Solutions to the problem of data packet forwarding
In the previous two articles, we solved two problems: the routing conflicts in the local PE and the conflicts in the propagation process of the routing network, the problem of the schematic diagram RD format has been solved.
However, when data is forwarded, if there are 10.0.0.0/24 routes in the two local VRFs of the receiving PE, when it receives a packet with a destination address of 10.0.0.1, how does it know to send this packet? Which VRF is the CE connected to? Certainly need to add some information in the forwarded message. Of course, this information can be taken care of by RD. It is only necessary to transform the processing flow of MPLS VPN so that the data can also be carried when carrying RD.
But the RD has a total of 64 bits, which is too large, which will reduce the forwarding efficiency. To ensure efficiency, only a short, fixed-length mark is needed. Since the public network tunnel is already provided by MPLS, and MPLS supports nesting of multiple layers of labels, this label can be defined as the format of MPLS labels. Who will assign this label? The routing is private VPN, and LDP knows nothing about it. This task of assigning VPN private network routing labels can only be accomplished by extended BGP. Similar to the LDP protocol, label distribution is done before data forwarding occurs. The difference is that MP-IBGP assigns labels simultaneously with route exchange.
|Address-family||VPN-IPv4 Address family|
|Next-hop||It is the PE router itself, usually the LOOPBACK address|
|Lable||24 bits, same as mpls tag, but without ttl|
We know that BGP exchange routing is accomplished through NLRI (Network Layer Reachability Information). Through the transformation of BGP protocol, the modified MP-IBGP will append various information such as RD and label when NLRI information exchange. In this way, the routing exchange and data forwarding problems of the entire MPLS VPN are solved. Let’s introduce the process of routing exchange and data forwarding of MPLS L3VPN.
MPLS L3VPN routing exchange and data forwarding process
As mentioned earlier, when MPLS L3VPN routes are exchanged, the PE router runs a single routing protocol (MP-IBGP) to exchange all VPN routes. To support the overlapping of VPN client spaces, add RD to the VPN address space to make it unique. And use the RT attribute to indicate the VRF to which the route belongs. We can summarize it as follows.
The routing exchange process of MPLS VPN is mainly divided into four parts:
■ Routing exchange between CE and PE;
■ The process of VRF route injection into MP-IBGP;
■ Public network label distribution process;
■ The process of MP-IBGP route injection into VRF.
Let’s analyze the whole process of MPLS VPN routing exchange between PEs through examples.
- Route exchange between CE and PE
Schematic diagram of route exchange between CE and PE
The exchange process is as follows:
Configure VRF for different VPN sites on the PE. PE maintains multiple independent routing tables, including public and private network (VRF) routing tables, including:
■ Public network routing table: contains all the routes between PE and P routers, and is backed by the backbone network IGP
■ Private network routing table: The routing and forwarding table that contains the reachable information of this VPN user.
Routing information is exchanged between PE and CE through standard EBGP, OSPF, RIP or static routes. In this process, except that the PE device needs to store the routes from the CE device in different VRFs (this is only related to the route receiving interface and has nothing to do with other MPLS VPN features), other operations are no different from ordinary route switching.
Static routing and RIP are standard protocols. All CE terminals can use the same routing protocol, but each VRF on the PE terminal needs to run a different instance, and there is no interference with each other. Simple introduction of each other. The situation of EBGP is similar to RIP. It is also ordinary EBGP instead of MP-EBPG, which only exchanges the VPN routes filtered by PE. However, choosing OSPF as the routing protocol between PE and CE is relatively complicated. Many modifications to OSPF are required to carry the LSAs of this site in the extended community attribute of BGP and exchange LSAs with OSPF in the remote VPN. OSPF in each site can have area 0, and the backbone network can be regarded as super area 0. At this time, OSPF changes from a two-level topology (backbone area + non-backbone area) to a three-level topology (super backbone area + backbone area + non-backbone area). For more detailed introduction of OSPF in MPLS VPN network, please refer to other related documents of MPLS VPN, which will not be described in detail here. This completes the route exchange process from CE to PE.
- The process of VRF route injection into MP-IBGP
VRF route injected into MP-IBGP and route exchange diagram between PE
As shown in the figure, the process of injecting VRF routes into MP-IBGP and exchanging them between PE devices through MP-IBGP is as follows:
After receiving the routing information from the CE, the PE router needs to add RD to the route (RD is manually configured) to make it a VPN-IPv4 route. Then change the next hop attribute to yourself (usually your own loopback address) in the route advertisement, add a private network label to this route (generated automatically by the MP-IBGP protocol, no configuration required), and add the RT attribute (RT Need to be manually configured). After this series of work is completed, the PE sends it to all other PE neighbors. Other PE neighbors also perform the same operation to exchange routes on different CE ends.
- Public network label distribution process
Schematic diagram of the public network label allocation process
The private network routing exchange between PEs needs to cross the MPLS backbone network. In this process, standard MPLS forwarding needs to be performed. Therefore, to properly route the route to the peer PE, you need to know the public network label that reaches the peer PE. As shown in the figure, the process of public network label assignment is as follows:
First, the PE and P routers learn the address of the next hop of the BGP neighbor through the backbone network IGP. By running the LDP protocol, labels are assigned, and LSP channels are established. The label stack is used for packet forwarding. The outer label is used to indicate how to reach the next hop of BGP. The inner label indicates the outbound interface of the packet or which VRF (which VPN) it belongs to. MPLS node forwarding is based on the outer label, regardless of the inner label. At this time, through the outer label space of MPLS, normal routing exchange can be performed between PE devices.
- The process of MP-IBGP route injection into VRF
Schematic diagram of the process of MP-IBGP route injection into VRF
As shown in the figure, after receiving the route sent by the sending PE, the receiving PE changes the VPN-v4 route to an IPv4 route, and adds the route entry to the corresponding VRF according to the import RT attribute of the local VRF. The private network label Keep it, record it in the forwarding table, and use it for forwarding. It is then introduced by the routing protocol of this VRF and passed to the corresponding CE. When sending to CE, the next hop is the interface address of the receiving PE. This completes the process of injecting MP-IBGP routes into VRF.
After the above four steps, the routing exchange of the entire MPLS VPN network is completed. At this point, the VPN is constructed and normal business data can be forwarded.
In those articles, <mpls vpn architecture-1、2、3> I will introduce the what is rd and rt value.
And what is vrf, if you want to know more , please view those articles in our blog website.
If you desire to pass the Cisco exams and looking for the most reliable and clear to understand the material so, now it is very easy for you to get it at SPOTO. We are presenting you here the most up-to-date questions & answers of Cisco exams, accurate according to the updated exam.