Pop-Label for /32 Label-IPv4 BGP Routes
This chapter describes the Pop-Label for /32 Label-IPv4 BGP routes.
Topics in this chapter include:
Applicability
The information and configuration in this chapter are based on SR OS Release 15.0.R5.
Overview
Labeled IPv4 routes are used in seamless MPLS and in VPRN inter-AS model C scenarios. In these scenarios, transport tunnels run through multiple domains, where the Area Border Routers (ABRs) or Autonomous System Border Routers (ASBRs) effectively stitch LDP/RSVP tunnels to BGP tunnels. For inter-AS model C, the domain is an autonomous system; for seamless MPLS, the domain is a part of an autonomous system. In either case, an end-to-end transport tunnel can be considered as a concatenation of multiple transport tunnels; see Stitching RSVP/LDP Tunnels to BGP Tunnels.
Release 15.0.R1 enhanced the BGP support at the border router (ABR or ASBR) for /32 label-IPv4 BGP routes that are originated by exporting static, OSPF, or IS-IS routes from the route table into BGP. Before Release 15.0.R1, the advertisement of this type of BGP route always created a swap Ingress Label Mapping (ILM) entry in the data path, thereby stitching the BGP tunnel to the RSVP/LDP tunnel going to the destination as indicated by the /32 route.
Release 15.0.R1 provided a tighter coupling between the LDP/RSVP-TE and the BGP tunnels stitched at the ABR or ASBR, as follows:
By implementing an accept policy action (without the advertise-label pop modifier) for the /32 addresses in a route-table-import policy. The router advertises a /32 label-IPv4 route with a label that is swapped when an LDP/RSVP-TE is available, and withdrawn when the last LDP/RSVP-TE tunnel to that /32 prefix goes down. This applies to PEs with services, but should not be applied for route reflectors (RRs) when VPN addresses will be exchanged across eBGP sessions, because withdrawing labels for RRs would break the exchange of VPN routes. For the use of the route-table-import command, see the Separate BGP RIBs for Labeled Routes chapter.
By implementing the accept policy action with the advertise-label pop modifier for some system addresses in a route-table-import policy. The router advertises a /32 label-IPv4 route with a label that is popped rather than swapped, in case no LDP/RSVP-TE tunnel is available to that /32 prefix. This particularly applies to infrastructure nodes, for example off data path RRs, which do not participate in MPLS. RRs in different ASs, for example, still must be able to peer with each other through a multi-hop eBGP session, for the exchange of VPN routes belonging to the different services.
The advertise-label pop modifier can be used for the label-IPv4 redistribution of /32 prefixes of:
OSPF and IS-IS routes
Static routes:
Direct next-hop
Indirect next-hop
Blackhole
Redistributing /32 blackhole static routes does not require the advertise-label pop modifier; the label-IPv4 route is always advertised to the peer AS, and popped by the data plane.
The configuration in this chapter describes the redistribution of /32 prefixes for IS-IS routes. The redistribution of /32 routes for OSPF and the different static route types is similar.
Configuration
Example Topology shows the example topology, depicting the inter-AS scenario also used in the "Inter-AS VPRN Model C" chapter in the Layer 3 Services volume of 7450 ESS, 7750 SR, and 7950 XRS Advanced Configuration Guide — Book II. PE-1 and PE-5 host VPRN service 1, with 10.1.1.1/32 and 10.5.5.5/32 being the loopback addresses for this service on PE-1 and PE-5, respectively. In AS 64496, PE-3 is the IPv4 VPN RR, and PE-4 is the label-IPv4 RR toward clients PE-1 and PE-2. In AS 64497, PE-7 is the IPv4 VPN RR, and PE-8 is the label-IPv4 RR toward clients PE-5 and PE-6. IS-IS is the IGP for AS 64496 and 64497, and PE-4 and PE-8 are their respective ASBRs. Additionally, and in support for model C, the PE-3 and PE-7 RRs require a multi-hop IPv4 VPN eBGP connection.
The initial configuration includes:
Cards, MDAs, and ports.
Router interfaces.
IS-IS as IGP on all interfaces within AS 64496 and AS 64497 (alternatively, OSPF can be used).
LDP configured between PE-1, PE-2, and PE-4 in AS 64496, and between PE-5, PE-6, and PE-8 in AS 64497. The PE-3 and PE-7 RRs are off data path and do not have LDP enabled.
Base Configuration
In this example topology, the ASBRs generate the labeled routes, so that no BGP policies are required for generating labeled routes on the other PEs. The transport tunnels available in ASs 64496 and 64497 are LDP tunnels.
PE-1 and PE-2 peer with RR PE-3 for exchanging IPv4 VPN routes, and with RR PE-4 for receiving label-IPv4 routes. This enables PE-1 and PE-2 to exchange service traffic with the PEs in the peer AS. Their internal BGP configuration is as follows:
# on PE-1 and PE-2
configure
router
autonomous-system 64496
bgp
loop-detect discard-route
split-horizon
group "iBGP"
peer-as 64496
neighbor 192.0.2.3
family vpn-ipv4
exit
neighbor 192.0.2.4
family label-ipv4
exit
exit
no shutdown
exit
exit
exit
PE-3 is the IPv4 VPN RR for internal clients, using cluster ID 192.0.2.3, so it maintains iBGP sessions with PE-1 and PE-2. PE-3 also maintains an eBGP session with PE-7, which is the RR for clients PE-5 and PE-6 in AS 64497. The vpn-apply-import, vpn-apply-export, and import and export commands can be used at bgp, group, or neighbor level for selectively exchanging dedicated VPN routes. The BGP configuration for RR PE-3 is as follows:
# on PE-3, RR
configure
router
autonomous-system 64496
bgp
loop-detect discard-route
split-horizon
group "eBGP-vpn"
peer-as 64497
local-address 192.0.2.3
neighbor 192.0.2.7
family vpn-ipv4
multihop 10
vpn-apply-import
vpn-apply-export
exit
exit
group "iBGP-vpn"
cluster 192.0.2.3
peer-as 64496
neighbor 192.0.2.1
family vpn-ipv4
exit
neighbor 192.0.2.2
family vpn-ipv4
exit
exit
no shutdown
exit
exit
exit
PE-4 is the label-IPv4 RR for internal clients, using cluster ID 192.0.2.4, so it maintains iBGP sessions with PE-1 and PE-2. PE-4 imposes next-hop-self on the iBGP advertised label-IPv4 routes. PE-4 also maintains an eBGP session with PE-8, and requires the advertise-inactive command for stitching to apply. The reason for the advertise-inactive command is that the system IP addresses for PEs are advertised in IGP and in BGP. Because the IGP has a lower preference value than BGP, the BGP routes are rendered inactive. By default, inactive BGP routes are not advertised to the peer AS, and the advertise-inactive command bypasses this issue. The BGP configuration for PE-4 is as follows:
# on PE-4, ASBR
configure
router
autonomous-system 64496
bgp
loop-detect discard-route
enable-inter-as-vpn
split-horizon
rib-management
label-ipv4
route-table-import "to-AS64497"
exit
exit
group "eBGP-label"
export "exp-ALL"
advertise-inactive
neighbor 192.168.48.2
family label-ipv4
peer-as 64497
exit
exit
group "iBGP-label"
next-hop-self
cluster 192.0.2.4
peer-as 64496
neighbor 192.0.2.1
family label-ipv4
exit
neighbor 192.0.2.2
family label-ipv4
exit
exit
no shutdown
exit
exit
exit
The PE-pfxs prefix list is the set of exact /32 addresses of the PEs in AS 64496, excluding the RR. The RR-pfxs prefix list is the exact /32 address of RR PE-3. The to-AS64497 policy in ASBR PE-4 matches the PE-pfxs prefix list in entry 10 with action accept (without modifier), and the RR-pfxs prefix list in entry 20 with action accept and the advertise-label pop modifier. The exp-ALL policy is used to advertise the combined set of prefixes to the peer AS. These policies are defined on ASBR PE-4 as follows:
# on PE-4, ASBR
configure
router
policy-options
begin
prefix-list "PE-pfxs"
prefix 192.0.2.1/32 exact
prefix 192.0.2.2/32 exact
exit
prefix-list "RR-pfxs"
prefix 192.0.2.3/32 exact
exit
policy-statement "exp-ALL"
entry 10
from
prefix-list "PE-pfxs" "RR-pfxs"
exit
action accept
exit
exit
exit
policy-statement "to-AS64497"
entry 10
from
prefix-list "PE-pfxs"
exit
action accept
exit
exit
entry 20
from
prefix-list "RR-pfxs"
exit
action accept
advertise-label pop
exit
exit
exit
commit
exit
exit
exit
Because PE-3 is deliberately placed off the data path, not participating in MPLS, an indirect static route is added to its configuration so that it can establish an eBGP session with PE-7, as follows:
configure
router
static-route-entry 192.0.2.7/32
indirect 192.0.2.4
tunnel-next-hop
resolution disabled
exit
no shutdown
exit
exit
exit
exit
The configuration of the PEs in AS 64497 is similar to the PEs in AS 64496; see Example Topology for the addresses required.
Redistributing IGP /32 Routes to Label-IPv4 Routes
With the configuration as indicated in the previous section, PE-4 advertises the system addresses used in AS 64496 to PE-8 in the peer AS as label-IPv4 routes. The label-IPv4 routes advertised are as follows:
*A:PE-4# show router bgp neighbor 192.168.48.2 advertised-routes label-ipv4
===============================================================================
BGP Router ID:192.0.2.4 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id Label
As-Path
-------------------------------------------------------------------------------
i 192.0.2.1/32 n/a 20
192.168.48.1 None 262138
64496
i 192.0.2.2/32 n/a 10
192.168.48.1 None 262139
64496
i 192.0.2.3/32 n/a 10
192.168.48.1 None 262140
64496
-------------------------------------------------------------------------------
Routes : 3
===============================================================================
*A:PE-4#
The label-IPv4 routes are accepted and put in the routing table of PE-8. The next-hop for all the label-IPv4 routes is 192.168.48.1, as follows:
*A:PE-8# show router route-table 192.0.2.0/24 longer
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
192.0.2.1/32 Remote BGP_LABEL 00h13m54s 170
192.168.48.1 0
192.0.2.2/32 Remote BGP_LABEL 00h13m54s 170
192.168.48.1 0
192.0.2.3/32 Remote BGP_LABEL 00h02m46s 170
192.168.48.1 0
192.0.2.5/32 Remote ISIS 03d06h12m 18
192.168.68.1 20
192.0.2.6/32 Remote ISIS 03d06h12m 18
192.168.68.1 10
192.0.2.7/32 Remote ISIS 03d06h12m 18
192.168.78.1 10
192.0.2.8/32 Local Local 03d06h12m 0
system 0
-------------------------------------------------------------------------------
No. of Routes: 7
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
*A:PE-8#
Also, PE-8 is advertising label-IPv4 routes to PE-4, so that PE-4 ultimately has LDP and BGP tunnels available to destinations in its own and its peer AS, respectively, as follows:
*A:PE-4# show router tunnel-table
===============================================================================
IPv4 Tunnel Table (Router: Base)
===============================================================================
Destination Owner Encap TunnelId Pref Nexthop Metric
-------------------------------------------------------------------------------
192.0.2.1/32 ldp MPLS 65547 9 192.168.24.1 20
192.0.2.2/32 ldp MPLS 65537 9 192.168.24.1 10
192.0.2.5/32 bgp MPLS 262145 12 192.168.48.2 1000
192.0.2.6/32 bgp MPLS 262147 12 192.168.48.2 1000
192.0.2.7/32 bgp MPLS 262146 12 192.168.48.2 1000
-------------------------------------------------------------------------------
Flags: B = BGP backup route available
E = inactive best-external BGP route
===============================================================================
*A:PE-4#
PE-4 effectively stitches the BGP tunnels to the LDP tunnels, as follows:
*A:PE-4# show router bgp inter-as-label
===============================================================================
BGP Inter-AS labels
Flags: B - entry has backup, P - entry is promoted
===============================================================================
NextHop Received Advertised Label
Label Label Origin
-------------------------------------------------------------------------------
0.0.0.0 0 262140 Edge
192.0.2.1 262142 262138 InternalLdp
192.0.2.2 262143 262139 InternalLdp
192.168.48.2 262138 262137 External
192.168.48.2 262139 262135 External
192.168.48.2 262140 262136 External
-------------------------------------------------------------------------------
Total Labels allocated: 6
===============================================================================
*A:PE-4#
The first entry in this table, with advertised label 262140, is used for tunnels for which PE-4 is the end-point, so that no stitching is required. This is indicated by setting the next-hop, the received label, and the label origin to 0.0.0.0, 0, and Edge, respectively.
The second and third entries, with advertised labels 262138 and 262139, are used for tunnels to PE-1 and PE-2, respectively. Taking PE-1 as an example, label 262138 is swapped to label 262142, where 262142 is assigned through LDP (label origin is InternalLdp), thereby stitching the BGP tunnel to the LDP tunnel, and vice versa.
The last three entries, with advertised labels 262137, 262135, and 262136, and received labels 262138, 262139, and 262140, respectively, are used for tunnels to the PEs in the peer AS, which can be verified by displaying the label-IPv4 routes received by PE-4, as follows:
*A:PE-4# show router bgp neighbor 192.168.48.2 received-routes label-ipv4
===============================================================================
BGP Router ID:192.0.2.4 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id Label
As-Path
-------------------------------------------------------------------------------
u*>i 192.0.2.5/32 n/a 20
192.168.48.2 None 262138
64497
u*>i 192.0.2.6/32 n/a 10
192.168.48.2 None 262139
64497
u*>i 192.0.2.7/32 n/a 10
192.168.48.2 None 262140
64497
-------------------------------------------------------------------------------
Routes : 3
===============================================================================
*A:PE-4#
Verifying the content of the RIB provides an alternative to check whether tunnels are stitched. A check is performed for PE-1, which can have services defined, and for PE-3, which does not have any.
Checking for the 192.0.2.1/32 prefix in the PE-4 RIB shows that label 262138 is advertised to 192.168.48.2, and the label type is swap, as follows. This is consistent with the output from the previous commands.
*A:PE-4# show router bgp routes 192.0.2.1/32 label-ipv4 hunt
===============================================================================
BGP Router ID:192.0.2.4 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
RIB Out Entries
-------------------------------------------------------------------------------
Network : 192.0.2.1/32
Nexthop : 192.168.48.1
Path Id : None
To : 192.168.48.2
Res. Nexthop : n/a
Local Pref. : n/a Interface Name : NotAvailable
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : 20
AIGP Metric : None
Connector : None
Community : No Community Members
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.8
IPv4 Label : 262138 Label Type : SWAP
Lbl Allocation : NEXT-HOP
Origin : IGP
AS-Path : 64496
Route Tag : 0
Neighbor-AS : 64496
Orig Validation: NotFound
Source Class : 0 Dest Class : 0
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
*A:PE-4#
Checking for the 192.0.2.3/32 prefix in the PE-4 RIB shows that label 262140 is advertised to 192.168.48.2, and the label type is pop, as follows:
*A:PE-4# show router bgp routes 192.0.2.3/32 label-ipv4 hunt
===============================================================================
BGP Router ID:192.0.2.4 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
RIB Out Entries
-------------------------------------------------------------------------------
Network : 192.0.2.3/32
Nexthop : 192.168.48.1
Path Id : None
To : 192.168.48.2
Res. Nexthop : n/a
Local Pref. : n/a Interface Name : NotAvailable
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : 10
AIGP Metric : None
Connector : None
Community : No Community Members
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.8
IPv4 Label : 262140 Label Type : POP
Lbl Allocation : NEXT-HOP
Origin : IGP
AS-Path : 64496
Route Tag : 0
Neighbor-AS : 64496
Orig Validation: NotFound
Source Class : 0 Dest Class : 0
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
*A:PE-4#
RR/PE-3 and RR/PE-7 have a multi-hop eBGP session established and are exchanging VPN routes, as follows:
*A:PE-3# show router bgp summary all
===============================================================================
BGP Summary
===============================================================================
Legend : D - Dynamic Neighbor
===============================================================================
Neighbor
Description
ServiceId AS PktRcvd InQ Up/Down State|Rcv/Act/Sent (Addr Family)
PktSent OutQ
-------------------------------------------------------------------------------
192.0.2.1
Def. Instance 64496 9437 0 03d04h27m 1/0/1 (VpnIPv4)
9230 0
192.0.2.2
Def. Instance 64496 9434 0 03d06h34m 0/0/3 (VpnIPv4)
9476 0
192.0.2.7
Def. Instance 64497 8874 0 00h15m02s 1/0/1 (VpnIPv4)
75 0
-------------------------------------------------------------------------------
*A:PE-3#
Communication between PE-1 and PE-5 is verified with a ping:
*A:PE-1# ping router 1 10.5.5.5
PING 10.5.5.5 56 data bytes
64 bytes from 10.5.5.5: icmp_seq=1 ttl=64 time=4.99ms.
64 bytes from 10.5.5.5: icmp_seq=2 ttl=64 time=4.72ms.
64 bytes from 10.5.5.5: icmp_seq=3 ttl=64 time=4.94ms.
64 bytes from 10.5.5.5: icmp_seq=4 ttl=64 time=5.24ms.
64 bytes from 10.5.5.5: icmp_seq=5 ttl=64 time=4.70ms.
---- 10.5.5.5 PING Statistics ----
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min = 4.70ms, avg = 4.92ms, max = 5.24ms, stddev = 0.198ms
*A:PE-1#
Shutting down LDP on PE-1 results in PE-4 withdrawing the label-IPv4 route to 192.0.2.1, as follows:
156 2018/04/27 16:01:56.671 CEST MINOR: DEBUG #2001 Base Peer 1: 192.168.48.2
"Peer 1: 192.168.48.2: UPDATE
Peer 1: 192.168.48.2 - Send BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 15
Flag: 0x90 Type: 15 Len: 11 Multiprotocol Unreachable NLRI:
Address Family LBL-IPV4-Labeled
192.0.2.1/32 Label 0
"
Conclusion
Implementing the advertise-label pop policy action in a route-table-import policy provides operators the means to save on resources used in the network.