[c-nsp] Fwd:

Mark Lewis mark at mjlnet.com
Mon Feb 6 05:07:03 EST 2006 

Hi,

> What I am missing is the concept ofMark book: "RSVP signaled TE label +
> TDP/LDPsignaled IGP label).

In the book, I specify:

"If MPLS traffic engineering (TE) is being used ***between P routers*** in an MPLS VPN backbone, a label stack depth of three is used (RSVP signaled TE label + TDP/LDP signaled IGP label + VPN label)."

The important point to notice is the location of the endpoints of the TE tunnel here- as stated, it's between P routers in the example above. If the TE tunnel is between PE routers, on the other hand, then an LDP signalled label is typically not included in the  stack.

Look for a case study later in the chapter for much more on this concept (if I remember rightly there are about 5 pages dealing with MPLS L3VPN over TE tunnels between P routers).



So, key points to remember:

In the abscence of any MPLS TE tunnels, and assuming transport over an LSP between PE routers (rather than an L2TPv3/GRE/other tunnel), the label stack for VPN packets will consist of 2 labels in a simple MPLS VPN:

1. VPN label - obviously used to identify the VRF or outgoing i/f on the egress PE router.

+

2. LDP/TDP signalled IGP label used to transport the VPN packet between PE routers.



If an MPLS TE tunnel is configured between P routers then LDP must be enabled on the tunnel, and the stack now consists of:

1. VPN label

+

2. LDP signalled label.

+

3. RSVP signalled label.




But if the MPLS TE tunnel is between PE routers then the LDP label is not required in the stack (and LDP does not need enabled on the tunnel), and the stack now consists of:

1. VPN label.

2. RSVP signalled label.



If you are using fast reroute, a backup tunnel is built to protect the primary MPLS TE tunnel, and if there is a failure, the point of local failure (PLR, the headend of the backup tunnel) sends VPN packets over the backup tunnel. 2 RSVP signalled (MPLS TE) labels are now imposed on the packet, and so the stack now consists of:

If there is a protected MPLS TE tunnel between P routers-

1. VPN label, 2. LDP signalled label, 3. RSVP signalled label (corresponding to the primary tunnel [the label expected by the merge point/tailend of the backup tunnel]), 4. RSVP signalled label (corresponding to the backup tunnel).


If there is a protected MPLS TE tunnel between PE routers-

1. VPN label, 2. RSVP signalled label (corresponding to the primary tunnel [the label expected by the merge point/tailend of the backup tunnel]), 3. RSVP signalled label (corresponding to the backup tunnel).

HTH,

Mark




-----Original Message-----
From: gladston at br.ibm.com [mailto:gladston at br.ibm.com]
Sent: Sunday, February 5, 2006 08:21 PM
To: 'Oliver Boehmer \(oboehmer\)', mark at mjlnet.com, 'Piotr Marecki'
Cc: cisco-nsp at puck.nether.net


Thanks for the answers.

The value 1514 bytes is: 1472(data) + 8 (ICMP header) + 20 (IP header) + 14 (ethernet header).

There is 802.1q between two switches,but I am considering that the switches hands correctly 1518 bytes by defaultwhen configured for trunk. Any different opinion?

This is the net:

Telecom-device-------sw1---------7609(a)---(pos)-----7609(b)--------sw2--------Telecom-device
 | |
 |____(giga)____|


Telecom-device generates frames with1514 bytes and DF set on a specific situation.
-sw1 adds 4 bytes vlan tag.
-7609 removes 4 bytes vlan tagand adds MPLS tag. FRR is also configured, so when the main connectionfails it is added FRR tag. On this case 7609(b) giga interface needs toaccept 1514 + 1 MPLS tag + 1 FRR tag

There is a sligth variation of thisnet, where VPN MPLS is configured, so 7609(b) needs to accept 1514 + 1MPLS tag + 1 FRR tag + 1 VPN MPLS tag.

What I am missing is the concept ofMark book: "RSVP signaled TE label + TDP/LDPsignaled IGP label).

If I undertood correctly the answers,on PEs there will exit 1 MPLS tag + 1 FRR tag + 1 VPN MPLS tag. On P therewill be IGP label. as well. Is that right?

And about MTU, it is necessary add supportfor jumbo frame on 7609(b) and also add the command "mpls mtu"on 7609(a) and 7609(b). Is that correctly?

Cordially,
------------------------------------------------------------------
Alaerte Gladston Vidali
IBM Global Services - SO
Tel.55+11+2121-2879 Fax:55+11+2121-2449




----- Forwarded by AlaerteGladston Vidali/Brazil/IBM on 05-02-2006 23:04 -----
"Oliver Boehmer \(oboehmer\)"<oboehmer at cisco.com>05-02-2006 06:41
To
Alaerte Gladston Vidali/Brazil/IBM at IBMBR,<cisco-nsp at puck.nether.net>cc
Subject
RE: [c-nsp] Number of MPLS labels andMTU




gladston at br.ibm.com <> wrote on Sunday, February05, 2006 4:17 AM:

> Hi,
>
> Reading Troubleshooting Virtual Private Networks, by Mark Lewis, he
> states that if using VPN MPLS + TE, a label stack depth of three is
> used (RSVP signaled TE label + TDP/LDP signaled IGP label +VPN
> label).

Right, but this also depends on where the tunnel is(for a PE-PE tunnel,
you might not have an IGP label), and if you are using TE Fast-Reroute,
you could have an addtl. label during the backup case.

> Considering an application generates a packetswith higher number of
> bytes (1472) and DF bit set, the packet will have 1514 bytes without
> label and 1514 + 4 + 4 +4 bytes travelling through the network. Do
> you agree?

How do you arrive at 1514?

> Would it be enough to configure jumbo frame supportand mpls mtu
> under the physical interface or it would be necessary any command
> under the TE tunnel interface?

You need to make sure your physical interfaces willbe able to transport
the maximum size (i.e. Payload + 12 (or 16) bytes MPLS shim header).
Setting the MTU on the TE Tunnel interface is not an option (I think)
since you might also sending tagged packets over the tunnel which can't
be fragmented.

oli

=========================================================================


----- Forwarded by AlaerteGladston Vidali/Brazil/IBM on 05-02-2006 23:04 -----
"Piotr Marecki"<peter at mareccy.org>05-02-2006 08:29
To
<cisco-nsp at puck.nether.net>, AlaerteGladston Vidali/Brazil/IBM at IBMBRcc
Subject
Re: [c-nsp] Number of MPLS labels andMTU




> Hi,
>
> Reading Troubleshooting Virtual Private Networks, by Mark Lewis, hestates
> that if using VPN MPLS + TE, a label stack depth of three is used (RSVP
> signaled TE label + TDP/LDP signaled IGP label + VPN label).
>
> Considering an application generates a packets with higher numberof bytes
> (1472) and DF bit set, the packet will have 1514 bytes without labeland
> 1514 + 4 + 4 +4 bytes travelling through the network. Do you agree?

I quess you are talking here about entire L2 PDU sizeon core ethernet (
without 802.1q ) .
If so , 1526 is really minimum that would not be enough if you enable other
features
, like 802.1q subinterfaces , FRR , not to mention L2 PWE transport.
>
> Would it be enough to configure jumbo frame support and mpls mtu underthe
> physical interface or it would be necessary any command under theTE
> tunnel interface?
>

You need only mpls mtu command on your core interfaces( in this example
1512 ) , additional
mtu size increase on swicthes ( if any ) . There is no need to increase
tunnel mtu .


regards

Piotr Marecki


======================================================================



----- Forwarded by AlaerteGladston Vidali/Brazil/IBM on 05-02-2006 23:05 -----
"Mark Lewis"<mark at mjlnet.com>05-02-2006 21:21Please respond to
mark at mjlnet.com


To
cisco-nsp at puck.nether.netcc
Alaerte Gladston Vidali/Brazil/IBM at IBMBRSubject
Fwd: RE: [c-nsp] Number of MPLSlabels and MTU





Hi,

>
>gladston at br.ibm.com <> wrote on Sunday, February 05, 2006 4:17AM:
>
> > Hi,
> >
> > Reading Troubleshooting Virtual Private Networks, by Mark Lewis,he
> > states that if using VPN MPLS + TE, a label stack depth of threeis
> > used (RSVP signaled TE label + TDP/LDP signaled IGP label + VPN
> > label).
>
>Right, but this also depends on where the tunnel is (for a PE-PE tunnel,
>you might not have an IGP label), and if you are using TE Fast-Reroute,
>you could have an addtl. label during the backup case.


Yep- just as you says, it depends on the locationof the tunnel endpoints, whether FRR is configured, etc- and this is statedand a number of examples given in the book. And there's also a case studythat describes the label stack of L3VPN over TE tunnels.


>
> > Considering an application generates a packets with higher numberof
> > bytes (1472) and DF bit set, the packet will have 1514 byteswithout
> > label and 1514 + 4 + 4 +4 bytes travelling through the network.Do
> > you agree?
>
>How do you arrive at 1514?
>
> > Would it be enough to configure jumbo frame support and mplsmtu
> > under the physical interface or it would be necessary any command
> > under the TE tunnel interface?
>
>You need to make sure your physical interfaces will be able to transport
>the maximum size (i.e. Payload + 12 (or 16) bytes MPLS shim header).
>Setting the MTU on the TE Tunnel interface is not an option (I think)
>since you might also sending tagged packets over the tunnel which can't
>be fragmented.

Agreed- you just need to work out the maximum numberof labels in the stack, add this to the max IP packet size that you receivefrom customers (assuming L3VPN), and then set this on LSR i/fs using 'mplsmtu' (and config jumbo frame support on switches). If you're not sure ofthe label stack size for your particular config then it may be a good ideato err on the safe side and add enough 'headroom' for one or two 'extra'labels, if possible.

Also, note the relatively recent very slight modificationto the use of the 'mpls mtu' command:

http://www.cisco.com/en/US/products/ps6566/products_feature_guide09186a00805b5519.html

Finally, if you are transporting L2 frames over yourMPLS backbone then make sure you take into account the MPLS MTU requiredfor these typically larger labelled packet sizes (L2 frame + control word+ label stack). But that's covered in detail in chapter 7 :)

Cheers,

Mark

More information about the cisco-nsp mailing list