Multiprotocol Label
Switching (MPLS)
Solutions in this chapter:
■
Understanding MPLS
■
Integrating MPLS into QoS
■
Standardizing MPLS for Maximum
Efficiency
■
Controlling MPLS Traffic Using Traffic
Engineering
■
Integrating MPLS and Virtual Private
Networking (VPN)
Chapter 12
457
110_QoS_12 2/13/01 2:44 PM Page 457
458 Chapter 12 • Multiprotocol Label Switching (MPLS)
Introduction
Multiprotocol Label Switching is designed to forward packets through a network
with extremely high performance by adding a label to packets as they enter the
network at edge routers. Normally, every router along the packet’s path looks at
each individual piece of the IP header. However, since MPLS applies a fairly simple
label to each packet that includes all of the information needed to route the packet,
the overhead created by each router looking through the packet’s header is greatly
reduced, and the packet forwarding capabilities of each router are enhanced.
This chapter, unlike earlier chapters, both introduces MPLS and shows some
configuration examples. Since the basic theory of MPLS is fairly simple, separate
chapters are not required to discuss theory and implementation. Relatively

speaking, MPLS is a new technology, and there are many enhancements, such as
the capability to use RSVP with MPLS to request labels, that are being devel-
oped but are not yet fully deployable.This chapter focuses on the current RFCs
pertaining to MPLS and does not discuss features that may not make it to full
implementation.
Understanding MPLS
MPLS is the standardized version of Cisco Systems Tag Switching technology that
integrates the flexibility and scalability of Layer 3 routing with the high perfor-
mance and traffic-engineering capabilities of Layer 2 switching. MPLS is based on
the concept of label swapping, in which packets or cells are assigned short, fixed-
length labels that tell high-speed switching nodes how data should be forwarded.
The key to understanding MPLS is to first identify the roles of each MPLS
component.The main components are listed below, and you can see an illustra-
tion of specific MPLS components in Figure 12.1.
■
Label A constant width identifier used to select how to forward a
packet. Labels are also known as “Tags.”These labels are typically 32 bits
in length unless MPLS is running over ATM.When MPLS is operating
over an ATM infrastructure, the label size is an aggregate of the ATM
VPI/VCI fields.
■
Edge Label Switch Routers or Label Edge Routers (LERs) Label
edge routers are network layer routing devices located at the edges of a
MPLS network.The primary function of the label edge routers is to
apply labels, or tags, to packets entering the MPLS network, and remove
labels from packets leaving the MPLS network.
www.syngress.com
110_QoS_12 2/13/01 2:44 PM Page 458
www.syngress.com
NOTE

Label edge routers examine incoming packets from traditional routed
environments and perform the appropriate security, accounting, and
quality of service classifications. LERs run traditional routing protocols to
determine network reachability information such as OSPF and IS-IS. Then,
they apply the proper label to the packet and forward the packet to its
next hop.
■
Label Switch Routers (LSR) Label switch routers are high-speed
switching nodes whose main purpose is to forward packets at very high
speeds. Label switch routers typically form the core of the network and
run traditional IP routing protocols in order to gain knowledge of net-
work layer reachability information.These devices are usually either
high-speed routers or ATM switches.
■
Label Distribution Protocol (LDP) This protocol is used to dynam-
ically distribute labels among MPLS network elements. Labels are con-
sidered locally significant and must be unique on a per interface basis.
Multiprotocol Label Switching (MPLS) • Chapter 12 459
Figure 12.1 MPLS Components
Label Switch
Routers
Label Distribution
Protocol (LDP)
Label Edge Routers
110_QoS_12 2/13/01 2:44 PM Page 459
460 Chapter 12 • Multiprotocol Label Switching (MPLS)
NOTE
LDP uses UDP port 711 for neighbor discovery, and TCP port 711 to reli-
ably exchange label information among MPLS devices.
■

Label Switched Path (LSP) This is a communications channel used
to forward MPLS traffic between two MPLS enabled network elements.
LSPs can be either dynamically created via label distribution protocol
(LDP) or statically defined by the network administrator.
■
Label Information Base (LIB) This is the set of all labels learned
from neighbor routers. LIB is populated via LDP.
■
Label Forwarding Information Base (LFIB) This is the set of labels
that are actually used to forward packets. LFIB is derived from LIB.
MPLS exercises a label-based forwarding mechanism in which labels are used
to indicate both routes and service attributes.The ingress edge label switch router
processes incoming packets and assigns a label to each packet.These packets are
forwarded based on label toward the next hop router.The next hop routers
simply read the labels and forward packets based on these labels.The key is to
understand that processor-intensive analysis, classification, and filtering occur only
once, at the ingress edge label switch router. Label switch routers in the core do
not interrogate each packet; they merely switch each packet based solely on the
assigned label. At the egress edge label switch router, labels are removed, and
packets are forwarded to their final destination based on traditional routing
methods.
Label Switching Basics
In a traditional router network, each router must process every packet to deter-
mine the next hop that the packet must take to reach its final destination (see
Figure 12.2).This action is repeated hop-by-hop, resulting in variable latencies
through each router.This can adversely affect real-time applications that must
maintain a low end-to-end delay.
In contrast, in an MPLS network, only the label edge routers fully process
each packet. Label switches within the network simply forward packets based on
the label.This decreases the latency experienced by traditional routed networks

performing standard IP routing.There are, of course, other reasons to deploy
www.syngress.com
110_QoS_12 2/13/01 2:44 PM Page 460
Multiprotocol Label Switching (MPLS) • Chapter 12 461
MPLS, such as traffic engineering and VPNs.The other major difference between
regular IP routing and label switching is the separation of the control and data
planes–an essential concept for MPLS over ATM as well as TE.
We can now proceed to discuss MPLS operation in more detail.The fol-
lowing steps illustrate how packets are forwarded across an MPLS network. Refer
to Figure 12.3 for illustrations of each step.
1. We begin with a group of routers running a traditional routing protocol
such as OSPF or IS-IS.These routers are MPLS enabled and have estab-
lished adjacencies with their neighbors.
2. After the routing tables have been populated, label distribution protocol
dynamically binds labels to each IP route in the routing table, and by
default advertises these label bindings to all neighbors.
3. As unlabeled IP packets enter the MPLS LER, the router queries its IP
routing table and forwarding information base.The router determines
which interface the packet should be forwarded through, and what label
should be assigned to each packet.The decision of which interface to
forward the packet through need not be made purely on the basis of
destination prefix; therefore, an FEC (forwarding equivalence class) may
represent a prefix but could also represent a type of packet or level of
www.syngress.com
Figure 12.2 Traditional IP Routing Illustration
0
1
1
100.89
172.69

0
100.89.25.4 Data

100.89
172.69
address
prefix
I/F
1
1

100.89
172.69
address
prefix
I/F
0
1

100.89
address
prefix
I/F
0
All Packets are forwarded
based on their IP address
172.69
1
100.89.25.4 Data
100.89.25.4 Data 100.89.25.4 Data

110_QoS_12 2/13/01 2:44 PM Page 461
462 Chapter 12 • Multiprotocol Label Switching (MPLS)
precedence.The router performs a label imposition to attach the label to
the packet, and forwards the packet out the appropriate interface toward
the next hop router. See Figure 12.4.
www.syngress.com
Figure 12.3 MPLS Conceptual Network
Traditional Routing
Protocol–OSPF; ISIS
Label Distribution
Protocol
Labelled Packet
Figure 12.4 MPLS Packet Flow
100.89
172.69
1
0
1
In
Tag
-
-

Address
Prefix
100.89
100.89
172.69

Out

I’face
1
1

Out
Tag
7
5

In
Tag
7
7
5

Address
Prefix
100.89
172.69

Out
I’face
0
1

Out
Tag
8
7


100.89.25.4 Data
7
100.89.25.4 Data
100.89.25.4 Data
100.89.25.4 Data8
In
Tag

Address
Prefix
100.89

Out
I’face
0

Out
Tag
-

0
The LSR forwards packets
based on label only
Note: The term “tag” has been used instead of “label” to save sp
0
172.69
1
0
1
-

-

100.89

7

8

-

0
0
110_QoS_12 2/13/01 2:44 PM Page 462
Multiprotocol Label Switching (MPLS) • Chapter 12 463
4. When a label switch router receives a labeled packet, the switch reads
the label value of the incoming packet. Using the incoming label value
as the index, the switch checks its label forwarding information base
(FIB) to determine the outgoing label value and the outgoing interface.
The incoming label value is replaced with the outgoing label value, and
the packet is switched out the appropriate interface toward its next hop.
5. Packets are forwarded through the MPLS network in this manner hop
by hop until they reach the egress label edge router.The label edge
router performs a lookup of the incoming label in the forwarding infor-
mation base and determines that there is no outgoing label.The router
then strips off the label and forwards the packet as a traditional IP
packet.
That Sounds a Lot Like Routing!
The separation of control and data planes allows additional Layer 3 routing ser-
vices to be implemented without having to change the forwarding decision
engine. Engineers who are used to configuring Cisco routers via IOS will feel

comfortable configuring MPLS. Figure 12.5 illustrates a simple MPLS network.
The configuration files are also provided for reference.
The following is the output from the CORE LSR A Router.
!
version 12.1
!
hostname Core-LSR-A
www.syngress.com
Figure 12.5 MPLS Network Example Configuration
Core LSR A
Loopback0=10.10.10.1/32
10.10.30.0/24
10.10.20.0/24
Edge LSR B
Loopback0=10.10.10.2/32
Edge LSR C
Loopback0=10.10.10.3/32
110_QoS_12 2/13/01 2:44 PM Page 463
464 Chapter 12 • Multiprotocol Label Switching (MPLS)
!
ip subnet-zero
ip cef
!
interface Loopback0
ip address 10.10.10.1 255.255.255.255
no ip directed-broadcast
!
interface Ethernet1/0
no ip address
no ip directed-broadcast

shutdown
no cdp enable
!
interface Ethernet1/1
no ip address
no ip directed-broadcast
shutdown
no cdp enable
!
interface Ethernet1/2
no ip address
no ip directed-broadcast
shutdown
no cdp enable
!
interface Ethernet1/3
no ip address
no ip directed-broadcast
shutdown
no cdp enable
!
interface FastEthernet2/0
IP unnumbered loopback0
www.syngress.com
110_QoS_12 2/13/01 2:44 PM Page 464
Multiprotocol Label Switching (MPLS) • Chapter 12 465
tag-switching ip
!
interface FastEthernet2/1
IP unnumbered loopback0

tag-switching ip
!
!
router ospf 10
network 10.0.0.0 0.255.255.255 area 0
!
ip classless
no ip http server
!
no cdp run
!
line con 0
exec-timeout 0 0
transport input none
line aux 0
line vty 0 4
password cisco
no login
!
end
The following is the output of the EDGE LSR B Router.
!
version 12.1
!
hostname Edge-LSR-B
!
ip subnet-zero
ip cef
!
interface Loopback0

www.syngress.com
110_QoS_12 2/13/01 2:44 PM Page 465
466 Chapter 12 • Multiprotocol Label Switching (MPLS)
ip address 10.10.10.2 255.255.255.255
!
interface Ethernet1/0
ip address 10.10.20.1 255.255.255.0
!
interface Ethernet1/1
no ip address
no ip directed-broadcast
shutdown
no cdp enable
!
interface Ethernet1/2
no ip address
no ip directed-broadcast
shutdown
no cdp enable
!
interface Ethernet1/3
no ip address
no ip directed-broadcast
shutdown
no cdp enable
!
interface FastEthernet2/0
IP unnumbered loopback0
tag-switching ip
!

interface FastEthernet2/1
no ip address
no ip directed-broadcast
shutdown
no cdp enable
!
router ospf 10
network 10.0.0.0 0.255.255.255 area 0
www.syngress.com
110_QoS_12 2/13/01 2:44 PM Page 466
Multiprotocol Label Switching (MPLS) • Chapter 12 467
!
ip classless
no ip http server
!
no cdp run
!
line con 0
exec-timeout 0 0
transport input none
line aux 0
line vty 0 4
password cisco
no login
!
end
The following output is from the EDGE LSR C Router.
!
version 12.1
!

hostname Edge-LSR-C
!
ip subnet-zero
ip cef
!
interface Loopback0
ip address 10.10.10.3 255.255.255.255
!
interface Ethernet1/0
ip address 10.10.30.1 255.255.255.0
!
interface Ethernet1/1
no ip address
no ip directed-broadcast
shutdown
www.syngress.com
110_QoS_12 2/13/01 2:44 PM Page 467
468 Chapter 12 • Multiprotocol Label Switching (MPLS)
no cdp enable
!
interface Ethernet1/2
no ip address
no ip directed-broadcast
shutdown
no cdp enable
!
interface Ethernet1/3
no ip address
no ip directed-broadcast
shutdown

no cdp enable
!
interface FastEthernet2/0
IP unnumbered loopback0
tag-switching ip
!
interface FastEthernet2/1
no ip address
no ip directed-broadcast
shutdown
no cdp enable
!
router ospf 10
network 10.0.0.0 0.255.255.255 area 0
!
ip classless
no ip http server
!
no cdp run
!
line con 0
exec-timeout 0 0
transport input none
www.syngress.com
110_QoS_12 2/13/01 2:44 PM Page 468
Multiprotocol Label Switching (MPLS) • Chapter 12 469
line aux 0
line vty 0 4
password cisco
no login

!
end
Understanding Labels
The key to understanding MPLS is the concept that each packet is assigned a
short fixed-length label.The MPLS hardware is optimized to read these labels
and use them as a basis for forwarding packets. Labels are assigned to each packet
in order to identify the destination, precedence,VPN membership, quality of ser-
vice characteristics, and, potentially, any traffic-engineered routes that the packet
should utilize. Labels are locally significant; this means that the label must be
unique only on a per interface basis.
Figure 12.6 illustrates where the packet label header resides when using
MPLS with SONET, LAN 802.3, and ATM cell or frame formats.
The label is typically placed between the Layer 2 and Layer 3 portions of the
packet.When MPLS is used over ATM networks, the ATM VPI/VCI fields are
used by MPLS to assign the appropriate label to the packet.
www.syngress.com
Figure 12.6 Frame Formats
Label HeaderPPP Header Layer 3 Header
PPP Header
(Packet over SONET/SDH)
Label HeaderMAC Header Layer 3 Header
802.3 Header
(LAN/Bridged)
ATM Cell Header
HEC
Label
DATACLPPTIVCIGFC VPI
110_QoS_12 2/13/01 2:44 PM Page 469
470 Chapter 12 • Multiprotocol Label Switching (MPLS)
Integrating MPLS into QoS

MPLS technology satisfies the requirements of bringing Quality of Service
(QoS), privacy, high availability, and scalability to large networks. MPLS reduces
the costs and complexity of provisioning from a service provider perspective,
resulting in lower costs and faster turn up of services to the subscriber.
Many large IP routed networks overlay IP on ATM to deliver QoS, privacy,
and traffic engineering. MPLS can be used to integrate IP and ATM functionality
in order to add IP intelligence to ATM network elements.This IP awareness
transforms the ATM switch into a high-speed IP router capable of performing
the same level of QoS, privacy, and availability as the overlay model.This transfor-
mation regularly reduces the number of router adjacencies and virtual circuits, as
well as the processing power required to operate the network, at the same time
increasing the scalability of the network (see Figure 12.7).
Ensuring MPLS Is Efficient and Reliable
MPLS can be more efficient and reliable than other approaches to IP routing.
Since MPLS packet forwarding is based on a fixed-length label, IP routers can
more efficiently process packets at higher forwarding rates. MPLS networks can
prioritize real-time traffic and reduce the end-to-end latency encountered in tra-
ditional IP networks.This is because packets are routed only once at the edge of
the network and switched to their final destination.
www.syngress.com
Figure 12.7 Adjacency Reduction
Traditional IP Overlay
Network
MPLS IP + ATM
Network
110_QoS_12 2/13/01 2:44 PM Page 470
Multiprotocol Label Switching (MPLS) • Chapter 12 471
Network reliability and survivability can be enhanced via a fully redundant
architecture capable of achieving 99.999 percent availability. Since MPLS is not
media dependent, it can leverage automatic protection switching available via

SONET, while still using other technologies such as Ethernet, Frame Relay, and
ATM to provide the versatility of any-to-any connectivity.
MPLS networks use mature IP routing protocols that can dynamically load
balance and re-route traffic in the event of a link failure.
Integrating ATM Classes of
Service (CoS) with MPLS
MPLS can also leverage ATM switching as a transport technology. In some cases,
it may be more cost effective to interconnect MPLS network elements via a
public ATM network.This is accomplished by ordering an ATM permanent vir-
tual path (PVP) from an ATM service provider.A permanent virtual path con-
nection (PVPC) is an ATM connection in which switching is performed on the
VPI field only of each ATM cell.This enables the terminating ATM end points
or MPLS switching elements to dynamically assign the VCI values to the path on
an as-needed basis.These VCI values serve as labels from an MPLS perspective.
The permanent virtual path connection must be ordered with a specific ATM
class of service.The following reference list shows the ATM classes of service
defined by the ATM Forum along with their common applications.
■
Constant Bit Rate Service (CBR) This traffic class is usually provi-
sioned to support circuit emulation, uncompressed voice, and video.
■
Variable Bit Rate Real Time (VBR-rt) This traffic class is used to
support bursty real-time traffic such as compressed voice and video.
■
Variable Bit Rate Non-real Time (VBR-nrt) This traffic class can be
used to support bursty data applications such as Frame Relay over ATM.
■
Available Bit Rate (ABR) This is primarily used for most data appli-
cations. ABR service implements flow control mechanisms that manage
congestion. In addition, ABR can guarantee a minimum cell rate and

allow subscribers to sustain bursts up to their peak cell rate, as long as
there is enough capacity in the network.
■
Unspecified Bit Rate (UBR) This traffic class is used for bursty data
applications. UBR service does not guarantee any quality of service.
Traffic is delivered on a best-effort basis.
www.syngress.com
110_QoS_12 2/13/01 2:44 PM Page 471
472 Chapter 12 • Multiprotocol Label Switching (MPLS)
Commonly, network architects will order either CBR or VBR ATM services
for MPLS applications. Cost is always a driving factor, so in practice, make certain
that you price both CBR and VBR services from multiple providers before pro-
cessing your circuit order. Pricing can vary greatly among providers, and you may
also find that you can get twice as much guaranteed bandwidth from a VBR ser-
vice as from a CBR service for approximately the same cost. If you choose this
option, verify that the end-to-end latency guaranteed by the provider is within
tolerances to support any real-time applications on your network.
Reducing Congestion with
Traffic Engineering and VPN
Traffic engineering enables network architects to reduce congestion and maxi-
mize the use of bandwidth in their networks. IP networks have traditionally used
both static and dynamic routing protocols to determine the best path from loca-
tion “A” to location “Z”. IP routers calculate the best path on a per hop basis and
forward traffic accordingly.Traffic engineering can override path selection in
order to forward specific traffic via alternate paths.Typically, traffic engineering is
used to steer traffic so that it flows over underutilized links, low latency paths, or
high capacity circuits.
A VPN is a network in which subscriber connectivity between sites is provi-
sioned across a shared infrastructure in a secure manner. MPLS-based VPNs dis-
tribute traffic among all members of each individual VPN, while guaranteeing

quality of service and confidentiality. As new sites are added to a VPN, provi-
sioning occurs only once at the access point of presence (POP). It is not neces-
sary to configure the VPN service end to end; the MPLS network automatically
exchanges reachability information among all members of the VPN.The result is
a decrease in the time it takes to provision additional VPN subscribers, and a
reduction in operational costs caused by the increased speed of provisioning.
MPLS-based VPNs do not require any changes to their subscribers’ IP
addressing plans. More specifically, the VPN architecture can support subscribers
with overlapping address space as long as they are in separate VPNs.This is a key
differentiator between this and other VPN solutions.
VPNs will be discussed in further detail in the sections that follow.
www.syngress.com
110_QoS_12 2/13/01 2:44 PM Page 472
Multiprotocol Label Switching (MPLS) • Chapter 12 473
Standardizing MPLS for
Maximum Efficiency
The standardization of MPLS ensures that there will be full vendor interoper-
ability as the technology matures.This will enable network managers to select the
best products to meet their needs without being locked into a single vendor’s
solution or feature set.
MPLS natively support the following Quality of Service features:
■
Packet Classification and Marking Packet classification allows traffic
to be partitioned into multiple priority levels or classes of service.The IP
packet type of service bits directly map to the MPLS class of service
field to maintain the correct packet priority indicators.
■
Congestion Avoidance Congestion avoidance is provided via a
weighted random early detection (WRED) algorithm enabled on net-
work interfaces to provide buffer management.

■
Congestion Management When a network interface becomes con-
gested, queuing techniques are necessary to ensure that the critical appli-
cations get priority over non-critical traffic. Some examples of these
queuing methods are priority queuing, custom queuing, weighted fair
queuing, and class-based weighted fair queuing.
■
Traffic Conditioning Using traffic shaping or policing can condition
traffic entering a network. Shaping smoothes the traffic flow to a speci-
fied rate by using buffers, whereas policing enforces a rate-limit. An
example of traffic shaping is Frame Relay Traffic Shaping (FRTS), and
an example of policing would be committed access rate (CAR).
■
Signaling Resource Reservation Protocol (RSVP) is the primary
mechanism to perform Admission Control for flows in a network.
RSVP can request resources from a network that meet the requirements
of a specific traffic flow across a given network.
Deploying Link State Protocol Support
Service providers typically deploy MPLS using a link state Interior Gateway
Protocol such as IS-IS or OSPF to interconnect MPLS network elements.
Distance vectors protocols such as RIP and EIGRP are not supported.The
www.syngress.com
110_QoS_12 2/13/01 2:44 PM Page 473
474 Chapter 12 • Multiprotocol Label Switching (MPLS)
provider edge routers use BGP 4 to communicate VPN information with one
another across the MPLS network.
The MPLS devices from the provider network must also interface with sub-
scriber routers, otherwise known as customer edge routers (CERs). Customer
edge routers can exchange routing updates with MPLS provider edge routers via
BGP 4, RIP, OSPF, IS-IS, or static routes.This enables nearly any-to-any connec-

tivity between the provider and the customer premise.
Integrating VPNs with BGP
MPLS VPNs use BGP multiprotocol extensions to distribute VPN information
among MPLS network elements.VPN IP version 4 Address Families are used to
create separate IP forwarding tables for each individual VPN defined.These tables
contain the data necessary to maintain multiple routing instances on a per VPN
basis. More MPLS VPN mechanics are discussed in the MPLS VPN section of
this chapter.
Controlling MPLS Traffic
Using Traffic Engineering
Traffic engineering is a term referring to the process of measuring, modeling, and
controlling traffic. Network engineers employ traffic-engineering techniques to
improve link utilization by explicitly routing traffic over underutilized links.
Standards-based routing protocols have been designed to forward traffic down
a path that is considered the best metric, or shortest distance, between the source
and destination, without taking into account any network conditions such as
congestion, available bandwidth, or delay.Traffic engineering enables you redis-
tribute traffic more evenly in order to achieve a more uniform utilization across
all transmission paths.The traffic-engineered path may not be the shortest path
between two points, but it may offer other benefits such as additional capacity or
lower latency.This enables service providers to meet the requirements of the most
stringent service-level agreements (SLAs).
Traditional IP networks can perform policy routing, a rather primitive
approach to traffic engineering. Policy routing can be used to manually assign the
path that traffic should follow. One deficiency of policy routing is that it impacts
the performance of the router at each hop. In contrast, MPLS traffic engineering
creates a label switch path across the route defined via traffic engineering without
any performance impact on the MPLS hardware, and with no additional end-to-
end latency.
www.syngress.com

110_QoS_12 2/13/01 2:44 PM Page 474
Multiprotocol Label Switching (MPLS) • Chapter 12 475
It is important to understand that traffic engineering can be based not only
on network policies, but also on current congestion and link availability
throughout the network.This method of traffic engineering is known as routing
for resource reservation (RRR). RRR permits network architects to dynamically
apply traffic-engineering rules that override the traditional IP forwarding mecha-
nisms. RRR creates one or more explicit paths with bandwidth guarantees for
each link in the network. It takes into consideration the policy constraints associ-
ated with links, physical transmission resources, and network topology.This results
in a forwarding paradigm based on packets being routed according to resource
availability and traffic classification policy.The signaling protocol used in RRR is
RSVP.
Resource Reservation Protocol (RSVP) is used to automatically establish and
maintain LSP tunnels across the MPLS network. RSVP selects the traffic-engi-
neered physical path based on the tunnel resource requirements and the available
bandwidth in the network. A tunnel can dynamically increase or decrease its
resource reservations based on changing network conditions.
MPLS traffic-engineered paths are configured at the edge label switch router by
specifying a sequence of hops that the path must traverse. MPLS control messages
flow across the path, setting up the necessary label-forwarding information for each
LSR along the path.The network operator can specify a policy regarding which
packets are to use a specific path. In other words, the network operator classifies
which packets or applications are to use the traffic-engineered routes.
Deploying MPLS Using
Cisco Express Forwarding
When deploying MPLS with Cisco Systems hardware, it is necessary to use Cisco
express forwarding (CEF). Cisco express forwarding is a Cisco proprietary IP
switching technology. CEF is based on a full topology-driven architecture that
exercises all the available routing information to build an optimized IP for-

warding information base (FIB).The FIB is a mirror image of the IP routing
table.The FIB is used in conjunction with an adjacency table that maintains the
Layer 2 next hop addresses for entries in the forwarding information base. CEF
technology queries both of these tables in order to switch packets.
CEF is different from other switching architectures that use the first packet in
a flow to build an IP destination route cache, which is then used by subsequent
packets to the same destination. Since the CEF FIB contains a full copy of the
routing table, there can never be any route cache misses. A route cache miss
www.syngress.com
110_QoS_12 2/13/01 2:44 PM Page 475
476 Chapter 12 • Multiprotocol Label Switching (MPLS)
occurs when there is no current route stored in cache, resulting in a query to the
main CPU which causes that first packet to be process switch, thus impacting
performance.
Cisco express forwarding offers the following benefits:
■
Increased Performance Because of the simplistic architecture of CEF,
it is less CPU intensive than other Layer 3 switching mechanisms.The
additional CPU cycles gained from using CEF can be used to increase
packet-forwarding performance and support other router features such as
QoS and encryption.
■
Scalability The technology has been designed to support very large
networks with thousands of routes, and it supports a distributed hard-
ware environment.
■
Resiliency CEF is more stable and accurate than other switching
mechanisms that use route-caching technologies. For example, there are
no cache misses.
CEF can be deployed in either distributed or centralized modes. In central-

ized mode, all packet processing occurs at the main CPU. In distributed mode,
packet processing is dispersed between the main CPU and versatile interface pro-
cessors on the 7500, or between the main CPU and the line cards on a Cisco
Gigabit Switch Router (GSR).When running in distributed mode, CEF employs
the reliable interprocess communication (IPC) mechanism to synchronize all FIBs
to the master copy running on the main CPU.
NOTE
Distributed Cisco express forwarding (DCEF) is the only forwarding
method available on the GSR 12000. Disabling this feature will impair
packet forwarding.
Unequal Cost Load Balancing
When performing traffic engineering, it is common to encounter situations in
which there is a substantial amount of traffic that needs to flow from location
“A” to location “Z”.The problem is that these locations are geographically dis-
persed and the dynamic routing protocol selected, for example, IS-IS or OSPF,
www.syngress.com
110_QoS_12 2/13/01 2:44 PM Page 476
Multiprotocol Label Switching (MPLS) • Chapter 12 477
has calculated a single path between these locations, when, in fact, there are actu-
ally four different paths the traffic could follow to deliver the data. By leveraging
the features of both Cisco express forwarding and MPLS traffic engineering, four
separate tunnels can be built between these locations to leverage the alternate
paths to the destination.
Let us assume that we have built four tunnels to use these alternate paths.We
now have the option of load balancing the traffic evenly or unevenly. If the traffic
is being load balanced evenly among the tunnels, 25 percent of the traffic is
flowing across each tunnel. Based on resource requirements, availability, and
topology, it may be more beneficial to provide an unequal distribution of the
load. For instance, if one of the tunnels flows over three router hops intercon-
nected via OC12 circuits, this path is significantly underutilized.Therefore, we

may choose to deliver 55 percent of the traffic between these sites over this spe-
cific tunnel, and 15 percent of the traffic flow over the other three traffic-engi-
neered tunnels.
In order to accurately create and size the traffic-engineered tunnels to be used
in traffic engineering, it is recommended that a detailed traffic study be completed.
This will ensure that all mission-critical and low latency applications are serviced
correctly, that traffic patterns are identified, and that link utilizations are considered
during peak and off-peak hours. A traffic study will empower traffic engineers with
the information necessary to properly engineer the network.
Configuring Loopback Interfaces
A loopback interface is a logical interface on a router. Loopback interfaces are
not bound to any physical port and can never enter a down state.This capability
to always remain up and active is used to increase the stability and scalability of
large IP routed networks. Cisco routers also use the loopback interface address as
their router ID when using protocols such as OSPF.
By default, OSPF makes use of the highest IP address configured on a router’s
interfaces as its router ID. If the interface associated with this IP address is ever
disabled, or if the address is deleted, the OSPF routing process must recalculate a
new router ID and retransmit all of its routing information to its neighbors.
However, if the loopback interface were configured with an IP address, the
router would select this IP address as its router ID.This is because the loopback
interface is given precedence over all other interfaces. Once the loopback inter-
face has an IP address, it will be used for router ID selection, regardless if any
other interfaces are configured with a higher IP address.
www.syngress.com
110_QoS_12 2/13/01 2:44 PM Page 477
478 Chapter 12 • Multiprotocol Label Switching (MPLS)
Here is a loopback interface configuration example.
Router# conf t
Enter configuration commands, one per line. End with CNTL/Z.

Router(config)# interface loopback 0
Router(config-if)# ip address 10.10.10.1 255.255.255.255
Router(config-if)# description OSPF Router ID
Integrating MPLS and Virtual
Private Networking (VPN)
MPLS virtual private networking is the most scalable VPN solution ever devel-
oped. Border Gateway Protocol (BGP) is used to distribute VPN information
across the MPLS network. An IGP, such as OSPF or IS-IS, is employed to dis-
tribute routing information among MPLS network elements. MPLS label bind-
ings are distributed among other MPLS peers via label distribution protocol
(LDP), whereas BGP is used to distribute label bindings for external routes, such
as those within each VPN.
MPLS requires separate VPN routing and forwarding (VRF) tables or route-
forwarding instances for each VPN provisioned. Separate forwarding tables ensure
that subscribers of a specific VPN cannot reach destinations outside their VPN.
These VPN-specific forwarding tables are created using BGP multiprotocol
extensions. MPLS VPNs use VPN IP version 4 (IPv4) Address Families, consisting
of an 8-byte route distinguisher and ending with a 4-byte IPv4 address, to for-
ward VPN information among BGP peers.
VPN membership is statically configured on a per port or per interface basis.
Each interface or sub-interface on the label edge router is configured with a
unique route distinguisher.The purpose of the route distinguisher is to allow the
system to create distinct routes to IPv4 address prefixes.The route distinguishers
are known only to the MPLS network elements and are unknown to the cus-
tomer edge router or routers.
A route distinguisher can be up to 8 bytes long.The 8-byte field is comprised
of a 4-byte autonomous system number and a 4-byte subscriber number that is
assigned by the provider.
When a subscriber router sends a packet to the MPLS LER, the LER verifies
which interface the packet was received on and performs a lookup in the VPN-

specific forwarding information base.The forwarding information base supplies the
outgoing interface and two labels.The first label is used to reach the destination
www.syngress.com
110_QoS_12 2/13/01 2:44 PM Page 478
Multiprotocol Label Switching (MPLS) • Chapter 12 479
LER in the MPLS network, and the second label is used to determine how to
handle the packet at the egress LER. More specifically, the second label is used to
determine how to forward the packet to the correct outgoing VPN interface at
the MPLS network egress.
An MPLS VPN is a lot easier to configure than it looks.Table 12.1 reviews
the VPN portion of a sample IOS configuration from a MPLS provider edge
LSR, and explains the command syntax.
www.syngress.com
Enable <password>
!
Configure Terminal
!
ip vrf Red
rd 65050:1
route-target export 65050:1
route-target import 65050:1
!
!
ip vrf Blue
rd 65051:1
route-target export 65051:1
Log in to router
Enter enable mode
Enter global configuration mode
Creates a new VPN routing table

called Red
Creates the route distinguisher (AS
number: ID) that is bound to the VPN
routing table Red
Exports routing information to the
target MPLS VPN extended community
Imports routing information from the
target MPLS VPN extended community
Creates a new VPN routing table
called Blue
Creates the route distinguisher (AS
number: ID) that is bound to the VPN
routing table Blue
Exports routing information to the
target MPLS VPN extended community
Table 12.1 MPLS VPN Configuration and Explanation
Configuration Explanation
Continued
110_QoS_12 2/13/01 2:44 PM Page 479
480 Chapter 12 • Multiprotocol Label Switching (MPLS)
www.syngress.com
route-target import 65051:1
!
!
!
interface FastEthernet2/0
ip vrf forwarding Red
ip address x.x.x.x y.y.y.y
!
interface FastEthernet2/1

ip vrf forwarding Blue
ip address x.x.x.x y.y.y.y
!
router ospf 100
network a.a.a.a m.m.m.m area 0
!
router ospf 17 vrf Red
network a.a.a.a .m.m.m.m area 0
redistribute bgp 65500 metric-type 1
subnets
!
router bgp 65500
Imports routing information from
the target MPLS VPN extended com-
munity
Fast Ethernet Interface
Associates interface with the Red
VPN
IP address and mask
Fast Ethernet Interface
Associates interface with the Blue
VPN
IP address and mask
Enables OSPF routing process 100
Specifies the networks directly con-
nected to the router and identifies
OSPF area membership
Enables OSPF routing process 17 for
the Red VPN
Specifies the networks directly con-

nected to the router and identifies
OSPF area membership
Redistributes BGP routes and Injects
BGP routes into OSPF as type 1
routes
Enables BGP routing for autonomous
system 65500
Table 12.1 Continued
Configuration Explanation
Continued
110_QoS_12 2/13/01 2:44 PM Page 480
Multiprotocol Label Switching (MPLS) • Chapter 12 481
www.syngress.com
no synchronization
no bgp default ipv4-unicast
neighbor z.z.z.z remote-as 65500
neighbor z.z.z.z update-source loop-
back 0
!
address-family ipv4 vrf Red
redistribute ospf 17
No autosummary
exit-address-family
!
address-family ipv4 vrf Blue
redistribute static
redistribute static connected
exit-address-family
!
address-family vpnv4

neighbor a.a.a.a activate
neighbor a.a.a.a send-community
extended
Since all MPLS routers are running
BGP, synchronization is disabled,
resulting in the network converging
more quickly.
Specifies the IBGP neighbor and
autonomous system number
Forces the router to use the IP address
assigned to loopback 0 as the source
address for BGP packets
Configures the address family for VRF
Red
Redistributes routes from ospf to BGP
Red VPN routing table
Disables summarization
Exits address family configuration
mode
Configures the address family for VRF
Blue
Redistributes static routes
Redistributes connected routes
Exits address family configuration
mode
Configures the address family using
VPN IPv4 prefixes
Activates IBGP neighbor
Forward VPN extended attributes
Table 12.1 Continued

Configuration Explanation
110_QoS_12 2/13/01 2:44 PM Page 481