MPLS Questions...!!

MPLS FAQ …!!

Q. What is Multi-Protocol Label Switching (MPLS)?

A. MPLS is a packet-forwarding technology which uses labels to make data forwarding decisions. With MPLS, the Layer 3 header analysis is done just once (when the packet enters the MPLS domain). Label inspection drives subsequent packet forwarding. MPLS provides these beneficial applications:

Virtual Private Networking (VPN)

Traffic Engineering (TE)

Quality of Service (QoS)

ATM over MPLS (AToM)

Additionally, it decreases the forwarding overhead on the core routers. MPLS technologies are applicable to any network layer protocol.

Q. What is a label? What is the structure of the label?

A. A label is a short, four-byte, fixed-length, locally-significant identifier which is used to identify a Forwarding Equivalence Class (FEC). The label which is put on a particular packet represents the FEC to which that packet is assigned.

Label—Label Value (Unstructured), 20 bits

Exp—Experimental Use, 3 bits; currently used as a Class of Service (CoS) field.

S—Bottom of Stack, 1 bit

TTL—Time to Live, 8 bits

Q. Where will the label be imposed in a packet?

A. The label is imposed between the data link layer (Layer 2) header and network layer (Layer 3) header. The top of the label stack appears first in the packet, and the bottom appears last. The network layer packet immediately follows the last label in the label stack.

Q. What is a Forwarding Equivalence Class (FEC)?

A. FEC is a group of IP packets which are forwarded in the same manner, over the same path, and with the same forwarding treatment. An FEC might correspond to a destination IP subnet, but it also might correspond to any traffic class that the Edge-LSR considers significant. For example, all traffic with a certain value of IP precedence might constitute a FEC.

Q. What is an upstream label switch router (LSR)? What is a downstream LSR?

A. Upstream and downstream are relative terms in the MPLS world. They always refer to a prefix (more appropriately, an FEC). These examples further explain this.

- 92 -

For FEC 10.1.1.0/24, R1 is the "Downstream" LSR to R2.

For FEC 10.1.1.0/24, R2 is the "Upstream" LSR to R1.

For FEC 10.1.1.0/24, R1 is the "Downstream" LSR to R2. And, R2 is the "Downstream" LSR to R3.

For FEC 10.1.1.0/24, R1 is the "Downstream" LSR to R2. For FEC 10.2.2.0/24, R2 is the "Downstream" LSR to R1.

Data flows from upstream to downstream to reach that network (prefix).

The R4 routing table has R1 and R2 as the "next-hops" to reach 10.1.1.0/24.

Q. Is R3 a "Downstream" LSR to R4 for 10.1.1.0/24?

A. No, data flows from upstream to downstream.

Q. What do the terms incoming, outgoing, local, and remote mean when referring to labels?

A. Consider R2 and R3 in this topology. R2 distributes a label L for FEC F to R3. R3 uses label L when it forwards data to FEC-F (because R2 is his downstream LSR for FEC-F). In this scenario:

L is the incoming label for F on R2.

L is the outgoing label for FEC-F on R3.

L is the local binding for FEC F on R2.

L is the remote binding for FEC-F on R3.

- 93 -

Q. Can an LSR transmit/receive a native IP packet (non-MPLS) on an MPLS interface?

A. Yes, if the IP is enabled on the interface. Native packets are received/transmitted as usual. IP is just another protocol. MPLS packets have a different Layer 2 encoding. The receiving LSR is aware of the MPLS packet, based on the Layer 2 encoding.

Q. Can an LSR receive/transmit a labeled packet on a non-MPLS interface?

A. No. Packets are never transmitted on an interface which is not enabled for that protocol. MPLS has a certain Ether type code associated with it (just as IP, IPX, and Appletalk have unique Ether types). When a Cisco router receives a packet with an Ether type which is not enabled on the interface, it drops the packet. For example, if a router receives an Appletalk packet on an interface which does not have Appletalk enabled, it drops the packet. Likewise, if an MPLS packet is received on an interface which does not have MPLS enabled, the packet is dropped.

Q. Generic Routing Encapsulation (GRE) tunnel has an overhead of 24 bytes. How much overhead does an MPLS LSP tunnel have?

A. An MPLS LSP tunnel has one label (four bytes) or two labels (for example, when using Link Protection Fast reroute) of overhead. Unlike GRE tunnel, MPLS does not change the IP header. Instead, the label stack is imposed on to the packet that takes the tunnel path.

Q. How does the LSR know which is the top label, bottom label, and a middle label of the label stack?

A. The label immediately after the Layer 2 header is the top label, and the label with the S bit set to 1 is the bottom label. No application requires LSR to read/identify the middle labels. However, a label will be a middle label if it is not at the top of the stack and the S bit is set to 0.

Q. What is the range of label values? What label values are reserved? What do the reserved values signify?

A. These values can also be found in RFC3032 - MPLS Label Stack Encoding.

Theoretically, the range is 0 through (220-1). Label values 0-15 are reserved, and values 4-15 are reserved for future use. Values 0-3 are defined as:

A value of 0 represents the "IPv4 Explicit NULL Label". This label indicates that the label stack must be popped, and the packet forwarding must be based on the IPv4 header. This helps to keep Exp bits safe until the egress router. It is used in MPLS based QoS.

A value of 1 represents the "Router Alert Label". When a received packet contains this label value at the top of the label stack, it is delivered to a local software module for processing. The actual packet forwarding is determined by the label beneath it in the stack. However, if the packet is forwarded further, the Router Alert Label should be pushed back onto the label stack before forwarding. The use of this label is analogous to the use of the "Router Alert Option" in IP packets (for example, ping with record route option)

A value of 2 represents the "IPv6 Explicit NULL Label". It indicates that the label stack must be popped, and the packet forwarding must be based on the IPv6 header.

A value of 3 represents the "Implicit NULL Label". This is a label that an LSR can assign and distribute. However, it never actually appears in the encapsulation. It indicates that the LSR pops the top label from the stack and forwards the rest of the packet (labeled or unlabeled) through the outgoing interface (as per the entry in Lfib). Although this value might never appear in the encapsulation, it needs to be specified in the Label Distribution Protocol, so a value is reserved.

- 94 -

Q. What protocol and port numbers do LDP and TDP use to distribute labels to LDP/TDP peers?

A. LDP uses TCP port 646, and TDP uses TCP port 711. These ports are opened on the router interface only when mpls ip is configured on the interface. The use of TCP as a transport protocol results in reliable delivery of LDP/TDP information with robust flow control and congestion handling mechanisms.

HSRP FAQ

Q. Will the standby router take over if the active router LAN interface state is "interface up line protocol down"?

A. Yes, the standby router takes over once the holdtime expires. By default, this equals to three hello packets from the active router having been missed. The actual convergence time depends on the HSRP timers configured for the group and possibly on routing protocol convergence. The HSRP hellotime timer defaults to 3 and the holdtime timer defaults to 10.

Q. Can I configure more than one standby group with the same group number?

A. Yes. However, Cisco does not recommend it on lower-end platforms such as the 4x00 series and earlier. If the same group number is assigned to multiple standby groups, it creates a non-unique MAC address. This is seen as the router's own MAC address and it is filtered out if more than one router in a LAN becomes active. This behavior may change in future releases of Cisco IOS®.

Note: 4x00 series and earlier do not have the hardware required to support more than one MAC address at a time on Ethernet interfaces. However, the Cisco 2600 and Cisco 3600 do support multiple MAC addresses on all Ethernet and Fast Ethernet interfaces.

Q. When an active router tracks serial 0 and the serial line goes down, how does the standby router know to become active?

A. When a tracked interface's state changes to down, the active router decrements its priority. The standby router reads this value from the hello packet priority field, and becomes active if this value is lower than its own priority and the standby preempt is configured. You can configure by how much the router should decrement the priority. By default, it decrements its priority by 10.

Q. If there is no priority configured for a standby group, what determines which router is active?

A. The priority field is used to elect the active router and the standby router for the specific group. In the case of an equal priority, the router with the highest IP address for the respective group is elected as active. Furthermore, if there are more than two routers in the group, the second highest IP address determines the standby router and the other router/routers are in the listen state.

Note: If no priority is configured it uses the default of 100.

Q. What are the limiting factors that determine how many standby groups can be assigned to a router?

A. Ethernet: 256 per router. FDDI: 256 per router. Token Ring: 3 per router (uses reserved functional address).

Note: 4x00 series and earlier do not have the hardware required to support more than one MAC address at a time on Ethernet interfaces. However, the Cisco 2600 and Cisco 3600 do support multiple MAC addresses on all Ethernet and Fast Ethernet interfaces.

- 95 -

Q. Which HSRP router requires that I configure preempt?

A. An HSRP-enabled router with preempt configured attempts to assume control as the active router when its Hot Standby priority is higher than the current active router. The standby preempt command is needed in situations when you want an occurring state change of a tracked interface to cause a standby router to take over from the active router. For example, an active router tracks another interface and decrements its priority when that interface goes down. The standby router priority is now higher and it sees the state change in the hello packet priority field. If preempt is not configured, it cannot take over and failover does not occur.

Q. From reading the documentation it looks like I can use HSRP to achieve load-balancing across two serial links. Is this true?

A. Yes, refer to Load Sharing with HSRP for more information.

Q. Does HSRP support DDR, and if so, how will it know to dial?

A. No, HSRP does not support Dial-on-Demand Routing (DDR) directly. However, you can configure it to track a serial interface and swap from the active to the standby router in case of a WAN link failure. The command used to track the state of an interface is standby <group#> track <interface> .

Q. I am using HSRP and all hosts are using the active router to forward traffic to the rest of my network. I have noticed that the return traffic comes back through the standby router. Will this cause problems with HSRP or my applications?

A. No, normally this is transparent to all hosts and/or servers on the LAN and can be desirable if a router experiences high traffic. You can change this by configuring a more desirable cost for the link you would like the distant router/routers to use.

Q. How does DECnet traffic fit into the HSRP scenario?

A. DECnet and XNS are compatible with HSRP and multiple HSRP (MHSRP) over Ethernet, FDDI, and Token Ring on the Cisco 7000 and Cisco 7500 routers only. For more information, refer to Using HSRP for Fault-Tolerant IP Routing.

Q. Can a Cisco 2500 and Cisco 7500 router on the same LAN segment use HSRP, or do I have to replace one of the routers so the platforms are identical?

A. You can mix the platforms with HSRP, but you are not able to support multiple HSRP (MHSRP) due to the hardware limitations of the lower-end platform.

Q. If I use a switch, what do I see on the CAM tables for the HSRP?

A. The content-addressable memory (CAM) tables provide a map for the HSRP MAC address to the port on which the active router is located. In this way, you can determine what the switch perceives the HSRP status to be.

Q. What is the standby use-bia command and how does it work?

A. By default, HSRP uses the preassigned HSRP virtual MAC address on Ethernet and FDDI, or the functional address on Token Ring. To configure HSRP to use the interface's burnt-in address as its virtual MAC address, instead of the default, use the standby use-bia command.

For example, on Token Ring, if Source Route Bridging is in use, a Routing Information Field (RIF) is stored with the virtual MAC address in the host's RIF cache. The RIF indicates the path and final ring used to reach the MAC address. As routers transition to the active state, they send gratuitous Address Resolution Protocols (ARPs) in order to update the host's ARP table. However, this does not affect the RIF cache of the hosts that are on the bridged ring. This situation can lead to packets being bridged to the ring for the previous active router. To

- 96 -

avoid this situation, use the standby use-bia command. The router now uses its burnt-in MAC address as the virtual MAC address.

Note: Using the standby use-bia command has these disadvantages:

When a router becomes active the virtual IP address is moved to a different MAC address. The newly active router sends a gratuitous ARP response, but not all host implementations handle the gratuitous ARP correctly.

Proxy ARP breaks when use-bia is configured. A standby router cannot cover for the lost proxy ARP database of the failed router.

Q. Can I run NAT and HSRP together?

A. You can configure network address translation (NAT) and HSRP on the same router. However, a router that runs NAT holds state information for traffic that is translated through it. If this is the active HSRP router and the HSRP standby takes over, the state information is lost.

Note: Stateful NAT (SNAT) can make use of HSRP to fail over. For more information, refer to NAT Stateful Failover of Network Address Translation. Static NAT Mapping Support with HSRP for High Availability is another feature which makes NAT and HSRP interact. For more information refer to NAT—Static Mapping Support with HSRP for High Availability.

Q. What are the IP source address and destination address of HSRP hello packets?

A. The destination address of HSRP hello packets is the all routers multicast address (224.0.0.2). The source address is the router's primary IP address assigned to the interface.

Q. Are HSRP messages TCP or UDP?

A. UDP, since HSRP runs on UDP port 1985.

Q. HSRP stops working when an Access Control List (ACL) is applied. How can I permit HSRP through an ACL?

A. HSRP hello packets are sent to multicast address 224.0.0.2 using UDP port 1985. Whenever an ACL is applied to an HSRP interface, ensure that packets destined to 224.0.0.2 on UDP port 1985 are permitted.

MHSRP

- 97 -

Notice from the configurations that when the two routers first begin to run HSRP, R1 has a default priority of 100 for group 1 and a priority of 95 for group 2. R2 has a default priority of 100 for group 2 and a priority of 95 for group 1. Therefore, R1 is the active router for group 1 and R2 is the active router for group 2. This example shows that you can accomplish load-sharing with MHSRP. However, you need to use HSRP priority and preempt in order to accomplish this. HSRP has no effect on return traffic.