Seamless MPLS with BGP labeled unicast (BGP-LU)
Seamless Multi-Protocol Label Switching (MPLS) is a network architecture that extends MPLS networks to integrate access and aggregation networks into a single MPLS domain, to solve the scaling problems in flat MPLS-based deployments. Seamless MPLS transport partitions the core, aggregation, and access networks into isolated IGP/LDP domains. Seamless MPLS does not define any new protocols or technologies and is based on existing and well-known ones. Seamless MPLS provides end-to-end service-independent transport, separating the service and transport plane. Therefore, it removes the need for service-specific configurations in network transport nodes. Service provisioning is restricted only at the points of the network where it is required.
When BGP is used to distribute a route, it can also distribute an MPLS label that is mapped to that route. The label mapping information is appended to the BGP update message that is used to distribute the route. This is described in RFC 3107, Carrying Label Information in BGP-4.
AN routers in a regional area learn the reachability of AN routers in other regional areas through BGP labeled routes redistributed by the local ABRs (RFC 3107).
The label stack contains three labels for packets sent in a VPN service between the access nodes:
-
The ANs push a service label to the packets sent in the VPN service. The service label remains unchanged end-to-end between ANs. The service label is popped by the remote AN and is the inner label of the label stack.
Note: Service configuration is not yet supported with BGP-LU in the current release. -
The BGP label is the middle label of the label stack and should be regarded as a transport label. The transport label stack is increased to two labels: BGP and LDP transport labels. The BGP label is pushed by the iLER AN and is swapped at the BGP next hop, which can be one of the two local ABRs. Both ABRs are configured with next-hop-self. The BGP label is also swapped by the remote ABR.
-
The iLER AN pushes an LDP transport label to the packets sent to the remote AN to reach the BGP next hop. At the local ABR, the LDP transport label is popped and a new LDP transport label is pushed to reach the BGP next hop (remote ABR). The LDP transport label is swapped in every label switching router (LSR) and popped by the ABR nearest to the remote AN. That ABR pops the LDP transport label, swaps the BGP label, and pushes an LDP transport label to reach the remote eLER AN.
Configuration
The following diagram shows the example topology that is used in this chapter. In the regional areas and in the core area IS-IS L2 capability is used.
To configure Seamless MPLS, see the following sections:
- Initial configuration for Seamless MPLS
- BGP configuration for Seamless MPLS
- Configuring BGP on ANs toward ABRs
Initial configuration for Seamless MPLS
The following sections describe the initial configurations required on all nodes to enable Seamless MPLS.
Configuring interfaces
Configure the required routing interfaces and add them to the network-instance.
Configure interfaces (ABR-2)
The following example output shows the interface configuration on ABR-2.
# on ABR-2:
interface ethernet-1/2 {
description ABR2-AN1
admin-state enable
subinterface 1 {
admin-state enable
ipv4 {
admin-state enable
address 192.168.12.2/30 {
}
}
}
}
interface ethernet-1/1 {
description ABR2-P3
admin-state enable
subinterface 1 {
admin-state enable
ipv4 {
admin-state enable
address 192.168.23.1/30 {
}
}
}
}
interface system0 {
admin-state enable
subinterface 0 {
admin-state enable
ipv4 {
admin-state enable
address 192.0.2.2/32 {
}
}
}
}
Add interfaces to the network instance
# on ABR-2:
network-instance default {
interface ABR2-P3 {
interface-ref {
interface ethernet-1/1
subinterface 1
}
}
interface ABR2-AN1 {
interface-ref {
interface ethernet-1/2
subinterface 1
}
}
interface system0.0 {
}Configuring IS-IS
Configure IS-IS on each of the nodes.
The core area and regional areas run isolated IS-IS instances. ABRs run two IS-IS instances: instance 0 belongs to the core and instance 1 belongs to the access network.
Configure IS-IS on the core instance
On the core instance, all ABRs and Ps require level 2 (L2) capability, as shown in the following example.
# on ABR-2:
network-instance default {
protocols {
isis {
instance ISIS-0 {
admin-state enable
instance-id 0
level-capability L2
iid-tlv true
net [
49.0000.0000.0000.0002.00
]
ipv4-unicast {
admin-state enable
}
interface ethernet-1/1.1 {
circuit-type point-to-point
ipv4-unicast {
admin-state enable
}
level 2 {
}
}
interface system0.0 {
admin-state enable
passive true
ipv4-unicast {
admin-state enable
}
level 2 {
}
}
}
Configure IS-IS on the access instance
On the access instance, all ABRs and ANs also require L2 capability, as shown in the following example.
# on ABR-2:
network-instance default {
protocols {
isis {
instance ISIS-1 {
admin-state enable
instance-id 1
level-capability L2
iid-tlv true
net [
49.0001.0000.0000.0002.00
]
interface ethernet-1/2.1 {
circuit-type point-to-point
ipv4-unicast {
admin-state enable
}
level 2 {
}
}
interface system0.0 {
admin-state enable
passive true
ipv4-unicast {
admin-state enable
}
level 2 {
}
}
}
}
}
}
Configuring MPLS label blocks
Configure label blocks for LDP and for BGP-LU labels.
Configure label blocks for LDP and BGP-LU
--{ + candidate shared default }--[ ]--
# /info system mpls label-ranges
system {
mpls {
label-ranges {
dynamic D1 {
start-label 200
end-label 299
}
dynamic bgp-lu-block {
start-label 12001
end-label 13000
}
}
}
}Configuring LDP
Enable Link LDP on all router interfaces on all nodes.
Configure Link LDP (ABR-2)
# on ABR-2:
network-instance default {
protocols {
ldp {
admin-state enable
dynamic-label-block D1
discovery {
interfaces {
interface ethernet-1/1.1 {
ipv4 {
admin-state enable
}
}
interface ethernet-1/2.1 {
ipv4 {
admin-state enable
}
}
}
}
}
}
}BGP configuration for Seamless MPLS
BGP is configured on all ABRs and all ANs. P-3 acts as a core Route Reflector (RR). To allow for separation of core/access IGP domains, the ABRs become RRs inline and implement next-hop-self on labeled IPv4 BGP prefixes. The following diagram shows the exchange of iBGP Labeled Unicast (LU) routes.
The following sections describe the BGP configurations required on all nodes to enable Seamless MPLS.
Configuring BGP on ABRs
Configure two BGP groups on the ABRs: one group toward the core RR and another group toward the AN. Enable advertise-inactive on the BGP group toward the core.
The /32 system IP addresses, learned in labeled BGP, are also learned in IS-IS. Because IS-IS has a lower preference compared to iBGP, the IS-IS routes are installed in the routing table. BGP default behavior only advertises those prefixes that were elected by RTM and used.
Configure BGP core on ABRs
# on ABR-2:
network-instance default
protocols {
bgp {
admin-state enable
autonomous-system 64496
router-id 192.0.2.2
best-path-selection {
advertise-inactive true
}
bgp-label {
labeled-unicast {
dynamic-label-block bgp-lu-block
}
}
afi-safi ipv4-labeled-unicast {
admin-state enable
ipv4-labeled-unicast {
next-hop-resolution {
ipv4-next-hops {
route-resolution {
ignore-default-routes true
}
tunnel-resolution {
allowed-tunnel-types [
ldp
]
}
}
}
}
}
group AN {
admin-state enable
peer-as 64496
}
group core {
admin-state enable
peer-as 64496
route-reflector {
cluster-id 10.2.2.2
client true
}
}
neighbor 192.0.2.1 {
description AN1
next-hop-self true
peer-group AN
}
neighbor 192.0.2.3 {
description coreRR_P3
next-hop-self true
peer-group core
}
}-
To enable ECMP, set afi-safi [ipv4-labeled-unicast | ipv6-labeled-unicast] multipath max-path-level-1 to a value greater than 1. The value of max-path-level-1 sets the maximum number of ECMP forwarding paths, including the best path, for a BGP prefix. The additional non-best-path labeled RIB-INs are added to the ECMP NHG.
-
Under tunnel-resolution allowed-tunnel-types, you can specify sr-isis to enable the use of SR-ISIS tunnels for next-hop resolution of BGP-LU traffic as an alternative to LDP, if SR-ISIS is configured in your domain.
Configuring BGP on the core RR
Configure BGP on the core RR
# on P-3:
network-instance default
protocols {
bgp {
admin-state enable
autonomous-system 64496
router-id 192.0.2.3
best-path-selection {
advertise-inactive true
}
bgp-label {
labeled-unicast {
dynamic-label-block bgp-lu-block
}
}
afi-safi ipv4-labeled-unicast {
admin-state enable
ipv4-labeled-unicast {
next-hop-resolution {
ipv4-next-hops {
tunnel-resolution {
allowed-tunnel-types [
ldp
]
}
}
}
}
}
group core {
admin-state enable
peer-as 64496
afi-safi ipv4-labeled-unicast {
admin-state enable
}
route-reflector {
cluster-id 10.3.3.3
}
}
neighbor 192.0.2.2 {
description ABR-2
peer-group core
route-reflector {
cluster-id 10.3.3.3
client true
}
}
neighbor 192.0.2.4 {
description ABR-4
peer-group core
route-reflector {
cluster-id 10.3.3.3
client true
}
}
}
Configuring BGP on ANs toward ABRs
Configure BGP on AN-1 toward ABR
Configuring afi-safi ipv4-labeled-unicast indicates that all advertised IPv4 prefixes are sent to the remote BGP peer as an RFC 3107 formatted label. The next-hop-self command only applies to labeled IPv4 prefixes.
# on AN-1:
network-instance default
protocols {
bgp {
admin-state enable
autonomous-system 64496
router-id 192.0.2.1
best-path-selection {
advertise-inactive true
}
bgp-label {
labeled-unicast {
dynamic-label-block bgp-lu-block
}
}
afi-safi ipv4-labeled-unicast {
admin-state enable
ipv4-labeled-unicast {
next-hop-resolution {
ipv4-next-hops {
route-resolution {
ignore-default-routes true
}
tunnel-resolution {
allowed-tunnel-types [
ldp
]
}
}
}
}
}
group ABRs {
admin-state enable
peer-as 64496
afi-safi ipv4-labeled-unicast {
admin-state enable
}
}
neighbor 192.0.2.2 {
description ABR2
peer-group ABRs
}
}
You can show the BGP sessions with the show network-instance default protocols bgp neighbor command.
Export policy configuration for Seamless MPLS
A policy is required on the ANs to advertise the system IP address in labeled BGP toward the ABRs. The same policy is required on the ABRs to advertise their system IP address in labeled BGP toward the core and the AN.
Configuring export policies on ANs and ABRs
Configure a policy on ANs and ABRs
# on AN-1 and ABR-2:
routing-policy {
prefix-set local-loopback {
prefix 192.0.2.1/32 mask-length-range exact {
}
}
policy export-system {
statement 10 {
match {
prefix-set local-loopback
protocol local
}
action {
policy-result accept
}
}
}
}Apply the policy on AN-1
- protocols bgp
- protocols bgp neighbor
- protocols bgp group
Or to apply the policy to BGP-LU only, use one of the following contexts:
- protocols bgp afi-safi ipv4-labeled-unicast
- protocols bgp neighbor afi-safi ipv4-labeled-unicast
- protocols bgp group afi-safi ipv4-labeled-unicast
In this example, the export policy is applied to BGP-LU in the group ABRs on AN-1, as follows:
# on AN-1:
network-instance default {
protocols {
bgp {
group ABRs {
afi-safi ipv4-labeled-unicast {
export-policy export-system
}
}
}
}
}
Apply the policy on ABR-2
The same export policy is applied in the group core on ABR-2, as follows:
# on ABR-2:
network-instance default {
protocols {
bgp {
group core {
afi-safi ipv4-labeled-unicast {
export-policy export-system
}
}
}
}
}
A similar export policy is required to export prefix 192.0.2.5 from AN-5 to ABR-4 and from ABR-4 to the RR in the core network, P-3.
Use the show network-instance default route-table command to display the route table. The prefix of the remote AN should be added to the routing table in AN-1.