CCIE - Internetwork Expert's Online Community

Hi All.  I'm working on my CCIE R&S written test, which has some MPLS topics, and I'm trying to get some clarity on an MPLS process.  So I thought I would run it by the true MPLS gurus.

I'm trying to grasp the table lookup process on the PE ingress and egress routers.  If someone could let me know if I understand this correctly or not, that'd be really helpful.

So when a CE router sends a packet to a PE router that will go across the MPLS network, the PE router will do a lookup in its FIB, since the packet arrived without an MPLS label.  In the FIB, there is info to specify the MPLS label to apply to the packet.  So the PE router pushes the label on the packet, and forwards the packet to the next P router in the MPLS network based solely on a FIB table lookup.  Would that be an accurate assesment?

Now on the other end of the MPLS network (assuming no PHP), the egress PE receives a labeled packet from another P router.  Since it has an MPLS label, the router does an LFIB table lookup.  Based on the LFIB table lookup, the PE router pops the MPLS label and forwards the packet out the appropriate interface with the appropriate next hop info.  So the egress PE only consults the LFIB when routing the packet to the CE router.  Would that also be an accurate assesment?

 

 

For basic MPLS without TE Tunnels or MPLS VPN your logic is correct.  The CE sends a normal IP packet to the PE.  Since the PE receives it on a non-MPLS interface, a routing lookup is done in the normal IP routing table (FIB).  Since the next-hop value for the packet is to a P router, which we're assuming in on an MPLS enabled interface, the PE looks in the LFIB to see what is the label that should be used to that neighbor.  The label is imposed (pushed/added to the stack), and the packet is switched to the P.  Inside the P cloud the packet is label switched until it gets to the egress PE.  Normally the second to last hop P router (the Penultimate hop) removes the label from the stack and sends a normal unlabeled IP packet to the PE router.  In that case the PE router does its lookup in the normal IP routing table, and it is forwarded to the CE.  If PHP is not performed, the PE router receives a labeled packet, does a label lookup, finds that it should depose (pop/remove the stack) the label, does another lookup in the IP routing table, and then forwards to the CE.


HTH,



jrensink78 wrote:

Hi All.  I'm working on my CCIE R&S written test, which has some MPLS topics, and I'm trying to get some clarity on an MPLS process.  So I thought I would run it by the true MPLS gurus.

I'm trying to grasp the table lookup process on the PE ingress and egress routers.  If someone could let me know if I understand this correctly or not, that'd be really helpful.

So when a CE router sends a packet to a PE router that will go across the MPLS network, the PE router will do a lookup in its FIB, since the packet arrived without an MPLS label.  In the FIB, there is info to specify the MPLS label to apply to the packet.  So the PE router pushes the label on the packet, and forwards the packet to the next P router in the MPLS network based solely on a FIB table lookup.  Would that be an accurate assesment?

Now on the other end of the MPLS network (assuming no PHP), the egress PE receives a labeled packet from another P router.  Since it has an MPLS label, the router does an LFIB table lookup.  Based on the LFIB table lookup, the PE router pops the MPLS label and forwards the packet out the appropriate interface with the appropriate next hop info.  So the egress PE only consults the LFIB when routing the packet to the CE router.  Would that also be an accurate assesment?

 

 

Internetwork Expert - The Industry Leader in CCIE Preparation
http://www.internetworkexpert.com

Subscription information may be found at:
http://www.ieoc.com/forums/ForumSubscriptions.aspx

Thanks for the response Brian.  This is where I am actually getting the confusion.  On the routers where a label is pushed or popped, is there a single table lookup, or a double table lookup?

From your response, it sounds like a double table lookup.  For instance, on the ingress PE, it does a FIB table lookup as the packet arrives, imposes the label, and then does an LFIB lookup to send it out.  On the egress, it does an LFIB lookup as it arrives, pops the label, and then does a FIB lookup to send it out. 

This is probably one of those things that doesn't make much difference.  But I ran into a few practice test questions regarding this process and their answer made it sound like it was a single table look up.  Knowing Cisco Press' practice test track record, I didn't want to take their answer as gospel.

Technically it's only one lookup always, because it's done in the CEF table.  However, the CEF table is populated with non-labeled and labeled interfaces, which means that it is populated by multiple lookups :)  The key is that the CEF table is built *before* any packets flow, unlike legacy fast switching, which is built as the packet flow occurs.  Think of it like this, let's say the routing table looks as follows:

Rack1SW2#show ip route
<snip>
C       155.1.58.0 is directly connected, Vlan58
 10.0.0.0/32 is subnetted, 1 subnets
B       10.20.30.40 [200/0] via 150.1.4.4, 00:03:23
     150.1.0.0/24 is subnetted, 7 subnets
R       150.1.4.0 [120/2] via 155.1.58.5, 00:00:03, Vlan58
R       150.1.10.0 [120/1] via 155.1.108.10, 00:00:03, Port-channel1
R       150.1.9.0 [120/5] via 155.1.58.5, 00:00:03, Vlan58
C       150.1.8.0 is directly connected, Loopback0

SW2 wants to get to 10.20.30.40, so how does the lookup occur?  It finds that 10.20.30.40/32 is the longest match via BGP, and has a next-hop of 150.1.4.4.  Since BGP doesn't associate the outgoing interface with the route in the table, we need another lookup to figure out how to get to the next hop.  A lookup for 150.1.4.4 has a longest match of 150.1.4.0 via connected Vlan58.  SW2 then consults the ARP cache to actually build the Ethernet frame towards 150.1.4.4.  So how many lookups is this?  Technically it's one, because everything is already pre-bound in the CEF table, and can be seen as follows:

Rack1SW2#show ip cef 10.20.30.40 detail  
10.20.30.40/32, epoch 2
  recursive via 150.1.4.4
    nexthop 155.1.58.5 Vlan58

CEF says that 10.20.30.40 recurses to 155.1.58.5 via Vlan58, so consult the adjacency for this:

Rack1SW2#show adjacency 155.1.58.5 detail
Protocol Interface                 Address
IP       Vlan58                    155.1.58.5(30)
                                   0 packets, 0 bytes
                                   epoch 0
                                   sourced in sev-epoch 0
                                   Encap length 14
                                   000CCE609FE0001F2711D5C50800
                                   L2 destination address byte offset 0
                                   L2 destination address byte length 6
                                   Link-type after encap: ip
                                   ARP

The adjacency shows the layer 2 encapsulation information.  With legacy process switching it would be 3 lookups, a BGP lookup, and IGP lookup, and an ARP lookup.  The same logic works with MPLS.  When the PE router does the lookup into the P cloud, the CEF adjacency already includes the label stack, so it is immediately imposed as the packet is CEF switched.

Your best way to see this in action is to actually configure it.  Here's the most basic example:

R1--R2--R3--R4--R5--R6

Configure IGP and LDP between R2, R3, R4, and R5
Configure R2 to peer iBGP with R5.
Configure R1 to peer EBGP to R2 and advertise prefix X.
Configure R6 to peer EBGP with R5 and advertise prefix Y.
Trace the packet flow and lookup process from X to Y.
R1 and R6, the CE's, do normal IP lookups.
R2 and R5, the PE's, do MPLS and IP lookups.
R3 and R4, the P's, do MPLS lookups only.

The key in this design is that R3 and R4 *do not* need to know about prefixes X and Y, because label switching occurs toward the next-hop value.

All other advanced MPLS principles are based on this design, so make sure you understand 100% exactly how this process works.

Good luck!



jrensink78 wrote:

Thanks for the response Brian.  This is where I am actually getting the confusion.  On the routers where a label is pushed or popped, is there a single table lookup, or a double table lookup?

From your response, it sounds like a double table lookup.  For instance, on the ingress PE, it does a FIB table lookup as the packet arrives, imposes the label, and then does an LFIB lookup to send it out.  On the egress, it does an LFIB lookup as it arrives, pops the label, and then does a FIB lookup to send it out. 

This is probably one of those things that doesn't make much difference.  But I ran into a few practice test questions regarding this process and their answer made it sound like it was a single table look up.  Knowing Cisco Press' practice test track record, I didn't want to take their answer as gospel.

Internetwork Expert - The Industry Leader in CCIE Preparation
http://www.internetworkexpert.com

Subscription information may be found at:
http://www.ieoc.com/forums/ForumSubscriptions.aspx