Chapter 44: MPLS Fundamentals
Learning Objectives
By the end of this chapter, you will be able to: - Understand MPLS concepts and architecture - Configure MPLS label switching and LDP - Implement MPLS VPN services - Configure MPLS Traffic Engineering basics - Troubleshoot MPLS networks and services
MPLS Fundamentals
What is MPLS?
Multiprotocol Label Switching (MPLS) is a routing technique that forwards packets based on labels rather than network addresses. MPLS creates a virtual circuit-like service over packet-switched networks, enabling efficient traffic engineering and VPN services.
Key MPLS Benefits
- Performance: Faster forwarding decisions
- Traffic Engineering: Explicit path control
- VPN Services: Layer 2 and Layer 3 VPNs
- Quality of Service: Integrated QoS support
- Scalability: Efficient core network operation
MPLS Architecture
MPLS Components
- Label Switch Router (LSR): Forwards packets based on labels
- Label Edge Router (LER): Ingress/egress points for MPLS domain
- Label: 32-bit identifier for forwarding decisions
- Label Distribution Protocol (LDP): Distributes label bindings
- Forwarding Equivalence Class (FEC): Group of packets with same treatment
MPLS Label Format
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Label | TC |S| TTL |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Label: 20 bits - Label value
TC: 3 bits - Traffic Class (QoS)
S: 1 bit - Bottom of Stack
TTL: 8 bits - Time to LiveMPLS Operations
Label Operations
- PUSH: Add label to packet (ingress LER)
- SWAP: Replace label with new label (LSR)
- POP: Remove label from packet (egress LER or penultimate LSR)
Penultimate Hop Popping (PHP)
The second-to-last router removes the label, reducing processing at the egress LER.
MPLS Lab Environment
Basic MPLS Lab Setup
# MPLS fundamentals lab
name: mpls-fundamentals
prefix: mpls
topology:
nodes:
# Provider Edge Router 1
pe1:
kind: cisco_iosxe
image: cisco/iosxe:latest
mgmt-ipv4: 172.20.20.10
startup-config: |
hostname PE1
!
ip cef
mpls ip
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface GigabitEthernet0/0/0
description To-P1
ip address 10.1.12.1 255.255.255.252
mpls ip
no shutdown
!
interface GigabitEthernet0/0/1
description To-CE1
ip address 192.168.1.1 255.255.255.252
no shutdown
!
! OSPF for IGP
router ospf 1
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 10.1.12.0 0.0.0.3 area 0
!
! LDP configuration
mpls ldp router-id Loopback0
mpls ldp discovery hello interval 5
mpls ldp discovery hello holdtime 15
!
# Provider Router 1
p1:
kind: cisco_iosxe
image: cisco/iosxe:latest
mgmt-ipv4: 172.20.20.11
startup-config: |
hostname P1
!
ip cef
mpls ip
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface GigabitEthernet0/0/0
description To-PE1
ip address 10.1.12.2 255.255.255.252
mpls ip
no shutdown
!
interface GigabitEthernet0/0/1
description To-P2
ip address 10.1.23.2 255.255.255.252
mpls ip
no shutdown
!
! OSPF for IGP
router ospf 1
router-id 2.2.2.2
network 2.2.2.2 0.0.0.0 area 0
network 10.1.12.0 0.0.0.3 area 0
network 10.1.23.0 0.0.0.3 area 0
!
! LDP configuration
mpls ldp router-id Loopback0
!
# Provider Router 2
p2:
kind: cisco_iosxe
image: cisco/iosxe:latest
mgmt-ipv4: 172.20.20.12
startup-config: |
hostname P2
!
ip cef
mpls ip
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface GigabitEthernet0/0/0
description To-P1
ip address 10.1.23.3 255.255.255.252
mpls ip
no shutdown
!
interface GigabitEthernet0/0/1
description To-PE2
ip address 10.1.34.3 255.255.255.252
mpls ip
no shutdown
!
! OSPF for IGP
router ospf 1
router-id 3.3.3.3
network 3.3.3.3 0.0.0.0 area 0
network 10.1.23.0 0.0.0.3 area 0
network 10.1.34.0 0.0.0.3 area 0
!
! LDP configuration
mpls ldp router-id Loopback0
!
# Provider Edge Router 2
pe2:
kind: cisco_iosxe
image: cisco/iosxe:latest
mgmt-ipv4: 172.20.20.13
startup-config: |
hostname PE2
!
ip cef
mpls ip
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface GigabitEthernet0/0/0
description To-P2
ip address 10.1.34.4 255.255.255.252
mpls ip
no shutdown
!
interface GigabitEthernet0/0/1
description To-CE2
ip address 192.168.2.1 255.255.255.252
no shutdown
!
! OSPF for IGP
router ospf 1
router-id 4.4.4.4
network 4.4.4.4 0.0.0.0 area 0
network 10.1.34.0 0.0.0.3 area 0
!
! LDP configuration
mpls ldp router-id Loopback0
!
# Customer Edge Router 1
ce1:
kind: cisco_iosxe
image: cisco/iosxe:latest
mgmt-ipv4: 172.20.20.20
startup-config: |
hostname CE1
!
interface Loopback0
ip address 10.10.10.10 255.255.255.255
!
interface GigabitEthernet0/0/0
description To-PE1
ip address 192.168.1.2 255.255.255.252
no shutdown
!
interface GigabitEthernet0/0/1
description Customer-LAN
ip address 172.16.1.1 255.255.255.0
no shutdown
!
! Static routing to provider
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
# Customer Edge Router 2
ce2:
kind: cisco_iosxe
image: cisco/iosxe:latest
mgmt-ipv4: 172.20.20.21
startup-config: |
hostname CE2
!
interface Loopback0
ip address 20.20.20.20 255.255.255.255
!
interface GigabitEthernet0/0/0
description To-PE2
ip address 192.168.2.2 255.255.255.252
no shutdown
!
interface GigabitEthernet0/0/1
description Customer-LAN
ip address 172.16.2.1 255.255.255.0
no shutdown
!
! Static routing to provider
ip route 0.0.0.0 0.0.0.0 192.168.2.1
!
# Customer devices
customer1-pc:
kind: linux
image: alpine:latest
exec:
- ip addr add 172.16.1.10/24 dev eth1
- ip route add default via 172.16.1.1
customer2-pc:
kind: linux
image: alpine:latest
exec:
- ip addr add 172.16.2.10/24 dev eth1
- ip route add default via 172.16.2.1
links:
# MPLS core network
- endpoints: ["pe1:eth1", "p1:eth1"]
- endpoints: ["p1:eth2", "p2:eth1"]
- endpoints: ["p2:eth2", "pe2:eth1"]
# Customer connections
- endpoints: ["pe1:eth2", "ce1:eth1"]
- endpoints: ["pe2:eth2", "ce2:eth1"]
# Customer LANs
- endpoints: ["ce1:eth2", "customer1-pc:eth1"]
- endpoints: ["ce2:eth2", "customer2-pc:eth1"]Label Distribution Protocol (LDP)
LDP Fundamentals
LDP is used to distribute label bindings between LSRs in an MPLS network.
LDP Messages
- Discovery Messages: Hello packets for neighbor discovery
- Session Messages: Establish and maintain LDP sessions
- Advertisement Messages: Advertise label bindings
- Notification Messages: Error and advisory information
LDP Configuration
Basic LDP Setup
# Deploy MPLS lab
containerlab deploy -t mpls-fundamentals.yml
# Configure LDP on PE1
docker exec -it clab-mpls-pe1 cli
configure terminal
! Enable MPLS globally
mpls ip
! Configure LDP router ID
mpls ldp router-id Loopback0
! Enable LDP on interfaces
interface GigabitEthernet0/0/0
mpls ip
! Verify LDP neighbors
show mpls ldp neighbor
show mpls ldp discoveryAdvanced LDP Configuration
# Configure LDP parameters
mpls ldp discovery hello interval 10
mpls ldp discovery hello holdtime 30
mpls ldp session holdtime 180
mpls ldp password required for 10 PASSWORD123
! LDP access control
access-list 10 permit 1.1.1.1
access-list 10 permit 2.2.2.2
access-list 10 permit 3.3.3.3
access-list 10 permit 4.4.4.4
! Targeted LDP sessions
mpls ldp neighbor 4.4.4.4 targeted ldpLDP Verification
# Verify LDP operation
show mpls ldp neighbor
show mpls ldp discovery
show mpls ldp bindings
show mpls forwarding-table
# Detailed LDP information
show mpls ldp neighbor detail
show mpls ldp parameters
show mpls ldp statisticsMPLS Forwarding
Label Forwarding Information Base (LFIB)
The LFIB contains label forwarding entries used for MPLS packet forwarding.
# View MPLS forwarding table
show mpls forwarding-table
show mpls forwarding-table detail
show mpls forwarding-table 4.4.4.4/32
# Example LFIB entry:
# Local Outgoing Prefix Bytes Label Outgoing Next Hop
# Label Label or Tunnel Id Switched interface
# 16 Pop Label 4.4.4.4/32 0 Gi0/0/0 10.1.12.2Label Stack Operations
# Trace MPLS path
traceroute 4.4.4.4 source 1.1.1.1
# Monitor label operations
debug mpls packet
debug mpls ldp messages
# Verify label stack
show mpls forwarding-table 4.4.4.4/32 detailMPLS VPN Services
Layer 3 MPLS VPN
Layer 3 MPLS VPNs provide IP connectivity between customer sites using VRFs (Virtual Routing and Forwarding).
VRF Configuration
# Configure VRF on PE1
configure terminal
ip vrf CUSTOMER-A
rd 100:1
route-target export 100:1
route-target import 100:1
! Assign interface to VRF
interface GigabitEthernet0/0/1
ip vrf forwarding CUSTOMER-A
ip address 192.168.1.1 255.255.255.252
! BGP for VPNv4
router bgp 100
bgp router-id 1.1.1.1
no bgp default ipv4-unicast
neighbor 4.4.4.4 remote-as 100
neighbor 4.4.4.4 update-source Loopback0
!
address-family vpnv4
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-community extended
exit-address-family
!
address-family ipv4 vrf CUSTOMER-A
redistribute connected
neighbor 192.168.1.2 remote-as 65001
neighbor 192.168.1.2 activate
exit-address-familyMP-BGP Configuration
# Configure MP-BGP for VPNv4
router bgp 100
bgp router-id 1.1.1.1
no bgp default ipv4-unicast
! iBGP neighbor for VPNv4
neighbor 4.4.4.4 remote-as 100
neighbor 4.4.4.4 update-source Loopback0
address-family vpnv4
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-community extended
neighbor 4.4.4.4 next-hop-self
exit-address-family
# Verify MP-BGP
show bgp vpnv4 unicast all
show bgp vpnv4 unicast vrf CUSTOMER-ALayer 2 MPLS VPN
Layer 2 MPLS VPNs provide Ethernet connectivity between customer sites.
Pseudowire Configuration
# Configure L2VPN pseudowire
l2vpn vfi context CUSTOMER-A
vpn id 100
member 4.4.4.4 encapsulation mpls
interface GigabitEthernet0/0/1
switchport
switchport mode access
switchport access vlan 100
interface vlan 100
xconnect vfi CUSTOMER-AMPLS Traffic Engineering
Traffic Engineering Fundamentals
MPLS TE allows explicit path control and bandwidth reservation.
RSVP-TE Configuration
# Enable RSVP-TE
ip rsvp bandwidth 10000 10000
interface GigabitEthernet0/0/0
ip rsvp bandwidth 10000 10000
mpls traffic-eng tunnels
! Configure TE tunnel
interface Tunnel1
ip unnumbered Loopback0
tunnel destination 4.4.4.4
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng bandwidth 5000
tunnel mpls traffic-eng path-option 1 explicit name PATH-TO-PE2
! Define explicit path
ip explicit-path name PATH-TO-PE2 enable
next-address 10.1.12.2
next-address 10.1.23.3
next-address 10.1.34.4IS-IS for MPLS TE
# Configure IS-IS with TE extensions
router isis
net 49.0001.0000.0000.0001.00
is-type level-2-only
metric-style wide
mpls traffic-eng router-id Loopback0
mpls traffic-eng level-2
interface GigabitEthernet0/0/0
ip router isis
isis metric 10
mpls traffic-eng tunnelsMPLS QoS
QoS in MPLS Networks
MPLS supports QoS through the EXP (Experimental) bits in the label header.
EXP Bit Mapping
# Configure EXP bit mapping
mls qos map dscp-exp 0 8 16 24 32 40 48 56 to 0 1 2 3 4 5 6 7
! QoS policy for MPLS
policy-map MPLS-QOS
class VOICE
set mpls experimental topmost 5
class VIDEO
set mpls experimental topmost 4
class DATA
set mpls experimental topmost 2
interface GigabitEthernet0/0/0
service-policy output MPLS-QOSPipe and Uniform Models
# Pipe model (preserve customer QoS)
policy-map PIPE-MODEL
class class-default
set mpls experimental topmost 0
# Uniform model (copy IP DSCP to EXP)
policy-map UNIFORM-MODEL
class class-default
set mpls experimental imposition dscp tableMPLS Troubleshooting
Common MPLS Issues
LDP Neighbor Problems
# Troubleshoot LDP neighbors
show mpls ldp neighbor
show mpls ldp discovery
show mpls ldp parameters
# Common issues:
# 1. LDP not enabled on interface
interface GigabitEthernet0/0/0
mpls ip
# 2. Router ID not configured
mpls ldp router-id Loopback0
# 3. IGP connectivity issues
show ip route 4.4.4.4
ping 4.4.4.4 source 1.1.1.1Label Binding Issues
# Check label bindings
show mpls ldp bindings
show mpls ldp bindings 4.4.4.4/32
show mpls forwarding-table
# Debug LDP
debug mpls ldp messages
debug mpls ldp bindingsMPLS VPN Troubleshooting
# VRF troubleshooting
show ip vrf
show ip vrf detail CUSTOMER-A
show ip route vrf CUSTOMER-A
# BGP VPNv4 troubleshooting
show bgp vpnv4 unicast all summary
show bgp vpnv4 unicast vrf CUSTOMER-A
show bgp vpnv4 unicast all neighbors
# Connectivity testing
ping vrf CUSTOMER-A 172.16.2.10 source 172.16.1.10
traceroute vrf CUSTOMER-A 172.16.2.10MPLS Monitoring
# Monitor MPLS performance
show mpls forwarding-table
show mpls ldp statistics
show mpls traffic-eng tunnels
# Interface statistics
show interfaces GigabitEthernet0/0/0 | include MPLS
show mpls interfaces
show mpls interfaces detailMPLS Security
MPLS Security Considerations
# LDP authentication
mpls ldp password required for 10 SecureLDPKey123
access-list 10 permit 1.1.1.1
access-list 10 permit 2.2.2.2
access-list 10 permit 3.3.3.3
access-list 10 permit 4.4.4.4
# BGP authentication for VPNv4
router bgp 100
neighbor 4.4.4.4 password SecureBGPKey456
# Control plane protection
control-plane
service-policy input CONTROL-PLANE-POLICYMPLS Best Practices
# MPLS security hardening
! Disable MPLS on customer-facing interfaces
interface GigabitEthernet0/0/1
no mpls ip
! Filter MPLS packets from customers
access-list 101 deny ip any any precedence 6
access-list 101 deny ip any any precedence 7
access-list 101 permit ip any any
interface GigabitEthernet0/0/1
ip access-group 101 in
! TTL propagation control
no mpls ip propagate-ttlTesting MPLS Connectivity
End-to-End Testing
# Test customer connectivity
docker exec -it clab-mpls-customer1-pc sh
ping 172.16.2.10
# Trace MPLS path
docker exec -it clab-mpls-ce1 cli
traceroute 20.20.20.20 source 10.10.10.10
# Monitor MPLS labels
docker exec -it clab-mpls-pe1 cli
show mpls forwarding-table 4.4.4.4/32
debug mpls packetPerformance Testing
# Bandwidth testing through MPLS
docker exec -it clab-mpls-customer1-pc sh
iperf3 -s &
docker exec -it clab-mpls-customer2-pc sh
iperf3 -c 172.16.1.10 -t 60
# Monitor MPLS statistics
docker exec -it clab-mpls-p1 cli
show mpls forwarding-table | include bytes
show interfaces GigabitEthernet0/0/0 | include rateSummary
MPLS provides a powerful framework for service provider networks, enabling efficient packet forwarding, traffic engineering, and VPN services. Understanding MPLS fundamentals, LDP operation, and VPN implementation is essential for modern service provider and enterprise networks.
Key concepts covered: - MPLS architecture and label operations - Label Distribution Protocol (LDP) configuration - MPLS forwarding and label switching - Layer 3 and Layer 2 MPLS VPN services - MPLS Traffic Engineering basics - MPLS QoS and security considerations
In the next chapter, we’ll explore advanced service provider technologies including advanced MPLS VPN features and service implementations.
Review Questions
- How does MPLS forwarding differ from traditional IP routing?
- What is the role of LDP in MPLS networks?
- How do Layer 3 MPLS VPNs provide customer isolation?
- What are the benefits of MPLS Traffic Engineering?
- How do you troubleshoot MPLS connectivity issues?
Hands-on Exercises
Exercise 1: Basic MPLS Configuration
- Deploy the MPLS fundamentals lab
- Configure LDP on all provider routers
- Verify label distribution and forwarding
- Test end-to-end connectivity
Exercise 2: MPLS VPN Implementation
- Configure VRFs on PE routers
- Implement MP-BGP for VPNv4 routes
- Configure customer routing protocols
- Test VPN isolation and connectivity
Exercise 3: MPLS Traffic Engineering
- Configure RSVP-TE tunnels
- Implement explicit path constraints
- Test traffic engineering functionality
- Monitor bandwidth utilization
Exercise 4: MPLS Troubleshooting
- Create various MPLS problems (LDP issues, VPN misconfigurations)
- Practice diagnostic commands and procedures
- Develop systematic troubleshooting approaches
- Document solutions and prevention strategies