LDP FEC to BGP Label Route Stitching
This chapter provides information about LDP FEC to BGP label route stitching.
Topics in this chapter include:
Applicability
This chapter is applicable to SR OS routers and was initially written for SR OS Release 13.0.R7. The CLI in the current edition corresponds to SR OS Release 21.2.R1. Label Distribution Protocol (LDP) Forwarding Equivalence Class (FEC) to Border Gateway Protocol (BGP) label route stitching was first implemented in SR OS Release 8.0.
Overview
Stitching of an LDP FEC to a BGP labeled route allows LDP-capable PE devices, such as Digital Subscriber Line Access Multiplexers (DSLAMs), to offer services to LDP-capable PE devices in other areas or domains without the need to support BGP labeled routes. This feature is used in a large network to provide services across multiple areas or Autonomous Systems (ASs).
When BGP is used to distribute a particular route, it can at the same time be used to distribute a Multi-Protocol Label Switching (MPLS) label that is mapped to that route. The label mapping information for a particular route is appended to the same BGP update message that is used to distribute the route. This is described in RFC 3701, Carrying Label Information in BGPv4.
LDP FEC to BGP label route stitching shows a network with a core area and regional areas. The components of the network are defined in the paragraphs that follow. For simplification, the control plane is displayed from right to left and the data plane from left to right.
The Access Nodes (ANs) are DSLAMs that support LDP. In seamless MPLS networks, LDP Downstream-on-Demand (DoD) label advertisement can be used between the ANs and their next-hop PEs. Usually, MPLS routers implement LDP Downstream Unsolicited (DU) label distribution, advertising MPLS labels for all routes in their Routing Information Base (RIB). The ANs do not need to have LDP bindings for all prefixes in the network. The ANs will request the LDP labels they need. LDP DoD improves scalability in large networks.
BGP Route Reflectors (RRs) can be used to improve scalability. The RR can be any node; it does not need to be an Area Border Router (ABR) as in LDP FEC to BGP label route stitching. If the RR is not in the forwarding path, it does not need to be capable of forwarding MPLS packets.
There are different areas for IS-IS: routers in the core network have level 2 (L2) capability, whereas the routers in the regional areas have level 1 (L1) capability and the ABRs have both. In each ABR, an IS-IS export policy is defined to leak the routes from the core to the regional networks.
Passing L1 routes (regional) into L2 (core) is inherent to IS-IS and cannot be controlled through policy. Passing L2 routes to L1 can be controlled through policy.
Only nodes within a regional area, and the ABR nodes in the same area, exchange LDP FECs. PE routers in a regional area learn the reachability of PE routers in other regional areas by way of RFC 3107 BGP labeled routes redistributed by the remote nodes.
The label stack contains three labels for packets sent in an Epipe service between the access nodes:
The DSLAMs push a service label to the packets sent in the Epipe service. The service label remains unchanged end-to-end between the DSLAMs. The service label is popped by the remote DSLAM and is the inner label of the label stack.
The BGP label is the middle label of the label stack and should be regarded as a transport label. The transport label stack contains two labels: BGP and LDP transport label. BGP labeled routes are not supported on the DSLAMs. The BGP label is pushed by the PE nearest to the local DSLAM and is swapped at the BGP next hop, which can be a BGP peer configured with next-hop-self or the PE that is the remote endpoint of the BGP tunnel. The BGP label is popped by the PE at the end of the BGP tunnel.
The DSLAMs push an LDP transport label to the packets sent to the remote DSLAM. At the PE nearest to the local DSLAM, the LDP transport label is stitched to the BGP label. At the same time, that same PE pushes the LDP transport label to reach the BGP next hop. The LDP transport label is swapped in every Label Switching Router (LSR) and popped by the PE nearest to the remote DSLAM. That PE also pops the BGP label, which is stitched to the LDP transport label that is pushed to the packets sent to the remote DSLAM. This LDP label is the top label of the label stack.
When PE-2 is an ingress Label Edge Router (iLER) sending a service packet to the remote PE, PE-2 inserts the BGP route label to reach the remote PE and an LDP label to reach the next-hop router. In LDP FEC to BGP label route stitching, this is the remote ABR because it has set next-hop-self (NH-Self).
The access node AN-1, which is a DSLAM, can behave as a PE router for Epipe services. It will need to establish a pseudowire (PW) to a PE in a different regional area via LSR PE-2. In this case, PE-2 performs the following actions:
Translates the LDP FEC it learned from AN-1 into a BGP labeled route and redistributes it using iBGP within its area. This is in addition to redistributing the FEC to its LDP neighbors in the same area.
Translates the BGP labeled routes it learns through iBGP into an LDP FEC and redistributes it to its LDP neighbors in the same area. AN-1 requests the LDP FEC of the remote DSLAM (AN-12) using LDP DoD.
When a data packet is received from AN-1 with destination AN-12, PE-2 swaps the LDP label into a BGP label and pushes the LDP label to reach the BGP next hop. When a data packet with destination AN-1 is received on PE-2 from the local ABR (ABR-4), the top transport label (LDP) is removed and the BGP label is swapped for the LDP label corresponding to AN-1.
Configuration
Example topology shows the example topology that is used in this section. An Epipe will be established between the access nodes AN-1 and AN-8. PE-2 and PE-7 will stitch the LDP FECs to BGP label routes. In the regional areas, IS-IS L1 capability is used whereas in the core area, IS-IS L2 is used. The ABR nodes support both IS-IS L1 and L2 and export routes from L2 to L1. Static routes are configured between the access nodes and the next-hop PEs.
Initial configuration
In the example topology, all nodes are 7750 SRs, while the ANs should be access devices, such as DSLAMs. The limitation of this approach is that the ANs (SRs) in this setup can only request a label for the directly connected PE and not for their remote peer AN; however, DSLAMs do not have this limitation. Consequently, the Epipe service in this configuration will be operationally down because the transport tunnel is down.
All nodes have the following initial configuration:
Cards, media dependent adapters (MDAs), ports
Router interfaces
Note:The IP addresses for the link between node A and node B are in subnet 192.168.AB.0/0. The node with the lowest ID has IP address 192.168.AB.1/30 and the node with the highest ID has IP address 192.168.AB.2/30.
# on PE-2: configure router interface "int-PE-2-AN-1" address 192.168.12.2/30 port 1/1/2 exit interface "int-PE-2-ABR-3" address 192.168.23.1/30 port 1/1/1 exit interface "system" address 192.0.2.2/32 exit
Static routes are configured between AN-1 and PE-2 and between PE-7 and AN-8:
# on AN-1: configure router static-route-entry 0.0.0.0/0 next-hop 192.168.12.2 no shutdown exit exit
# on PE-2: configure router static-route-entry 192.0.2.1/32 next-hop 192.168.12.1 no shutdown exit exit
IS-IS (alternatively, OSPF could have been used)
PE-2 and PE-7 have L1 capability.
# on PE-2: configure router isis level-capability level-1 area 49.0001 interface "system" exit interface "int-PE-2-ABR-3" interface-type point-to-point exit no shutdown exit
P-4 and P-5 have L2 capability.
ABR-3 and ABR-6 have L1 capability on the interfaces toward the PE routers in the regional areas and L2 capability on the interfaces toward the P routers in the core area. A policy is applied to export the system IP addresses from L2 to L1:
# on ABR-3: configure router isis area 49.0001 export "export_L2_to_L1_policy" interface "system" exit interface "int-ABR-3-PE-2" level-capability level-1 interface-type point-to-point exit interface "int-ABR-3-P-4" level-capability level-2 interface-type point-to-point exit no shutdown exit policy-options begin prefix-list "system_IP_prefixes" prefix 192.0.2.0/24 longer exit policy-statement "export_L2_to_L1_policy" entry 10 from protocol isis prefix-list "system_IP_prefixes" level 2 exit action accept exit exit exit commit exit
LDP
Link LDP is enabled on all router interfaces on all nodes, including the ANs.
On PE-2 and PE-7, DoD is enabled in the session parameters for the peering sessions with the ANs:
# on PE-2: configure router ldp session-parameters peer 192.0.2.1 dod-label-distribution exit exit interface-parameters interface "int-PE-2-AN-1" exit interface "int-PE-2-ABR-3" exit exit exit
Configure BGP
BGP is configured on all nodes except the ANs. BGP enabled with P-4 as RR shows that P-4 is the RR.
The initial BGP configuration on PE-2 is the following:
# on PE-2:
configure
router
autonomous-system 64496
bgp
group "internal_group"
peer-as 64496
neighbor 192.0.2.4
exit
no shutdown
exit
The configuration is identical for ABR-3, P-5, ABR-6, and PE-7. The initial BGP configuration on the RR P-4 is:
# on P-4:
configure
router
autonomous-system 64496
bgp
cluster 1.1.1.1
group "internal_group"
peer-as 64496
neighbor 192.0.2.2
exit
neighbor 192.0.2.3
exit
neighbor 192.0.2.5
exit
neighbor 192.0.2.6
exit
neighbor 192.0.2.7
exit
exit
no shutdown
exit
This BGP configuration is incomplete: for labeled IPv4 BGP peering sessions, an additional address family will be configured on PE-2 and PE-7, as well as on RR P-4 for neighbors PE-2 and PE-7. The configuration is shown in the following section. The prefixes for AN-1 and AN-8 will be advertised in the labeled IPv4 BGP sessions only, not in IPv4 BGP sessions.
Export policies for BGP and LDP
LDP FEC to BGP label route stitching is established by configuring separate tunnel table route export policies in both protocols. At the local next-hop PE, the LDP FEC of the local AN must be translated into a BGP label and at the remote PE, the BGP label must be translated into an LDP FEC.
An export policy for the export from LDP to BGP must be defined on the PE nodes.
# on PE-2:
configure
router
policy-options
begin
prefix-list "local_AN_prefixes"
prefix 192.0.2.1/32 exact
exit
prefix-list "remote_AN_prefixes"
prefix 192.0.2.8/32 exact
exit
policy-statement "export_BGP_policy"
entry 10
from
protocol ldp
prefix-list "local_AN_prefixes"
exit
action accept
exit
exit
exit
commit
exit
On PE-7, the policy statement is identical, but the prefix list is different.
This export policy must be applied in the bgp context: either in the general settings or per group or per neighbor.
# on PE-2:
configure
router
bgp
group "internal_group"
export "export_BGP_policy"
exit
exit
In a similar way, BGP labels must be exported to LDP on the PE routers. The export policy is configured as follows, with a different prefix list:
# on PE-2:
configure
router
policy-options
begin
prefix-list "remote_AN_prefixes"
prefix 192.0.2.8/32 exact
exit
policy-statement "export_LDP_policy"
entry 10
from
protocol bgp-label
prefix-list "remote_AN_prefixes"
exit
action accept
exit
exit
exit
commit
exit
This export policy is applied in the ldp context, as follows:
# on PE-2:
configure
router
ldp
export-tunnel-table "export_LDP_policy"
exit
Advertise labels in BGP updates
BGP should evaluate the activated /32 LDP prefixes in the export policy. This needs to be configured on the endpoints of the BGP tunnel on PE-2 and PE-7, as follows:
# on PE-2 and PE-7:
configure
router
bgp
group "internal_group"
neighbor 192.0.2.4
family label-ipv4
advertise-ldp-prefix
exit
exit
On RR P-4, the family label-ipv4 is enabled and the LDP prefix is advertised toward the clients PE-2 and PE-7, as follows.
# on RR P-4:
configure
router
bgp
group "internal_group"
neighbor 192.0.2.2
family label-ipv4
advertise-ldp-prefix
exit
neighbor 192.0.2.7
family label-ipv4
advertise-ldp-prefix
exit
exit
Configuring address family label-ipv4 and the advertise-ldp-prefix argument implies that all activated /32 LDP FEC prefixes will be sent to the remote BGP peer as an RFC 3107 formatted label.
Configuring address family label-ipv4 without the advertise-ldp-prefix argument implies that only core IPv4 routes learned from the Route Table Manager (RTM) are advertised as RFC 3107 BGP labeled routes to this neighbor. No stitching of LDP FEC to the BGP labeled route will be performed for this neighbor, even if the same prefix was learned from LDP.
The BGP open messages contain address family AFI=1 and SAFI=1 between the RR and peers for address family IPv4, that is used for IPv4 unicast. See Cap_Code MP-BGP. Bytes 0x0 0x1 (AFI=1) 0x0 0x1 (SAFI=1).
# on ABR-3:
*A:ABR-3# show debug
debug
router "Base"
bgp
open
update
exit
exit
exit
*A:ABR-3# show log log-id 2
===============================================================================
Event Log 2 log-name 2
===============================================================================
Description : (Not Specified)
Memory Log contents [size=100 next event=5 (not wrapped)]
---snip---
2 2021/08/09 07:00:12.045 UTC MINOR: DEBUG #2001 Base BGP
"BGP: OPEN
Peer 1: 192.0.2.4 - Received BGP OPEN: Version 4
AS Num 64496: Holdtime 90: BGP_ID 192.0.2.4: Opt Length 20 (ExtOpt F)
Opt Para: Type CAPABILITY: Length = 18: Data:
Cap_Code GRACEFUL-RESTART: Length 2
Bytes: 0x0 0x78
Cap_Code MP-BGP: Length 4
Bytes: 0x0 0x1 0x0 0x1
Cap_Code ROUTE-REFRESH: Length 0
Cap_Code 4-OCTET-ASN: Length 4
Bytes: 0x0 0x0 0xfb 0xf0
"
---snip---
Between peers that advertise the labels, AFI=1 and SAFI=4, the address family is labeled IPv4 unicast. The following BGP open message is seen on PE-2:
*A:PE-2# show log log-id 2
===============================================================================
Event Log 2 log-name 2
===============================================================================
Description : (Not Specified)
Memory Log contents [size=100 next event=14 (not wrapped)]
---snip---
10 2021/08/09 07:06:17.553 UTC MINOR: DEBUG #2001 Base BGP
"BGP: OPEN
Peer 1: 192.0.2.4 - Received BGP OPEN: Version 4
AS Num 64496: Holdtime 90: BGP_ID 192.0.2.4: Opt Length 20 (ExtOpt F)
Opt Para: Type CAPABILITY: Length = 18: Data:
Cap_Code GRACEFUL-RESTART: Length 2
Bytes: 0x0 0x78
Cap_Code MP-BGP: Length 4
Bytes: 0x0 0x1 0x0 0x4
Cap_Code ROUTE-REFRESH: Length 0
Cap_Code 4-OCTET-ASN: Length 4
Bytes: 0x0 0x0 0xfb 0xf0
"
---snip---
No BGP update messages are sent to ABR-3. Prefix 192.0.2.8 is advertised as a labeled IPv4 route from PE-7 to P-4 and forwarded by P-4 to its other labeled IPv4 client, PE-2, but it is not sent to BGP IPv4 clients, such as ABR-3.
The BGP update messages between labeled IPv4 peers contain label information, for example, for prefix 192.0.2.8/32. The address family is LBL-IPV4 (IPV4-Labeled) and the label is 524280. The following BGP update for prefix 192.0.2.8/32 is received on PE-2:
*A:PE-2# show log log-id 2
===============================================================================
Event Log 2 log-name 2
===============================================================================
Description : (Not Specified)
Memory Log contents [size=100 next event=14 (not wrapped)]
---snip---
"12 2021/08/09 07:07:15.023 UTC MINOR: DEBUG #2001 Base Peer 1: 192.0.2.4
Peer 1: 192.0.2.4: UPDATE
Peer 1: 192.0.2.4 - Received BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 56
Flag: 0x90 Type: 14 Len: 17 Multiprotocol Reachable NLRI:
Address Family LBL-IPV4
NextHop len 4 NextHop 192.0.2.7
192.0.2.8/32 Label 524280
Flag: 0x40 Type: 1 Len: 1 Origin: 0
Flag: 0x40 Type: 2 Len: 0 AS Path:
Flag: 0x80 Type: 4 Len: 4 MED: 1
Flag: 0x40 Type: 5 Len: 4 Local Preference: 100
Flag: 0x80 Type: 9 Len: 4 Originator ID: 192.0.2.7
Flag: 0x80 Type: 10 Len: 4 Cluster ID:
1.1.1.1
"
---snip---
After applying the export policy from BGP to LDP, enabling the address family labeled IPv4 in BGP, and advertising labels for the LDP FEC prefixes, LDP will look for BGP route entries in the tunnel table. If a /32 BGP labeled route matches a prefix entry in the export policy, LDP originates an LDP FEC for this prefix, stitches it to the BGP labeled route, and redistributes the LDP FEC to its BGP neighbors. This can be shown on PE-7, as follows.
*A:PE-7# show router bgp inter-as-label
===============================================================================
BGP Inter-AS labels
Flags: B - entry has backup, P - entry is promoted
===============================================================================
NextHop Received Advertised Label
Label Label Origin
-------------------------------------------------------------------------------
192.0.2.8 524287 524280 InternalLdp
-------------------------------------------------------------------------------
Total Labels allocated: 1
===============================================================================
The label received from AN-8 is 524287. The label origin is InternalLdp. This LDP label is stitched to BGP label 524280 that will be advertised by PE-7 to its BGP labeled IPv4 peers: PE-7 advertises to RR P-4 and P-4 advertises this route to PE-2. Traffic sent from AN-1 toward AN-8 will be forwarded from PE-2 to its BGP NH PE-7 using BGP label 524280. In PE-7, the BGP label is stitched to LDP label 524287 that will be used to forward the packet to AN-8.
Configure SDP and Epipe
An end-to-end Epipe service is established between AN-1 and AN-8, as shown in End-to-end Epipe service.
In this setup, ANs are simulated by 7750 SRs. Due to this limitation, the SDP used by the Epipe service will not become operational. 7750 SR only supports single-hop DoD, which implies that AN-1 can only request a label for the LSR ID of the directly connected router, PE-2, not of remote nodes, such as AN-8. Similarly, AN-8 cannot request a label for AN-1. Therefore, it is not possible to have an LDP LSP between the ANs and the SDP will be down because there is no transport tunnel.
The SDP is configured on AN-1, as follows:
# on AN-1:
configure
service
sdp 181 mpls create
far-end 192.0.2.8
ldp
no shutdown
exit
An Epipe is configured on AN-1, as follows:
# on AN-1:
configure
service
epipe 1 name "Epipe_1_name" customer 1 create
sap 1/2/1:1 create
exit
spoke-sdp 181:1 create
exit
no shutdown
exit
The configuration of the SDP and the Epipe on AN-8 is similar.
The SDP is down because there is no transport tunnel, which can be shown as follows:
*A:AN-1# show service sdp detail
===============================================================================
Services: Service Destination Points Details
===============================================================================
-------------------------------------------------------------------------------
Sdp Id 181 -192.0.2.8
-------------------------------------------------------------------------------
Description : (Not Specified)
SDP Id : 181 SDP Source : manual
Admin Path MTU : 0 Oper Path MTU : 0
Delivery : MPLS
Far End : 192.0.2.8 Tunnel Far End :
Oper Tunnel Far End : 192.0.2.8
LSP Types : LDP
Admin State : Up Oper State : Down
Signaling : TLDP Metric : 0
---snip---
Flags : TranspTunnDown
---snip---
-------------------------------------------------------------------------------
Number of SDPs : 1
-------------------------------------------------------------------------------
===============================================================================
A targeted LDP session is established between AN-1 and AN-8, which can be shown as follows:
*A:AN-1# show router ldp session ipv4
==============================================================================
LDP IPv4 Sessions
==============================================================================
Peer LDP Id Adj Type State Msg Sent Msg Recv Up Time
------------------------------------------------------------------------------
192.0.2.2:0 Link Established 496 501 0d 00:21:46
192.0.2.8:0 Targeted Established 13 14 0d 00:00:38
------------------------------------------------------------------------------
No. of IPv4 Sessions: 2
==============================================================================
LDP FEC resolution at PE-2 for traffic from AN-8 to AN-1
The following steps occur at PE-2 for the LDP FEC resolution for traffic from AN-1 toward AN-8. The situation is similar for PE-7.
After receiving an LDP label binding message for LDP FEC for the system address of AN-1 (192.0.2.1/32), PE-2 installs this prefix in the Label Forwarding Information Base (LFIB). PE-2 programs a push and a swap Next Hop Label Forwarding Entry (NHLFE) in the egress data path to forward packets to prefix 192.0.2.1/32.
Note:PE-2 installs this LDP FEC in the LFIB only if there is an exact match of the prefix 192.0.2.1/32 in the routing table or a longest match of the prefix in the routing table, in case aggregate-prefix-match is configured on PE-2. The advertising LDP neighbor (AN-1) must be the next hop to reach the FEC prefix.
*A:PE-2# show router ldp bindings active prefixes prefix 192.0.2.1/32 =============================================================================== LDP Bindings (IPv4 LSR ID 192.0.2.2) (IPv6 LSR ID ::) =============================================================================== Label Status: U - Label In Use, N - Label Not In Use, W - Label Withdrawn WP - Label Withdraw Pending, BU - Alternate For Fast Re-Route e - Label ELC FEC Flags: LF - Lower FEC, UF - Upper FEC, M - Community Mismatch, BA - ASBR Backup FEC (S) - Static (M) - Multi-homed Secondary Support (B) - BGP Next Hop (BU) - Alternate Next-hop for Fast Re-Route (I) - SR-ISIS Next Hop (O) - SR-OSPF Next Hop (C) - FEC resolved with class-based-forwarding =============================================================================== LDP IPv4 Prefix Bindings (Active) =============================================================================== Prefix Op IngLbl EgrLbl EgrNextHop EgrIf/LspId ------------------------------------------------------------------------------- 192.0.2.1/32 Push -- 524287 192.168.12.1 1/1/2 192.0.2.1/32 Swap 524286 524287 192.168.12.1 1/1/2 ------------------------------------------------------------------------------- No. of IPv4 Prefix Active Bindings: 2 ===============================================================================
PE-2 programs a tunnel entry for prefix 192.0.2.1/32 in the tunnel table.
*A:PE-2# show router tunnel-table 192.0.2.1/32 =============================================================================== IPv4 Tunnel Table (Router: Base) =============================================================================== Destination Owner Encap TunnelId Pref Nexthop Metric Color ------------------------------------------------------------------------------- 192.0.2.1/32 ldp MPLS 65537 9 192.168.12.1 1 ------------------------------------------------------------------------------- Flags: B = BGP or MPLS backup hop available L = Loop-Free Alternate (LFA) hop available E = Inactive best-external BGP route k = RIB-API or Forwarding Policy backup hop ===============================================================================
PE-2 advertises a new FEC label binding for prefix 192.0.2.1/32 toward all its LDP neighbors. The result can be shown on ABR-3, as follows:
*A:ABR-3# show router ldp bindings prefixes prefix 192.0.2.1/32 =============================================================================== LDP Bindings (IPv4 LSR ID 192.0.2.3) (IPv6 LSR ID ::) =============================================================================== Label Status: U - Label In Use, N - Label Not In Use, W - Label Withdrawn WP - Label Withdraw Pending, BU - Alternate For Fast Re-Route e - Label ELC FEC Flags: LF - Lower FEC, UF - Upper FEC, M - Community Mismatch, BA - ASBR Backup FEC =============================================================================== LDP IPv4 Prefix Bindings =============================================================================== Prefix Peer FEC-Flags IgrLbl EgrLbl EgrNextHop EgrIntf/LspId ------------------------------------------------------------------------------- 192.0.2.1/32 192.0.2.2:0 -- 524286 -- -- ------------------------------------------------------------------------------- No. of IPv4 Prefix Bindings: 1 ===============================================================================
When BGP learns the LDP FEC via the tunnel table and the FEC prefix exists in the BGP route policy, PE-2 originates a BGP labeled route toward all its neighbors that have the advertise label for LDP FEC prefixes enabled. The following output shows the BGP labeled route to RR P-4 for prefix 192.0.2.1/32.
*A:PE-2# show router bgp routes label-ipv4 hunt =============================================================================== BGP Router ID:192.0.2.2 AS:64496 Local AS:64496 =============================================================================== Legend - Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid l - leaked, x - stale, > - best, b - backup, p - purge Origin codes : i - IGP, e - EGP, ? - incomplete =============================================================================== BGP Routes =============================================================================== ------------------------------------------------------------------------------- RIB In Entries ------------------------------------------------------------------------------- ---snip--- ------------------------------------------------------------------------------- RIB Out Entries ------------------------------------------------------------------------------- Network : 192.0.2.1/32 Nexthop : 192.0.2.2 Path Id : None To : 192.0.2.4 Res. Nexthop : n/a Local Pref. : 100 Interface Name : NotAvailable Aggregator AS : None Aggregator : None Atomic Aggr. : Not Atomic MED : 1 AIGP Metric : None IGP Cost : n/a Connector : None Community : No Community Members Cluster : No Cluster Members Originator Id : None Peer Router Id : 192.0.2.4 IPv4 Label : 524280 Label Type : SWAP Lbl Allocation : NEXT-HOP Origin : IGP AS-Path : No As-Path Route Tag : 0 Neighbor-AS : n/a Orig Validation: NotFound Source Class : 0 Dest Class : 0 ------------------------------------------------------------------------------- Routes : 3 ===============================================================================
BGP labeled route resolution at PE-2 for traffic from AN-1 to AN-8
The following steps occur at PE-2 for the BGP labeled route resolution for traffic from AN-1 toward AN-8. The situation is similar for PE-7.
When there is an LDP LSP to the BGP neighbor advertising the route (PE-7) and PE-2 has received a BGP labeled route via iBGP for AN-8, PE-2 installs the prefix 192.0.2.8/32 in BGP. The LDP tunnel toward PE-7 is shown, then the BGP labeled IPv4 route toward AN-8, as advertised by PE-7.
*A:PE-2# show router tunnel-table 192.0.2.7 =============================================================================== IPv4 Tunnel Table (Router: Base) =============================================================================== Destination Owner Encap TunnelId Pref Nexthop Metric Color ------------------------------------------------------------------------------- 192.0.2.7/32 ldp MPLS 65542 9 192.168.23.2 50 ------------------------------------------------------------------------------- Flags: B = BGP or MPLS backup hop available L = Loop-Free Alternate (LFA) hop available E = Inactive best-external BGP route k = RIB-API or Forwarding Policy backup hop ===============================================================================
*A:PE-2# show router bgp routes 192.0.2.8/32 label-ipv4 =============================================================================== BGP Router ID:192.0.2.2 AS:64496 Local AS:64496 =============================================================================== Legend - Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid l - leaked, x - stale, > - best, b - backup, p - purge Origin codes : i - IGP, e - EGP, ? - incomplete =============================================================================== BGP Routes =============================================================================== Flag Network LocalPref MED Nexthop (Router) Path-Id IGP Cost As-Path Label ------------------------------------------------------------------------------- u*>i 192.0.2.8/32 100 1 192.0.2.7 None 50 No As-Path 524280 ------------------------------------------------------------------------------- Routes : 1 ===============================================================================
The BGP label for traffic toward AN-8 is 524280. This is the middle label in the label stack. The next hop is PE-7.
PE-2 programs a swap NHLFE in the egress data path to forward packets to 192.0.2.8/32, as follows:
*A:PE-2# show router ldp bindings active prefixes prefix 192.0.2.8/32 =============================================================================== LDP Bindings (IPv4 LSR ID 192.0.2.2) (IPv6 LSR ID ::) =============================================================================== Label Status: U - Label In Use, N - Label Not In Use, W - Label Withdrawn WP - Label Withdraw Pending, BU - Alternate For Fast Re-Route e - Label ELC FEC Flags: LF - Lower FEC, UF - Upper FEC, M - Community Mismatch, BA - ASBR Backup FEC (S) - Static (M) - Multi-homed Secondary Support (B) - BGP Next Hop (BU) - Alternate Next-hop for Fast Re-Route (I) - SR-ISIS Next Hop (O) - SR-OSPF Next Hop (C) - FEC resolved with class-based-forwarding =============================================================================== LDP IPv4 Prefix Bindings (Active) =============================================================================== Prefix Op IngLbl EgrLbl EgrNextHop EgrIf/LspId ------------------------------------------------------------------------------- 192.0.2.8/32(B)Swap 524279 524280 192.0.2.7 LspId 65542 ------------------------------------------------------------------------------- No. of IPv4 Prefix Active Bindings: 1 ===============================================================================
The (B) indicates that 192.0.2.8/32 is a BGP next hop. The ingress label is the LDP transport label from AN-1 for prefix 192.0.2.8/32. The LSP ID 65542 corresponds to the LDP LSP toward egress next-hop PE-7, as shown earlier in the tunnel table. The BGP egress label for traffic toward AN-8 is 524280.
PE-2 programs a tunnel table entry for 192.0.2.8/32.
*A:PE-2# show router tunnel-table =============================================================================== IPv4 Tunnel Table (Router: Base) =============================================================================== Destination Owner Encap TunnelId Pref Nexthop Metric Color ------------------------------------------------------------------------------- 192.0.2.1/32 ldp MPLS 65537 9 192.168.12.1 1 192.0.2.3/32 ldp MPLS 65538 9 192.168.23.2 10 192.0.2.4/32 ldp MPLS 65539 9 192.168.23.2 20 192.0.2.5/32 ldp MPLS 65540 9 192.168.23.2 30 192.0.2.6/32 ldp MPLS 65541 9 192.168.23.2 40 192.0.2.7/32 ldp MPLS 65542 9 192.168.23.2 50 192.0.2.8/32 bgp MPLS 262145 12 192.0.2.7 1000 ------------------------------------------------------------------------------- Flags: B = BGP or MPLS backup hop available L = Loop-Free Alternate (LFA) hop available E = Inactive best-external BGP route k = RIB-API or Forwarding Policy backup hop ===============================================================================
This is the only BGP tunnel in the tunnel table; all tunnels toward the other nodes are LDP tunnels. LDP routes have preference over BGP labeled routes, but there is no LDP route toward 192.0.2.8/32. Therefore, the BGP tunnel will be used for traffic destined to AN-8.
PE-2 advertises a new FEC label binding for prefix 192.0.2.8/32 toward AN-1. This is only done after AN-1 requests a label for prefix 192.0.2.8/32, because LDP DoD is enabled. This is possible if the ANs are DSLAMs, but not in this setup with SRs.
Data plane overview for PE-2
Label stacks for traffic from AN-1 to AN-8 shows the label stacks that are used for traffic from AN-1 to AN-8.
The LDP transport label that is pushed by AN-1 is not known because of the single-hop LDP DoD implementation in 7750 SR. AN-1 cannot request the LDP label for AN-8. Therefore, the LDP transport label is represented by "X".
The service label added for the Epipe on AN-1 for egress traffic to AN-8 is 524279. Ingress traffic on AN-1 has service label 524279. This can be shown as follows:
*A:AN-1# show service id 1 labels
===============================================================================
Martini Service Labels
===============================================================================
Svc Id Sdp Binding Type I.Lbl E.Lbl
-------------------------------------------------------------------------------
1 181:1 Spok 524279 524279
-------------------------------------------------------------------------------
Number of Bound SDPs : 1
-------------------------------------------------------------------------------
===============================================================================
This service label remains unchanged end-to-end.
As shown earlier, the (middle) BGP label for traffic with destination AN-8 is 524280, as follows:
*A:PE-2# show router ldp bindings active prefixes prefix 192.0.2.8/32
===============================================================================
LDP Bindings (IPv4 LSR ID 192.0.2.2)
(IPv6 LSR ID ::)
===============================================================================
Label Status:
U - Label In Use, N - Label Not In Use, W - Label Withdrawn
WP - Label Withdraw Pending, BU - Alternate For Fast Re-Route
e - Label ELC
FEC Flags:
LF - Lower FEC, UF - Upper FEC, M - Community Mismatch,
BA - ASBR Backup FEC
(S) - Static (M) - Multi-homed Secondary Support
(B) - BGP Next Hop (BU) - Alternate Next-hop for Fast Re-Route
(I) - SR-ISIS Next Hop (O) - SR-OSPF Next Hop
(C) - FEC resolved with class-based-forwarding
===============================================================================
LDP IPv4 Prefix Bindings (Active)
===============================================================================
Prefix Op
IngLbl EgrLbl
EgrNextHop EgrIf/LspId
-------------------------------------------------------------------------------
192.0.2.8/32(B) Swap
524279 524280
192.0.2.7 LspId 65542
-------------------------------------------------------------------------------
No. of IPv4 Prefix Active Bindings: 1
===============================================================================
The next hop is PE-7, which is the PE nearest to AN-8. The BGP label will not be swapped between PE-2 and PE-7 because there is no intermediate node that has set next-hop-self. An intermediate node with next-hop-self would become the next hop instead of PE-7. The BGP label is only added or removed by the next-hop PE.
On PE-2, when a service packet with destination AN-8 is received, the ingress LDP transport label X is swapped into BGP label 524280. To reach PE-7, which is the BGP next hop for traffic toward AN-8, another LDP transport label 524281 is pushed to the packet, as follows:
*A:PE-2# show router ldp bindings active prefixes prefix 192.0.2.7/32
===============================================================================
LDP Bindings (IPv4 LSR ID 192.0.2.2)
(IPv6 LSR ID ::)
===============================================================================
Label Status:
U - Label In Use, N - Label Not In Use, W - Label Withdrawn
WP - Label Withdraw Pending, BU - Alternate For Fast Re-Route
e - Label ELC
FEC Flags:
LF - Lower FEC, UF - Upper FEC, M - Community Mismatch,
BA - ASBR Backup FEC
(S) - Static (M) - Multi-homed Secondary Support
(B) - BGP Next Hop (BU) - Alternate Next-hop for Fast Re-Route
(I) - SR-ISIS Next Hop (O) - SR-OSPF Next Hop
(C) - FEC resolved with class-based-forwarding
===============================================================================
LDP IPv4 Prefix Bindings (Active)
===============================================================================
Prefix Op
IngLbl EgrLbl
EgrNextHop EgrIf/LspId
-------------------------------------------------------------------------------
192.0.2.7/32 Push
-- 524281
192.168.23.2 1/1/1
192.0.2.7/32 Swap
524281 524281
192.168.23.2 1/1/1
-------------------------------------------------------------------------------
No. of IPv4 Prefix Active Bindings: 2
===============================================================================
The next hop is ABR-3, where the ingress label 524281 is swapped to egress label 524282, as follows:
*A:ABR-3# show router ldp bindings active prefixes prefix 192.0.2.7/32
===============================================================================
LDP Bindings (IPv4 LSR ID 192.0.2.3)
(IPv6 LSR ID ::)
===============================================================================
Label Status:
U - Label In Use, N - Label Not In Use, W - Label Withdrawn
WP - Label Withdraw Pending, BU - Alternate For Fast Re-Route
e - Label ELC
FEC Flags:
LF - Lower FEC, UF - Upper FEC, M - Community Mismatch,
BA - ASBR Backup FEC
(S) - Static (M) - Multi-homed Secondary Support
(B) - BGP Next Hop (BU) - Alternate Next-hop for Fast Re-Route
(I) - SR-ISIS Next Hop (O) - SR-OSPF Next Hop
(C) - FEC resolved with class-based-forwarding
===============================================================================
LDP IPv4 Prefix Bindings (Active)
===============================================================================
Prefix Op
IngLbl EgrLbl
EgrNextHop EgrIf/LspId
-------------------------------------------------------------------------------
192.0.2.7/32 Push
-- 524282
192.168.34.2 1/1/1
192.0.2.7/32 Swap
524281 524282
192.168.34.2 1/1/1
-------------------------------------------------------------------------------
No. of IPv4 Prefix Active Bindings: 2
===============================================================================
In the subsequent LSRs, the transport label is swapped, as follows:
On P-4:
*A:P-4# show router ldp bindings active prefixes prefix 192.0.2.7/32
---snip---
192.0.2.7/32 Swap
524282 524282
192.168.45.2 1/1/1
---snip---
On P-5:
*A:P-5# show router ldp bindings active prefixes prefix 192.0.2.7/32
---snip---
192.0.2.7/32 Swap
524282 524282
192.168.56.2 1/1/1
---snip---
On ABR-6, the LDP label 524282 is swapped to 524287:
*A:ABR-6# show router ldp bindings active prefixes prefix 192.0.2.7/32
---snip---
192.0.2.7/32 Swap
524282 524287
192.168.67.2 1/1/1
---snip---
On PE-7, the LDP label 524287 is popped, as follows:
*A:PE-7# show router ldp bindings active prefixes prefix 192.0.2.7/32
---snip---
192.0.2.7/32 Pop
524287 --
-- --
---snip---
The BGP label is also popped and mapped onto LDP label 524287 that will be pushed by PE-7 on packets toward AN-8.
*A:PE-7# show router ldp bindings active prefixes prefix 192.0.2.8/32
===============================================================================
LDP Bindings (IPv4 LSR ID 192.0.2.7)
(IPv6 LSR ID ::)
===============================================================================
Label Status:
U - Label In Use, N - Label Not In Use, W - Label Withdrawn
WP - Label Withdraw Pending, BU - Alternate For Fast Re-Route
e - Label ELC
FEC Flags:
LF - Lower FEC, UF - Upper FEC, M - Community Mismatch,
BA - ASBR Backup FEC
(S) - Static (M) - Multi-homed Secondary Support
(B) - BGP Next Hop (BU) - Alternate Next-hop for Fast Re-Route
(I) - SR-ISIS Next Hop (O) - SR-OSPF Next Hop
(C) - FEC resolved with class-based-forwarding
===============================================================================
LDP IPv4 Prefix Bindings (Active)
===============================================================================
Prefix Op
IngLbl EgrLbl
EgrNextHop EgrIf/LspId
-------------------------------------------------------------------------------
192.0.2.8/32 Push
-- 524287
192.168.78.2 1/1/1
192.0.2.8/32 Swap
524281 524287
192.168.78.2 1/1/1
-------------------------------------------------------------------------------
No. of IPv4 Prefix Active Bindings: 2
===============================================================================
OAM
The following operations, administration, and maintenance (OAM) commands can be launched to validate an LDP FEC stitched to a BGP IPv4 labeled route and vice versa.
*A:PE-2# oam lsp-ping bgp-label prefix 192.0.2.8/32
LSP-PING 192.0.2.8/32: 80 bytes MPLS payload
Seq=1, send from intf int-PE-2-ABR-3, reply from 192.0.2.8
udp-data-len=32 ttl=255 rtt=7.31ms rc=4 (NoFECMapping)
---- LSP 192.0.2.8/32 PING Statistics ----
1 packets sent, 1 packets received, 0.00% packet loss
round-trip min = 7.31ms, avg = 7.31ms, max = 7.31ms, stddev = 0.000ms
In a similar way, LSP trace can validate LDP FEC to BGP label route stitching:
*A:PE-2# oam lsp-trace bgp-label prefix 192.0.2.8/32
lsp-trace to 192.0.2.8/32: 0 hops min, 0 hops max, 104 byte packets
1 192.0.2.3 rtt=0.696ms rc=8(DSRtrMatchLabel)
2 192.0.2.4 rtt=3.08ms rc=8(DSRtrMatchLabel)
3 192.0.2.5 rtt=3.33ms rc=8(DSRtrMatchLabel)
4 192.0.2.6 rtt=4.78ms rc=8(DSRtrMatchLabel)
5 192.0.2.7 rtt=5.76ms rc=8(DSRtrMatchLabel) rsc=1
6 192.0.2.8 rtt=6.38ms rc=4(NoFECMapping) rsc=1
The detailed output includes the BGP label to LDP label mapping information at the PE:
*A:PE-2# oam lsp-trace bgp-label prefix 192.0.2.8/32 detail
lsp-trace to 192.0.2.8/32: 0 hops min, 0 hops max, 104 byte packets
1 192.0.2.3 rtt=1.40ms rc=8(DSRtrMatchLabel)
2 192.0.2.4 rtt=2.60ms rc=8(DSRtrMatchLabel)
3 192.0.2.5 rtt=3.67ms rc=8(DSRtrMatchLabel)
4 192.0.2.6 rtt=4.53ms rc=8(DSRtrMatchLabel)
5 192.0.2.7 rtt=6.41ms rc=8(DSRtrMatchLabel) rsc=1
DS 1: ipaddr=192.168.78.2 ifaddr=192.168.78.2 iftype=ipv4Numbered MRU=1560
label[1]=524287 protocol=3(LDP)
6 192.0.2.8 rtt=7.05ms rc=4(NoFECMapping) rsc=1
Block BGP label bindings to LDP DU peers
On a PE, labeled BGP prefixes are exported to LDP to allow LDP DoD peers to request these labels. LDP DU peers will also get all labeled BGP prefixes if not explicitly blocked by an LDP export policy, based on prefix lists. This can result in a high administrative and operational effort in large networks.
Blocking BGP label bindings to LDP DU peers is less labor-intensive because per-peer export policies are re-evaluated on NH type change (such as from BGP to LDP or to "unresolved state"), not only on a configuration change.
Block BGP label bindings to LDP DU peer PE-9 shows the extended topology used for this configuration. The additional PE router, PE-9, does not need to know the BGP labeled prefixes. LDP DU is used between PE-7 and PE-9.
Blocking BGP label bindings to LDP DU peers can be achieved in two ways:
LDP export policy based on prefix list.
LDP export policy based on BGP NH type change. No prefix list is required.
To compare the two, both are described.
LDP export policy based on prefix list
Before applying the policy to block BGP label bindings from PE-7 to PE-9, the LDP bindings on PE-9 for prefix 192.0.2.1 are the following:
*A:PE-9# show router ldp bindings prefixes prefix 192.0.2.1/32
===============================================================================
LDP Bindings (IPv4 LSR ID 192.0.2.9)
(IPv6 LSR ID ::)
===============================================================================
Label Status:
U - Label In Use, N - Label Not In Use, W - Label Withdrawn
WP - Label Withdraw Pending, BU - Alternate For Fast Re-Route
e - Label ELC
FEC Flags:
LF - Lower FEC, UF - Upper FEC, M - Community Mismatch,
BA - ASBR Backup FEC
===============================================================================
LDP IPv4 Prefix Bindings
===============================================================================
Prefix
Peer FEC-Flags
IgrLbl EgrLbl
EgrNextHop EgrIntf/LspId
-------------------------------------------------------------------------------
192.0.2.1/32
192.0.2.7:0
-- 524279
-- --
-------------------------------------------------------------------------------
No. of IPv4 Prefix Bindings: 1
===============================================================================
The following policy created on PE-7 is based on a prefix list that only contains the system address of the remote AN: 192.0.2.1.
# on PE-7:
configure
router
policy-options
begin
prefix-list "remote_AN_prefixes"
prefix 192.0.2.1/32 exact
exit
policy-statement "block_BGP_bindings_remote_AN_pol"
entry 10
from
prefix-list "remote_AN_prefixes"
exit
action drop
exit
exit
exit
commit
exit
The policy is applied on PE-7 in the ldp session-parameters context for peer 192.0.2.9.
# on PE-7:
configure
router
ldp
session-parameters
peer 192.0.2.9
export-prefixes "block_BGP_bindings_remote_AN_pol"
exit
exit
exit
After the policy is applied, there are no LDP bindings for prefix 192.0.2.1 on PE-9:
*A:PE-9# show router ldp bindings prefixes prefix 192.0.2.1/32
===============================================================================
LDP Bindings (IPv4 LSR ID 192.0.2.9)
(IPv6 LSR ID ::)
===============================================================================
Label Status:
U - Label In Use, N - Label Not In Use, W - Label Withdrawn
WP - Label Withdraw Pending, BU - Alternate For Fast Re-Route
e - Label ELC
FEC Flags:
LF - Lower FEC, UF - Upper FEC, M - Community Mismatch,
BA - ASBR Backup FEC
===============================================================================
LDP IPv4 Prefix Bindings
===============================================================================
Prefix
Peer FEC-Flags
IgrLbl EgrLbl
EgrNextHop EgrIntf/LspId
-------------------------------------------------------------------------------
No Matching Entries Found
===============================================================================
The original situation is restored by removing the export prefixes in the ldp session-parameters context on PE-7.
*A:PE-7# configure router ldp session-parameters peer 192.0.2.9 no export-prefixes
*A:PE-9# show router ldp bindings prefixes prefix 192.0.2.1/32
===============================================================================
LDP Bindings (IPv4 LSR ID 192.0.2.9)
(IPv6 LSR ID ::)
===============================================================================
Label Status:
U - Label In Use, N - Label Not In Use, W - Label Withdrawn
WP - Label Withdraw Pending, BU - Alternate For Fast Re-Route
e - Label ELC
FEC Flags:
LF - Lower FEC, UF - Upper FEC, M - Community Mismatch,
BA - ASBR Backup FEC
===============================================================================
LDP IPv4 Prefix Bindings
===============================================================================
Prefix
Peer FEC-Flags
IgrLbl EgrLbl
EgrNextHop EgrIntf/LspId
-------------------------------------------------------------------------------
192.0.2.1/32
192.0.2.7:0
-- 524279
-- --
-------------------------------------------------------------------------------
No. of IPv4 Prefix Bindings: 1
===============================================================================
LDP export policy based on BGP NH type change
The from protocol bgp argument will have a different meaning in the context of per-peer and targeted export policies. For those types of policies, policies are re-evaluated on NH type change; for example, from BGP to LDP or from LDP to "unresolved state". This requires less configuration because no prefix list needs to be specified. The following policy is configured on PE-7.
# on PE-7:
configure
router
policy-options
begin
policy-statement "block_BGP_to_LDP_DU_policy"
entry 10
from
protocol bgp
exit
action drop
exit
exit
exit
commit
exit
The policy is applied in the LDP session-parameter context for peer 192.0.2.9.
# on PE-7:
configure
router
ldp
session-parameters
peer 192.0.2.9
export-prefixes "block_BGP_to_LDP_DU_policy"
exit
exit
exit
PE-7 will not send BGP label mapping information for prefix 192.0.2.1/32 to PE-9, or for any other prefix of a remote AN. In this example, AN-1 with prefix 192.0.2.1/32 is the only remote AN for PE-7.
*A:PE-9# show router ldp bindings prefixes prefix 192.0.2.1/32
===============================================================================
LDP Bindings (IPv4 LSR ID 192.0.2.9)
(IPv6 LSR ID ::)
===============================================================================
Label Status:
U - Label In Use, N - Label Not In Use, W - Label Withdrawn
WP - Label Withdraw Pending, BU - Alternate For Fast Re-Route
e - Label ELC
FEC Flags:
LF - Lower FEC, UF - Upper FEC, M - Community Mismatch,
BA - ASBR Backup FEC
===============================================================================
LDP IPv4 Prefix Bindings
===============================================================================
Prefix
Peer FEC-Flags
IgrLbl EgrLbl
EgrNextHop EgrIntf/LspId
-------------------------------------------------------------------------------
No Matching Entries Found
===============================================================================
Conclusion
LDP FEC to BGP label route stitching allows LDP-capable PE devices, such as DSLAMs, to offer services to LDP-capable PE devices in other areas or domains without the need to support BGP labeled routes. This feature can be used in a seamless MPLS environment.