Internet Traffic Gets MPLS Labels When You Deploy MPLS/VPN

A good friend of mine sent me an interesting question:

When I configure mpls ip on an interface, will all packets on that interface be labeled, or just the MPLS/VPN packets received through VRFs? I always assumed that stuff in the global routing table just got forwarded as IP packets without any labels.

Well, that’s not how MPLS works (at least not in its default incarnation on Cisco IOS).

When you configure mpls ip on an interface you enable two independent mechanisms:

  • LDP is started on the interface, allowing the router to establish LDP adjacencies and exchange labels across that interface;
  • MPLS is enabled in the data plane, allowing the router to receive labeled packets through the interface.

Junos has two independent commands, one to enable LDP, another one to enable MPLS on an interface – a fantastic brain scrambler if you’re too IOS-intoxicated.

Regardless of the label distribution mechanism, Cisco IOS installs prefix-to-label mappings in the CEF table. That information is used to compose the MPLS label stack used by MPLS/VPN (with the top label in the stack pointing toward BGP next hop) as well as for regular packet forwarding. No wonder you’ll see labels on packets forwarded through the global forwarding (CEF) table.

If all this sounds like Latin, check out my MPLS/VPN webinar or Cisco Press MPLS/VPN books.

Is There a Workaround?

Whenever there’s a challenge, there’s a kludge. This is what you can do:

Me, I wouldn’t bother. I prefer having a BGP-free MPLS core (although I have to admit an IP-only core has its advantages).

2 comments:

  1. MPLS was developed originally as much as an optimization for IP forwarding (avoiding longest-prefix matches in large routing tables, etc.) as to support VPNs. Or maybe even more so. FWIW, I find it helpful to have this in the back of my mind when trying to think through what appear to be odd implementation choices and defaults.

    ReplyDelete
  2. This blog item started with a TAC case I created about some routing issues. (I sent this information to the friend you mention ;)).
    I had some global prefix, let's say 10.11.12.0/24. This prefix was a connected network on a interface that also had mpls ip enabled.
    After announcing a more specific route from this /24 in a part of our network, I got complains that this prefix was not reachable from every router.

    My biggest lesson was that if some packets get encapsulated by an MPLS label, the next P router won't use the IP routing table to do a route lookup. In the case of a more specific route that is in the routing table, it won't lookup this route and just do Label Switching.

    ReplyDelete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.