MPLS Overview

Why Use MPLS?

MPLS reduces the use of the forwarding table by using labels instead of the forwarding table. The size of forwarding tables on a switch are limited by silicon and using exact matching for forwarding to destination devices is cheaper than buying more sophisticated hardware. In addition, MPLS allows you to control where and how traffic is routed on your network – this is called traffic engineering.

Some reasons to use MPLS instead of another switching solution are:

• MPLS can connect different technologies that would not otherwise be compatible---service providers have this compatibility issue when connecting clients with different autonomous systems in their networks. In addition, MPLS has a feature called Fast Reroute that provides alternate backups for paths – this prevents network degradation in case of a switch failure.

• Other IP-based encapsulations such as Generic Route Encapsulation (GRE) or Virtual Extensible Local Area Networks (VXLAN) support only two levels of hierarchy, one for the transport tunnel and one piece of metadata. Using virtual servers means that you need multiple hierarchy levels. For example, one label is needed for top-of-rack (ToR), one label for the egress port that identifies the server, and one for the virtual server.

Why Not Use MPLS?

There are no protocols to auto-discover MPLS enabled nodes. MPLS protocol just exchanges label values for an LSP. They do not create the LSPs.

You must build the MPLS mesh, switch by switch. We recommend using scripts for this repetitive process.

MPLS hides suboptimal topologies from BGP where multiple exits may exist for the same route.

Large LSPs are limited by the circuits they traverse. You can work around this by creating multiple, parallel LSPs.

How Do I Configure MPLS?

There are three types of switches you must set up for MPLS:

• Label Edge Router/Switch (LER) or ingress node to the MPLS network. This switch encapsulates the packets.

• Label Switching Routers/Switches (LSR). One or more switches that transfer MPLS packets in the MPLS network.

• Egress router/switch is the final MPLS device that removes the last label before packets leave the MPLS network.

Service providers (SP) use the term provider router (P) for a backbone router/switch doing label switching only. The customer-facing router at the SP is called a provider edge router (PE). Each customer needs a customer edge router (CE) to communicate with the PE. Customer facing routers typically can terminate IP addresses, L3VPNs, L2VPNs/ pseudowires, and VPLS before packets are transferred to the CE.

• Configure the MPLS LER (Ingress) Switch and the Egress Switch
• Configure LSRs for MPLS

What Does the MPLS Protocol Do?

Multiprotocol Label Switching (MPLS) is an Internet Engineering Task Force (IETF)-specified framework that provides for the designation, routing, forwarding and switching of traffic flows through the network. In addition, MPLS:

• Specifies mechanisms to manage traffic flows of various granularities, such as flows between different hardware, machines, or even flows between different applications.

• Remains independent of the layer-2 and layer-3 protocols.

• Provides a means to map IP addresses to simple, fixed-length labels used by different packet-forwarding and packet-switching technologies.

• Interfaces to existing routing protocols, such as Resource ReSerVation Protocol (RSVP) and Open Shortest PathFirst (OSPF).

• Supports IP, ATM, and Frame Relay layer-2 protocols.

• Uses these additional technologies:

  • FRR: MPLS Fast Reroute improves convergence during a failure by mapping out alternate LSPs in advance.

  • Link Protection/ Next-hop backup: A bypass LSP is created for every possible link failure.

  • Node Protection/ Next-hop backup: A bypass LSP is created for every possible switch (node) failure.

  • VPLS: Creates Ethernet multipoint switching service over MPLS and emulates functions of an L2 switch.

  • L3VPN: IP-based VPN customers get individual virtual routing domains.

How Does MPLS Interface to Other Protocols?

Some of the protocols that work with MPLS are:

• RSVP-TE: Resource Reservation Protocol - Traffic Engineering reserves bandwidth for LSPs.

• LDP: Label Distribution Protocol is the defacto protocol used for distribution of MPLS packets and is usually configured to tunnel inside RSVP-TE.

• IGP: Interior Gateway Protocol is a routing protocol. Edge routers (PE-routers) run BGP between themselves to exchange external (customer) prefixes. Edge and core (P) routers run IGP (usually OSPF or IS-IS) to find optimum path toward BGP next hops. P- and PE-routers use LDP to exchange labels for known IP prefixes (including BGP next hops). LDP indirectly builds end-to-end LSPs across the network core.

• BGP: Border Gateway Protocol (BGP) allows policy-based routing to take place, using TCP as its transport protocol on port 179 to establish connections. The Junos OS routing protocol software includes BGP version 4. You do not configure BGP---configuring interfaces with MPLS and LDP/RSVP establishes the labels and the ability to transmit packets. BGP automatically determines the routes packets take.

• OSPF and ISIS: These protocols are used for routing between the MPLS PE and CE. Open Shortest Path First (OSPF) is perhaps the most widely used interior gateway protocol (IGP) in large enterprise networks. IS-IS, another link-state dynamic routing protocol, is more common in large service provider networks. Assuming you're running L3VPN to your customers, on the SP edge between the PE and the CE you can run any protocol that your platform supports as a VRF aware instance.

If I Have Used Cisco MPLS, What Do I Need to Know?

Cisco Networks and Juniper Networks use different MPLS terminology.

Benefits of MPLS

MPLS has the following advantages over conventional packet forwarding:

• Packets arriving on different ports can be assigned different labels.

• A packet arriving at a particular provider edge (PE) switch can be assigned a label that is different from that of the same packet entering the network at a different PE switch. As a result, forwarding decisions that depend on the ingress PE switch can be easily made.

• Sometimes it is desirable to force a packet to follow a particular route that is explicitly chosen at or before the time the packet enters the network, rather than letting it follow the route chosen by the normal dynamic routing algorithm as the packet travels through the network. In MPLS, a label can be used to represent the route so that the packet need not carry the identity of the explicit route.

Additional Benefits of MPLS and Traffic Engineering

MPLS is the packet-forwarding component of the Junos OS traffic engineering architecture. Traffic engineering provides the capabilities to do the following:

• Route primary paths around known bottlenecks or points of congestion in the network.

• Provide precise control over how traffic is rerouted when the primary path is faced with single or multiple failures.

• Provide efficient use of available aggregate bandwidth and long-haul fiber by ensuring that certain subsets of the network are not overutilized while other subsets of the network along potential alternate paths are underutilized.

• Maximize operational efficiency.

• Enhance the traffic-oriented performance characteristics of the network by minimizing packet loss, minimizing prolonged periods of congestion, and maximizing throughput.

• Enhance statistically bound performance characteristics of the network (such as loss ratio, delay variation, and transfer delay) required to support a multiservice Internet.

Supported Features

The tables in this section lists the MPLS features that are supported on the QFX Series, EX4600, EX4650 switches, and the Junos OS release in which they were introduced. Table 1 lists the features for QFX10000 switches. Table 2 lists the features for QFX3500, QFX5100, QFX5120, QFX5110, QFX5200, QFX5210 switches.Table 3 lists the features for EX4600 and EX4650 switches.

MPLS Limitations on QFX10000 Switches

• Configuring an MPLS firewall filter on a switch that is deployed as an egress provider edge (PE) switch has no effect.

• Configuring the revert-timer statement at the [edit protocols mpls] hierarchy level has no effect.

• These LDP features are not supported on the QFX10000 switches:

  • LDP multipoint

  • LDP link protection

  • LDP Bidirectional Forwarding Detection (BFD)

  • LDP Operation Administration and Management (OAM)

  • LDP multicast-only fast reroute (MoFRR)

• Pseudowire-over-aggregated Ethernet interfaces on UNI are not supported.

• MPLS-over-UDP tunnels are not supported on the following:

  • MPLS TTL propagation

  • IP fragmentation at the tunnel start point

  • CoS rewrite rules and priority propagation for RSVP LSP labels (ingress tunnels only)

  • Plain IPv6

  • Multicast traffic

  • Firewall filters on tunnel start and endpoints

  • CoS tunnel endpoints

  Note:

  MPLS-over-UDP tunnels are created only if corresponding RSVP-TE, LDP, or BGP-LU tunnels are not available for the destination route.

MPLS Limitations on EX4600, EX4650, QFX5100, QFX5110, QFX5120, QFX5200, and QFX5210 Switches

• MPLS support differs on the various switches. EX4600 switches support only basic MPLS functionality while the QFX5100, QFX5110, QFX5120, QFX5200, and QFX5210 switches support some of the more advanced features. See MPLS Feature Support on QFX Series and EX4600 Switches for details.

• On a QFX5100 switch, configuring integrated bridging and routing (IRB) interfaces on the MPLS core is implemented on the switch by using TCAM rules. This is the result of a chip limitation on the switch, which only allows for a limited amount of TCAM space. There is 1K TCAM space is allocated for IRB. If multiple IRBs exist, make sure that you have enough available TCAM space on the switch. To check the TCAM space, see TCAM Filter Space Allocation and Verification in QFX Devices from Junos OS 12.2x50-D20 Onward.

• (QFX5100, QFX5110, QFX5120, QFX5200, QFX5210, EX4600) When flexible-ethernet-services encapsulation is configured on an interface and vlan-bridge encapsulation is enabled on a CE connected logical interface, the switch drops packets if you also enable VLAN CCC encapsulation on a different logical unit of that same interface. Only one of the below combinations can be configured, not both:

  Or:

• Layer 2 circuits on aggregated Ethernet (AE) interfaces are not supported on QFX5100, QFX5110, QFX5120, QFX5200, and QFX5210 switches.

• Layer 2 circuit local switching is not supported on the EX4600, EX4650, QFX5100, QFX5110, QFX5120, QFX5200, and QFX5210 switches.

• The EX4600, QFX5100, QFX5110, QFX5120, QFX5200, and QFX5210 switches do not depend on the VRF match for loopback filters configured at different routing instances. Loopback filters per routing instance (such as lo0.100, lo0.103, lo0.105) are not supported and may cause unpredictable behavior. We recommend that you only apply the loopback filter (lo0.0) to the master routing instance

• On EX4600 and EX4650 switches, when loopback filters with both accept and deny terms for the same IP address are configured and if RSVP packets have that IP address in either source IP or destination IP, then those RSVP packets will be dropped even if accept terms have higher priority than deny terms. As per design, if the switch receives an RSVP packet with IP OPTION, the packet is copied to the CPU and then the original packet is dropped. Because RSVP packets are marked for drop, the accept term will not process these packets and the deny term will drop the packets.

• On a link-protected, fast reroute Layer 2 circuit, you might see a traffic convergence delay of 200 to 300 milliseconds.

• If you configure the BGP labeled unicast address family (using the labeled-unicast statement at the [edit protocols bgp family inet] hierarchy level) on a QFX Series switch or on an EX4600 switch deployed as a route reflector for BGP labeled routes, path selection will occur at the route reflector, and a single best path will be advertised. This will result in loss of BGP multipath informaton.

• Although fast reroute (FRR) on regular interfaces is supported, the include-all and include-any options for FRR are not supported. See Fast Reroute Overview.

• FRR is not supported on MPLS over IRB interfaces.

• MPLS-based circuit cross-connects (CCC) are not supported—only circuit-based pseudowires are supported.

• Configuring link aggregation groups (LAGs) on user-to-network interface (UNI) ports for L2 circuits is not supported.

• MTU signaling in RSVP and discovery is supported in the control plane. However, this cannot be enforced in the data plane.

• With L2 circuit-based pseudowires, if multiple equal-cost RSVP LSPs are available to reach an L2 circuit neighbor, one LSP is randomly used for forwarding. Use this feature to specify LSPs for specific L2 circuit traffic to load-share the traffic in the MPLS core.

• Configuring an MPLS firewall filter on a switch that is deployed as an egress provider edge (PE) switch has no effect.

• Firewall filters and policers on family mpls are only supported on QFX5100 switches that act as pure label-switching routers (LSRs) in an MPLS network. A pure LSR is a transit router that switches paths solely on the incoming label’s instructions. Firewall filters and policers on family mpls are not supported on QFX5100 ingress and egress provider edge (PE) switches. This includes switches that perform penultimate hop popping (PHP).

• Configuring the revert-timer statement at the [edit protocols mpls] hierarchy level has no effect.

• These are the hardware limitations for EX4600, EX4650, QFX5100, QFX5110, QFX5120, QFX5200, and QFX5210 switches:

  • Push of a maximum of three labels is supported in the MPLS edge switch if label swap is not done.

  • Push of a maximum of two labels is supported in the MPLS edge switch if label swap is done.

  • Pop at line rate is supported for a maximum of two labels.

  • Global label space is supported but interface-specific label space is not supported.

  • MPLS ECMP on PHY node with BOS=1 is not supported for single labels.

  • QFX Series switches with Broadcom chips do not support separate next hops for the same label with different S bits (S-0 and S-1). This includes the QFX3500, QFX3600, EX4600, QFX5100, and QFX5200 switches.

  • On EX4600, EX4650, QFX5100, QFX5110, QFX5120, QFX5200, and QFX5210 switches, the MPLS MTU command can cause unexpected behavior—this is due to SDK chipset limitations on this platform.

• These LDP features are not supported on the EX4600, EX4650, QFX5100, QFX5110, QFX5120, QFX5200, and QFX5210 switches:

  • LDP multipoint

  • LDP link protection

  • LDP Bidirectional Forwarding Detection (BFD)

  • LDP Operation Administration and Management (OAM)

  • LDP multicast-only fast reroute (MoFRR)

• Configuring unit with family mpls and unit with encapsulation vlan-bridge on the same physical interface is not supported on EX4600, EX4650, QFX5100, QFX5110, or QFX5120.

MPLS Limitations on QFX5100 Virtual Chassis and Virtual Chassis Fabric Switches

The following MPLS features are not supported by the QFX5100 VC and QFX5100 VCF switches:

• Next-hop LSP

• BFD including BFD triggered FRR

• L2 VPN based on BGP (See RFC 6624)

• VPLS

• Extended VLAN CCC

• Pseudowire protection using Ethernet OAM

• Local switching of pseudo-wire

• Pseudowire fault detection based on VCCV

• QFX Series switches with Broadcom chipsets do not support separate next hops for the same label with different S bits (S-0 and S-1). This includes QFX3500, QFX3600, EX4600, QFX5100, and QFX5200 switches.

MPLS Limitations on QFX3500 Switches

• If you configure the BGP labeled unicast address family (using the labeled-unicast statement at the [edit protocols bgp family inet] hierarchy level) on a QFX Series switch or on an EX4600 switch deployed as a route reflector for BGP labeled routes, path selection will occur at the route reflector, and a single best path will be advertised. This will result in loss of BGP multipath information.

• Although fast reroute is supported, the include-all and include-any options for fast reroute are not supported. See Fast Reroute Overview for details.

• MPLS-based circuit cross-connects (CCC) are not supported—only circuit-based pseudowires are supported.

• MTU signaling in RSVP and discovery is supported in the control plane. However, this cannot be enforced in the data plane.

• With Layer 2 (L2) circuit-based pseudowires, if multiple equal-cost RSVP label-switched paths (LSPs) are available to reach a L2 circuit neighbor, one LSP is randomly used for forwarding. Use this feature to specify LSPs for specific L2 circuit traffic to load-share the traffic in the MPLS core.

• Configuring an MPLS firewall filter on a switch that is deployed as an egress provider edge (PE) switch has no effect.

• Configuring the revert-timer statement at the [edit protocols mpls] hierarchy level has no effect.