BGP labeled unicast¶
The BGP labeled unicast address-family helps in establishing an MPLS path between BGP peers. A given prefix entering the network will be assigned a label that will be exchanged with remote entry. That MPLS path can then be used to create other services like L3VPN services.
The chapter discusses eBGP and iBGP use cases. Each use case will be based on unique examples.
EBGP connection¶
EBGP between two devices¶
The following example illustrates a border router directly connected to an external BGP peer. A label is allocated and is exchanged along with the shared prefix.
eBGP topology with two peers¶
rt1
rt1 running config# vrf main
rt1 running vrf main# interface loopback loop1
rt1 running physical loop1# ipv4 address 172.16.1.1/32
rt1 running physical loop1# .. ..
rt1 running vrf main# interface physical eth1
rt1 running physical eth1#! port pci-b0s5
rt1 running physical eth1# ipv4 address 192.168.1.1/24
rt1 running physical eth1# .. ..
rt1 running vrf main# routing bgp
rt1 running bgp#! as 65500
rt1 running bgp# neighbor 192.168.1.2 remote-as 65501
rt1 running bgp# neighbor 192.168.1.2 address-family ipv4-unicast enabled false
rt1 running bgp# neighbor 192.168.1.2 address-family ipv4-labeled-unicast enabled true
rt1 running bgp# address-family ipv4-unicast network 172.16.1.1/32
rt1 running bgp# .. .. ..
rt1 running bgp# ebgp-requires-policy false
rt1 running bgp#
rt2
rt2 running config# vrf main
rt2 running vrf main# interface loopback loop1
rt2 running physical loop1# ipv4 address 172.16.2.2/32
rt2 running physical loop1# .. ..
rt2 running vrf main# interface physical eth1
rt2 running physical eth1#! port pci-b0s5
rt2 running physical eth1# ipv4 address 192.168.1.2/24
rt2 running physical eth1# .. ..
rt2 running vrf main# routing bgp
rt2 running bgp#! as 65501
rt2 running bgp# neighbor 192.168.1.1 remote-as 65500
rt2 running bgp# neighbor 192.168.1.1 address-family ipv4-unicast enabled false
rt2 running bgp# neighbor 192.168.1.1 address-family ipv4-labeled-unicast enabled true
rt2 running bgp# address-family ipv4-unicast network 172.16.2.2/32
rt2 running bgp# .. .. ..
rt2 running bgp# ebgp-requires-policy false
rt2 running bgp#
Consequently, an LSP is established between both devices. This peering is often used between operators. Actually, each operator has its constraints, and configuring an IGP between two operators may not be possible.
The show bgp ipv4 labeled-unicast prefix command shows the received label
from the 192.168.1.2 peer, which is the 3 value (the implicit-null value).
.. rubric:: rt1
rt1> show bgp ipv4 labeled-unicast prefix 172.16.2.2/32
BGP routing table entry for 172.16.2.32/32, version 2
Local label: 16
Paths: (1 available, best #1, table default, vrf (null))
Advertised to non peer-group peers:
192.168.1.2
65501
192.168.1.2 from 192.168.1.2 (192.168.1.2)
Origin IGP, metric 0, valid, external, best (First path received)
Remote label: 3
Last update: Fri Jan 20 16:31:05 2023
Note
The implicit-null label is part of the special purpose labels defined by a
value ranging betwen 0 and 15. The implicit-null value has no meaning from
the dataplane perspective, as the outgoing IP packets following the route
are sent non encapsulated. However, this value is exchanged in the control
plane messages, and is generally used to reach IP addresses that are either
directly connected or routable in the next router.
The show ipv4-routes command shows the labeled route used to reach the 172.16.2.0/24.
rt1
rt1> show ipv4-routes to 172.16.2.2/32
Routing entry for 172.16.2.2/32
Known via "bgp", distance 20, metric 0, best
Last update 00:05:01 ago
* 192.168.1.2, via eth1, label implicit-null, weight 1
AS-Path: 65501
The show mpls fec command shows the FEC entry created by BGP when
installing the labeled route. The forwarding Equivalent Class entry helps in
keeping the relationship between a given prefix and incoming traffic entering
the device that receives this prefix. A local label associated to the prefix
is locally allocated by BGP.
rt1
rt1> show mpls fec
172.16.2.2/32
Label: 16
Client list: bgp(fd 29)
The below figure illustrates the case where the FEC entry created by the
rt1 device creates an MPLS entry. This entry is used by MPLS packets
coming with the label 16. Because the nexthop and the MPLS label are
changed when the rt1 device re-advertises the update from the rt2
device, a possible peer located on the left of the rt1 device may receive
that update, and may send packets encapsulated with the 16 value.
eBGP description of FEC usage¶
The FEC entry created on the rt1 device will help in switching those
packets to the nexthop associated to the 172.16.2.2/32 prefix. The MPLS
entry could be created since the labeled BGP route to reach the 172.16.2.2/32
prefix could be installed, and the nexthop has been resolved.
rt1
rt1> show mpls table
Inbound Label Type Nexthop Outbound Label
--------------------------------------------------
16 BGP 192.168.1.2 implicit-null
EBGP across multiple devices¶
A chain of connected eBGP peerings can be created to establish an LSP along the path between all the eBGP devices. The following drawing extends the above topology with two extra devices.
eBGP topology with multiple peers¶
The configuration of the rt2, rt3 and rt4 devices is given below.
rt2
rt2 running config# vrf main
rt2 running vrf main# interface loopback loop1
rt2 running physical loop1# ipv4 address 172.16.2.2/32
rt2 running physical loop1# .. ..
rt2 running config# vrf main
rt2 running vrf main# interface physical eth1
rt2 running physical eth1#! port pci-b0s5
rt2 running physical eth1# ipv4 address 192.168.1.2/24
rt2 running physical eth1# .. ..
rt2 running vrf main# interface physical eth2
rt2 running physical eth2#! port pci-b0s6
rt2 running physical eth2# ipv4 address 192.168.2.2/24
rt2 running physical eth2# .. ..
rt2 running vrf main# routing bgp
rt2 running bgp#! as 65501
rt2 running bgp# neighbor 192.168.1.1 remote-as 65500
rt2 running bgp# neighbor 192.168.1.1 address-family ipv4-unicast enabled false
rt2 running bgp# neighbor 192.168.1.1 address-family ipv4-labeled-unicast enabled true
rt2 running bgp# address-family ipv4-unicast network 172.16.2.2/32
rt2 running bgp# .. .. ..
rt2 running bgp# neighbor 192.168.2.3 remote-as 65502
rt2 running bgp# neighbor 192.168.2.3 address-family ipv4-unicast enabled false
rt2 running bgp# neighbor 192.168.2.3 address-family ipv4-labeled-unicast enabled true
rt2 running bgp# ebgp-requires-policy false
rt2 running bgp#
rt3
rt3 running config# vrf main
rt3 running vrf main# interface loopback loop1
rt3 running physical loop1# ipv4 address 172.16.3.3/32
rt3 running physical loop1# .. ..
rt3 running vrf main# interface physical eth1
rt3 running physical eth1#! port pci-b0s5
rt3 running physical eth1# ipv4 address 192.168.2.3/24
rt3 running physical eth1# .. ..
rt3 running vrf main# interface physical eth2
rt3 running physical eth1#! port pci-b0s6
rt3 running physical eth1# ipv4 address 192.168.3.3/24
rt3 running physical eth1# .. ..
rt3 running vrf main# routing bgp
rt3 running bgp#! as 65502
rt3 running bgp# neighbor 192.168.2.2 remote-as 65501
rt3 running bgp# neighbor 192.168.2.2 address-family ipv4-unicast enabled false
rt3 running bgp# neighbor 192.168.2.2 address-family ipv4-labeled-unicast enabled true
rt3 running bgp# neighbor 192.168.3.4 remote-as 65503
rt3 running bgp# neighbor 192.168.3.4 address-family ipv4-unicast enabled false
rt3 running bgp# neighbor 192.168.3.4 address-family ipv4-labeled-unicast enabled true
rt3 running bgp# address-family ipv4-unicast network 172.16.3.3/32
rt3 running bgp# .. .. ..
rt3 running bgp# ebgp-requires-policy false
rt3 running bgp#
rt4
rt4 running config# vrf main
rt4 running vrf main# interface loopback loop1
rt4 running physical loop1# ipv4 address 172.16.4.4/32
rt4 running physical loop1# .. ..
rt4 running vrf main# interface physical eth1
rt4 running physical eth1#! port pci-b0s5
rt4 running physical eth1# ipv4 address 192.168.3.4/24
rt4 running physical eth1# .. ..
rt4 running vrf main# routing bgp
rt4 running bgp#! as 65503
rt4 running bgp# neighbor 192.168.3.3 remote-as 65502
rt4 running bgp# neighbor 192.168.3.3 address-family ipv4-unicast enabled false
rt4 running bgp# neighbor 192.168.3.3 address-family ipv4-labeled-unicast enabled true
rt4 running bgp# address-family ipv4-unicast network 172.16.4.4/32
rt4 running bgp# .. .. ..
rt4 running bgp# ebgp-requires-policy false
rt4 running bgp#
The 172.16.4.4/32 prefix from rt4 is being allocated by the implicit-null
label, and is sent to the 192.168.3.3 peer.
rt4
rt4> show bgp ipv4 labeled-unicast prefix 172.16.4.4/32
BGP routing table entry for 172.16.4.4/32, version 1
Local label: 3
Paths: (1 available, best #1, table default, vrf (null))
Advertised to non peer-group peers:
192.168.3.3
Local
0.0.0.0 from 0.0.0.0 (172.16.4.4)
Origin IGP, metric 0, weight 32768, valid, sourced, local, best (First path received)
Last update: Mon Jan 23 09:04:57 2023
The rt3 device receives the prefix, and allocates the 18 label for that
prefix, which will be sent to the remote rt2 device instead of the initial
implicit-null label.
rt3
rt3> show bgp ipv4 labeled-unicast prefix 172.16.4.4/32
BGP routing table entry for 172.16.4.4/32, version 4
Local label: 18
Paths: (1 available, best #1, table default, vrf (null))
Advertised to non peer-group peers:
192.168.2.2 192.168.3.4
65503
192.168.3.4 from 192.168.3.4 (172.16.4.4)
Origin IGP, metric 0, valid, external, best (First path received)
Remote label: 3
Last update: Mon Jan 23 09:04:58 2023
Also, the rt3 device installs an MPLS entry so that incoming MPLS traffic
with the 18 label value will be popped and headed to the 192.168.3.4 ip
address.
rt3
rt3> show mpls table 18
Local label: 18 (installed)
type: BGP remote label: 3 distance: 20
via 192.168.3.4 dev eth2 (installed)
The rt2 device will receive the 172.16.4.4/32 prefix with the 18 label value allocated
by the rt3 neighbor. Similarly, the 18 label is locally allocated, and an MPLS entry
is created to as to pop and switch incoming packets with the 18 label value to the 192.168.3.3
IP address.
rt2
rt2> show bgp ipv4 labeled-unicast prefix 172.16.4.4/32
BGP routing table entry for 172.16.4.4/32, version 4
Local label: 18
Paths: (1 available, best #1, table default, vrf (null))
Advertised to non peer-group peers:
192.168.1.1 192.168.2.3
65502 65503
192.168.2.3 from 192.168.2.3 (172.16.3.3)
Origin IGP, valid, external, best (First path received)
Remote label: 18
Last update: Mon Jan 23 09:04:59 2023
rt2> show mpls table 18
Local label: 18 (installed)
type: BGP remote label: 18 distance: 20
via 192.168.2.3 dev eth2 (installed)
The rt1 device receives the incoming BGP update, and performs the same
operations. The IP route installed to reach the 172.16.4.4/32 prefix will be
appended with the 18 label value, and will be sent to the 192.168.1.2 ip
address.
rt1
rt1> show ipv4-routes to 172.16.4.4
Routing entry for 172.16.4.4/32
Known via "bgp", distance 20, metric 0, best
Last update 00:15:49 ago
* 192.168.1.2, via eth1, label 18, weight 1
AS-Path: 65501 65502 65503
An LSP path has been forged to send traffic from the rt1 device to the rt4
by appending the 18 label value. Then, switch operations are performed on the
next devices to head traffic directly to the rt4 device.
L3VPN service over EBGP¶
Labeled eBGP helps in conveying L3VPN traffic, originating from the vrf1
L3VRF. Actually, L3VPN uses MPLS labels to encapsulate VPN traffic,
and needs an MPLS backbone to convey it; the labels from the labeled-unicast
address-family are used to forge an MPLS layer that can be used as an MPLS
backbone. The below configuration creates an eBGP peering between two devices.
The loopback source and destination IP addresses are exchanged by the
labeled-unicast address-family, and are used to establish the VPNv4 session.
See also
More information about L3VPN configuration: BGP L3VPN
rt1
rt1 running config# vrf main
rt1 running vrf main# interface loopback loop1
rt1 running physical loop1# ipv4 address 172.16.1.1/32
rt1 running physical loop1# .. ..
rt1 running vrf main# interface physical eth1
rt1 running physical eth1#! port pci-b0s5
rt1 running physical eth1# ipv4 address 192.168.1.1/24
rt1 running physical eth1# .. ..
rt1 running vrf main# routing bgp
rt1 running bgp#! as 65500
rt1 running bgp# neighbor 192.168.1.2 remote-as 65501
rt1 running bgp# neighbor 192.168.1.2 address-family ipv4-unicast enabled false
rt1 running bgp# neighbor 192.168.1.2 address-family ipv4-labeled-unicast enabled true
rt1 running bgp# address-family ipv4-unicast network 172.16.1.1/32
rt1 running bgp# .. .. ..
rt1 running bgp# neighbor 172.16.2.2 remote-as 65501
rt1 running bgp# neighbor 172.16.2.2 ebgp-multihop 2
rt1 running bgp# neighbor 172.16.2.2 update-source loop1
rt1 running bgp# neighbor 172.16.2.2 address-family ipv4-unicast enabled false
rt1 running bgp# neighbor 172.16.2.2 address-family ipv4-vpn enabled true
rt1 running bgp# ebgp-requires-policy false
rt1 running bgp# / vrf main l3vrf vrf1
rt1 running l3vrf vrf1#! table-id 10
rt1 running l3vrf vrf1# interface physical eth2
rt1 running physical eth2#! ipv4 address 172.16.10.1/24
rt1 running physical eth2#! port pci-b0s6
rt1 running physical eth2# .. ..
rt1 running l3vrf vrf1# routing bgp
rt1 running bgp# address-family ipv4-unicast
rt1 running ipv4-unicast# l3vpn export route-distinguisher 65500:1
rt1 running ipv4-unicast# l3vpn export route-target 11:22
rt1 running ipv4-unicast# l3vpn import route-target 11:22
rt1 running ipv4-unicast# l3vpn import vpn true
rt1 running ipv4-unicast# l3vpn export vpn true
rt1 running ipv4-unicast# l3vpn export label 300
rt1 running ipv4-unicast# redistribute connected
rt1 running ipv4-unicast#
rt2
rt2 running config# vrf main
rt2 running vrf main# interface loopback loop1
rt2 running physical loop1# ipv4 address 172.16.2.2/32
rt2 running physical loop1# .. ..
rt2 running vrf main# interface physical eth1
rt2 running physical eth1#! port pci-b0s5
rt2 running physical eth1# ipv4 address 192.168.1.2/24
rt2 running physical eth1# .. ..
rt2 running vrf main# routing bgp
rt2 running bgp#! as 65501
rt2 running bgp# neighbor 192.168.1.1 remote-as 65500
rt2 running bgp# neighbor 192.168.1.1 address-family ipv4-unicast enabled false
rt2 running bgp# neighbor 192.168.1.1 address-family ipv4-labeled-unicast enabled true
rt2 running bgp# address-family ipv4-unicast network 172.16.2.2/32
rt2 running bgp# .. .. ..
rt2 running bgp# ebgp-requires-policy false
rt2 running bgp# neighbor 172.16.1.1 remote-as 65500
rt2 running bgp# neighbor 172.16.1.1 ebgp-multihop 2
rt2 running bgp# neighbor 172.16.1.1 update-source loop1
rt2 running bgp# neighbor 172.16.1.1 address-family ipv4-unicast enabled false
rt2 running bgp# neighbor 172.16.1.1 address-family ipv4-vpn enabled true
rt2 running bgp# / vrf main l3vrf vrf1
rt2 running l3vrf vrf1#! table-id 10
rt2 running l3vrf vrf1# interface physical eth2
rt2 running physical eth2#! ipv4 address 172.16.20.2/24
rt2 running physical eth2#! port pci-b0s6
rt2 running physical eth2# .. ..
rt2 running l3vrf vrf1# routing bgp
rt2 running bgp# address-family ipv4-unicast
rt2 running ipv4-unicast# l3vpn export route-distinguisher 65501:1
rt2 running ipv4-unicast# l3vpn export route-target 11:22
rt2 running ipv4-unicast# l3vpn import route-target 11:22
rt2 running ipv4-unicast# l3vpn import vpn true
rt2 running ipv4-unicast# l3vpn export vpn true
rt2 running ipv4-unicast# l3vpn export label 600
rt2 running ipv4-unicast# redistribute connected
rt2 running ipv4-unicast#
After peering, the rt1 device receives BGP update from the 172.16.20.0/24
network with the 600 label.
rt1> show bgp ipv4 vpn prefix 172.16.20.0/24
BGP routing table entry for 65501:1:172.16.20.0/24, version 5
not allocated
Paths: (1 available, best #1)
Advertised to non peer-group peers:
172.16.2.2
65501
172.16.2.2 from 172.16.2.2 (192.168.1.2)
Origin incomplete, metric 0, valid, external, best (First path received)
Extended Community: RT:11:22
Remote label: 600
Last update: Fri Jan 20 17:20:59 2023
The L3VPN route is installed, because there was a labeled route between the rt1.
That labeled route was the labeled-unicast route coming from the rt2 device and
using the implicit-null label. The L3VPN route appended that labeled route to
its own VPN label. (the implicit-null/600 label stack indicates that VPN packets
will be sent out encapsulated with the 600 value).
rt1> show ipv4-routes l3vrf vrf1
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, A - Babel, D - SHARP, F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
VRF vrf1:
K>* 0.0.0.0/0 [255/8192] unreachable (ICMP unreachable), 00:49:44
C>* 172.16.10.0/24 is directly connected, eth2, 00:49:44
B> 172.16.20.0/24 [20/0] via 172.16.2.2 (vrf default) (recursive), label 600, weight 1, 00:13:08
* via 192.168.1.2, eth1 (vrf default), label implicit-null/600, weight 1, 00:13:08
eBGP can be used on multi-hop constraints, where the L3VPN networks are not directly connected. In that case, a chain of eBGP connections can be used to establish an LSP along the path between all the eBGP devices.
See also
RFC 4364 section
10.cusing the eBGP redistribution of labeled IPv4 routes.
IBGP connection¶
Labeled iBGP peering can be also configured to connect two remote networks. In that case, iBGP is configured as a route reflector: labeled iBGP routes reflect labeled routes to the remote network.
IBGP between two devices¶
The following configuration illustrates a basic iBGP peering between two devices. To simplify BGP peering between the two loopback addresses of the two nodes, a static route has been used instead of an IGP.
iBGP topology with two peers¶
rt1
rt1 running config# vrf main
rt1 running vrf main# routing static ipv4-route 172.16.1.2/32 next-hop 192.168.1.2
rt1 running vrf main# interface loopback loop1
rt1 running physical loop1# ipv4 address 172.16.1.1/32
rt1 running physical loop1# .. ..
rt1 running vrf main# interface physical eth1
rt1 running physical eth1#! port pci-b0s5
rt1 running physical eth1# ipv4 address 192.168.1.1/24
rt1 running physical eth1# .. ..
rt1 running vrf main# routing bgp
rt1 running bgp#! as 65500
rt1 running bgp# neighbor 172.16.1.2 remote-as 65500
rt1 running bgp# neighbor 172.16.1.2 update-source loop1
rt1 running bgp# neighbor 172.16.1.2 address-family ipv4-unicast enabled false
rt1 running bgp# neighbor 172.16.1.2 address-family ipv4-labeled-unicast
rt1 running ipv4-labeled-unicast# enabled true
rt1 running ipv4-labeled-unicast# route-reflector-client true
rt1 running ipv4-labeled-unicast# nexthop-self force true
rt1 running ipv4-labeled-unicast# .. ..
rt1 running bgp# address-family ipv4-unicast network 172.16.1.1/32
rt1 running network 172.16.1.1/32# .. .. ..
rt1 running bgp#
rt2
rt2 running config# vrf main
rt1 running vrf main# routing static ipv4-route 172.16.1.1/32 next-hop 192.168.1.1
rt2 running vrf main# interface loopback loop1
rt2 running physical loop1# ipv4 address 172.16.1.2/32
rt2 running physical loop1# .. ..
rt2 running vrf main# interface physical eth1
rt2 running physical eth1#! port pci-b0s5
rt2 running physical eth1# ipv4 address 192.168.1.2/24
rt2 running physical eth1# .. ..
rt2 running vrf main# routing bgp
rt2 running bgp#! as 65500
rt2 running bgp# neighbor 172.16.1.1 remote-as 65500
rt2 running bgp# neighbor 172.16.1.1 update-source loop1
rt2 running bgp# neighbor 172.16.1.1 address-family ipv4-unicast enabled false
rt2 running bgp# neighbor 172.16.1.1 address-family ipv4-labeled-unicast
rt2 running ipv4-labeled-unicast# enabled true
rt2 running ipv4-labeled-unicast# route-reflector-client true
rt2 running ipv4-labeled-unicast# nexthop-self force true
rt2 running ipv4-labeled-unicast# .. .. ..
rt2 running bgp# address-family ipv4-unicast network 172.16.1.2/32
rt2 running network 172.16.1.2/32# .. .. ..
rt2 running bgp#
Note
For simplifications, some static routes have been configured to replace an IGP that is usually requested.
The BGP route learned on the rt2 node can be propagated to other iBGP
peerings connected behind the rt2 device. The 18 label value computed
by rt2 will be used by the BGP node consecutive to the rt2 to send
traffic to the 172.16.1.1 address.
rt2
rt2> show bgp ipv4 labeled-unicast prefix 172.16.1.1/32
BGP routing table entry for 172.16.1.1/32, version 4
Local label: 18
Paths: (1 available, best #1, table default, vrf (null))
Advertised to non peer-group peers:
192.168.1.1 192.168.2.3
65502 65503
192.168.2.3 from 192.168.2.3 (172.16.3.3)
Origin IGP, valid, external, best (First path received)
Remote label: 3
Last update: Mon Feb 23 09:08:59 2023
IBGP across multiple devices¶
Labeled iBGP peering is used for inter-area routing to establish a unique LSP across multiple domains. For instance, an operator network can be split up between access, aggregation, and core network. Each domain uses its own IGP because the operator wants to maintain those domains isolated. Only a few addresses are shared between the various domains.
The labeled iBGP peering sits on top of those IGPs and creates BGP peering between the nodes located at the border of each domain.
iBGP topology with multiple peers¶
For instance, on the below configuration, the rt3 device shares its
loopback address between the two domains connected to it. This sharing
permits BGP to propagate prefixes from rt4 to the rt1
device and vice-versa.
rt1
rt1 running config# vrf main
rt1 running vrf main# interface loopback loop1
rt1 running physical loop1# ipv4 address 172.16.1.1/32
rt1 running physical loop1# .. ..
rt1 running vrf main# interface physical eth1
rt1 running physical eth1#! port pci-b0s5
rt1 running physical eth1# ipv4 address 192.168.1.1/24
rt1 running physical eth1# .. ..
rt1 running vrf main# routing mpls fec resolve-via-network true
rt1 running vrf main# routing bgp
rt1 running bgp#! as 65500
rt1 running bgp# address-family ipv4-unicast
rt1 running ipv4-unicast# network 172.16.1.1/32
rt1 running network 172.16.1.1/32# .. .. ..
rt1 running bgp# neighbor 172.16.1.3 remote-as 65500
rt1 running bgp# neighbor 172.16.1.3 update-source loop1
rt1 running bgp# neighbor 172.16.1.3 address-family ipv4-unicast enabled false
rt1 running bgp# neighbor 172.16.1.3 address-family ipv4-labeled-unicast
rt1 running ipv4-labeled-unicast# enabled true
rt1 running ipv4-labeled-unicast# route-reflector-client true
rt1 running ipv4-labeled-unicast# nexthop-self force true
rt1 running ipv4-labeled-unicast# .. .. ..
rt1 running bgp# neighbor 172.16.1.4 remote-as 65500
rt1 running bgp# neighbor 172.16.1.4 update-source loop1
rt1 running bgp# neighbor 172.16.1.4 address-family ipv4-unicast enabled true
rt1 running bgp# .. ospf
rt1 running ospf# router-id 172.16.1.1
rt1 running ospf# network 172.16.1.1/32 area 0
rt1 running ospf# network 192.168.1.0/24 area 0
rt1 running ospf# passive-interface loop1
rt1 running ospf# .. mpls ldp
rt1 running ldp# router-id 172.16.1.1
rt1 running ldp# address-family ipv4
rt1 running address-family ipv4# discovery transport-address 172.16.1.1
rt1 running transport-address 172.16.1.1# interface eth1
rt1 running interface eth1#
rt2
rt2 running config# vrf main
rt2 running vrf main# interface loopback loop1
rt2 running physical loop1# ipv4 address 172.16.1.2/32
rt2 running physical loop1# .. ..
rt2 running vrf main# interface physical eth0
rt2 running physical eth0#! port pci-b0s5
rt2 running physical eth0# ipv4 address 192.168.1.2/24
rt2 running physical eth0# .. ..
rt2 running vrf main# interface physical eth1
rt2 running physical eth1#! port pci-b0s6
rt2 running physical eth1# ipv4 address 192.168.2.2/24
rt2 running physical eth1# .. ..
rt2 running vrf main# routing ospf
rt2 running ospf# router-id 172.16.1.2
rt2 running ospf# network 172.16.1.2/32 area 0
rt2 running ospf# network 192.168.1.0/24 area 0
rt2 running ospf# network 192.168.2.0/24 area 0
rt2 running ospf# passive-interface loop1
rt2 running ospf# .. mpls ldp
rt2 running ldp# router-id 172.16.1.2
rt2 running ldp# address-family ipv4
rt2 running address-family ipv4# discovery transport-address 172.16.1.2
rt2 running transport-address 172.16.1.2# interface eth0
rt2 running interface eth0# ..
rt2 running transport-address 172.16.1.2# interface eth1
rt2 running interface eth1# ..
rt3
rt3 running config# vrf main
rt3 running vrf main# interface loopback loop1
rt3 running physical loop1# ipv4 address 172.16.1.3/32
rt3 running physical loop1# .. ..
rt3 running vrf main# interface physical eth0
rt3 running physical eth0#! port pci-b0s5
rt3 running physical eth0# ipv4 address 192.168.2.3/24
rt3 running physical eth0# .. ..
rt3 running vrf main# interface physical eth1
rt3 running physical eth1#! port pci-b0s6
rt3 running physical eth1# ipv4 address 192.168.3.3/24
rt3 running physical eth1# .. ..
rt3 running vrf main# routing mpls fec resolve-via-network true
rt3 running vrf main# routing bgp
rt3 running bgp#! as 65500
rt3 running bgp# neighbor 172.16.1.1 remote-as 65500
rt3 running bgp# neighbor 172.16.1.1 update-source loop1
rt3 running bgp# neighbor 172.16.1.1 address-family ipv4-unicast enabled false
rt3 running bgp# neighbor 172.16.1.1 address-family ipv4-labeled-unicast
rt3 running ipv4-labeled-unicast# enabled true
rt3 running ipv4-labeled-unicast# route-reflector-client true
rt3 running ipv4-labeled-unicast# nexthop-self force true
rt3 running ipv4-labeled-unicast# .. .. ..
rt3 running bgp# neighbor 172.16.1.4 remote-as 65500
rt3 running bgp# neighbor 172.16.1.4 update-source loop1
rt3 running bgp# neighbor 172.16.1.4 address-family ipv4-unicast enabled false
rt3 running bgp# neighbor 172.16.1.4 address-family ipv4-labeled-unicast
rt3 running ipv4-labeled-unicast# enabled true
rt3 running ipv4-labeled-unicast# route-reflector-client true
rt3 running ipv4-labeled-unicast# nexthop-self force true
rt3 running ipv4-labeled-unicast# .. .. ..
rt3 running bgp# .. ospf
rt3 running ospf# router-id 172.16.1.3
rt3 running ospf# network 172.16.1.3/32 area 0
rt3 running ospf# network 192.168.2.0/24 area 0
rt3 running ospf# passive-interface loop1
rt3 running ospf# .. mpls ldp
rt3 running ldp# router-id 172.16.1.3
rt3 running ldp# address-family ipv4
rt3 running address-family ipv4# discovery transport-address 172.16.1.3
rt3 running transport-address 172.16.1.3# interface eth0
rt3 running interface eth1# / vrf main routing isis instance 1
rt3 running instance 1# area-address 49.0123.6452.1973.00
rt3 running instance 1# is-type level-1
rt3 running instance 1# segment-routing enabled true
rt3 running instance 1# segment-routing label-blocks
rt3 running label-blocks# srgb lower-bound 18000
rt3 running label-blocks# srgb upper-bound 19000
rt3 running label-blocks# .. ..
rt3 running instance 1# segment-routing prefix-sid-map 172.16.1.3/32
rt3 running prefix-sid-map 172.16.1.3/32# sid-value 33
rt3 running prefix-sid-map 172.16.1.3/32# last-hop-behavior no-php
rt3 running prefix-sid-map 172.16.1.3/32# .. .. .. ..
rt3 running instance 1# .. ..
rt3 running routing# interface loop1
rt3 running interface loop1# isis area-tag 1
rt3 running interface loop1#! isis ipv4-routing true
rt3 running interface loop1# isis passive true
rt3 running interface loop1# ..
rt3 running routing# interface eth1
rt3 running interface eth1# isis ipv4-routing true
rt3 running interface eth1#! isis area-tag 1
rt3 running interface eth1#
rt4
rt4 running config# vrf main
rt4 running vrf main# interface loopback loop1
rt4 running physical loop1# ipv4 address 172.16.1.4/32
rt4 running physical loop1# .. ..
rt4 running vrf main# interface physical eth1
rt4 running physical eth1#! port pci-b0s5
rt4 running physical eth1# ipv4 address 192.168.3.4/24
rt4 running physical eth1# .. ..
rt4 running vrf main# routing mpls fec resolve-via-network true
rt4 running vrf main# routing bgp
rt4 running bgp#! as 65500
rt4 running bgp# address-family ipv4-unicast
rt4 running ipv4-unicast# network 172.16.1.4/32
rt4 running network 172.16.1.4/32# .. .. ..
rt4 running bgp# neighbor 172.16.1.3 remote-as 65500
rt4 running bgp# neighbor 172.16.1.3 update-source loop1
rt4 running bgp# neighbor 172.16.1.3 address-family ipv4-unicast enabled false
rt4 running bgp# neighbor 172.16.1.3 address-family ipv4-labeled-unicast
rt4 running ipv4-labeled-unicast# enabled true
rt4 running ipv4-labeled-unicast# route-reflector-client true
rt4 running ipv4-labeled-unicast# nexthop-self force true
rt4 running ipv4-labeled-unicast# .. .. ..
rt4 running bgp# neighbor 172.16.1.1 remote-as 65500
rt4 running bgp# neighbor 172.16.1.1 update-source loop1
rt4 running bgp# neighbor 172.16.1.1 update-source loop1
rt4 running bgp# neighbor 172.16.1.1 address-family ipv4-unicast enabled true
rt4 running bgp# .. isis instance 1
rt4 running instance 1# area-address 49.0123.6452.1974.00
rt4 running instance 1# is-type level-1
rt4 running instance 1# segment-routing enabled true
rt4 running instance 1# segment-routing label-blocks
rt4 running label-blocks# srgb lower-bound 18000
rt4 running label-blocks# srgb upper-bound 19000
rt4 running label-blocks# .. ..
rt4 running instance 1# segment-routing prefix-sid-map 172.16.1.4/32
rt4 running prefix-sid-map 172.16.1.4/32# sid-value 44
rt4 running prefix-sid-map 172.16.1.4/32# last-hop-behavior no-php
rt4 running prefix-sid-map 172.16.1.4/32# .. .. .. ..
rt4 running routing# interface loop1
rt4 running interface loop1# isis area-tag 1
rt4 running interface loop1#! isis ipv4-routing true
rt4 running interface loop1# isis passive true
rt4 running interface loop1# ..
rt4 running routing# interface eth1
rt4 running interface eth1# isis ipv4-routing true
rt4 running interface eth1#! isis area-tag 1
rt4 running interface eth1#
On the rt1 device, the labeled route to the 172.16.1.4/32 prefix is
learned from the rt4 device, via the rt3 device.
rt1
rt1> show bgp ipv4 prefix 172.16.1.4/32
BGP routing table entry for 172.16.1.4/32, version 5
Local label: 144
Paths: (1 available, best #1, table default, vrf (null))
Advertised to non peer-group peers:
172.16.1.3
Local
172.16.1.3 (metric 20) from 172.16.1.3 (172.16.1.4)
Origin IGP, metric 0, localpref 100, valid, internal, best (First path received)
Originator: 172.16.1.4, Cluster list: 172.16.1.3
Remote label: 144
Last update: Wed Mar 8 11:28:00 2023
rt1 will resolve the path to the 172.16.1.4/32 prefix by appending
the 144 label value with the 16 label value used in the first OSPF
domain.
rt1
rt1> show ipv4-routes to 172.16.1.4
Routing entry for 172.16.1.4/32
Known via "bgp", distance 200, metric 0, best
Last update 00:50:21 ago
172.16.1.3 (recursive), label 144, weight 1
* 192.168.1.2, via eth1, label 16/144, weight 1
AS-Path:
On the rt2 device, the 16 label value is popped from packets from rt1
heading to the rt4 device. The remaining MPLS packet has the 144 label
value which will be replaced on the rt3 device by using the following
switching entry:
rt3
rt3> show mpls table 144
Local label: 144
type: SR (IS-IS) remote label: 18044 distance: 150
via 192.168.3.4 dev eth1
The 144 label value is generated by BGP to re-advertise the 172.16.1.4/32
prefix to the rt1 device. BGP created a FEC entry to handle return traffic
from the rt1 to the rt4 device.
rt3
rt3> vsr# show mpls fec
172.16.1.1/32
Label: 145
Client list: bgp(fd 30)
172.16.1.4/32
Label: 144
Client list: bgp(fd 30)
Without the mpls fec resolve-via-network true command, the MPLS entry
would have not been created, as by default, a BGP route has to be selected
to resolve that FEC entry. The below dump shows that the BGP route
heading to the 172.16.1.4/32 IP address has not been selected, and the
IS-IS route has been selected instead.
rt3
rt3> show ipv4-routes
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, A - Babel, D - SHARP, F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
B 172.16.1.1/32 [200/0] via 172.16.1.1 inactive, label implicit-null, weight 1, 01:17:06
O>* 172.16.1.1/32 [110/20] via 192.168.2.2, eth0, label 17, weight 1, 01:27:49
O>* 172.16.1.2/32 [110/10] via 192.168.2.2, eth0, label implicit-null, weight 1, 01:30:08
O 172.16.1.3/32 [110/0] is directly connected, loop1, weight 1, 01:56:51
C>* 172.16.1.3/32 is directly connected, loop1, 01:56:53
B 172.16.1.4/32 [200/0] via 172.16.1.4 inactive, label implicit-null, weight 1, 01:17:39
I>* 172.16.1.4/32 [115/20] via 192.168.3.4, eth1, label 18044, weight 1, 01:23:55
O>* 192.168.1.0/24 [110/20] via 192.168.2.2, eth0, label implicit-null, weight 1, 01:30:08
O 192.168.2.0/24 [110/10] is directly connected, eth0, weight 1, 01:32:08
C>* 192.168.2.0/24 is directly connected, eth0, 01:32:08
C>* 192.168.3.0/24 is directly connected, eth1, 01:32:04
I 192.168.3.4/32 [115/20] via 192.168.3.4, eth1 inactive, weight 1, 01:23:55
Note
The fec resolve-via-network command can be also used for eBGP peerings, but its
usage is limited, as an eBGP priority has a default distance set to 20 whereas
an IGP like IS-IS has a default distance value set to 115.
See also
draft-ietf-mpls-seamless-mpls-07, chapter 4.5, Inter-Domain Routing