CCIE R&S Advanced Technologies Class v4.5 - MPLS Tunnels, MPLS Penultimate Hop Popping (PHP)

Transcript

1	Introduction	0h 43m
2	Using the Cisco Documentation	0h 52m
3	Ethernet Overview, Layer 2 Switchports, Trunking, ISL, 802.1q, DTP	0h 47m
4	VTP, VTP Authentication, VTP Pruning	1h 02m
5	VTP Prune Eligible List, VTP Transparent, VTP Troubleshooting, Trunk Allowed List, Extended VLANs	0h 48m
6	VLAN and VTP Review	0h 19m
7	SVIs, Native Routed Interfaces, Router-on-a-Stick	0h 46m
8	Layer 2 EtherChannel, EtherChannel Load Balancing, Layer 3 EtherChannel	0h 57m
9	802.1q Tunneling, Layer 2 Protocol Tunneling, EtherChannel over 802.1q Tunneling	1h 03m
10	STP Root Bridge Election, STP Root Port Election, STP Designated Port Election, STP Priority, STP Cost, STP Port-Priority	1h 46m
11	STP Review	0h 12m
12	STP Timers, STP PortFast	0h 34m
13	STP UplinkFast	0h 11m
14	STP BackboneFast	0h 12m
15	STP BPDU Filter	0h 13m
16	STP BPDU Guard	0h 11m
17	STP Root Guard	0h 11m
18	STP Loop Guard, Unidirectional Link Detection (UDLD)	0h 11m
19	Multiple Spanning-Tree Protocol (MST)	0h 40m
20	Rapid Spanning-Tree Protocol (RSTP), Rapid-PVST	0h 18m
21	MST with Multiple Regions	0h 33m
22	Flex Links	0h 16m
23	Frame Relay	0h 39m
24	Frame Relay Configuration Part 1	0h 34m
25	Frame Relay Configuration Part 2	0h 41m
26	Frame Relay Switching	0h 27m
27	Back-to-Back Frame Relay	0h 08m
28	Frame-Relay End-to-End Keepalives	0h 18m
29	PPP, PPP PAP Authentication, PPP CHAP Authentication	0h 59m
30	PPPoFR, PPPoE	0h 40m
31	Transparent Bridging, IRB	0h 32m
32	Fallback Bridging	0h 14m
33	IP Routing Overview, Switching Paths, Static Routing	0h 42m
34	Static Routing Examples	0h 25m
35	IP Default-Gateway, IP Default-Network	0h 14m
36	On-Demand Routing (ODR)	0h 07m
37	Floating Static Routes	0h 10m
38	Backup Interface	0h 29m
39	Enhanced Object Tracking, IP SLA, Reliable Static Routing	0h 21m
40	Policy Routing	0h 43m
41	GRE Tunneling, GRE Recursive Routing Errors	0h 27m
42	Reliable Backup Interface with GRE	0h 25m
43	RIP Overview, RIP Versions, RIP Auto-Summary	0h 48m
44	RIP Split-Horizon, RIP Timers	0h 22m
45	RIP Broadcast Updates, IP Directed Broadcast, IP Broadcast-Address, Smurf Attacks, Fraggle Attacks	0h 16m
46	RIP Unicast Updates	0h 03m
47	RIP Offset-List	0h 18m
48	RIP Authentication	0h 11m
49	RIP Summarization	0h 10m
50	Prefix-Lists, RIP Distribute-List Filtering, RIP Administrative Distance Filtering	0h 48m
51	RIP Default Routing, RIP Conditional Default Routing	0h 18m
52	RIP Triggered, RIP Validate Update Source,	0h 12m
53	EIGRP Overview	0h 29m
54	EIGRP Auto-Summary	0h 07m
55	EIGRP Split-Horizon	0h 11m
56	EIGRP Update Types, EIGRP Neighbor, EIGRP Passive-Interface	0h 24m
57	EIGRP Hello-Interval, EIGRP Hold-Time	0h 05m
58	EIGRP Authentication	0h 11m
59	EIGRP Time Based Authentication	0h 25m
60	EIGRP Path Selection, EIGRP Metric Weights, EIGRP Traffic Engineering	0h 47m
61	EIGRP Unequal Cost Load Balancing, EIGRP Variance	0h 19m
62	EIGRP QUERY, EIGRP Summarization, EIGRP Leak-Map	0h 28m
63	EIGRP Stub Router Advertisement	0h 22m
64	EIGRP Default Routing	0h 13m
65	EIGRP Route Filtering	0h 11m
66	EIGRP Router-ID	0h 07m
67	Miscellaneous EIGRP Features	0h 02m
68	OSPF Overview	0h 27m
69	Establishing OSPF Adjacencies, Understanding the OSPF Database	0h 43m
70	OSPF Network Type Broadcast, OSPF DR/BDR Election, OSPF over NBMA, OSPF Network Type Non-Broadcast and Point-to-Multipoint	0h 56m
71	OSPF Network Type Point-to-Point, OSPF Network Type Mismatch	0h 13m
72	OSPF Network Type Point-to-Multipoint Non-Broadcast, OSPF Per Neighbor Cost	0h 17m
73	OSPF Network Type Loopback	0h 02m
74	OSPF Path Selection	0h 27m
75	OSPF Convergence Timers	0h 09m
76	OSPF Authentication	0h 12m
77	OSPF Summarization	0h 32m
78	OSPF Stub Areas, OSPF Totally Stubby Areas, OSPF NSSAs, OSPF Totally NSSAs	0h 40m
79	Controlling OSPF NSSA Redistribution	0h 02m
80	OSPF Type 7 to 5 Translator Election, OSPF LSA Type 3 Filter, OSPF Forwarding Address Suppression	0h 24m
81	Route Redistribution Overview	0h 36m
82	Route Redistribution Configuration & Verification, Connected Redistribution	0h 22m
83	OSPF External Path Selection, TCL PING Scripting	0h 33m
84	Routing Loops Overview, EIGRP Route Loop Prevention	0h 55m
85	Metric Based Routing Loops, Route Tagging	0h 46m
86	Administrative Distance Based Routing Loops, Debug IP Routing, IP Route Profile	0h 58m
87	BGP Overview, BGP Peering Types	0h 51m
88	Establishing BGP Peerings, EBGP Multihop, BGP Neighbor Disable Connected Check, BGP TTL Security	0h 49m
89	BGP 4-Byte ASNs	0h 20m
90	BGP Local AS, BGP Peer Groups	0h 30m
91	BGP Next-Hop Self, BGP Next-Hop Processing	0h 30m
92	BGP Route Reflectors	0h 37m
93	Large Scale BGP Route Reflectors with Clusters	0h 34m
94	BGP Confederation	0h 37m
95	BGP NLRI Advertisements, BGP Network Statement, BGP Redistribution	0h 43m
96	BGP Aggregation, BGP Aggregation & Summary-Only, BGP Aggregation & Unsuppress-Map	0h 46m
97	BGP Origin, BGP Aggregation & AS-Set, BGP Aggregation & Advertise-Map	0h 22m
98	BGP Conditional Route Injection	0h 21m
99	BGP Bestpath Selection, BGP Multipath, BGP Weight	0h 53m
100	BGP Local Preference, BGP Local Preference and Communities, BGP AS-Path Prepending,	0h 30m
101	BGP MED, BGP MED Missing As Worst, BGP Deterministic MED	0h 17m
102	BGP Communites, BGP Regular Expressions	0h 43m
103	BGP Filtering, BGP Convergence Timers, BGP Default Routing, Miscellaneous BGP Features	0h 24m
104	MPLS Overview, MPLS Label Distribution Protocol (LDP)	1h 05m
105	MPLS Tunnels, MPLS Penultimate Hop Popping (PHP)	0h 40m
106	MPLS Layer 3 VPNs Overview, VRF Lite	0h 36m
107	MPLS Layer 3 VPNs and VPNv4 BGP	1h 08m
108	MPLS Layer 3 VPN Verification & Troubleshooting	0h 49m
109	MPLS Layer 3 VPN OSPF PE-CE Routing Overview	0h 06m
110	MPLS Layer 3 VPN OSPF PE-CE Routing Path Selection & Sham-Links	2h 01m
111	MPLS Layer 3 VPN OSPF PE-CE Routing Loop Prevention & Down-Bit, OSPF Capability VRF-Lite	0h 40m
112	IPv6 Overview, IPv6 ICMPv6 ND, IPv6 over NBMA	0h 44m
113	IPv6 Routing Overview, IPv6 Static Routing	0h 28m
114	IPv6 RIPng	0h 20m
115	IPv6 EIGRPv6	0h 09m
116	IPv6 OSPFv3	0h 31m
117	MP-BGP for IPv6	0h 26m
118	IPv6 Tunneling	1h 13m
119	Multicast Overview, IGMP	0h 34m
120	PIM Overview	0h 18m
121	PIM Dense Mode	1h 03m
122	PIM Sparse Mode	0h 30m
123	PIM Sparse Mode Configuration	0h 36m
124	PIM Sparse Mode RPF & RP Troubleshooting	0h 27m
125	Auto-RP, Multicast over GRE Tunnels	0h 53m
126	Bootstrap Router (BSR), Bidirectional PIM, Source Specific Multicast (SSM)	0h 40m
127	MSDP, Anycast RP	0h 27m
128	IPv6 Multicast Routing	0h 24m
129	QoS Overview, IntServ QoS, DiffServ QoS, IP Precedence, DSCP, MQC, HQF	0h 41m
130	MQC Classification	0h 44m
131	FIFO, FQ, WFQ, CBWFQ, HQF	0h 50m
132	LLQ	0h 23m
133	WRED	0h 31m
134	Traffic Shaping, Traffic Policing	0h 40m
135	Frame Relay Traffic Shaping (FRTS)	0h 33m
136	RSVP	0h 07m
137	Catalyst 3560 QoS	1h 00m
138	IOS Security Overview, Access Lists (ACLs)	0h 58m
139	Time Based ACLs, Dynamic ACLs	0h 33m
140	Reflexive ACLs	0h 21m
141	TCP Intercept, Content Based Access Control (CBAC)	0h 34m
142	Zone Based Policy Firewall (ZBPF)	1h 09m
143	AAA, Local Authentication, Local Authorization, Role Based CLI Access	0h 43m
144	Port Security, Static CAM Entries, Storm Control, 802.1X Authentication, PACLs, RACLs, VLAN Access Maps (VACLs)	0h 48m
145	DHCP Snooping, Dynamic ARP Inspection (DAI), IP Source Guard	0h 12m
146	Protected Ports, Private VLANs	0h 25m
147	IP Services Overview, HSRP	1h 10m
148	VRRP, GLBP	0h 28m
149	NAT	0h 42m
150	DHCP, DNS	0h 30m
151	NetFlow	0h 09m
152	WCCP, Miscellaneous IP Services	0h 06m
153	System Management Overview, NTP, NTP Authentication	0h 24m
154	SNMP, RMON	0h 38m
155	Syslog, Telnet, SSH, Banners	0h 21m
156	EEM Scripting, Miscellaneous System Management	0h 26m
Total Duration		81h 42m

Slides - Diagrams

Slides - Introduction

Slides - Ethernet Switching

Slides - Advanced Ethernet Switching

Slides - Frame Relay

Slides - PPP

Slides - Transport Bridging

Slides - Redistribution

Slides - IOS Security

Slides - Layer 2 Security

Slides - IP Services

Slides - System Management

0:00:13	In our next section here, we're gonna look at the next step of the logic in MPLS,
0:00:18	is using it to tunnel traffic over the service provider network,
0:00:22	without having the half specific routing information in the service provider core,
0:00:27	about the sources of the traffic or the ultimate destinations.
0:00:31	Now, this advantage of MPLS,
0:00:34	allows the service provider network to run which known as the BGP pre-core,
0:00:39	where essentially, the P routers in the network only need to know
0:00:42	about the IGP routes to the internal service provider routers,
0:00:47	and more specifically just be provider edge routers that are leading us out of the network.
0:00:54	For any destinations that are outside of the service provider network,
0:00:58	these packets are going to be label switched, based on the BGP next hop value,
0:01:04	that is exchanged between the PE routers.
0:01:08	Now, the way that the logic is gonna work,
0:01:11	has to do with when the router does a CEF look up,
0:01:15	and the out going interface points at an MPLS enabled interface.
0:01:21	If the next hop value of the destination in question,
0:01:25	goes to an MPLS labeled destination,
0:01:29	and then that value is gonna be used in the packet
0:01:31	as opposed to just sending a normal IP packet into the service provider core.
0:01:37	So, if we take a look at our particular topology here,
0:01:41	right now we have MPLS running between routers 1 to 6,
0:01:45	and we're also running IGP with OSPF area 0 and all our connected interfaces.
0:01:52	So, this now means that the PE routers, who are router 4, 5 and 6,
0:02:01	they each have routes to each others loopbacks,
0:02:05	and they also have MPLS label values that are associated with these.
0:02:12	So, if we were to look at the command line and go to router 6,
0:02:16	if I were to do a trace route, to the loopback of router 5,
0:02:22	and source this packet from my own local loopback,
0:02:27	notice that this traffic is using the MPLS labels,
0:02:31	as it is sent to router 1 then to 3 and then finally to router 5.
0:02:36	Between router 3 and 5 there's not an MPLS label associated there,
0:02:40	because router 3 is performing the Pen ultimate Hop Popping or the PHP operation.
0:02:47	So, since router 3 is the next to last hop,
0:02:50	it's removing the MPLS label before the traffic is acctually forwarded out to router 5.
0:02:57	Then if we were to look at this trace as it goes to router 4,
0:03:01	we should see that the next to last hop for router 4,
0:03:06	which in this case is router 2,
0:03:12	where router 2 is removing the MPLS labels and then forwarding the traffic on to router 4 as a normal IP packet.
0:03:20	Now, essentially what this means, is that if any three of these provider edge routers-routers 4, 5 and 6,
0:03:28	if they are learning BGP routes from each other,
0:03:31	and the next hop points at each other's loopbacks,
0:03:35	the actual traffic flow is then going to inherit the MPLS label,
0:03:40	that is used for that particular provider edge loopback.
0:03:47	Now, to see this on our particular topology,
0:03:50	I'm gonna configure BGP AS 200, between routers 4, 5 and 6,
0:03:56	where router 4 is doing an EBGP peering with BB2,
0:04:03	and router 6 is gonna do an EBGP peering with switch 1,
0:04:09	we'll say switch 1 is gonna be in AS 7.
0:04:16	Now, this particular configuration here it's not yet related to MPLS Layer 3 VPNs,
0:04:22	this is just gonna be the basic underlying logic of how an MPLS tunnel on it's own works.
0:04:28	So, we're not dealing with any virtual routing and forwarding instances which are the VRFs,
0:04:33	we're also not gonna be running a multi-protocol BGP, which is the VPNv4 address family,
0:04:39	in order to exchange the customer route plus the MPLS labels.
0:04:44	So, this is gonna be just a normal BGP configuration,
0:04:47	between router 4 and BB2, between router 6 and switch 1,
0:04:52	then we'll have an iBGP peering between 4 and 6.
0:04:57	So, to start let's go to switch 1, and we're gonna configure BGP AS 7.
0:05:06	Now, right now on switch 1, if we look at the Show IP Route Connected,
0:05:10	we have a loopback interface, that is 10.3.7.7/24,
0:05:19	under the BGP process I'm going to origiante this network.
0:05:23	So, let's say network 10.3.7.0 with the mask of /24,
0:05:29	additionally I'm gonna have a peering that goes to router 6, router 6 is gonna be on AS 200.
0:05:37	So, again this gonna assume that I already have underlying connectivity to the device,
0:05:42	so right now on this topology we shouldn't have any underlying Layer 2 problems.
0:05:48	Next on router 6, we're gonna configure BGP 200,
0:05:54	I'm peering with the external neighbor, which is switch 1,
0:05:58	Who is in AS,
0:06:02	AS 7,
0:06:06	then I'll have an iBGP peering that goes to router 4,
0:06:12	so router 4 is inside of my AS 200,
0:06:15	with the key point being here that I'm gonna source this from my loopback,
0:06:19	so the update source is my loopback 0,
0:06:22	and now when I learn routes from my EBGP neighbor,
0:06:26	I need to make sure to change the next hop value to my own local loopback as I advertised this to my iBGP peers.
0:06:36	Because again as we saw in our previous BGP discussions,
0:06:39	when the router normally learns a route from an EBGP neighbor,
0:06:43	and advertises it on to an iBGP neighbor, the next hop value is not automatically updated.
0:06:52	So, this would essentially mean in this particular topology,
0:06:55	if router 6 was not saying next hop self to router 4,
0:06:59	router 4 would see the next hop as this VLAN 67 interface,
0:07:04	to get to the loopback of switch 1.
0:07:08	So, instead what I need to do here is change the next hop so it's gonna be 6's loopback.
0:07:13	So, on router 6, I'm saying the update source is my own loopback,
0:07:18	as we're going to router 4, and then for this neighbor I need to set the next hop to myself.
0:07:28	Router 4 is essentially to do the same thing while running BGP 200,
0:07:34	router BGP 200, I'm peering with router 6, who is on AS 200,
0:07:42	the update source is my own local loopbak,
0:07:46	then for any BGP EBGP non-routes that I turn around and advertised to this neighbor,
0:07:51	I'm gonna change the next hop to my own local loopback.
0:07:56	Then lastly, I have the peering that's going out to the remote peer.
0:08:00	Specifically, in this case, this is the address 192.10.28.254 which is BB2.
0:08:11	So, I have a neighbor statement that goes to this address,
0:08:17	they are in AS 254, and additionally they're pretty configured for MD-5 authetication.
0:08:24	So, I need to specify what the password is,
0:08:27	they're configured to use the password CISCO.
0:08:34	So, now we should see in addtion to router 6 we have the peering that comes up to BB2,
0:08:39	on router 4 at this point if we look at the Show IP BGP,
0:08:44	we see we have the loopback address that routers, router, switch 1 was originating,
0:08:49	and the next hop value is router 6's loopback.
0:08:56	We see now we have the peering up to BB2,
0:08:59	if we look at the Show IP BGP again, we should see we have some routes coming in from them.
0:09:05	Then in turn we should advertised this to router 6,
0:09:08	on router 6 if we look at the Show IP BGP,
0:09:12	we see the next hop is now router 4's loopback.
0:09:17	So, the key point in this design is that the only devices running BGP in the MPLS network so far,
0:09:25	are router 4 and router 6.
0:09:29	Now, we know that physically to get the traffic between 4 and 6,
0:09:32	we're gonna have to somehow go over routers 1, 2 and 3.
0:09:37	And a normal routing design, if router 1, 2 and 3 did not have a route to these destinations,
0:09:43	it would not be able to provide transit for them.
0:09:47	So, in the case of the normal BGP table,
0:09:51	routers 1, 2 and 3 would have to install all of the routes.
0:09:54	It would have to have 300+ thousand routes in order to get to that destinations.
0:10:03	Now, we'll see that the difference here when we're running MPLS in the middle of the network,
0:10:08	is when router 6 learns a route from its IBGP neighbors,
0:10:14	it looks at the next hop value and then correlates this with the MPLS
0:10:18	Label Forwarding Information Base or the MPLS LFIB,
0:10:22	which again we see by looking at the Show MPLS Forwarding Table.
0:10:30	Specifically in this case the label number that is associated with router 4's loopback, is number 21.
0:10:39	Router 6 says, that if I have a packet comes in, that is going towards 10.0.4.4,
0:10:47	so not necessarily to that destination but towards that destination.
0:10:52	I'm gonna use label number 21 and forward the packet out Fast Ethernet 0/0.16 towards 10.0.16.1,
0:11:03	this specifically is router 1.
0:11:06	When router 1 receives the packet in,
0:11:11	its gonna look in the, the label forwarding information base,
0:11:15	and say, I hve a packet that came in with label number 21, what am I suppose to do with it?
0:11:23	This is what the local tag or the local label is.
0:11:27	Router 1 says, that if the packet comes in with the label number 21,
0:11:30	I'm gonna change it to number 16, and forward it out Fast Ethernet 0/0.12 towards router 2.
0:11:39	Router 2 would then need to know what is label number 16 used for.
0:11:44	So, now if we Show MPLS Forwarding Table on router 2,
0:11:48	it says, if label number 16 comes in it's really going towards the loopback of router 4,
0:11:55	so I'm going to remove the MPLS label, because I am the next to last hop,
0:12:01	and then forward the packet out toward router 4.
0:12:06	Now, since router 4 is the provider edge router,
0:12:09	it should have full reachability information about the entire network.
0:12:14	So, when the packet gets to router 4, it's gonna be a normal IP packet,
0:12:17	it's not going to be the MPLS encapsulated.
0:12:21	But we should now see the end result, is that from switch 1's perspective,
0:12:26	when we look at the Show IP BGP,
0:12:29	we should be able to send traffic to any of this BGP destinations,
0:12:33	as long as we're sourcing traffic from our loopback 0,
0:12:37	without the devices in the middle having a route towards 222.22.2.1 loopback.
0:12:44	or having a route back to my own local loopback.
0:12:51	And the key point about the MPLS tunnel logic,
0:12:54	is that its internal correlation in the CEF table of the BGP next hop value,
0:13:00	and the associate of label value for that IGP learned destination.
0:13:06	So, it's actually three pieces of the puzzle that we have to put together here.
0:13:10	First and foremost router 6, needs an IGP route to the loopback of 4.
0:13:17	In this case we're learning this from OSPF.
0:13:20	The specific interface that the route is being learned on is running LDP.
0:13:25	We Show MPLS Interfaces Fast Ethernet 0/0.16 is running MPLS,
0:13:33	specifically it's running this through label distribution protocol.
0:13:38	This now means that any packet in the CEF table, that recurses towards Fast Ethernet 0/0.16,
0:13:46	and it's going towards the destination 10.0.4.4,
0:13:51	should get the label value that is associated with this particular destination.
0:13:58	On router 6, specifically if we were to look at the Show IP CEF,
0:14:03	for 10.0.4.4, and we'll look at the detail,
0:14:09	it says that for packet going towards the loopback of router 4,
0:14:14	they're gonna be sent towards this particular next hop Fast Ethernet 0/0.16,
0:14:20	and it's using label number 21.
0:14:25	This is essentially means that internally to the CEF process,
0:14:29	CEF is already pre-calculated what is the Layer 2 header,
0:14:34	based on both the MAC address of router 1 and the MPLS label number 21.
0:14:42	Now, in some platforms you can actually see this if we look at the Show IP CEF 10.0.4.4 Internal,
0:14:52	or if we look at the Show MPLS Forwarding Table, for that particular destination and look at the detail,
0:15:01	this value here, this is the actual full Layer 2 header
0:15:06	that is pre-calculated from any traffic going towards this destination.
0:15:13	So, this is where one of the optimization comes in for CEF,
0:15:16	and then it doesn't need to do an ARP request,
0:15:20	or do any type of route cacheing look-up or any process switching look-up for this destination.
0:15:25	We've already pre-calculated what the entire Layer 2 header looks like,
0:15:29	with both the Ethernet MAC address of us and router 1,
0:15:32	and the particular label value which is number 21.
0:15:38	So, if we were to decode this value this is in hex,
0:15:41	if we were to decode this we would see it has my MAC address,
0:15:44	router 1's MAC address and then the actual label number 21.
0:15:52	So, now router 6 is saying, that any packet not only that is going to the loopback of router 4,
0:15:58	but is going towards the loopback of 4, since I have a label value 21 already allocated,
0:16:05	I can now used this as the dependency in the CEF adjacency table.
0:16:12	So, what this means if we were to look at the Show IP Route BGP,
0:16:17	since these BGP learned destinations, the 222, the 220, and the 205,
0:16:23	since they all point to the loopback of 4,
0:16:27	and in the CEF table the loopback of 4 is using label number 21,
0:16:33	the router then enforce that for these destinations we're also gonna use label number 21.
0:16:42	If we were to look at the Show IP CEF for 222.22.2.0 and find the detail,
0:16:50	it says that this is recursive via the next hop of router 4,
0:16:54	which the is reachable on a directly connected interface towards router 1,
0:16:59	which is then using label number 21.
0:17:05	So, if we were to look at this on the perspective of the global BGP table,
0:17:10	it means that for every possible destination,
0:17:13	so 350+ thousand routes, we would all be using the same label value,
0:17:20	as long as the remote next hop value is the same.
0:17:26	So it essentially doesn't matter how many destinations router 4 is advertising to router 6,
0:17:31	they're all gonna inherit the single label value that was bound to the loopback of router 4.
0:17:38	Then likewise on the way back, if we were to advertised more prefixes from switch 1, in the BGP,
0:17:46	when these routes are advertised to router 4,
0:17:49	router 4 is gonna say,
0:17:52	first of, look at the next hop value,
0:17:57	that these BGP routes have.
0:18:00	In this case the next hop is 10.0.6.6.
0:18:04	If we do a recursive look-up on 10.0.6.6,
0:18:09	this then points at, 10.0.24.2, which is directly connected via Fast Ethernet 0/0.24.
0:18:20	If we then look at the Show MPLS Interfaces, we that Fast Ethernet 0/0.24 is running MPLS,
0:18:29	it's running via LDP, so now the routers gonna say,
0:18:33	do I have a label value, that is already associated with the next hop.
0:18:40	This is what the LFIB is used for.
0:18:42	So, router 4 internally says, Show MPLS Forwarding Table, do a look-up on 10.0.6.6,
0:18:50	we do have a label value it's number 23.
0:18:54	So, this now means based on the principle of the route recursion,
0:19:00	for any BGP destinations that we learned with the next hop value of 10.0.6.6,
0:19:07	they're all gonna used label number 23, as it switched out to Fast Ethernet 0/0.24.
0:19:15	So, if we were to actually go to BB2, and look at the Show IP Route BGP,
0:19:27	we see that we're learning 10.3.7.0/24.
0:19:37	From BB2 we have a couple loopbacks that are directly connected that are being advertised into BGP,
0:19:43	if I were to send traffic to the loopback of switch 1, which is 10.3.7.7,
0:19:50	and source this from loopback 0, 1 or 3,
0:19:57	when the packet actually gets to router 4, router 4 should be using label number 23,
0:20:04	in all of the out going packets that are being originated by BB2.
0:20:11	We can actually see this on the transit path if we look at the Debug MPLS Packets,
0:20:16	it's gonna tell us what the encapsulation occured for MPLS,
0:20:19	so what's the label number that was allocated,
0:20:22	and then what particular interface the packet was actually switched out.
0:20:29	So, on BB2 again let's send some pings from the different loopbacks,
0:20:35	if we look at router 4,
0:20:39	we should see that when this packets go out, they're gonna get label number 23.
0:20:45	Now depending on what your prospective is of the MPLS network whether you are the PE router itself,
0:20:51	or whether you are the P router, sometimes you see that the Debug output for the Debug MPLS,
0:20:57	sometimes it's not gonna show it, because router 4 is actually doing the label in position.
0:21:02	And it's a little bit different between IOS version how they process this.
0:21:05	So, in this particular case what I need to do here,
0:21:09	is go one hop further into the network and look at router 2,
0:21:14	to see what the Debug MPLS packet output what happened when I received packets in,
0:21:20	on Fast Ethernet 0/0.24.
0:21:23	And ideally what we should see is those in coming packets are all received with label number 23,
0:21:31	which is what router 4 is using to get towards the loopback of router 6.
0:21:38	So, now on router 2, let's look at the Debug MPLS Packets,
0:21:43	we'll send the traffic from BB2 again,
0:21:46	now on router 2 it says, that packets will received in on Fast Ethernet 0/0.24,
0:21:54	the classes services 0, which is the MPLS experimental bits,
0:21:59	the time to live was 254, and the label value was 23.
0:22:06	Router 2 internally then consults its own label forwarding information base,
0:22:13	and says that for any packet that came in with label number 23,
0:22:18	it really means it's going towards the loopback of router 6.
0:22:22	So, I'm gonna change this to label number 16 and then forward this out Fast Ethernet 0/0.12 towards router 1.
0:22:30	So, again with this design, this is unrelated to MPLS Layer 3 or Layer 2 VPNs.
0:22:36	This is just the basic logic of an MPLS tunnel, that essentially between router 4 and router 6.
0:22:45	It's the same type of logic as if we were to have a GRE tunnel, or an IP and IP tunnel,
0:22:50	because we are hiding from the devices in the trasit path, the information about the final destination.
0:22:57	But on router 1 and router 2 since we already know the IGP route,
0:23:01	the exit points, which are router 1 or excuse me, router 4 and router 6, the PE routers,
0:23:08	as long as I can do label switching towards the edge,
0:23:12	I'm gonna assume that the edge actually has the full reachability information about the rest of the topology.
0:23:18	Now, there's a couple of caveats that come along with this design,
0:23:21	the main key to remember
0:23:23	is that the BGP next hop value is going to control what the label number
0:23:29	is encapsulated when packets actually go towards the destination.
0:23:34	So, this means that in general,
0:23:36	the BGP next hop value should be pointing to the loopback interface of the remote PE router.
0:23:44	So, again when the router 6 was advertising the routes to router 4,
0:23:47	we said next hop self, to make sure the next hop was changed to its own loopback 0.
0:23:55	Now, if the next hop value is not changed to the loopback,
0:24:00	or they're using a different interface for peering,
0:24:04	we can end up in a blackhole in the MPLS network,
0:24:08	if the MPLS label is removed one hop too soon.
0:24:13	And this, then ultimately relates to the logic of Pen ultimate Hop Popping process or the PHP.
0:24:21	So, what I'm gonna do now is change the BGP peering,
0:24:25	between router 4 and router 6, so that instead of using the loopback interfaces,
0:24:31	we're gonna used the connected interfaces.
0:24:36	Now, in reality it shouldn't matter if your using the loopbacks or the connective links,
0:24:40	because we're essentially gonna follow the same physical forwarding path,
0:24:45	from router 4 whether we do a trace to the loopback of router 6,
0:24:53	or we do a trace to the link that router 6 is using to connect to router 1, which is 16.6.
0:25:03	So, we see from the number of hops it's the exact same physical forwarding path in the network.
0:25:10	So, now on router 4, let's say Show Run Section Router BGP,
0:25:14	and we're gonna change what is the remote peers address.
0:25:19	We'll go on to router BGP 200, and for the loopback of router 6,
0:25:24	I'll say for this particular neighbor,
0:25:26	it temporarily I'm gonna shut this peering down.
0:25:29	Instead of peering with the loopback, I'm gonna peer with 10.0.16.6, who's in AS 200,
0:25:38	and I'm still setting the next hop to myself,
0:25:43	because the link between us and the EBGP neighbor, this is not being advertised to router 6.
0:25:49	And as we know from the basic BGP best path selection process,
0:25:53	if we don't have a route to the next hop value, we cannot consider it for the best path selection.
0:25:58	Means we're gonna end up in an error in the route recursion process.
0:26:05	Now, on router 6, we're essentially gonna do the same thing.
0:26:08	So, under BGP 200, we'll now have the peering that goes to 10.0.24.4,
0:26:16	who is on AS 200, I'm setting the next hop to myself,
0:26:22	and assuming this is already advertised into IGP,
0:26:27	then we shouldn't have any problems establishing the IBGP peering between router 4 and router 6.
0:26:45	We can see now the peering's up, if we look at the Show IP BGP,
0:26:53	router 6 is learning the updates in from router 4,
0:26:57	the next hop value is the 24.4 address,
0:27:01	which is what we would expect because that's what the update source is from router 4 to 6.
0:27:10	Now, if we look at the end result to this, let's go back to BB2,
0:27:15	look at the Show IP Route BGP, and we see that there's essentially no change in the routing tables of the remote ASs,
0:27:25	so BB2 still has a route to switch 1,
0:27:28	we look at switch 1 and look at the Show IP Route BGP,
0:27:33	we still have a route to the BB2 routes,
0:27:35	but now we actually go to send the traffic, there's gonna be a failure in the date plane.
0:27:41	Essentially what happens is the traffic is switch to the wrong label value,
0:27:51	and the final destination is exposed to one of the P routers that is one hop too close in the network.
0:28:00	And this is gonna have to do with that logic that the MPLS label
0:28:06	is based on the BGP next hop value for the route that is being learned.
0:28:14	So, specifically on this case the only thing that I changed
0:28:16	is that now the peering between router 4 and router 6,
0:28:20	it's going to there physical interfaces.
0:28:24	So, let's look at from router 6's perspective, what's the difference between the label number,
0:28:30	that we would used for router 4's lopback,
0:28:33	versus the physical interface of router 4.
0:28:36	So, now on router 6, let's look at the Show IP Route OSPF,
0:28:40	we see that via IGP, we have the routes to both of these addresses.
0:28:45	We have the exact /30 host route for router 4's loopback,
0:28:50	then we have the 10.0.24.0/24, both of them being learned via router 1.
0:28:58	If we now look at Show MPLS Forwarding Table, router 6 says,
0:29:03	to get to the loopback of router 4 I'm gonna use label number 21 as the traffic goes out.
0:29:10	But to get to the 24.4 address, we're gonna use label number 18.
0:29:18	So, since these are two separate IGP routes, it means that we're gonna have two separate label values.
0:29:24	And these are automatically being allocated from LDP.
0:29:29	So, router 6 now is gonna add label number 18,
0:29:32	we can see this in the CEF table if were to say, Show IP CEF for 222.22.2.0,
0:29:39	and look at the detail,
0:29:42	since this points towards 10.0.24.4, it means we're using label number 18,
0:29:49	which is inferred from that next hop value.
0:29:52	Next we need to go to router 1, and see what it says when label number 18 comes inbound.
0:30:00	On router 1 if we look at the Show MPLS Forwarding Table, we see it says, that when label 18 comes in,
0:30:07	I'm gonna remove the topmost MPLS label and forward the traffic out towards router 2.
0:30:15	Now, in this specific case, why would router 1 say, I want to remove the label,
0:30:22	that's going towards this particular destination.
0:30:25	Now, remember anytime we see the pop tag, or implicit null, IMP null here,
0:30:33	it means that this particular destination is directly connected to the neighbor that we are learning the label from.
0:30:41	So, if we were to look at the diagram and look at the physical topology,
0:30:45	router 6 is saying, I wanna peer with that particular address.
0:30:50	That address is actually connected to two different neighbors.
0:30:52	It's connected to router 2 and it's connected to router 4.
0:30:57	This means that router 2 advertises the label value out to 1 or 3,
0:31:04	it's gonna be advertising implicit null.
0:31:08	It's telling this two neighbors, router 1 and 3 that this destination is actually directly connected to me,
0:31:12	so don't send me the packets MPLS labeled.
0:31:15	I know that if I received an MPLS packet in,
0:31:19	I'm just gonna have to remove the label number anyways and then do a further IP look-up.
0:31:26	So, by advertising the implicit null, is that optimization of the Pen ultimate Hop Popping process or PHP.
0:31:34	Now the reason that this becomes an issue, is that the traffic is not really going to the .4 address,
0:31:41	it's just going towards the .4 address.
0:31:45	So, what this means is that when router 2 receives the packet in,
0:31:50	it's not gonna be MPLS labeled it's going to be a normal IP packet.
0:31:56	If we were now to go to router 2, and look at the difference between the Debug MPLS Packets,
0:32:07	and the Debug IP Packets, what we would see is that for traffic going to these particular destination,
0:32:17	router 2 sees the final destination, and it says that, this is unroutable.
0:32:25	So, specifically here, this response that router 2 is sending back to switch 1,
0:32:31	this is an ICMP host unreachable message.
0:32:35	Where router 2 is saying, I don't know that specific destination.
0:32:40	Now switch 1 never receives the unreachable back in,
0:32:44	because not only this router 2 not have a route to the 222 destination,
0:32:49	but it also does not have a route back to switch 1 in order to give it the unreachable.
0:32:55	The problem is here that we can actually see rather to dropping the packet,
0:32:59	because this is being CEF switch.
0:33:02	So, what I would have to do here is actually go to router 2's link,
0:33:06	and say, no IP route cache to turn off the CEF process,
0:33:15	then we could look at the Debug IP packet,
0:33:23	and router 2 now says, I'm receiving the packet in from 10.3.7.7, going to 222.22.2.1.
0:33:32	This unroutable beacause I'm not running BGP.
0:33:35	I don't actually have the route to this destination.
0:33:39	We then are trying to send ICMP unreachable back to the source,
0:33:46	but the problem is likewise, we don't have the route back to 10.3.7.7.
0:33:53	So, it can be sometimes a very difficult problem to troubleshoot,
0:33:57	because from the prospective of the control plane everything looks fine.
0:34:01	There's nothing wrong with the routing advertisement to switch 1,
0:34:05	there's nothing wrong to the routing advertisement to BB2.
0:34:08	There's nothing wrong with the label exchange MPLS network,
0:34:11	or the routing internally to the MPLS core.
0:34:20	So, again from router 6, if we were to trace 10.0.24.4,
0:34:25	we don't have any problem reaching that,
0:34:28	because everybody in the middle has a route to that destination and a route back to me.
0:34:33	The problem is now when we're trying to tunnel the packets,
0:34:36	towards the 24.4 address, the MPLS label is coming off of the stack one hop too soon.
0:34:47	Where in reality we would want the Pen ultimate hop,
0:34:52	to not be router 1, we would want the Pen untimate hop to be router 2.
0:35:00	So, when 2 receives the packet in,
0:35:02	it can remove the MPLS label before the frame is forwarded out to router 4,
0:35:07	because since we know router 4 is the PE router,
0:35:10	it actually is gonna have the final destination information.
0:35:16	But the problem is the inner IP payload is being exposed one hop too soon,
0:35:22	which is to router 2 in this case, and it doesn't know how to get to that particular destination.
0:35:28	Now, you'll see in some IOS versions, the IOS parser actually has an error check built in
0:35:33	that between router 4 and router 6, when you do the peering,
0:35:37	if it is not to a /32 loopback,
0:35:39	the router is gonna generate an error message.
0:35:42	Saying that "You're trying to peer to this remote multi-protocol BGP neighbor,
0:35:46	but it's not to a /32 loopback."
0:35:50	The reason why it's complaining about that is this specific problem.
0:35:54	That if the Pen ultimate Hop Popping process happens one hop too soon,
0:35:59	then, a blackhole is gonna happen in the service provider network,
0:36:03	because someone in the core doesn't actually know the final destination.
0:36:07	They only know about the route up to the edge,
0:36:10	it's up to the edge router to figure out how do we get to the final destination.
0:36:15	Now, we could put a temporary fix on this.
0:36:18	If we did not want to peer between the loopback addresses of router 4 and router 6,
0:36:23	what I could do is one of these routers,
0:36:27	configure a route map that says out to router 4,
0:36:30	"Set IP next hop to my own local loopback."
0:36:36	Then, as I receive the routes in from 4,
0:36:40	route map from R4,
0:36:42	it says, "Set IP next hop to 10.0.4.4."
0:36:47	Then, under the BGP process,
0:36:49	we'll say, Neighbor 10.0.24.4.
0:36:54	Route Map...
0:36:56	to router 4 Out.
0:37:00	And Route Map from...
0:37:05	router 4 In.
0:37:08	Now, if we do a route refresh, we'll Clear IP BGP Star (*) Out.
0:37:11	Clear IP BGP Star (*) In.
0:37:15	When we look at the Show IP BGP Output on router 6,
0:37:18	we now see that the next hop is router 4's loopback.
0:37:22	Likewise from router 4, if we Show IP BGP,
0:37:26	we see now, the next hop is router 6's loopback.
0:37:29	This should then imply now, when we actually go to send the traffic in the data plane,
0:37:34	the MPLS label value that is used
0:37:37	should be the one that goes towards the loopback of 4, or towards the loopback of 6.
0:37:44	So, as we could see, you technically can solve the problem this way by using the route map
0:37:47	to actually change the addresses.
0:37:53	Although, in reality, the solution is much simpler to begin with,
0:37:56	that router 4 and router 6, they should not be peering
0:37:59	with their physical interface addresses,
0:38:02	they should be peering with the loopbacks.
0:38:05	So then, when we do modify the next hop value,
0:38:07	it's always gonna point towards the correct label,
0:38:11	which is towards the loopback of the remote PE.
0:38:15	Anytime it points to a transit link,
0:38:18	we run that possible risk of the PHP process happening one hop too soon,
0:38:22	and then, ultimately, the traffic is gonna get blackholed.

Now Viewing

CCIE R&S Advanced Technologies Class v4.5
Title:	CCIE R&S Advanced Technologies Class v4.5
Duration:	81h 42m
The CCIE Routing & Switching Advanced Technologies Class is the first step in understanding CCIE level technologies and is a companion to the Advanced Technologies Lab Workbook. Each technology you need to know for the CCIE Routing & Switching lab will be described in detail using an instructor led hands on demonstration. The class consists of over 80 hours of in depth explanations and examples.
Get instant access to our entire library!
	Sign Up
Download this Course
$299.00	Add to Cart

MPLS Tunnels, MPLS Penultimate Hop Popping (P...

Create Bookmark