MPLS VPN Per VRF Label feature
In this post i would like to explain the usage of the “MPLS VPN Per VRF Label” feature.
By default, in each VRF, prefixes are assigned a VPN label, used to identify the route within the VRF itself.
This label is the only label that is being looked at by the receiving PE router.
In theory, you only need a single label to identify the VRF for the destination prefix, and then you can do an IP lookup to further process the packet.
This is what the “MPLS VPN Per VRF Label” does.
Im going to be using the simple topology below to illustrate the functionality:
In this topology, R2 receives 2 prefixes from R1 through RIP.
1.0.0.0/32 is subnetted, 1 subnets R 1.1.1.1 [120/1] via 192.168.12.1, 00:00:24, FastEthernet1/0 11.0.0.0/32 is subnetted, 1 subnets R 11.11.11.11 [120/1] via 192.168.12.1, 00:00:24, FastEthernet1/0
Since we are redistributing RIP into BGP, we can see these two routes in the BGP table:
Route Distinguisher: 100:100 (default for vrf VPN_A) *> 1.1.1.1/32 192.168.12.1 1 32768 ? *>i4.4.4.4/32 3.3.3.3 1 100 0 ? *> 11.11.11.11/32 192.168.12.1 1 32768 ? *> 192.168.12.0 0.0.0.0 0 32768 ? *>i192.168.34.0 3.3.3.3 0 100 0 ?
And we can check which labels R2 allocates for each of the prefixes:
R2#sh bgp vpnv4 unicast all labels Network Next Hop In label/Out label Route Distinguisher: 100:100 (VPN_A) 1.1.1.1/32 192.168.12.1 20/nolabel 4.4.4.4/32 3.3.3.3 nolabel/16 11.11.11.11/32 192.168.12.1 21/nolabel 192.168.12.0 0.0.0.0 22/nolabel(VPN_A) 192.168.34.0 3.3.3.3 nolabel/17
For prefix 1.1.1.1/32 a VPN label of 20 has been assigned and for 11.11.11.11/32, label 21 is used.
Lets check the settings for the VRF VPN_A:
R2#sh ip vrf detai VRF VPN_A (VRF Id = 1); default RD 100:100; default VPNID <not set> Interfaces: Fa1/0 VRF Table ID = 1 Export VPN route-target communities RT:100:100 Import VPN route-target communities RT:100:100 No import route-map No export route-map VRF label distribution protocol: not configured VRF label allocation mode: per-prefix
We can see that the label allocation mode is “per-prefix” which is what we expect and have verified by looking at the labels assigned by BGP.
The final verification of this can be see on R3:
R3#sh bgp vpnv4 unicast all la Network Next Hop In label/Out label Route Distinguisher: 100:100 (VPN_A) 1.1.1.1/32 2.2.2.2 nolabel/20 4.4.4.4/32 192.168.34.4 16/nolabel 11.11.11.11/32 2.2.2.2 nolabel/21 192.168.12.0 2.2.2.2 nolabel/22 192.168.34.0 0.0.0.0 17/nolabel(VPN_A)
We can see that the “Out label” for 1.1.1.1/32 is in fact 20 and for 11.11.11.11/32 21. Everything we expect.
Now lets change the setting on R2 to be “Per VRF”:
R2(config)#mpls label mode ALL-vrfs protocol all-afs per-vrf
Verification of the VRF setting:
R2#sh ip vrf detai VRF VPN_A (VRF Id = 1); default RD 100:100; default VPNID <not set> Interfaces: Fa1/0 VRF Table ID = 1 Export VPN route-target communities RT:100:100 Import VPN route-target communities RT:100:100 No import route-map No export route-map VRF label distribution protocol: not configured VRF label allocation mode: per-vrf (Label 18)
And verify the BGP label allocation:
R2#sh bgp vpnv4 unicast all labels Network Next Hop In label/Out label Route Distinguisher: 100:100 (VPN_A) 1.1.1.1/32 192.168.12.1 IPv4 VRF Aggr:18/nolabel 4.4.4.4/32 3.3.3.3 nolabel/16 11.11.11.11/32 192.168.12.1 IPv4 VRF Aggr:18/nolabel 192.168.12.0 0.0.0.0 IPv4 VRF Aggr:18/nolabel(VPN_A) 192.168.34.0 3.3.3.3 nolabel/17
What we can see now, is that the prefixes are being treated as an aggregate with a label of 18 for both prefixes.
Finally, if i look at the changes on R3, we can see that label 18 is indeed being used for all the routes from R2 (and hence R1):
R3#sh bgp vpnv4 unicast all la Network Next Hop In label/Out label Route Distinguisher: 100:100 (VPN_A) 1.1.1.1/32 2.2.2.2 nolabel/18 4.4.4.4/32 192.168.34.4 16/nolabel 11.11.11.11/32 2.2.2.2 nolabel/18 192.168.12.0 2.2.2.2 nolabel/18 192.168.34.0 0.0.0.0 17/nolabel(VPN_A)
Thats all i had for now. Hope you enjoyed it. Take care!