Seamless MPLS with BGP labeled unicast (BGP-LU)

Seamless Multi-Protocol Label Switching (MPLS) is a network architecture that extends MPLS networks to integrate access and aggregation networks into a single MPLS domain, to solve the scaling problems in flat MPLS-based deployments. Seamless MPLS transport partitions the core, aggregation, and access networks into isolated IGP/LDP domains. Seamless MPLS does not define any new protocols or technologies and is based on existing and well-known ones. Seamless MPLS provides end-to-end service-independent transport, separating the service and transport plane. Therefore, it removes the need for service-specific configurations in network transport nodes. Service provisioning is restricted only at the points of the network where it is required.

Note: Service configuration is not yet supported with BGP-LU in the current release.

When BGP is used to distribute a route, it can also distribute an MPLS label that is mapped to that route. The label mapping information is appended to the BGP update message that is used to distribute the route. This is described in RFC 3107, Carrying Label Information in BGP-4.

AN routers in a regional area learn the reachability of AN routers in other regional areas through BGP labeled routes redistributed by the local ABRs (RFC 3107).

The label stack contains three labels for packets sent in a VPN service between the access nodes:

  • The ANs push a service label to the packets sent in the VPN service. The service label remains unchanged end-to-end between ANs. The service label is popped by the remote AN and is the inner label of the label stack.

    Note: Service configuration is not yet supported with BGP-LU in the current release.
  • The BGP label is the middle label of the label stack and should be regarded as a transport label. The transport label stack is increased to two labels: BGP and LDP transport labels. The BGP label is pushed by the iLER AN and is swapped at the BGP next hop, which can be one of the two local ABRs. Both ABRs are configured with next-hop-self. The BGP label is also swapped by the remote ABR.

  • The iLER AN pushes an LDP transport label to the packets sent to the remote AN to reach the BGP next hop. At the local ABR, the LDP transport label is popped and a new LDP transport label is pushed to reach the BGP next hop (remote ABR). The LDP transport label is swapped in every label switching router (LSR) and popped by the ABR nearest to the remote AN. That ABR pops the LDP transport label, swaps the BGP label, and pushes an LDP transport label to reach the remote eLER AN.

Configuration

The following diagram shows the example topology that is used in this chapter. In the regional areas and in the core area IS-IS L2 capability is used.

Figure 1. Seamless MPLS - IGP/LDP domains

To configure Seamless MPLS, see the following sections:

Note: Example configurations are not provided for all nodes in the domain. The provided examples do illustrate the basic configuration required to enable Seamless MPLS, which can be repurposed for other nodes as required.

Initial configuration for Seamless MPLS

The following sections describe the initial configurations required on all nodes to enable Seamless MPLS.

Configuring interfaces

Configure the required routing interfaces and add them to the network-instance.

Configure interfaces (ABR-2)

The following example output shows the interface configuration on ABR-2.

# on ABR-2:
    interface ethernet-1/2 {
        description ABR2-AN1
        admin-state enable
        subinterface 1 {
            admin-state enable
            ipv4 {
                admin-state enable
                address 192.168.12.2/30 {
                }
            }
        }
    }
    interface ethernet-1/1 {
        description ABR2-P3
        admin-state enable
        subinterface 1 {
            admin-state enable
            ipv4 {
                admin-state enable
                address 192.168.23.1/30 {
                }
            }
        }
    }
    interface system0 {
        admin-state enable
        subinterface 0 {
            admin-state enable
            ipv4 {
                admin-state enable
                address 192.0.2.2/32 {
                }
            }
        }
    }

Add interfaces to the network instance

# on ABR-2:
    network-instance default {
        interface ABR2-P3 {
            interface-ref {
                interface ethernet-1/1
                subinterface 1
            }
        }
        interface ABR2-AN1 {
            interface-ref {
                interface ethernet-1/2
                subinterface 1
            }
        }
        interface system0.0 {
        }

Configuring IS-IS

Configure IS-IS on each of the nodes.

The core area and regional areas run isolated IS-IS instances. ABRs run two IS-IS instances: instance 0 belongs to the core and instance 1 belongs to the access network.

Configure IS-IS on the core instance

On the core instance, all ABRs and Ps require level 2 (L2) capability, as shown in the following example.

# on ABR-2:
    network-instance default {
        protocols {
            isis {
                instance ISIS-0 {
                    admin-state enable
                    instance-id 0
                    level-capability L2
                    iid-tlv true
                    net [
                        49.0000.0000.0000.0002.00
                    ]
                    ipv4-unicast {
                        admin-state enable
                    }
                    interface ethernet-1/1.1 {
                        circuit-type point-to-point
                        ipv4-unicast {
                            admin-state enable
                        }
                        level 2 {
                        }
                    }
                    interface system0.0 {
                        admin-state enable
                        passive true
                        ipv4-unicast {
                            admin-state enable
                        }
                        level 2 {
                        }
                    }
                }

Configure IS-IS on the access instance

On the access instance, all ABRs and ANs also require L2 capability, as shown in the following example.

# on ABR-2:
    network-instance default {
        protocols {
            isis {
                instance ISIS-1 {
                    admin-state enable
                    instance-id 1
                    level-capability L2
                    iid-tlv true
                    net [
                        49.0001.0000.0000.0002.00
                    ]
                    interface ethernet-1/2.1 {
                        circuit-type point-to-point
                        ipv4-unicast {
                            admin-state enable
                        }
                        level 2 {
                        }
                    }
                    interface system0.0 {
                        admin-state enable
                        passive true 
                        ipv4-unicast {
                            admin-state enable
                        }
                        level 2 {
                        }
                    }
                }
            }
        }
    }

Configuring MPLS label blocks

Configure label blocks for LDP and for BGP-LU labels.

Configure label blocks for LDP and BGP-LU

--{ + candidate shared default }--[  ]--
# /info system mpls label-ranges
    system {
        mpls {
            label-ranges {
                dynamic D1 {
                    start-label 200
                    end-label 299
                }
                dynamic bgp-lu-block {
                    start-label 12001
                    end-label 13000
                }
            }
        }
    }

Configuring LDP

Enable Link LDP on all router interfaces on all nodes.

Configure Link LDP (ABR-2)

# on ABR-2:
    network-instance default {
        protocols {
            ldp {
                admin-state enable
                dynamic-label-block D1
                discovery {
                    interfaces {
                        interface ethernet-1/1.1 {
                            ipv4 {
                                admin-state enable
                            }
                        }
                        interface ethernet-1/2.1 {
                            ipv4 {
                                admin-state enable
                            }
                        }
                    }
                }
            }
        }
    }

BGP configuration for Seamless MPLS

BGP is configured on all ABRs and all ANs. P-3 acts as a core Route Reflector (RR). To allow for separation of core/access IGP domains, the ABRs become RRs inline and implement next-hop-self on labeled IPv4 BGP prefixes. The following diagram shows the exchange of iBGP Labeled Unicast (LU) routes.

Figure 2. Seamless MPLS – BGP-LU

The following sections describe the BGP configurations required on all nodes to enable Seamless MPLS.

Configuring BGP on ABRs

Configure two BGP groups on the ABRs: one group toward the core RR and another group toward the AN. Enable advertise-inactive on the BGP group toward the core.

The /32 system IP addresses, learned in labeled BGP, are also learned in IS-IS. Because IS-IS has a lower preference compared to iBGP, the IS-IS routes are installed in the routing table. BGP default behavior only advertises those prefixes that were elected by RTM and used.

Note: While the BGP examples show ipv4-labeled-unicast configurations, ipv6-labeled-unicast is also supported.

Configure BGP core on ABRs

# on ABR-2:
    network-instance default 
        protocols {
            bgp {
                admin-state enable
                autonomous-system 64496
                router-id 192.0.2.2 
                best-path-selection {
                    advertise-inactive true
                }
                bgp-label {
                    labeled-unicast {
                        dynamic-label-block bgp-lu-block
                    }
                }
                afi-safi ipv4-labeled-unicast {
                    admin-state enable
                    ipv4-labeled-unicast {
                        next-hop-resolution {
                            ipv4-next-hops {
                                route-resolution {
                                    ignore-default-routes true
                                }
                                tunnel-resolution {
                                    allowed-tunnel-types [
                                        ldp
                                    ]
                                }
                            }
                        }
                    }
                }
                group AN {
                    admin-state enable
                    peer-as 64496
                    }
                group core {
                    admin-state enable
                    peer-as 64496
                    route-reflector {
                        cluster-id 10.2.2.2
                        client true
                    }
                }
                neighbor 192.0.2.1 {
                    description AN1
                    next-hop-self true
                    peer-group AN
                    }
                neighbor 192.0.2.3 {
                    description coreRR_P3
                    next-hop-self true 
                    peer-group core
                }
            }
Note:
  • To enable ECMP, set afi-safi [ipv4-labeled-unicast | ipv6-labeled-unicast] multipath max-path-level-1 to a value greater than 1. The value of max-path-level-1 sets the maximum number of ECMP forwarding paths, including the best path, for a BGP prefix. The additional non-best-path labeled RIB-INs are added to the ECMP NHG.

  • Under tunnel-resolution allowed-tunnel-types, you can specify sr-isis to enable the use of SR-ISIS tunnels for next-hop resolution of BGP-LU traffic as an alternative to LDP, if SR-ISIS is configured in your domain.

Configuring BGP on the core RR

Configure BGP on the core RR

# on P-3:
    network-instance default 
        protocols {
            bgp {
                admin-state enable
                autonomous-system 64496
                router-id 192.0.2.3 
                best-path-selection {
                    advertise-inactive true
                }
                bgp-label {
                    labeled-unicast {
                        dynamic-label-block bgp-lu-block
                    }
                }
                afi-safi ipv4-labeled-unicast {
                    admin-state enable
                    ipv4-labeled-unicast {
                        next-hop-resolution {
                            ipv4-next-hops {
                                tunnel-resolution {
                                    allowed-tunnel-types [
                                        ldp
                                    ]
                                }
                            }
                        }
                    }
                }
                group core {
                    admin-state enable
                    peer-as 64496
                    afi-safi ipv4-labeled-unicast {
                        admin-state enable
                    }
                    route-reflector {
                        cluster-id 10.3.3.3
                    }
                }
                neighbor 192.0.2.2 {
                    description ABR-2
                    peer-group core
                    route-reflector {
                        cluster-id 10.3.3.3   
                        client true
                    }
                }
                neighbor 192.0.2.4 {
                    description ABR-4
                    peer-group core
                    route-reflector {
                        cluster-id 10.3.3.3 
                        client true
                    }
                }
            }

Configuring BGP on ANs toward ABRs

Configure BGP on AN-1 toward ABR

Configuring afi-safi ipv4-labeled-unicast indicates that all advertised IPv4 prefixes are sent to the remote BGP peer as an RFC 3107 formatted label. The next-hop-self command only applies to labeled IPv4 prefixes.

# on AN-1:
    network-instance default 
        protocols {
            bgp {
                admin-state enable
                autonomous-system 64496
                router-id 192.0.2.1
                best-path-selection {
                    advertise-inactive true
                }
                bgp-label {
                    labeled-unicast {
                        dynamic-label-block bgp-lu-block
                    }
                }
                afi-safi ipv4-labeled-unicast {
                    admin-state enable
                    ipv4-labeled-unicast {
                        next-hop-resolution {
                            ipv4-next-hops {
                                route-resolution {
                                    ignore-default-routes true
                                }
                                tunnel-resolution {
                                    allowed-tunnel-types [
                                        ldp
                                    ]
                                }
                            }
                        }
                    }
                }
                group ABRs {
                    admin-state enable
                    peer-as 64496
                    afi-safi ipv4-labeled-unicast {
                        admin-state enable
                    }
                }
                neighbor 192.0.2.2 {
                    description ABR2
                    peer-group ABRs
                }
            }

You can show the BGP sessions with the show network-instance default protocols bgp neighbor command.

Export policy configuration for Seamless MPLS

A policy is required on the ANs to advertise the system IP address in labeled BGP toward the ABRs. The same policy is required on the ABRs to advertise their system IP address in labeled BGP toward the core and the AN.

Configuring export policies on ANs and ABRs

Configure a policy on ANs and ABRs

# on AN-1 and ABR-2:
    routing-policy {
        prefix-set local-loopback {
            prefix 192.0.2.1/32 mask-length-range exact {
            }
        }
        policy export-system {
            statement 10 {
                match {
                    prefix-set local-loopback
                    protocol local
                }
                action {
                    policy-result accept
                }
            }
        }
    }

Apply the policy on AN-1

You can apply the export policy to BGP in one of the following bgp contexts:
  • protocols bgp
  • protocols bgp neighbor
  • protocols bgp group

Or to apply the policy to BGP-LU only, use one of the following contexts:

  • protocols bgp afi-safi ipv4-labeled-unicast
  • protocols bgp neighbor afi-safi ipv4-labeled-unicast
  • protocols bgp group afi-safi ipv4-labeled-unicast

In this example, the export policy is applied to BGP-LU in the group ABRs on AN-1, as follows:

# on AN-1:
    network-instance default {
        protocols {
            bgp {
                group ABRs {
                    afi-safi ipv4-labeled-unicast {
                        export-policy export-system
                    }
                }
            }
        }
    }

Apply the policy on ABR-2

The same export policy is applied in the group core on ABR-2, as follows:

# on ABR-2:
    network-instance default {
        protocols {
            bgp {
                group core {
                    afi-safi ipv4-labeled-unicast {
                        export-policy export-system
                    }
                }
            }
        }
    }

A similar export policy is required to export prefix 192.0.2.5 from AN-5 to ABR-4 and from ABR-4 to the RR in the core network, P-3.

Use the show network-instance default route-table command to display the route table. The prefix of the remote AN should be added to the routing table in AN-1.