When playing with the MPLS Inter AS options I was obliged to use the neighbor x.x.x.x send-label command to exchange my label information between to AS. the interesting thing is that depending on how I was send the PE loopbacks in BGP I could loose connectivity between CEs.

Lets play around with the send-label command to see how it really works. I built a 6 router topology in 2 AS’s has shown in the following exhibit.

Case 1: BGP network statement

Our first case will be using the network statement in BGP to announce our loopbacks to our neighboring AS. We’ll simply configure R2, R3, R4 and R5 with a network statement:

router bgp 200
 address-family ipv4
 network 150.2.5.5 mask 255.255.255.255

First step lets have a look on the current MPLS forwarding table and routing table.

R5-PE#sh mpls for
Local  Outgoing      Prefix            Bytes Label   Outgoing   Next Hop
Label  Label or VC   or Tunnel Id      Switched      interface
16     Pop Label     150.2.4.4/32      0             Gi1/0      150.2.45.4
17     No Label      150.2.56.0/24[V]  570           aggregate/cust
R5-PE#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, + - replicated route

Gateway of last resort is not set

      150.1.0.0/32 is subnetted, 2 subnets
B        150.1.2.2 [200/0] via 150.2.4.4, 00:05:58
B        150.1.3.3 [200/0] via 150.2.4.4, 00:05:58
      150.2.0.0/16 is variably subnetted, 4 subnets, 2 masks
i L2     150.2.4.4/32 [115/20] via 150.2.45.4, 01:13:10, GigabitEthernet1/0
C        150.2.5.5/32 is directly connected, Loopback0
C        150.2.45.0/24 is directly connected, GigabitEthernet1/0
L        150.2.45.5/32 is directly connected, GigabitEthernet1/0

All loopbacks 150.1.x.x and 150.2.x.x are seen and we have reach ability

R5-PE#ping 150.1.2.2 so lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.2.2, timeout is 2 seconds:
Packet sent with a source address of 150.2.5.5
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/26/56 ms

Now lets configure BGP send-label between the 2 ASBRs in order to propagate labels between devices and configure a eBGP multihop VPNv4 session between R2 and R5.

router bgp 200
 address-family ipv4
 neighbor 150.12.34.4 send-label

 

router bgp 100
 no bgp default route-target filter
 neighbor 150.2.5.5 remote-as 200
 neighbor 150.2.5.5 ebgp-multihop 255
 neighbor 150.2.5.5 update-source Loopback0
 !
 address-family vpnv4
  neighbor 150.2.5.5 activate
  neighbor 150.2.5.5 send-community extended
  neighbor 150.2.5.5 next-hop-unchanged
 exit-address-family

I already configured route redistribution between BGP and OSPF for the cust VRF.

Ok, how does that look

R2-PE#sh ip bgp vpnv4 all
BGP table version is 19, local router ID is 150.1.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf cust)
*> 150.1.12.0/24    0.0.0.0                  0         32768 ?
*> 150.2.56.0/24    150.2.5.5                0             0 200 ?
Route Distinguisher: 200:1
*> 150.2.56.0/24    150.2.5.5                0             0 200 ?

 

R3-ASBR#sh ip bgp labels
   Network          Next Hop      In label/Out label
   150.1.2.2/32     150.1.2.2       16(from LDP)/nolabel
   150.1.3.3/32     0.0.0.0         imp-null(from LDP)/nolabel
   150.2.4.4/32     150.12.34.4     nolabel/imp-null
   150.2.5.5/32     150.12.34.4     nolabel/16

Our PE are exchanging routes and our ASBR are exchanging labels. Looks all good, except that we don’t see to have complete label information for the loopbacks… Strange…

Can we ping between our CEs?

R6-CE(config-if)#do ping 150.1.12.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.12.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

Doesn’t look that good finally… Lets see what’s going on, is it in the VPNv4 table ?

R5-PE#sh ip bgp vpnv4 all
BGP table version is 16, local router ID is 150.2.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:1
*> 150.1.12.0/24    150.1.2.2                0             0 100 ?
Route Distinguisher: 200:1 (default for vrf cust)
*> 150.1.12.0/24    150.1.2.2                0             0 100 ?
*> 150.2.56.0/24    0.0.0.0                  0         32768 ?

Yup it is, so what does CEF tell us?

R5-PE#sh ip cef vrf cust 150.1.12.0
150.1.12.0/24
  recursive via 150.2.4.4 unusable: no label

Hmmm… Looks like we have a problem there, there is no label to reach 150.2.4.4 but how come? I’m exchanging labels between ASBRs and I have LDP running inside the AS right? Well yes but the problem is that the routes were learned via the network statement.
Why is this a problem? Simply because LDP won’t assign a label for all the prefixes, it will only assign labels for next-hops. In order to get this setup working we need to create a full path of send-label to assign labels for BGP prefixes and exchange them between AS’s.

We have to give it a try don’t we? I’ll configure send-label on the neighbor between R2 – R3 and R4 – R5. Here is the result

R3-ASBR#sh ip bgp lab
   Network          Next Hop      In label/Out label
   150.1.2.2/32     150.1.2.2       16(from LDP)/imp-null
   150.1.3.3/32     0.0.0.0         imp-null(from LDP)/nolabel
   150.2.4.4/32     150.12.34.4     20/imp-null
   150.2.5.5/32     150.12.34.4     18/16

We now have an input label to reach 150.2.5.5 that looks much better, lets have a look at our CEF table now

R5-PE#sh ip bgp vpnv4 all
BGP table version is 32, local router ID is 150.2.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 100:1
*> 150.1.12.0/24    150.1.2.2                0             0 100 ?
Route Distinguisher: 200:1 (default for vrf cust)
*> 150.1.12.0/24    150.1.2.2                0             0 100 ?
*> 150.2.56.0/24    0.0.0.0                  0         32768 ?

 

R5-PE#sh ip cef vrf cust 150.1.12.0
150.1.12.0/24
  nexthop 150.2.45.4 GigabitEthernet1/0 label 21 17

and can we ping?

R6-CE(config-if)#do ping 150.1.12.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.12.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/33/44 ms

Yes because we have a full LSP now, from sh ip cef we can see the outgoing label should be 21

R5-PE#sh ip bgp lab
   Network          Next Hop      In label/Out label
   150.1.2.2/32     150.2.4.4       nolabel/21
   150.1.3.3/32     150.2.4.4       nolabel/17
   150.2.4.4/32     150.2.4.4       nolabel/imp-null
   150.2.5.5/32     0.0.0.0         imp-null(from LDP)/nolabel

 

R4-ASBR#sh bgp lab
   Network          Next Hop      In label/Out label
   150.1.2.2/32     150.12.34.3     21/16
   150.1.3.3/32     150.12.34.3     17/imp-null
   150.2.4.4/32     0.0.0.0         imp-null(from LDP)/nolabel
   150.2.5.5/32     150.2.5.5       16(from LDP)/imp-null

 

R3-ASBR#sh bgp lab
   Network          Next Hop      In label/Out label
   150.1.2.2/32     150.1.2.2       16(from LDP)/imp-null
   150.1.3.3/32     0.0.0.0         imp-null(from LDP)/nolabel
   150.2.4.4/32     150.12.34.4     20/imp-null
   150.2.5.5/32     150.12.34.4     18/16

Case 2: IGP redistribution

In our first scenario we used the BGP network statement to distribute the loopback addresses. This time we’ll redistribute the loopbacks using ISIS.

To do this we’ll start from scratch with our plain configuration (no send-label, no network statements, I’ll just leave the VPNv4 configuration) and configure redistribution between BGP and ISIS on the ASBRs

R3

ip prefix-list LOOPBACK_100 seq 5 permit 150.1.2.2/32
!
ip prefix-list LOOPBACK_200 seq 10 permit 150.2.5.5/32
!
route-map ISIS->BGP permit 10
 match ip address prefix-list LOOPBACK_100
!
route-map BGP->ISIS permit 10
 match ip address prefix-list LOOPBACK_200

R4

ip prefix-list LOOPBACK_100 seq 5 permit 150.1.2.2/32
!
ip prefix-list LOOPBACK_200 seq 10 permit 150.2.5.5/32
!
route-map ISIS->BGP permit 10
 match ip address prefix-list LOOPBACK_200
!
route-map BGP->ISIS permit 10
 match ip address prefix-list LOOPBACK_100

Now if you compare the output of sh mpls forwarding at the same point, meaning just after configuring the loopback you’ll notice a change.

R5-PE#sh mpls for
Local  Outgoing      Prefix            Bytes Label   Outgoing   Next Hop
Label  Label or VC   or Tunnel Id      Switched      interface
16     Pop Label     150.2.4.4/32      0             Gi1/0      150.2.45.4
17     No Label      150.2.56.0/24[V]  1140          aggregate/cust
19     No Label      150.1.2.2/32      0             Gi1/0      150.2.45.4

Yup, you noticed right, we have a label assigned for 150.1.2.2, it doesn’t yet have an outgoing label as we haven’t set up the send-label so we cannot ping from the CE device.

R6-CE(config-if)#do ping 150.1.12.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.12.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

Now I’ve just enabled the BGP send-label between the 2 ASBR (R3 – R4).

R3-ASBR#sh ip bgp labels
   Network          Next Hop      In label/Out label
   150.1.2.2/32     150.1.23.2      16(from LDP)/nolabel
   150.2.5.5/32     150.12.34.4     20/16

But you’ll also see

R3-ASBR#sh mpls for
Local  Outgoing      Prefix            Bytes Label   Outgoing   Next Hop
Label  Label or VC   or Tunnel Id      Switched      interface
16     Pop Label     150.1.2.2/32      15597         Gi1/0      150.1.23.2
17     Pop Label     150.12.34.4/32    0             Gi2/0      150.12.34.4
20     16            150.2.5.5/32      274           Gi2/0      150.12.34.4

Yup, the label has gone in LDP because of the IGP, the redistribution part is now making this route look like an IGP route so it will have a label assigned and distributed through LDP.

Without touching the PE devices we setup the inter AS and the CE devices can ping because R5 has a good LSP

R5-PE#sh mpls for
Local  Outgoing      Prefix            Bytes Label   Outgoing   Next Hop
Label  Label or VC   or Tunnel Id      Switched      interface
16     Pop Label     150.2.4.4/32      0             Gi1/0      150.2.45.4
17     No Label      150.2.56.0/24[V]  1710          aggregate/cust
20     19            150.1.2.2/32      0             Gi1/0      150.2.45.4

 

R6-CE(config-if)#do ping 150.1.12.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.12.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/56/104 ms

This solution has 2 advantages, the first one is that you don’t need to run IPv4 BGP between the PE devices, the second one is that you don’t need to announce the loopbacks on each device only the ASBRs needs to announce them.