In the MPLS world the concept of labels and stacking labels are used all the time. When running MPLS L3VPNs each route from the CE will end up with at least two MPLS labels: one commonly referred to as the VPN Label and the other referred as the IGP label.
Lets explore what really is the VPN Label. Is it a single label? or a stack of labels? or maybe a group of labels?. Lets analyze it.
When a route is learned from the CE, at the PE it will get a label assigned by BGP.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 | PE2#sh ip vrf Name Default RD Interfaces BLUE 567:200 FastEthernet0/0 PE2#sh ip bgp vpnv4 vrf BLUE labels Network Next Hop In label/Out label Route Distinguisher: 567:200 (BLUE) 1.1.1.1/32 150.4.4.4 nolabel/23 2.2.2.2/32 10.2.78.8 20/nolabel 10.1.12.0/24 150.4.4.4 nolabel/24 10.2.78.0/24 0.0.0.0 21/nolabel 22.22.22.0/24 10.2.78.8 25/nolabel PE2#sh mpls forwarding-table vrf BLUE Local Outgoing Prefix Bytes Label Outgoing Next Hop Label Label or VC or Tunnel Id Switched interface 20 No Label 2.2.2.2/32[V] 570 Fa0/0 10.2.78.8 21 Aggregate 10.2.78.0/24[V] 0 BLUE 25 No Label 22.22.22.0/24[V] 0 Fa0/0 10.2.78.8 PE2#sh mpls forwarding-table vrf BLUE detail Local Outgoing Prefix Bytes Label Outgoing Next Hop Label Label or VC or Tunnel Id Switched interface 20 No Label 2.2.2.2/32[V] 570 Fa0/0 10.2.78.8 MAC/Encaps=0/0, MRU=1504, Label Stack{} VPN route: BLUE No output feature configured 21 Aggregate 10.2.78.0/24[V] 0 BLUE MAC/Encaps=0/0, MRU=1504, Label Stack{} VPN route: BLUE No output feature configured 25 No Label 22.22.22.0/24[V] 0 Fa0/0 10.2.78.8 MAC/Encaps=0/0, MRU=1504, Label Stack{} VPN route: BLUE No output feature configured |
As you can see on line #3, I have VRF BLUE defined in this particular PE. Then in lines #9, #11 and #12 you can see that BGP has assigned some “In Label”. These are going to be the labels that packets arriving to this PE wanting to communicate to those destination at the CE will have to have.
Now, these are what are normally referred as the “VPN Label”. As you can see, it is not really a “VPN Label” but more a destination label. Lets take destination 2.2.2.2/32 inside the CE. As you may see in line #24, BGP has assigned the label 20. Any packet arriving with label 20 will be “POP” and send as a regular IPv4 packet towards the CE.
If we go to an ASBR which will see all the routes in this lab, we can see that it has knowledge of the label 20 for the destination 2.2.2.2/32 and it has assigned a local label of 23 (see line #11 of Listing #2).
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | ASBR2#sh mpls forwarding-table Local Outgoing Prefix Bytes Label Outgoing Next Hop Label Label or VC or Tunnel Id Switched interface 16 Pop Label 150.6.6.6/32 0 Fa0/0 150.2.56.6 17 Pop Label 150.2.67.0/24 0 Fa0/0 150.2.56.6 18 16 150.7.7.7/32 0 Fa0/0 150.2.56.6 19 Pop Label 192.168.45.4/32 590 Fa1/0 192.168.45.4 20 18 150.2.2.2/32 0 Fa1/0 192.168.45.4 21 19 150.3.3.3/32 0 Fa1/0 192.168.45.4 22 Pop Label 150.4.4.4/32 0 Fa1/0 192.168.45.4 23 20 567:200:2.2.2.2/32 \ 610 Fa0/0 150.2.56.6 24 21 567:200:10.2.78.0/24 \ 0 Fa0/0 150.2.56.6 25 25 567:200:22.22.22.0/24 \ 0 Fa0/0 150.2.56.6 ASBR2#sh mpls forwarding-table labels 23 detail Local Outgoing Prefix Bytes Label Outgoing Next Hop Label Label or VC or Tunnel Id Switched interface 23 20 567:200:2.2.2.2/32 \ 610 Fa0/0 150.2.56.6 MAC/Encaps=14/22, MRU=1496, Label Stack{16 20} CA00A59C0008CA07A59C00088847 0001000000014000 No output feature configured ASBR2# |
If we go further into the details of that LSP we see that we have stack (line #23 Listing #2) with two labels 16 and 20. The 16 is the top label and the 20 the bottom label. We already know where the 20 comes from (line #9 Listing #1). So, where does the 16 comes from? The answer is in line #6 of Listing #2. That is the IGP label towards the PE which have the CE connected to it. So, this top label will be the one changing on per hop basis but the bottom label will remain there up to the penultimate hop.
In this particular lab that will be P2.
1 2 3 4 5 6 7 8 9 10 | P2#sh mpls forwarding-table Local Outgoing Prefix Bytes Label Outgoing Next Hop Label Label or VC or Tunnel Id Switched interface 16 Pop Label 150.7.7.7/32 6978 Fa1/0 150.2.67.7 17 Pop Label 150.5.5.5/32 7373 Fa0/0 150.2.56.5 18 Pop Label 192.168.45.0/24 0 Fa0/0 150.2.56.5 19 20 150.2.2.2/32 0 Fa0/0 150.2.56.5 20 21 150.3.3.3/32 0 Fa0/0 150.2.56.5 21 22 150.4.4.4/32 610 Fa0/0 150.2.56.5 P2# |
As it can be see from Listing #3, the label 16 is removed. Now, that will remove the 16 but will have the label 20 when it arrives to the PE2. At this point, PE2 (line #17 Listing #1) knows what to do. It will POP that label and send a regular IPv4 packet towards the CE.
So, at the end, the VPN label does not refer to a single label but rather to the label or labels that the PE has associated to the VPNv4 routes of a particular VRF.
Hope this explains it… or at least give you enough headache to forget about it 
I read your comment on my blog.
Buzz me sometime, we can have a chat.
We can clearly see how much Cisco is relying on OEQs, IOS bugs and other nonsense to make it difficult. Cisco cant corner us on the core technologies!!
Swap
ccie19804 _at_ gmail com
#19804