7 RRs are off-data-path and do not have LDP enabled.

Base configuration

In this example topology, the PEs and the ASBRs generate labeled routes. The export policy configured on PE-1, PE-2, PE-5, and PE-6 advertises the system address 192.0.2.x/32. The export policy configured on the ASBRs advertises the system address of the RR. ASBR-4 and ASBR-8 advertise the system addresses of the PEs and the RRs to each other. The transport tunnels available in ASs 64496 and 64497 are LDP tunnels.

PE-1 and PE-2 peer with RR RR-3 for IPv4 VPN routes, and with RR ASBR-4 for label-IPv4 routes. This enables PE-1 and PE-2 to exchange service traffic with the PEs in the peer AS. Their internal BGP configuration is as follows:

# on PE-1, PE-2:
configure
    router Base
        policy-options
            begin
            prefix-list "sys"
                prefix 192.0.2.0/29 prefix-length-range 32-32
            exit
            policy-statement "exp-sys"
                entry 10
                    from
                        protocol direct
                        prefix-list "sys"
                    exit
                    action accept
                    exit
                exit
            exit
            commit
        exit
        autonomous-system 64496
        bgp
            loop-detect discard-route
            split-horizon
            group "IBGP"
                peer-as 64496
                neighbor 192.0.2.3
                    family vpn-ipv4
                exit
                neighbor 192.0.2.4
                    family label-ipv4
                    export "exp-sys"
                exit
            exit
        exit

RR-3 is the IPv4 VPN RR for internal clients, using cluster ID 192.0.2.3, so it maintains IBGP sessions with PE-1 and PE-2. RR-3 also maintains a multi-hop EBGP session with RR-7, which is the RR for clients PE-5 and PE-6 in AS 64497. The vpn-apply-import, vpn-apply-export, and import and export commands can be used at bgp, group, or neighbor level for selectively exchanging dedicated VPN routes. The BGP configuration for RR-3 is as follows:

# on RR-3:
configure
    router Base
        autonomous-system 64496
        bgp
            loop-detect discard-route
            disable-route-table-install
            split-horizon
            group "EBGP-VPN"
                peer-as 64497
                local-address 192.0.2.3
                neighbor 192.0.2.7
                    family vpn-ipv4
                    multihop 10
                    vpn-apply-export
                    vpn-apply-import
                exit
            exit
            group "IBGP-VPN"
                cluster 192.0.2.3
                peer-as 64496
                neighbor 192.0.2.1
                    family vpn-ipv4
                 exit
                neighbor 192.0.2.2
                    family vpn-ipv4
                exit
            exit
            no shutdown
        exit

ASBR-4 is the label-IPv4 RR for internal clients, using cluster ID 192.0.2.4, so it maintains IBGP sessions with PE-1 and PE-2. ASBR-4 imposes next-hop-self on the IBGP advertised label-IPv4 routes. ASBR-4 also maintains an EBGP session with ASBR-8, and requires the advertise-inactive command. The reason for the advertise-inactive command is that the system IP addresses for PEs are advertised in IGP and in BGP. Because the IGP has a lower preference value than BGP, the BGP routes are rendered inactive. By default, inactive BGP routes are not advertised to the peer AS, and the advertise-inactive command bypasses this issue. The BGP configuration for ASBR-4 is as follows:

# on ASBR-4:
configure
    router Base
        autonomous-system 64496
        bgp
            loop-detect discard-route
            split-horizon
            rib-management
                label-ipv4
                    route-table-import "imp-RR-pfxs"
                exit
            exit
            group "EBGP-label"
                export "exp-RR"
                advertise-inactive
                neighbor 192.168.48.2
                    family label-ipv4
                    peer-as 64497
                exit
            exit
            group "IBGP-label"
                next-hop-self
                cluster 192.0.2.4
                peer-as 64496
                neighbor 192.0.2.1
                    family label-ipv4
                exit
                neighbor 192.0.2.2
                    family label-ipv4
                exit
            exit
            no shutdown
        exit

The RR-pfxs prefix list is the exact /32 address of RR-3. The imp-RR-pfxs policy in ASBR-4 matches the RR-pfxs prefix list in entry 10 with action accept and the advertise-label pop modifier. The exp-RR policy is used to advertise the RR prefix to the peer AS. The system prefixes of PE-1 and PE-2 are advertised by the PEs themselves. The policies on ASBR-4 are defined as follows:

# on ASBR-4:
configure
    router Base
        policy-options
            begin
            prefix-list "RR-pfxs"
                prefix 192.0.2.3/32 exact                           
            exit           
            policy-statement "exp-RR"
                entry 10
                    from
                        prefix-list "RR-pfxs"
                    exit
                    action accept
                    exit
                exit
            exit
            policy-statement "imp-RR-pfxs"
                entry 10
                    from
                        prefix-list "RR-pfxs"
                    exit
                    action accept
                        advertise-label pop
                    exit
                exit
            exit
            commit

Because RR-3 is deliberately placed off the data path, not participating in MPLS, an indirect static route is added to its configuration so that it can establish an EBGP session with RR-7, as follows:

# on RR-3:
configure
    router Base
        static-route-entry 192.0.2.7/32
            indirect 192.0.2.4
                tunnel-next-hop
                    resolution disabled
                exit
                no shutdown
            exit
        exit

The configuration of the nodes in AS 64497 is similar to the nodes in AS 64496; see Example topology for the addresses required.

Redistributing IGP /32 routes to label-IPv4 routes

With the configuration as indicated in the previous section, ASBR-4 advertises the system addresses of PE-1, PE-2, and RR-3 in AS 64496 to ASBR-8 in the peer AS as label-IPv4 routes, as follows:

*A:ASBR-4# show router bgp neighbor 192.168.48.2 advertised-routes label-ipv4
===============================================================================
 BGP Router ID:192.0.2.4        AS:64496       Local AS:64496
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP LABEL-IPV4 Routes
===============================================================================
Flag  Network                                            LocalPref   MED
      Nexthop (Router)                                   Path-Id     IGP Cost
      As-Path                                                        Label
-------------------------------------------------------------------------------
i     192.0.2.1/32                                       n/a         None
      192.168.48.1                                       None        20
      64496                                                          524284
i     192.0.2.2/32                                       n/a         None
      192.168.48.1                                       None        10
      64496                                                          524283
i     192.0.2.3/32                                       n/a         10
      192.168.48.1                                       None        n/a
      64496                                                          524280
-------------------------------------------------------------------------------
Routes : 3
===============================================================================

The label-IPv4 routes are accepted and put in the routing table of ASBR-8. The next hop for all the label-IPv4 routes is 192.168.48.1, as follows:

*A:ASBR-8# show router route-table 192.0.2.0/24 longer

===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags]                            Type    Proto     Age        Pref
      Next Hop[Interface Name]                                    Metric
-------------------------------------------------------------------------------
192.0.2.1/32                                  Remote  BGP_LABEL 00h07m29s  170
       192.168.48.1                                                 0
192.0.2.2/32                                  Remote  BGP_LABEL 00h07m29s  170
       192.168.48.1                                                 0
192.0.2.3/32                                  Remote  BGP_LABEL 00h02m21s  170
       192.168.48.1                                                 0
192.0.2.5/32                                  Remote  ISIS      00h09m03s  18
       192.168.68.1                                                 20
192.0.2.6/32                                  Remote  ISIS      00h09m03s  18
       192.168.68.1                                                 10
192.0.2.7/32                                  Remote  ISIS      00h09m03s  18
       192.168.78.1                                                 10
192.0.2.8/32                                  Local   Local     00h09m04s  0
       system                                                       0
-------------------------------------------------------------------------------
No. of Routes: 7
Flags: n = Number of times nexthop is repeated
       B = BGP backup route available
       L = LFA nexthop available
       S = Sticky ECMP requested
===============================================================================

Also, ASBR-8 is advertising label-IPv4 routes to ASBR-4, so that ASBR-4 ultimately has LDP and BGP tunnels available to destinations in its own and its peer AS, respectively, as follows:

*A:ASBR-4# show router tunnel-table

===============================================================================
IPv4 Tunnel Table (Router: Base)
===============================================================================
Destination           Owner     Encap TunnelId  Pref   Nexthop        Metric
   Color
-------------------------------------------------------------------------------
192.0.2.1/32          ldp       MPLS  65537     9      192.168.24.1   20
192.0.2.2/32          ldp       MPLS  65538     9      192.168.24.1   10
192.0.2.5/32          bgp       MPLS  262146    12     192.168.48.2   1000
192.0.2.6/32          bgp       MPLS  262145    12     192.168.48.2   1000
192.0.2.7/32          bgp       MPLS  262147    12     192.168.48.2   1000
-------------------------------------------------------------------------------
Flags: B = BGP or MPLS backup hop available
       L = Loop-Free Alternate (LFA) hop available
       E = Inactive best-external BGP route
       k = RIB-API or Forwarding Policy backup hop
===============================================================================

The following shows the BGP inter-AS label mapping on ASBR-4:

*A:ASBR-4# show router bgp inter-as-label

===============================================================================
BGP Inter-AS labels
Flags: B - entry has backup, P - entry is promoted
===============================================================================
NextHop                       Received       Advertised     Label
                              Label          Label          Origin
-------------------------------------------------------------------------------
0.0.0.0                       0              524280         Edge
192.0.2.1                     524284         524284         Internal
192.0.2.2                     524284         524283         Internal
192.168.48.2                  524279         524279         External
192.168.48.2                  524281         524282         External
192.168.48.2                  524284         524281         External
-------------------------------------------------------------------------------
Total Labels allocated:   6
===============================================================================

The first entry in this table, with advertised label 524280, is used for tunnels for which ASBR-4 is the end-point, so that no label mapping is required. This is indicated by setting the next hop to 0.0.0.0, the received label to 0, and the label origin to Edge.

The second and third entries, with advertised labels 524284 and 524283, are used for tunnels to PE-1 and PE-2, respectively. Taking PE-2 as an example, label 524283 is swapped to label 524284.

The last three entries, with advertised labels 524279, 524282, and 524281, and received labels 524279, 524281, and 524284, respectively, are used for tunnels to the PEs and RR in the peer AS, which can be verified by displaying the label-IPv4 routes received by ASBR-4, as follows:

*A:ASBR-4# show router bgp neighbor 192.168.48.2 received-routes label-ipv4
===============================================================================
 BGP Router ID:192.0.2.4        AS:64496       Local AS:64496
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP LABEL-IPV4 Routes
===============================================================================
Flag  Network                                            LocalPref   MED
      Nexthop (Router)                                   Path-Id     IGP Cost
      As-Path                                                        Label
-------------------------------------------------------------------------------
u*>i  192.0.2.5/32                                       n/a         None
      192.168.48.2                                       None        0
      64497                                                          524284
u*>i  192.0.2.6/32                                       n/a         None
      192.168.48.2                                       None        0
      64497                                                          524281
u*>i  192.0.2.7/32                                       n/a         10
      192.168.48.2                                       None        0
      64497                                                          524279
-------------------------------------------------------------------------------
Routes : 3
===============================================================================

Verifying the content of the RIB provides an alternative to check whether tunnels are stitched. A check is performed for PE-1, which has service "VPRN-1" defined, and for RR-3, which does not have any services.

On ASBR-4, the label-IPv4 route for the 192.0.2.1/32 prefix in the RIB-In contains the received label 524284 with next hop 192.0.2.1 resolved to an LDP tunnel; in the RIB-Out, the advertised BGP label to next hop 192.168.48.2 is 524284, and the label type is swap, as follows. This is consistent with the output from the previous commands. The label-IPv4 BGP route in RIB-In is valid, but not used on ASBR-4, because an IS-IS route is preferred between PE-1 and ASBR-4 in AS 64496 (TieBreakReason : RtmPref).

*A:ASBR-4# show router bgp routes 192.0.2.1/32 label-ipv4 hunt
===============================================================================
 BGP Router ID:192.0.2.4        AS:64496       Local AS:64496
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP LABEL-IPV4 Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
Network        : 192.0.2.1/32
Nexthop        : 192.0.2.1
Path Id        : None
From           : 192.0.2.1
Res. Nexthop   : 192.0.2.1 (LDP)
Local Pref.    : 100                    Interface Name : NotAvailable
Aggregator AS  : None                   Aggregator     : None
Atomic Aggr.   : Not Atomic             MED            : None
AIGP Metric    : None                   IGP Cost       : 20
Connector      : None
Community      : No Community Members
Cluster        : No Cluster Members
Originator Id  : None                   Peer Router Id : 192.0.2.1
Fwd Class      : None                   Priority       : None
IPv4 Label     : 524284
Flags          : Valid IGP
TieBreakReason : RtmPref
Route Source   : Internal
AS-Path        : No As-Path
Route Tag      : 0
Neighbor-AS    : n/a
DB Orig Val    : NotFound               Final Orig Val : NotFound
Source Class   : 0                      Dest Class     : 0
Add Paths Send : Default
RIB Priority   : Normal
Last Modified  : 00h10m05s

-------------------------------------------------------------------------------
RIB Out Entries
-------------------------------------------------------------------------------
Network        : 192.0.2.1/32
Nexthop        : 192.168.48.1
Path Id        : None
To             : 192.168.48.2
Res. Nexthop   : n/a
Local Pref.    : n/a                    Interface Name : NotAvailable
Aggregator AS  : None                   Aggregator     : None
Atomic Aggr.   : Not Atomic             MED            : None
AIGP Metric    : None                   IGP Cost       : 20
Connector      : None
Community      : No Community Members
Cluster        : No Cluster Members
Originator Id  : None                   Peer Router Id : 192.0.2.8
IPv4 Label     : 524284                 Label Type     : SWAP
Lbl Allocation : NEXT-HOP
Origin         : IGP
AS-Path        : 64496
Route Tag      : 0
Neighbor-AS    : 64496
DB Orig Val    : NotFound               Final Orig Val : N/A
Source Class   : 0                      Dest Class     : 0

-------------------------------------------------------------------------------
Routes : 2
===============================================================================

Checking for the 192.0.2.3/32 prefix in the ASBR-4 RIB shows that label 524280 is advertised to 192.168.48.2, and the label type is pop, as follows:

*A:ASBR-4# show router bgp routes 192.0.2.3/32 label-ipv4 hunt
===============================================================================
 BGP Router ID:192.0.2.4        AS:64496       Local AS:64496
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP LABEL-IPV4 Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
RIB Out Entries
-------------------------------------------------------------------------------
Network        : 192.0.2.3/32
Nexthop        : 192.168.48.1
Path Id        : None
To             : 192.168.48.2
Res. Nexthop   : n/a
Local Pref.    : n/a                    Interface Name : NotAvailable
Aggregator AS  : None                   Aggregator     : None
Atomic Aggr.   : Not Atomic             MED            : 10
AIGP Metric    : None                   IGP Cost       : n/a
Connector      : None
Community      : No Community Members
Cluster        : No Cluster Members
Originator Id  : None                   Peer Router Id : 192.0.2.8
IPv4 Label     : 524280                 Label Type     : POP
Lbl Allocation : NEXT-HOP
Origin         : IGP
AS-Path        : 64496
Route Tag      : 0
Neighbor-AS    : 64496
DB Orig Val    : N/A                    Final Orig Val : N/A
Source Class   : 0                      Dest Class     : 0

-------------------------------------------------------------------------------
Routes : 1
===============================================================================

RR-3 and RR-7 have a multi-hop EBGP session established and are exchanging VPN routes, as follows:

 *A:RR-3# show router bgp summary all 

===============================================================================
BGP Summary
===============================================================================
Legend : D - Dynamic Neighbor
===============================================================================
Neighbor
Description
ServiceId          AS PktRcvd InQ  Up/Down   State|Rcv/Act/Sent (Addr Family)
                      PktSent OutQ
-------------------------------------------------------------------------------
192.0.2.1
Def. Inst       64496      13    0 00h03m15s 2/0/4 (VpnIPv4)
                           14    0           
192.0.2.2
Def. Inst       64496      12    0 00h03m15s 1/0/5 (VpnIPv4)
                           15    0           
192.0.2.7
Def. Inst       64497       9    0 00h01m26s 3/0/3 (VpnIPv4)
                            9    0           

-------------------------------------------------------------------------------

Communication between VPRN-1 on PE-1 and on PE-5 is verified with a ping:

*A:PE-1# ping router 1 10.0.1.5
PING 10.0.1.5 56 data bytes
64 bytes from 10.0.1.5: icmp_seq=1 ttl=64 time=5.82ms.
64 bytes from 10.0.1.5: icmp_seq=2 ttl=64 time=6.49ms.
64 bytes from 10.0.1.5: icmp_seq=3 ttl=64 time=6.69ms.
64 bytes from 10.0.1.5: icmp_seq=4 ttl=64 time=6.43ms.
64 bytes from 10.0.1.5: icmp_seq=5 ttl=64 time=6.70ms.

---- 10.0.1.5 PING Statistics ----
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min = 5.82ms, avg = 6.42ms, max = 6.70ms, stddev = 0.319ms

Shutting down LDP on PE-1 results in ASBR-4 withdrawing the label-IPv4 route for prefix 192.0.2.1/32, as follows:

17 2023/09/27 08:23:26.963 UTC MINOR: DEBUG #2001 Base Peer 1: 192.168.48.2
"Peer 1: 192.168.48.2: UPDATE
Peer 1: 192.168.48.2 - Send BGP UPDATE:
    Withdrawn Length = 0
    Total Path Attr Length = 15
    Flag: 0x90 Type: 15 Len: 11 Multiprotocol Unreachable NLRI:
        Address Family LBL-IPV4
        192.0.2.1/32 Label 0
"

Conclusion

Implementing the advertise-label pop policy action in a route-table-import policy provides operators the means to save on resources used in the network.