Pop-Label for /32 Label-IPv4 BGP Routes
This chapter describes the pop-label for /32 label-IPv4 BGP routes.
Topics in this chapter include:
Applicability
This chapter was initially written based on SR OS Release 15.0.R5, but the CLI in the current edition is based on SR OS Release 23.7.R2.
Pop label for /32 label-IPv4 BGP routes is supported in SR OS Release 15.0.R1 and later.
Overview
Labeled IPv4 routes are used in seamless MPLS and in VPRN inter-AS model C scenarios. In these scenarios, transport tunnels run through multiple domains, where the area border routers (ABRs) or autonomous system border routers (ASBRs) effectively stitch LDP/RSVP tunnels to BGP tunnels. For inter-AS model C, the domain is an autonomous system (AS); for seamless MPLS, the domain is a part of an autonomous system. In either case, an end-to-end transport tunnel can be considered as a concatenation of multiple transport tunnels; as illustrated in Stitching RSVP/LDP tunnels to BGP tunnels.
Pop-label for /32 label-IPv4 routes allows operators to save on resources used in the network (less swap ingress label mapping entries in the data path) and can be implemented at the border routers (ABR or ASBR) for /32 label-IPv4 BGP routes that are originated by exporting static, OSPF, or IS-IS routes from the route table into BGP.
Pop label for /32 label-IPv4 BGP routes provides a tighter coupling between the LDP/RSVP-TE and the BGP tunnels stitched at the ABR or ASBR, as follows:
By implementing an accept policy action (without the advertise-label pop modifier) for the /32 addresses in a route-table-import policy. The router advertises a /32 label-IPv4 route with a label that is swapped when an LDP/RSVP-TE is available, and withdrawn when the last LDP/RSVP-TE tunnel to that /32 prefix goes down. This applies to PEs with services, but should not be applied for route reflectors (RRs) when VPN addresses will be exchanged across EBGP sessions, because withdrawing labels for RRs would break the exchange of VPN routes. For the use of the route-table-import command, see the Separate BGP RIBs for Labeled Routes chapter.
By implementing the accept policy action with the advertise-label pop modifier for some system addresses in a route-table-import policy. The router advertises a /32 label-IPv4 route with a label that is popped rather than swapped, in case no LDP/RSVP-TE tunnel is available to that /32 prefix. This particularly applies to infrastructure nodes, for example off-data-path RRs, which do not participate in MPLS. RRs in different ASs, for example, still must be able to peer with each other through a multi-hop EBGP session, for the exchange of VPN routes belonging to the different services.
The advertise-label pop modifier can be used for the label-IPv4 redistribution of /32 prefixes of:
OSPF and IS-IS routes
Static routes:
Direct next-hop
Indirect next-hop
Blackhole
Redistributing /32 blackhole static routes does not require the advertise-label pop modifier; the label-IPv4 route is always advertised to the peer AS, and popped by the data plane.
The configuration in this chapter describes the redistribution of /32 prefixes for IS-IS routes. The redistribution of /32 routes for OSPF and the different static route types is similar.
Configuration
Example topology shows the example topology, depicting the inter-AS scenario also used in the "Inter-AS VPRN Model C" chapter. PE-1 and PE-5 host VPRN service "VPRN-1", with 10.0.1.1/32 and 10.0.1.5/32 being the loopback addresses for this service on PE-1 and PE-5, respectively. In AS 64496, RR-3 is the IPv4 VPN RR, and ASBR-4 is the label-IPv4 RR toward clients PE-1 and PE-2. In AS 64497, RR-7 is the IPv4 VPN RR, and ASBR-8 is the label-IPv4 RR toward clients PE-5 and PE-6. IS-IS is the IGP for AS 64496 and 64497, and ASBR-4 and ASBR-8 are their respective ASBRs. Additionally, and in support for model C, the RR-3 and RR-7 RRs require a multi-hop IPv4 VPN EBGP connection.
The initial configuration includes:
Cards, MDAs, and ports.
Router interfaces.
IS-IS as IGP on all interfaces within AS 64496 and AS 64497 (alternatively, OSPF can be used).
LDP configured between PE-1, PE-2, and ASBR-4 in AS 64496, and between PE-5, PE-6, and ASBR-8 in AS 64497. The RR-3 and RR-7 RRs are off-data-path and do not have LDP enabled.
Base configuration
In this example topology, the PEs and the ASBRs generate labeled routes. The export policy configured on PE-1, PE-2, PE-5, and PE-6 advertises the system address 192.0.2.x/32. The export policy configured on the ASBRs advertises the system address of the RR. ASBR-4 and ASBR-8 advertise the system addresses of the PEs and the RRs to each other. The transport tunnels available in ASs 64496 and 64497 are LDP tunnels.
PE-1 and PE-2 peer with RR RR-3 for IPv4 VPN routes, and with RR ASBR-4 for label-IPv4 routes. This enables PE-1 and PE-2 to exchange service traffic with the PEs in the peer AS. Their internal BGP configuration is as follows:
# on PE-1, PE-2:
configure
router Base
policy-options
begin
prefix-list "sys"
prefix 192.0.2.0/29 prefix-length-range 32-32
exit
policy-statement "exp-sys"
entry 10
from
protocol direct
prefix-list "sys"
exit
action accept
exit
exit
exit
commit
exit
autonomous-system 64496
bgp
loop-detect discard-route
split-horizon
group "IBGP"
peer-as 64496
neighbor 192.0.2.3
family vpn-ipv4
exit
neighbor 192.0.2.4
family label-ipv4
export "exp-sys"
exit
exit
exit
RR-3 is the IPv4 VPN RR for internal clients, using cluster ID 192.0.2.3, so it maintains IBGP sessions with PE-1 and PE-2. RR-3 also maintains a multi-hop EBGP session with RR-7, which is the RR for clients PE-5 and PE-6 in AS 64497. The vpn-apply-import, vpn-apply-export, and import and export commands can be used at bgp, group, or neighbor level for selectively exchanging dedicated VPN routes. The BGP configuration for RR-3 is as follows:
# on RR-3:
configure
router Base
autonomous-system 64496
bgp
loop-detect discard-route
disable-route-table-install
split-horizon
group "EBGP-VPN"
peer-as 64497
local-address 192.0.2.3
neighbor 192.0.2.7
family vpn-ipv4
multihop 10
vpn-apply-export
vpn-apply-import
exit
exit
group "IBGP-VPN"
cluster 192.0.2.3
peer-as 64496
neighbor 192.0.2.1
family vpn-ipv4
exit
neighbor 192.0.2.2
family vpn-ipv4
exit
exit
no shutdown
exit
ASBR-4 is the label-IPv4 RR for internal clients, using cluster ID 192.0.2.4, so it maintains IBGP sessions with PE-1 and PE-2. ASBR-4 imposes next-hop-self on the IBGP advertised label-IPv4 routes. ASBR-4 also maintains an EBGP session with ASBR-8, and requires the advertise-inactive command. The reason for the advertise-inactive command is that the system IP addresses for PEs are advertised in IGP and in BGP. Because the IGP has a lower preference value than BGP, the BGP routes are rendered inactive. By default, inactive BGP routes are not advertised to the peer AS, and the advertise-inactive command bypasses this issue. The BGP configuration for ASBR-4 is as follows:
# on ASBR-4:
configure
router Base
autonomous-system 64496
bgp
loop-detect discard-route
split-horizon
rib-management
label-ipv4
route-table-import "imp-RR-pfxs"
exit
exit
group "EBGP-label"
export "exp-RR"
advertise-inactive
neighbor 192.168.48.2
family label-ipv4
peer-as 64497
exit
exit
group "IBGP-label"
next-hop-self
cluster 192.0.2.4
peer-as 64496
neighbor 192.0.2.1
family label-ipv4
exit
neighbor 192.0.2.2
family label-ipv4
exit
exit
no shutdown
exit
The RR-pfxs prefix list is the exact /32 address of RR-3. The imp-RR-pfxs policy in ASBR-4 matches the RR-pfxs prefix list in entry 10 with action accept and the advertise-label pop modifier. The exp-RR policy is used to advertise the RR prefix to the peer AS. The system prefixes of PE-1 and PE-2 are advertised by the PEs themselves. The policies on ASBR-4 are defined as follows:
# on ASBR-4:
configure
router Base
policy-options
begin
prefix-list "RR-pfxs"
prefix 192.0.2.3/32 exact
exit
policy-statement "exp-RR"
entry 10
from
prefix-list "RR-pfxs"
exit
action accept
exit
exit
exit
policy-statement "imp-RR-pfxs"
entry 10
from
prefix-list "RR-pfxs"
exit
action accept
advertise-label pop
exit
exit
exit
commit
Because RR-3 is deliberately placed off the data path, not participating in MPLS, an indirect static route is added to its configuration so that it can establish an EBGP session with RR-7, as follows:
# on RR-3:
configure
router Base
static-route-entry 192.0.2.7/32
indirect 192.0.2.4
tunnel-next-hop
resolution disabled
exit
no shutdown
exit
exit
The configuration of the nodes in AS 64497 is similar to the nodes in AS 64496; see Example topology for the addresses required.
Redistributing IGP /32 routes to label-IPv4 routes
With the configuration as indicated in the previous section, ASBR-4 advertises the system addresses of PE-1, PE-2, and RR-3 in AS 64496 to ASBR-8 in the peer AS as label-IPv4 routes, as follows:
*A:ASBR-4# show router bgp neighbor 192.168.48.2 advertised-routes label-ipv4
===============================================================================
BGP Router ID:192.0.2.4 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP LABEL-IPV4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
i 192.0.2.1/32 n/a None
192.168.48.1 None 20
64496 524284
i 192.0.2.2/32 n/a None
192.168.48.1 None 10
64496 524283
i 192.0.2.3/32 n/a 10
192.168.48.1 None n/a
64496 524280
-------------------------------------------------------------------------------
Routes : 3
===============================================================================
The label-IPv4 routes are accepted and put in the routing table of ASBR-8. The next hop for all the label-IPv4 routes is 192.168.48.1, as follows:
*A:ASBR-8# show router route-table 192.0.2.0/24 longer
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
192.0.2.1/32 Remote BGP_LABEL 00h07m29s 170
192.168.48.1 0
192.0.2.2/32 Remote BGP_LABEL 00h07m29s 170
192.168.48.1 0
192.0.2.3/32 Remote BGP_LABEL 00h02m21s 170
192.168.48.1 0
192.0.2.5/32 Remote ISIS 00h09m03s 18
192.168.68.1 20
192.0.2.6/32 Remote ISIS 00h09m03s 18
192.168.68.1 10
192.0.2.7/32 Remote ISIS 00h09m03s 18
192.168.78.1 10
192.0.2.8/32 Local Local 00h09m04s 0
system 0
-------------------------------------------------------------------------------
No. of Routes: 7
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================Also, ASBR-8 is advertising label-IPv4 routes to ASBR-4, so that ASBR-4 ultimately has LDP and BGP tunnels available to destinations in its own and its peer AS, respectively, as follows:
*A:ASBR-4# show router tunnel-table
===============================================================================
IPv4 Tunnel Table (Router: Base)
===============================================================================
Destination Owner Encap TunnelId Pref Nexthop Metric
Color
-------------------------------------------------------------------------------
192.0.2.1/32 ldp MPLS 65537 9 192.168.24.1 20
192.0.2.2/32 ldp MPLS 65538 9 192.168.24.1 10
192.0.2.5/32 bgp MPLS 262146 12 192.168.48.2 1000
192.0.2.6/32 bgp MPLS 262145 12 192.168.48.2 1000
192.0.2.7/32 bgp MPLS 262147 12 192.168.48.2 1000
-------------------------------------------------------------------------------
Flags: B = BGP or MPLS backup hop available
L = Loop-Free Alternate (LFA) hop available
E = Inactive best-external BGP route
k = RIB-API or Forwarding Policy backup hop
===============================================================================
The following shows the BGP inter-AS label mapping on ASBR-4:
*A:ASBR-4# show router bgp inter-as-label
===============================================================================
BGP Inter-AS labels
Flags: B - entry has backup, P - entry is promoted
===============================================================================
NextHop Received Advertised Label
Label Label Origin
-------------------------------------------------------------------------------
0.0.0.0 0 524280 Edge
192.0.2.1 524284 524284 Internal
192.0.2.2 524284 524283 Internal
192.168.48.2 524279 524279 External
192.168.48.2 524281 524282 External
192.168.48.2 524284 524281 External
-------------------------------------------------------------------------------
Total Labels allocated: 6
===============================================================================
The first entry in this table, with advertised label 524280, is used for tunnels for which ASBR-4 is the end-point, so that no label mapping is required. This is indicated by setting the next hop to 0.0.0.0, the received label to 0, and the label origin to Edge.
The second and third entries, with advertised labels 524284 and 524283, are used for tunnels to PE-1 and PE-2, respectively. Taking PE-2 as an example, label 524283 is swapped to label 524284.
The last three entries, with advertised labels 524279, 524282, and 524281, and received labels 524279, 524281, and 524284, respectively, are used for tunnels to the PEs and RR in the peer AS, which can be verified by displaying the label-IPv4 routes received by ASBR-4, as follows:
*A:ASBR-4# show router bgp neighbor 192.168.48.2 received-routes label-ipv4
===============================================================================
BGP Router ID:192.0.2.4 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP LABEL-IPV4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 192.0.2.5/32 n/a None
192.168.48.2 None 0
64497 524284
u*>i 192.0.2.6/32 n/a None
192.168.48.2 None 0
64497 524281
u*>i 192.0.2.7/32 n/a 10
192.168.48.2 None 0
64497 524279
-------------------------------------------------------------------------------
Routes : 3
===============================================================================
Verifying the content of the RIB provides an alternative to check whether tunnels are stitched. A check is performed for PE-1, which has service "VPRN-1" defined, and for RR-3, which does not have any services.
On ASBR-4, the label-IPv4 route for the 192.0.2.1/32 prefix in the RIB-In contains the received label 524284 with next hop 192.0.2.1 resolved to an LDP tunnel; in the RIB-Out, the advertised BGP label to next hop 192.168.48.2 is 524284, and the label type is swap, as follows. This is consistent with the output from the previous commands. The label-IPv4 BGP route in RIB-In is valid, but not used on ASBR-4, because an IS-IS route is preferred between PE-1 and ASBR-4 in AS 64496 (TieBreakReason : RtmPref).
*A:ASBR-4# show router bgp routes 192.0.2.1/32 label-ipv4 hunt
===============================================================================
BGP Router ID:192.0.2.4 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP LABEL-IPV4 Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
Network : 192.0.2.1/32
Nexthop : 192.0.2.1
Path Id : None
From : 192.0.2.1
Res. Nexthop : 192.0.2.1 (LDP)
Local Pref. : 100 Interface Name : NotAvailable
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 20
Connector : None
Community : No Community Members
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.1
Fwd Class : None Priority : None
IPv4 Label : 524284
Flags : Valid IGP
TieBreakReason : RtmPref
Route Source : Internal
AS-Path : No As-Path
Route Tag : 0
Neighbor-AS : n/a
DB Orig Val : NotFound Final Orig Val : NotFound
Source Class : 0 Dest Class : 0
Add Paths Send : Default
RIB Priority : Normal
Last Modified : 00h10m05s
-------------------------------------------------------------------------------
RIB Out Entries
-------------------------------------------------------------------------------
Network : 192.0.2.1/32
Nexthop : 192.168.48.1
Path Id : None
To : 192.168.48.2
Res. Nexthop : n/a
Local Pref. : n/a Interface Name : NotAvailable
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 20
Connector : None
Community : No Community Members
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.8
IPv4 Label : 524284 Label Type : SWAP
Lbl Allocation : NEXT-HOP
Origin : IGP
AS-Path : 64496
Route Tag : 0
Neighbor-AS : 64496
DB Orig Val : NotFound Final Orig Val : N/A
Source Class : 0 Dest Class : 0
-------------------------------------------------------------------------------
Routes : 2
===============================================================================
Checking for the 192.0.2.3/32 prefix in the ASBR-4 RIB shows that label 524280 is advertised to 192.168.48.2, and the label type is pop, as follows:
*A:ASBR-4# show router bgp routes 192.0.2.3/32 label-ipv4 hunt
===============================================================================
BGP Router ID:192.0.2.4 AS:64496 Local AS:64496
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP LABEL-IPV4 Routes
===============================================================================
-------------------------------------------------------------------------------
RIB In Entries
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
RIB Out Entries
-------------------------------------------------------------------------------
Network : 192.0.2.3/32
Nexthop : 192.168.48.1
Path Id : None
To : 192.168.48.2
Res. Nexthop : n/a
Local Pref. : n/a Interface Name : NotAvailable
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : 10
AIGP Metric : None IGP Cost : n/a
Connector : None
Community : No Community Members
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 192.0.2.8
IPv4 Label : 524280 Label Type : POP
Lbl Allocation : NEXT-HOP
Origin : IGP
AS-Path : 64496
Route Tag : 0
Neighbor-AS : 64496
DB Orig Val : N/A Final Orig Val : N/A
Source Class : 0 Dest Class : 0
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
RR-3 and RR-7 have a multi-hop EBGP session established and are exchanging VPN routes, as follows:
*A:RR-3# show router bgp summary all
===============================================================================
BGP Summary
===============================================================================
Legend : D - Dynamic Neighbor
===============================================================================
Neighbor
Description
ServiceId AS PktRcvd InQ Up/Down State|Rcv/Act/Sent (Addr Family)
PktSent OutQ
-------------------------------------------------------------------------------
192.0.2.1
Def. Inst 64496 13 0 00h03m15s 2/0/4 (VpnIPv4)
14 0
192.0.2.2
Def. Inst 64496 12 0 00h03m15s 1/0/5 (VpnIPv4)
15 0
192.0.2.7
Def. Inst 64497 9 0 00h01m26s 3/0/3 (VpnIPv4)
9 0
-------------------------------------------------------------------------------
Communication between VPRN-1 on PE-1 and on PE-5 is verified with a ping:
*A:PE-1# ping router 1 10.0.1.5
PING 10.0.1.5 56 data bytes
64 bytes from 10.0.1.5: icmp_seq=1 ttl=64 time=5.82ms.
64 bytes from 10.0.1.5: icmp_seq=2 ttl=64 time=6.49ms.
64 bytes from 10.0.1.5: icmp_seq=3 ttl=64 time=6.69ms.
64 bytes from 10.0.1.5: icmp_seq=4 ttl=64 time=6.43ms.
64 bytes from 10.0.1.5: icmp_seq=5 ttl=64 time=6.70ms.
---- 10.0.1.5 PING Statistics ----
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min = 5.82ms, avg = 6.42ms, max = 6.70ms, stddev = 0.319ms
Shutting down LDP on PE-1 results in ASBR-4 withdrawing the label-IPv4 route for prefix 192.0.2.1/32, as follows:
17 2023/09/27 08:23:26.963 UTC MINOR: DEBUG #2001 Base Peer 1: 192.168.48.2
"Peer 1: 192.168.48.2: UPDATE
Peer 1: 192.168.48.2 - Send BGP UPDATE:
Withdrawn Length = 0
Total Path Attr Length = 15
Flag: 0x90 Type: 15 Len: 11 Multiprotocol Unreachable NLRI:
Address Family LBL-IPV4
192.0.2.1/32 Label 0
"Conclusion
Implementing the advertise-label pop policy action in a route-table-import policy provides operators the means to save on resources used in the network.