I did not see that level of details in any book, ( if you do, please recommend ).
Original Message:
Sent: 12-28-2020 22:28
From: Yasmin Lara
Subject: BGPEVPN: Use of vrf-table-label in IPVPN vrf
Hi Sarah,
vrf-table-label is not only about generating a single label.
Without VRF table label you have the following:
- one label per interface (has to be point-to-point). Result = what comes in with label X goes out of interface Y, done!
- no additional lookups or additional packet processing (CoS) filtering) is possible
In this example:
You can see that PE1 has 3 interfaces in VRF1:
xe-1/0/0.4012
gr-2/1/0.4012
sp-2/1/0.4012
But only advertises labels for the prefixes under gr-2/1/0.4012 and sp-2/1/0.4012, which are point to point interfaces.
10.5.112/24 label 300480
10.6.112/24 label 300576
It does not advertise a label for prefixes associated with interface xe-1/0/0.4012, because to send traffic out of this interface, PE1 would need to figure out what the MAC address to reach the destination IP address is, which would involve looking at the IP header, and ARP and so on. This cannot be done with a simple LABEL IN => INTERFACE OUT (which is how packets are forwarded without vrf-table-label)
If you check the advertised routes, here is what the router shows:
Even more interesting is this:
If you check the routes in mpls.0 (which is the table the router looks at when MPLS packets arrived), you can see that the entries for the labels advertised by the router have an action of pop/interface. For instance, when a packet with label 300480 arrives the action is POP the label, send the packet out of interface gr-2/1/0.4012
You can see this in the diagram below:
PE1 did not look at the destination IP address at all. If you wanted to apply any kind of classification, or filtering, it is not possible.
So, what happens when you enable vrf-table-label?
For starters, as you already know, the router advertises a single label that represents the VRF, and is the same for all the prefixes regardless of which interface they belong to.
If you look at the diagram showing how the new advertisements look like, first thing you might notice is that now the router IS advertising the prefix associated with interface xe-1/0/0.4012. All three prefixes are advertised with the same label (25).
Packets will now be processed this way:
You can see that after removing the label, the router performs a L3 route lookup in VRF1.inet.0. Resolving the MAC address, filtering or CoS on the interface works as it works with any other L3 interface.
Now, how does the router know it needs to do this?
Because the mpls.0 table has an entry for label 25 that instead of pointing to a specific interface, points to the VRF's routing table:
HTH.
Regards,
------------------------------
Yasmin Lara
Juniper Ambassador
JNCIE-SP, JNCIE-ENT, JNCIE-DC, JNCIE-SEC
JNCDS-DC, JNCIA-DevOps, JNCIP-CLOUD, CCNP-ENT
Original Message:
Sent: 12-28-2020 16:03
From: Unknown User
Subject: BGPEVPN: Use of vrf-table-label in IPVPN vrf
Hi everybody,
I am trying to understand the use for " vrf-table-label" in IP VPN.
Doc says it is used to advertise a single VPN label for all routes in the VRF"
To test this, I have created a loopback 22 and placed in routing-instance IPVPN as shown below:
#MX1##
set routing-instances IPVPN instance-type vrf
set routing-instances IPVPN interface lo0.22
set routing-instances IPVPN route-distinguisher 1.1.1.1:11
set routing-instances IPVPN vrf-target target:2:2
Expected behavior:
MX1 will generate a separate label for lo0.22 because we have not configured "set routing-instances IPVPN vrf-table-label"
But I still see MX1 generates single label for all routes in IP VPN:
root@MX1> show route table mpls.0
68 *[VPN/170] 00:00:15
receive table IPVPN.inet.0, Pop
MX1 advertise label 68 for 222.222.222.222 in BGP's update:
root@MX1> show route advertising-protocol bgp 3.3.3.3 extensive | find 222.222.222.222
* 222.222.222.222/32 (1 entry, 1 announced)
BGP group INTERNAL type Internal
Route Distinguisher: 1.1.1.1:11
VPN Label: 68<--------------
Nexthop: Self
Flags: Nexthop Change
Localpref: 100
AS path: [100] I
Communities: target:2:2
It looks like it does not matter if we have configured vrf-table-label or not.
Or am I missing something?
Thanks and have a good day!!