MPLS LSP – Label Switched Path – L2VPN Pseudowire
As more and more networks are starting to implement MPLS on a massive scale I find it extremely important that a descent and profound background knowledge of the implemented technologies are a fundamental requirement.
Do not worry if you don’t get all the technical terms and acronyms at once. Most of them, if not all, will be explained in detail in one of the upcoming posts!
Feel free to contact me via E-Mail, LinkedIN, Facebook or on IRC if you have any questions or you need assistance in one of your labs. I am always available to help you out! I am on all the major networks such as Freenode, EFnet and IRCnet; my nickname is always Geert.
My series of MPLS related blog posts will start with Layer 2 MPLS VPN configurations, or better know as a Martini Pseudowire; named after Luca Martini, author of the original RFC. I choose this topic to pick up on the previous LSP story and to start with a basic, easy to understand initial MPLS configuration.
The following network diagram is the MPLS backbone design I will use in the upcoming posts. It’s a barebone design which contains the all the essential items required to display a variety of MPLS features, implementations and best practices.
Layer 2 MPLS VPN circuits allow an Internet Service Provider to deliver transparent point-to-point links to their customers transported over an MPLS backbone.
Packets are encapsulated with MPLS labels using the LDP (Label Distribution Protocol) as signaling method and transported through the backbone to their end-point.
In this post I will only focus on LDP as signalling protocol. One of the next posts will explain CR-LDP (Constraint-Based LDP) and RSVP-TE (Resource Reservation Protocol, Traffic Extension) as methods to deliver Traffic Engineering across the MPLS backbone.
A Layer 2 MPLS VPN will be configured between PE_1 and PE_4 to deliver a pseudowire circuit for the customer network. LDP uses your IGP (Interior Gateway Protocol) such as OSPF and IS-IS to calculate and use the best internal path to the end-point router.
When configuring the Layer 2 MPLS VPN, LDP will signal the PE_4 router and setup use the FEC (Forward Equivalent Class) to establish the VPN tunnel.
As packets enter the PE_1 router from the CE router port an MPLS label will be pushed into the IP header into the LSP, switched over the MPLS backbone untill it reaches P_3 who strips the MPLS label (Explicit Null label) and pushes the non-MPLS-encapsulated packet to to PE_4 who pops the packet out into the end-point CE router port.
Configuring a Layer 2 MPLS VPN is not hard to establish. Please take a good look at the following network diagram in order to understand the upcoming configuration files.
The IP addresses used on the CE devices (10.0.0.0/30) are directly configured on their PE facing router ports. The 192.168.0.X/32 addresses used on the provider equipment are the loopback address of the router. The configuration examples are self-explanatory, but please read everything with your full attention.
Configuring the CE devices is straightforward and requires only a standard interconnect configuration:
CE_1#config t CE_1(config)#interface GigabitEthernet1/1 CE_1(config-if)#ip address 10.0.0.1 255.255.255.252 CE_1(config-if)#end CE_1#sh run interface GigabitEthernet1/1 Building configuration... Current configuration : 178 bytes ! interface GigabitEthernet1/1 description "ICON # CE_1 - CE_2" ip address 10.0.0.1 255.255.255.252 end CE_1#
CE_2#config t CE_2(config)#interface GigabitEthernet1/1 CE_2(config-if)#ip address 10.0.0.2 255.255.255.252 CE_2(config-if)#end CE_2#sh run interface GigabitEthernet1/1 Building configuration... Current configuration : 178 bytes ! interface GigabitEthernet1/1 description "ICON # CE_2 - CE_1" ip address 10.0.0.2 255.255.255.252 end CE_2#
To enable MPLS on the provider network you must have an IGP such as OSPF or IS-IS up and running and enable MPLS on the internal interconnect interfaces. In this example we will use OSPF. Don’t enable MPLS and OSPF on customer facing interfaces!
The following must be applied on all the routers in the provider network. First enable OSPF on all the provider routers. Don’t forget to change the router-id and active OSPF interfaces in lieu to their place in the network diagram.
PE_1#config t PE_1(config)#interface Loopback0 PE_1(config-if)#ip address 192.168.0.1 255.255.255.255 PE_1(config-if)#end PE_1#sh run interface Loopback0 Building configuration... Current configuration : 178 bytes ! interface Loopback0 ip address 192.168.0.1 255.255.255.255 end PE_1#config t PE_1(config)#router ospf 1 PE_1(config-router)#router-id 192.168.0.1 PE_1(config-router)#log-adjacency-changes PE_1(config-router)#passive-interface default PE_1(config-router)#no passive-interface GigabitEthernet1/1 PE_1(config-router)#network 192.168.0.0 0.0.255.255 area 0 PE_1(config-router)#end PE_1#sh run | s router ospf 1 router ospf 1 router-id 192.168.0.1 log-adjacency-changes passive-interface default no passive-interface GigabitEthernet1/1 network 192.168.0.0 0.0.255.255 area 0 PE_1#
The next thing to do is to configure an interconnect between two routers and enable MPLS on the interface. OSPF will establish IGP with the neighbour router and LDP will start signaling. You need to do this for every router in the provider network. Please take care that you don’t create any duplicate addresses.
PE_1#config t PE_1(config)#interface GigabitEthernet1/1 PE_1(config-if)#ip address 192.168.1.1 255.255.255.252 PE_1(config-if)#mpls ip PE_1(config-if)#end PE_1#sh run interface GigabitEthernet1/1 Building configuration... Current configuration : 178 bytes ! interface GigabitEthernet1/1 description "ICON # PE_1 - PE_2" ip address 192.168.1.1 255.255.255.252 mpls ip end PE_1#
PE_2#config t PE_2(config)#interface GigabitEthernet1/4 PE_2(config-if)#ip address 192.168.1.2 255.255.255.252 PE_2(config-if)#mpls ip PE_2(config-if)#end PE_2#sh run interface GigabitEthernet1/4 Building configuration... Current configuration : 178 bytes ! interface GigabitEthernet1/4 description "ICON # PE_2 - PE_1" ip address 192.168.1.2 255.255.255.252 mpls ip end PE_2#
When you have configured your IGP both OSPF and MPLS should be fully operational. You can check if they are properly functioning with the following commands:
PE_1#sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
192.168.0.2 1 FULL/DR 00:00:38 192.168.1.2 GigabitEthernet1/1
PE_1#sh mpls ldp neighbor
Peer LDP Ident: 192.168.0.2:0; Local LDP Ident 192.168.0.1:0
TCP connection: 192.168.0.2.646 - 192.168.0.1.24894
State: Oper; Msgs sent/rcvd: 23451/23381; Downstream
Up time: 2w0d
LDP discovery sources:
Targeted Hello 192.168.0.1 -> 192.168.0.2, active, passive
GigabitEthernet1/1, Src IP addr: 192.168.1.1
Addresses bound to peer LDP Ident:
192.168.1.2 192.168.2.1 192.168.3.1 192.168.4.1
PE_1#
Your MPLS backbone is now fully up and running. IGP is working properly and MPLS is pushing and popping lalbels as it should. One of the following posts will contain detailed information on how to check and debug the MPLS forwarding-table. For now I will assume everything is working as expected.
Creating a Layer 2 MPLS VPN is very easy. The only thing you need to do is to configure the tunnel itself. You need to choose a unique VC-ID (Virtual Circuit ID) and configure it on both end-point interfaces. For this example I will use VC-ID 100 connected to the other router’s loopback address.
PE_1#config t PE_1(config)#interface GigabitEthernet1/2 PE_1(config-if)#no ip address PE_1(config-if)#xconnect 192.168.0.4 100 encapsulation mpls PE_1(config-if)#end PE_1#sh run interface GigabitEthernet1/2 Building configuration... Current configuration : 178 bytes ! interface GigabitEthernet1/2 description "IP-MPLS # Customer X - noc@customer-X.com" no ip address xconnect 192.168.0.4 100 encapsulation mpls end PE_1#
PE_4#config t PE_4(config)#interface GigabitEthernet1/1 PE_4(config-if)#no ip address PE_4(config-if)#xconnect 192.168.0.1 100 encapsulation mpls PE_4(config-if)#end PE_4#sh run interface GigabitEthernet1/1 Building configuration... Current configuration : 178 bytes ! interface GigabitEthernet1/1 description "IP-MPLS # Customer X - noc@customer-X.com" no ip address xconnect 192.168.0.1 100 encapsulation mpls end PE_4#
Please bear in mind that the tunnel will only be established if the two customer interfaces are physically up. You can check the status of your Layer 2 MPLS VPN tunnel with the following commands:
PE_1#sh mpls l2transport vc 100
Local intf Local circuit Dest address VC ID Status
------------- -------------------------- --------------- ---------- ----------
Gi1/2 Ethernet 192.168.0.4 100 UP
PE_1#sh mpls l2transport vc 100 detail
Local interface: Gi1/2 up, line protocol up, Ethernet up
Destination address: 192.168.0.4, VC ID: 100, VC status: up
Output interface: Gi1/1, imposed label stack {71}
Preferred path: not configured
Default path: active
Next hop: 192.168.1.2
Create time: 1w4d, last status change time: 1w4d
Signaling protocol: LDP, peer 192.168.0.4:0 up
Targeted Hello: 192.168.0.1(LDP Id) -> 192.168.0.4
MPLS VC labels: local 37, remote 71
Group ID: local 0, remote 0
MTU: local 1500, remote 1500
Remote interface description: "IP-MPLS # Customer X - noc@customer-X.com"
Sequencing: receive disabled, send disabled
VC statistics:
packet totals: receive 378966184, send 46967345
byte totals: receive 207567356353, send 2856119678
packet drops: receive 0, send 0
PE_1#
This concludes the session on creating Layer 2 MPLS VPN’s. The following posts will go deep into the MPLS protocol itself.
Any questions? 
| tags: CCDE, CCIE, CE, Cisco, FEC, Internet, ISP, L2VPN, LSP, Martini VPN, MPLS, MPLS Backbone, NGN, P, PE, Routing, Technology 
The configuration methods seem so be very straightforward. I would have expected a whole lot more commands.
The text and schematics makes it a lot easier to understand. It makes it easy to understand.
Keep up the good work! Don’t forget to spam the 30-head NOC from one of your previous posts with this piece of art.
Can’t wait to see more of this.
Damn, accidently pressed submit too soon. -___-
[...] explained in my previous MPLS LSP post you use the IGP such as OSPF or IS-IS its CEF FIB (Cisco Express Forwarding – Forwarding [...]
Hi ,
Is that diagram shows the encapsulation of packets for L2VPN Architecture?
Because, i wonder why MPLS header came in between the IP and L2Hdr. If it is L2VPN,
then the entire L2 Frame should be included inside a MPLS Label when it enters the Provider Network, isn’t it?
Like, Outer-L2Hdr->MPLS->InnerL2Hdr->IP ????
Please Clarify.
Thanks,
You are correct. The diagram is a bit confusing and your diagram is correct.
When the router receives the customer frames (InnerL2->IP) it will establish a directed LDP session to the destination router. Exchange labels for that specific pseudowire, this is the bottom label of the stack. Then it will find the FEC to the destination router with a label exchanged from his next-hop neighbour which is the top label of the stack. Then it adds his own l2 header to push the traffic to the next hop.
So to conclude:
– The customer l2 frame isn’t touched but placed behind the MPLS label.
– Pseudowires have (at least) two MPLS labels.
– The l2 header in the designs is the one between two routers to exchane traffic.
[...] past few months I’ve received a lot of feedback on my L2VPN Pseudowire blog post. Most questions where related to tLDP (Targeted LDP), PHP (Penultimate Hop Popping), [...]
[...] basic configuration for MPLS, OSPF and interfaces are explained in my previous post. You need to choose a unique VC-ID per circuit; in this example I will use VC-ID 100 for the [...]