NetWorld Tips from William Caban: What is the MPLS VPN Label?

Monday, January 4, 2010

What is the MPLS VPN Label?

In the MPLS world the concept of labels and stacking labels are used all the time. When running MPLS L3VPNs each route from the CE will end up with at least two MPLS labels: one commonly referred to as the VPN Label and the other referred as the IGP label.

Lets explore what really is the VPN Label. Is it a single label? or a stack of labels? or maybe a group of labels?. Lets analyze it.

When a route is learned from the CE, at the PE it will get a label assigned by BGP.

PE2#sh ip vrf
Name                             Default RD          Interfaces
BLUE                             567:200             FastEthernet0/0

PE2#sh ip bgp vpnv4 vrf BLUE labels
Network          Next Hop      In label/Out label
Route Distinguisher: 567:200 (BLUE)
1.1.1.1/32       150.4.4.4       nolabel/23
2.2.2.2/32       10.2.78.8       20/nolabel
10.1.12.0/24     150.4.4.4       nolabel/24
10.2.78.0/24     0.0.0.0         21/nolabel
22.22.22.0/24    10.2.78.8       25/nolabel

PE2#sh mpls forwarding-table vrf BLUE
Local  Outgoing      Prefix            Bytes Label   Outgoing   Next Hop
Label  Label or VC   or Tunnel Id      Switched      interface
20     No Label      2.2.2.2/32[V]     570           Fa0/0      10.2.78.8
21     Aggregate     10.2.78.0/24[V]   0             BLUE
25     No Label      22.22.22.0/24[V]  0             Fa0/0      10.2.78.8

PE2#sh mpls forwarding-table vrf BLUE detail
Local  Outgoing      Prefix            Bytes Label   Outgoing   Next Hop
Label  Label or VC   or Tunnel Id      Switched      interface
20     No Label      2.2.2.2/32[V]     570           Fa0/0      10.2.78.8
MAC/Encaps=0/0, MRU=1504, Label Stack{}
VPN route: BLUE
No output feature configured
21     Aggregate     10.2.78.0/24[V]   0             BLUE
MAC/Encaps=0/0, MRU=1504, Label Stack{}
VPN route: BLUE
No output feature configured
25     No Label      22.22.22.0/24[V]  0             Fa0/0      10.2.78.8
MAC/Encaps=0/0, MRU=1504, Label Stack{}
VPN route: BLUE
No output feature configured

Listing #1

As you can see on line #3, I have VRF BLUE defined in this particular PE. Then in lines #9, #11 and #12 you can see that BGP has assigned some "In Label". These are going to be the labels that packets arriving to this PE wanting to communicate to those destination at the CE will have to have.

Now, these are what are normally referred as the "VPN Label". As you can see, it is not really a "VPN Label" but more a destination label. Lets take destination 2.2.2.2/32 inside the CE. As you may see in line #24, BGP has assigned the label 20. Any packet arriving with label 20 will be "POP" and send as a regular IPv4 packet towards the CE.

If we go to an ASBR which will see all the routes in this lab, we can see that it has knowledge of the label 20 for the destination 2.2.2.2/32 and it has assigned a local label of 23 (see line #11 of Listing #2).

ASBR2#sh mpls forwarding-table
Local  Outgoing      Prefix            Bytes Label   Outgoing   Next Hop
Label  Label or VC   or Tunnel Id      Switched      interface
16     Pop Label     150.6.6.6/32      0             Fa0/0      150.2.56.6
17     Pop Label     150.2.67.0/24     0             Fa0/0      150.2.56.6
18     16            150.7.7.7/32      0             Fa0/0      150.2.56.6
19     Pop Label     192.168.45.4/32   590           Fa1/0      192.168.45.4
20     18            150.2.2.2/32      0             Fa1/0      192.168.45.4
21     19            150.3.3.3/32      0             Fa1/0      192.168.45.4
22     Pop Label     150.4.4.4/32      0             Fa1/0      192.168.45.4
23     20            567:200:2.2.2.2/32   \
610           Fa0/0      150.2.56.6
24     21            567:200:10.2.78.0/24   \
0             Fa0/0      150.2.56.6
25     25            567:200:22.22.22.0/24   \
0             Fa0/0      150.2.56.6

ASBR2#sh mpls forwarding-table labels 23 detail
Local  Outgoing      Prefix            Bytes Label   Outgoing   Next Hop
Label  Label or VC   or Tunnel Id      Switched      interface
23     20            567:200:2.2.2.2/32   \
610           Fa0/0      150.2.56.6
MAC/Encaps=14/22, MRU=1496, Label Stack{16 20}
CA00A59C0008CA07A59C00088847 0001000000014000
No output feature configured
ASBR2#

Listing #2

If we go further into the details of that LSP we see that we have stack (line #23 Listing #2) with two labels 16 and 20. The 16 is the top label and the 20 the bottom label. We already know where the 20 comes from (line #9 Listing #1). So, where does the 16 comes from? The answer is in line #6 of Listing #2. That is the IGP label towards the PE which have the CE connected to it. So, this top label will be the one changing on per hop basis but the bottom label will remain there up to the penultimate hop.

In this particular lab that will be P2.

P2#sh mpls forwarding-table
Local  Outgoing      Prefix            Bytes Label   Outgoing   Next Hop
Label  Label or VC   or Tunnel Id      Switched      interface
16     Pop Label     150.7.7.7/32      6978          Fa1/0      150.2.67.7
17     Pop Label     150.5.5.5/32      7373          Fa0/0      150.2.56.5
18     Pop Label     192.168.45.0/24   0             Fa0/0      150.2.56.5
19     20            150.2.2.2/32      0             Fa0/0      150.2.56.5
20     21            150.3.3.3/32      0             Fa0/0      150.2.56.5
21     22            150.4.4.4/32      610           Fa0/0      150.2.56.5
P2#

Listing #3

As it can be see from Listing #3, the label 16 is removed. Now, that will remove the 16 but will have the label 20 when it arrives to the PE2. At this point, PE2 (line #17 Listing #1) knows what to do. It will POP that label and send a regular IPv4 packet towards the CE.

So, at the end, the VPN label does not refer to a single label but rather to the label or labels that the PE has associated to the VPNv4 routes of a particular VRF.

Hope this explains it... or at least give you enough headache to forget about it ;-)