Empty label:
1. Implicit empty label
At the outbound LER of the MPLS network, it is necessary to remove the label of the received message (by searching the label forwarding table), and then search and forward the FIB table. Because of the two checks Table operation, so the process is time-consuming. If the traffic to the outbound LER is large, it will have a certain impact on the performance of the device. In order to reduce the burden of the outbound LER, the label is ejected before it reaches the outbound LER, so that when the message arrives at the outbound LER, it is already an IP message. You only need to look up the IP forwarding table and forward it, which improves outbound. LER's work efficiency.
In order to make the label be ejected before it reaches the outbound LER, this process is the PHP (penultimate hop popup) mechanism, using a special label-"3", this label is also called an implicit empty label, as shown in the figure Shown:
In the scenario shown in the figure, for the network 172.16.1.0/24, LSR3 acts as the last hop router and advertises a material label with a label value of 3 to the upstream neighbor LSR2. When LSR2 receives the destination When the message of the target network (message with a label value of 1024), the 1024 label will be ejected and then forwarded to the downstream neighbor LSR3. That is to say, label 3 actually represents a pop-up operation. It is not a label that actually needs to be carried, so it is called an implicit empty label.
2. Explicit empty label
If QoS is deployed in the MPLS network, the final hop to the MPLS router also needs to know the QoS information through the EXP field in the label, so it is necessary to ensure that the message still carries the label when it reaches the MPLS boundary. In general, if the border router receives a label with a message, it must first look up the label forwarding table and then the IP forwarding table, which consumes resources. In order to enable the border router to correctly implement the MPLS QoS strategy without increasing the burden on the router, another special label-an explicit empty label (label value 0) is introduced. After the border router receives a message with an explicit empty label, it can read the QoS parameter information through EXP in the label, and remove the label directly after reading the QoS information, which means that there is no need to look up the label forwarding table. Forward directly through the IP forwarding table.
In the last-hop router on the FEC, by the command label advertise, their directly connected to a network mapping explicit null label, as shown in FIG 8-34
shows, to an explicit null label in implicit null label on LER1 :
[LER1]mpls
[LER1-mpls]label advertise explicit-null
Now let's observe the label forwarding table of LER1, as shown in the following output: According to the
output information, in Huawei equipment, unlike implicit empty labels, routers can Map labels for all directly connected networks (provided that the lsp-trigger policy is configured), and whether the interface is enabled with MPLS, the corresponding directly connected networks will be mapped to the О label.
3. The outgoing label is NULL
. As shown in the figure below, some FEC corresponding outgoing labels are empty (NULL), which means that the received message should be stripped of all labels, and then forwarded by IP. The network corresponding to this type of FEC is a local direct connection or a routing prefix received from other IP routers. For example, for the route prefix of 5.5.5.0/24, the outgoing label is empty. That is because the next hop neighbor (AR) of the route does not run MPLS, and the AR does not have label mapping information sent to LER1. At this time, LER1 will not locally map an implicit or explicit empty label for such a routing prefix, but a common label value, as shown in the following output:
When LER1 receives an FEC (5.5.5.0/24) report At the time of the message, because the outgoing label is empty, all the labels of the message need to be stripped off, and then forwarded by way of IP message forwarding.
LDP loop detection:
Each dynamic routing technology used in a three-layer network has its own anti-loop mechanism, and the LDP protocol also has an anti-loop mechanism, but the Huawei VRP system does not enable the LDP anti-loop function by default. This is because the three-layer routing technology has avoided routing. Loops, and the LDP protocol distributes labels and establishes LSPs based on routing, so there will be no loops when packets are forwarded through LSPs. Unless there is a problem with the convergence of the routing protocol, a short loop occurs. There is also a TTL field in the label, which also avoids the endless loop of data packets in the MPLS network. The LDP protocol itself has the following anti-loop methods:
- Specifies the maximum number of hops
as RIP routing protocol specifies the maximum number of hops is 16, like jump, LDP protocols can also limit the number of LSR label packet passes, this feature through the use of a known Hop Count TLV in the message to achieve.
Every time an LDP message (such as a label request message) passes through an LSR, the LSR adds a hop to the hop count TLV. When the hop count reaches the maximum, the loop is detected, and
the establishment of the LSP is terminated at this time. .
The maximum number of hops defined by the Huawei VRP system is 32 hops by default . - TTL processing
MPLS packet through an LSR, the TTL in the label is reduced by 1, when the TTL is reduced to 0, the packet is finally discarded, through this method to prevent the infinite loop of data packets. - Path vector method The
path vector method refers to recording all LSRs passing along the way during the transmission of LDP packets, just like the AS-PATH attribute of the BGP protocol. When an LSR receives an LDP packet, it will The LSR-ID is added to the message; if the received LDP message already has a local LSR-ID, it is considered that a loop has occurred and the establishment of the LSP is terminated.
Synchronization of LDP and IGP:
In an environment where the main and backup links exist, when the main link fails and recovers from the failure, business traffic will be switched from the backup link to the main link. In this process, the convergence speed of the IGP protocol is faster than that of the LDP protocol. This will cause the old LSP to be deleted, but the new LSP has not been established. During this period, the MPLS service will be interrupted for a while, usually around 5s. The purpose of synchronizing with IGP is to solve this problem.
In order to synchronize LDP and IGP, after the main link is restored, the establishment of IGP neighbor relationship is suppressed first, thereby delaying the routing switch, that is, before the new LSP is established, the old LSP will continue to be retained, and the traffic will continue to be in the old one. The traffic is completely switched over only after the new LSP is established.
The LDP and IGP synchronization process requires the use of the following three timers:
- Hold-down
- Hold-max-cost
- Delay
After the main link failure is restored:
- Start the Hold-down timer. Before the timer expires, the IGP interface does not establish an IGP neighbor relationship, but waits for the establishment of an LDP session.
- After the Hold-down timer expires, the Hold-max-cost timer is started. In the IGP link state announcement of the local router, the main link advertises the maximum metric value of the interface link.
- After the LDP session of the failed link is re-established, the Delay timer is started to wait for the establishment of the LSP. When the Delay timer expires, LDP will notify the end of the IGP synchronization process regardless of the status of the IGP.
During the synchronization of LDP and IGP, the following states will be experienced:
- Init state: the initialization state of LDP and IGP synchronization.
- Hold-down state: IGP does not send and receive Hello packets, and inhibits the establishment of neighbor relationships on the failed recovery link. Hold-max-cost state: IGP establishes neighbors and advertises the maximum metric value of the interface link on the main link.
- Sync-achieved: LDP and IGP synchronization status. At this time, the LDP session status is Up, and the IGP enters the normal process.
The state machine switching icon is as follows:
- State transition between Init and Sync-achieved.
Init→Sync-achieved: The interface status changes to Up, and the LDP session status changes to Up.
Sync-achieved→Init: The interface status changes to Down. - State transition between Init and Hold-down.
Init→Hold-down: The interface status changes to Up and the LDP session status is Down; or the LDP status query fails.
Hold-down→Init: The interface status changes to Down. - State transition between Init and Hold-max-cost.
Init→Hold-max-cost: The interface status changes to Up, and LDP will think it is Down.
Hold-max-cost→Init: The interface status changes to Down. - State transition between Hold-max-cost and Sync-achieved.
Hold-max-cost→Sync-achieved: The status of the LDP session becomes Up.
Sync-achieved→Hold-max-cost: The LDP session status is Down.
Hold-down→Hold-max-cost: The LDP route is unreachable or the Hold-down timer expires.
Hold-max-cost→Hold-max-cost: The Hold-max-cost timer expires, and the LDP session status is DownoHold-down→Sync-achieved: The LDP session status becomes Up.
Application scenario of LDP and IGP synchronization:
As shown in the figure, in this network, LER1→LSR1→LSR2→LSR3→LER2 is the primary link, and LER1→LSR1→LSR4→LSR3→LER2 is the backup link. When the main link fails, the flow is switched from the main link to the backup link. The interruption time of the flow in this process is relatively short, about several hundred milliseconds. When the main link recovers from a failure, the traffic is switched from the backup link to the main link. In this process, the interruption time of the traffic is longer, about 5s. By configuring the synchronization function of LDP and IGP, the interruption time when the traffic is switched from the backup link to the main link can be shortened and controlled in milliseconds.
The following are the commands for Huawei VRP system configuration synchronization. Here, IGP uses OSPF as an example:
[LSR1]interface Gigabitethernet0/0/0
[LSR1-interface]ospf ldp-sync
You can also set the time interval for the interface to wait for the LDP session to be established without establishing OSPF neighbors, that is, hold-down timer: ospf timer ldp-sync hold-down value
By default, the value of the Hold-down timer is 10s. Other timers can also be modified, so I won’t repeat them here. After the configuration is complete, you can use the display ospf ldp-sync interface command to view the synchronization information.
Impact of route summary on LSP:
The routing prefix 172.16.2.0/24 is summarized on LSR2, and the summarized routing prefix is 172.16.0.0/22.
The summarized route (172.16.0.0/22) will be advertised to LSR1, and the detailed route 172.16.2.0/24 will no longer be advertised to LSR1, so the problem at this time is that although LSR1 got the route 172.16.0.0/22, it did not. Receive LSR2 label distribution information about the routing prefix. Since Huawei equipment uses orderly control to establish LSPs by default, since LSR1 has not received the label information of its downstream neighbors, it does not allocate label information to its upstream neighbors (LER1). That is to say, for the data packet sent by the user Site1 to the target routing prefix 172.16.2.0/24, when passing through the paths LER1, LSR1, and LSR2, the IP forwarding method is used; after LSR2, the MPLS forwarding method is used. In other words, for this FEC, the LSP is actually discontinuous.
Three, LDP label is filtered
In an MPLS network, some routers have limited resources. In order to reduce resource overhead and reduce unnecessary LSP establishment, LDP can perform label filtering when advertising labels for neighbors.
In the scenario shown in the figure, it is assumed that the resource utilization rate of LSR3 in the MPLS domain is relatively high. To save costs and reduce the number of LSPs, only FEC: 172.16.1.0/24 and FEC: 172.16.2.0/24 label mapping information is received. This requirement is achieved by configuring the LDP Inbound policy on LSR3.
Configure the LDP Inbound policy on LSR3 to only receive label mapping packets corresponding to the routing prefix sent by LSR1, as shown in the following output:
[LSR3]ip ip-prefix 1 permit 172.16.1.024
[LSR3]ip ip-prefix 1 permit 172.16.2.0 24
#Use the prefix list to match the corresponding FEC routing prefix that needs to receive label mapping information [LSR3]mpls ldp [LSR3-mpls- ldplinbound peer 10.1.2.2 fec io-prefix 1# Configure the LDP Inbound policy to receive only filtered label mapping packets
After configuring the filtering policy, check the LSP forwarding table of LSR3. You can find the FEC label mapping information received from LSR1. Use the command on R3: dis mpls Isp nexthop 10. 1. 25.1 The following output is shown:
LDP configuration overview:
Dynamic LSP configuration:
- Configure LSR ID: LSR ID is used to uniquely identify an LSR in the network. LSR does not have a default LSR ID and must be manually configured. In order to improve the reliability of the network, it is recommended to use the address of a loopback interface of the LSR as the LSR ID.
- Enable global MPLS: Only when global MPLS is enabled can you configure other MPLS configurations.
- Enable global MPLS LDP: Only when global MPLS LDP is enabled can you configure other MPLS LDP configurations.
- Configure an LDP session:
Run the interface interface-type interface-number command to enter the view of the interface that needs to establish an LDP session.
Run the mpls command to enable the MPLS capability of the interface.
Run the mpls ldp command to enable the MPLS LDP capability of the interface.
Commonly used optional configurations for MPLS:
1. Configure LDP transport address:
execute the command interface interface-type interface-number to enter the view of the interface for establishing an LDP session.
Run the mpls ldp transport-address {interface-type interface-number | interface} command to configure the LDP transport address as the IP address of the specified interface. By default, the LDP transmission address of the public network is equal to the LSR ID of the node, and the transmission address of the private network is equal to the primary IP address of the interface.
When there are multiple links between two LSRs, if you want to establish an LDP session on multiple links, the interfaces at the same end of the session should use the default transport address or configure the same transport address. If the interface at one end of the session is configured with a different transport address, the LDP session can only be established on one link.
2. Configure PHP features:
execute the command mpls on the Egress router to enter the MPLS view.
Run the label advertise {explicit-null | implicit-null | non-null} command to configure the label assigned to the penultimate hop.
According to different parameters, you can configure Egress to assign different labels to the penultimate hop.
a) By default, implicit-null is used, which means that PHP is supported. Egress assigns an implicit empty label to the penultimate hop node with a value of 3.
b) If the configuration is explicit-null, it means that PHP is not supported. The egress node assigns an explicit empty label to the penultimate hop, with a value of 0. When you need to support MPLS QoS attributes, you can use explicit-null.
c) If the configuration is non-null, it means that PHP is not supported. Egress normally assigns labels to the penultimate hop, that is, the assigned label value is not less than 16.
Executing the label advertise command to modify the label allocation method of this node will only take effect on the newly created LSP. If the label advertise has been modified before the existing LSP, it will not take effect. You need to execute the reset mpls ldp or lsp-trigger policy command to take effect.
3. Configure the timer for the LDP session
Run the interface interface-type interface-number command to enter the view of the interface for establishing an LDP session. By default, the value of the link timer is 1/3 of the value of the link keep timer.
Run the mpls ldp timer hello-send interval command to configure the link Hello send timer. The actual effective value of the link Hello sending timer=Min{the configured value of the link Hello sending timer, and the link Hello keeps 1/3 of the timer value}, and other things are the same.
Run the mpls ldp timer hello-hold interval command to configure the link Hello hold timer. By default, the value of the link Hello timer is 15 seconds.
Run the mpls ldp timer keepalive-send interval command to configure the keepalive sending timer of the local LDP session.
Run the mpls ldp timer keepalive-hold interval command to configure the keepalive timer for the local LDP session. By default, the value of the Keepalive timer of the local LDP session is 45 seconds.
4. Configure LDP authentication
In order to improve the security of LDP session connections, you can configure authentication for TCP connections used by LDP. The two peers of an LDP session can be configured with different encryption methods, but the passwords must be the same.
Take MD5 authentication as an example:
Run the mpls ldp command to enter the MPLS-LDP view.
Run the md5-password {plain | cipher} peer-lsr-id password command to enable MD5 authentication and configure the authentication password.
5. Configure the LDP label advertisement mode.
In the case of a large network, in order to reduce unnecessary MPLS forwarding entries on the device as much as possible, you can execute the mpls ldp advertisement dod command. When the upstream and downstream request labels are configured, the downstream can only go up. You can send label mapping messages to reduce MPLS forwarding entries.
If it is only for the LSP in a specific direction, you only need to configure it on the outbound interface of the Ingress and the inbound interface of the adjacent downstream Transit in the direction of the LSP (for both directions, configure both ends), enter the corresponding sending interface and configure mpls 1dp advertisement dod .
6. Configure the LDP label distribution control mode. Configure
in the MPLS LDP view of Egress and Transit (only need to be configured on the downstream device).
Run the mpls ldp [vpn-instance vpn-instance-name] command to enter the MPLS-LDP view or MPLS-LDP-VPN instance view.
Run the label distribution control-mode {independent | ordered} command to configure the global LDP label distribution mode.
7. Remote session configuration
First, configure the global configuration, which is the same as configuring the local LDP session, but there is no need to configure it on the interface.
Run the mpls lsr-id lsr-id command to configure the LSR ID of the local node.
Run the mpls command to enable the global MPLS function and enter the MPLS view.
Run the mpls ldp command to enable the global LDP function and enter the MPLS-LDP view.
Run the mpls ldp remote-peer remote-peer-name command to create an MPLS LDP remote peer and enter the MPLS LDP remote peer view.
Run the remote-ip ip-address command to configure the IP address of the MPLS LDP remote peer.
8. Configure lsp-trigger
lsp-trigger {all | host | ip-prefix ip-prefix-name | none} or undo lsp-trigger
usage guide: the default is host
Note: It is not recommended to configure the lsp-trigger all command. This is because after configuring this command, all IGP routes will trigger LDP to establish LSPs, resulting in a huge number of LSPs and consuming excessive system resources. If you need to configure this command, you can configure route filtering policies first to reduce the number of routes, thereby reducing the number of LSPs that routes trigger LDP to establish and saving system resources.
Corresponding MPLS viewing commands: the most
used ones are marked in red, and dis mpls lsp [all] is more concise and intuitive to view lsp information, while dis mpls ldp lsp displays all received labels, but their existence is not the most Excellent ldp information.
Organize data sources: "HCIE Routing and Exchange Learning Guide", Huawei hedex document