MPLS L3 VPN inner tag

Could anybody explain me the real reason for inner tag in the MPLS packet? Why it is needed? Outter tag for MPLS switching, RT for import/export into the correct VRFs, that's clear. But why is the inner tag added to the frame?

 

Thank you in advance!

Comments


  • I am a PE with
    a CE router attached to an interface in a VRF

    As I
    receive routes in in from the CE router I associate each route with a label
    (The inner label)

    This
    route 
    ( containing the prefix, the RT
    and the inner label ) is advertised into BGP as a VPNv4 route. Essentially  I am saying, I have this prefix. If you have
    packets for it send them to my loop back address with a label of X. When I
    receive them I strip of the label and sent the packet out the correct interface
    towards the CE.

  • Because 'P' routers do not have any knowledge of customer routes.  So the outer "transit" label gets the traffic from one PE to another PE and this label is ripped off at the last but one hop (PHP).  Then the PE router looks at the inner "VPN" label so it can send it to the specific customer.  Without the outer transit label the traffic would be dropped by the first P router as it would not know how to forward it.

  • Could anybody explain me the real reason for inner tag in the MPLS packet? Why it is needed? Outter tag for MPLS switching, RT for import/export into the correct VRFs, that's clear. But why is the inner tag added to the frame?

    Thank you in advance!

     

    VPN label is used to identify which VRF does the route belong. Whereas, the transport label is used for end-to-end delivery between PE routers since the P router doesn't know anything about the customer route. The P router should make the switching decision based on the incoming & outgoing label.

    HTH

  • Thank you all!

    As my understanding, the RD/RT value should be enough to import/export the prefix into the correct VRF. So I still don't understand why the inner label needed.

  • You are mixing up the control plane which uses RT. and the data forwarding plane which uses the outer label for the LSP and the Inner label to identify the customer traffic  going towards the CE.

  • peetypeety ✭✭✭

    As my understanding, the RD/RT value should be enough to import/export the prefix into the correct VRF. So I still don't understand why the inner label needed.

    The RD/RT don't get carried in the packet.  The RD and the route/mask get exchanged in BGP VPNv4.  The RT controls how VPNv4 routes go into/out of the VRF routing table.  Neither of them get encoded into the packet (care to tell me where it could actually fit?).

  • To elaborate more. If PE_LEFT and CE_Left are on  LHS of the network and PR_right and CE_right are on the RHS:

     

    Control Plane

    Routes from CE_Left  are sent to VRF on PE_Left

    These are redistributed into BGP, along with the RT and the inner label.

    PE_Left has next hop self set. There fore these routes have a next hop of the loopback of PE_Left

    The routes reach PE_Right

    The router are imported into the VFR and reach CE_Right.

     

    LDP is enabled on all the interfaces on the shortest path between PE_Left  and PE_Right. Lables have been assigned to the routes to each PE loopbacks.

     

     

     

     

    Data Plane

    CE_Right has packets to send to CE _Left

    The route points out the interface to PE_Right.

    PE_Right receives the packet and sends it towards the Looplack of PE_Left along with the inner label

    The LSP to PE_Left is used for this.  The outer label (aks LSP lable or metro label )is swapped at each intermediate node (and popped at the second last).

    The packet arrives at PE_Left with out the outer label

    The inner lable is used to determine which interface to forward the traffic out. The inner label is stripped off and the packet is sent out.

     

    The Route target is not used to make forwarding decisions. It is used to control which routes re imported and exported into and out of a VRF

  • It is clear now. Data plane vs. control plane.  Thank you all! 

  • Kuris , i had a problem getting my head around this too.

    the way i think about is that if there was no inner label,  the PE router will recieve a 'naked' ip packet  (due to penultimate hop popping) , and  so  will try to forward packet using the global Routing table

    with an inner label attached , the PE knows exactly which VRF routing table to forward the data traffic

    try to separate  the control plane and data plane processes , otherwise it gets very confusing fast.

  • Yes, RT is locally configured in order to define which routes should be imported or exported for a particular VRF. Since the RT is not carried in the packet in data plane, the VPN label has more significance over the RT value & it's easier to have a quick look into the packet when imporing the routes. As we know, 96 bit VPNv4 prefix is created with RD for distinguishing the overlapping prefix. So, the different kind of mechanism might have been used like VPN label. Someone correct me if i'm wrong :)

    Good luck!

     

    EDIT: I think robot has the complete answer [;)] much appreciated!

    Thanks 

Sign In or Register to comment.